Do You Trust Chinese Security Products?
The USA has recently passed the National Defense Authorization Act for Fiscal Year 2019. In this, for reasons stated in the Act, they have banned the use of some Chinese products including those made by Huawei Technologies Company, Hytera Communications Corporation, Hangzhou Hikvision, Digital Technology Company, Dahua Technology Company, or ZTE Corporation (or any subsidiary, successor entity, or affiliate of such entities).
The Act indicates that the risks are that these brands have evidence of malicious software or hardware that enables unauthorized network access or control and the type and level of risk, and a plan to share such report, based on appropriate access to classified information, with U.S. allies, partners, and U.S. cleared defense contractors and telecommunications services providers.
At a hearing in the US in February, the directors of the CIA, FBI, NSA and several other intelligence agencies express their distrust of Huawei and fellow Chinese telecom company ZTE.
Australia has recently committed $200 million of foreign aid to prevent Huawei from building a sub sea cable to the Solomon Islands and Papua New Guinea. This is significant due to the national security concerns of China being able to monitor communications if they were to provide the link.
A number of Chinese Telcos including China Mobile International (Australia) have plans for setting up in Australia, but how they would comply with the telecommunications security requirements are yet to be established. The security requirements for any telco include the ability to monitor and decrypt phone calls and messages, which might be a conundrum for the authorities in granting the licence.
So, as a responsible security consultancy, we do not recommend these products to clients as we rely on the integrity of the US authorities that there may be a security problem with them, even if the problem is classified.
What are your thoughts?