The Confused U.S. Messaging Campaign on Huawei

Justin Sherman, Robert Morgus
Tuesday, June 25, 2019, 1:00 AM

For the past several months, American policymakers have sought to convince allies, partners and potential partners to ban Chinese telecommunications company Huawei from supplying the entirety of, or components for, 5G communications networks around the world. This messaging campaign has centered primarily around concerns that Huawei could assist the Chinese government in spying on other countries or even shutting down or manipulating their 5G networks in a warlike scenario.

Huawei office building (Source: Flickr)

Published by The Lawfare Institute
in Cooperation With
Brookings

For the past several months, American policymakers have sought to convince allies, partners and potential partners to ban Chinese telecommunications company Huawei from supplying the entirety of, or components for, 5G communications networks around the world. This messaging campaign has centered primarily around concerns that Huawei could assist the Chinese government in spying on other countries or even shutting down or manipulating their 5G networks in a warlike scenario.

Many of the nations at which this U.S. diplomatic messaging is aimed, however, remain unconvinced. The current conversation over how to manage the risks from Huawei’s supplying of 5G systems depends much on one’s perspective, as many countries with relatively similar data have come to notably different conclusions about the policies needed to mitigate those risks. Yet the United States’s international messaging on this issue—to allies, partners and potential partners alike—blurs the line between economic and national security risks, and it threatens to undermine U.S. efforts to message these risks in the process.

The Five Main Risks in Play

Risk mitigation depends not just on one’s capacity to respond to and prepare for risk in a certain way but also on one’s assessment of risk in the first place—mainly, how one assesses its likelihood and severity. In this case, there are five main categories of risk with respect to Huawei and 5G. How a party views these risks depends on how it views its own relationship with China.

First, there is the well-publicized risk that Huawei equipment could provide an espionage platform for Chinese government actors. To some, the fact that Huawei exists within a system in which the Chinese Communist Party (CCP) has broad discretionary tools that may be used to compel assistance with national security matters is cause to avoid the company altogether—along with other Chinese companies. The concern is underpinned by the possibility that the Chinese government has compelled or might compel Huawei to deliberately place security backdoors or “bugdoors” (where a vulnerability is found, but intelligence services tell the company to leave it unpatched) in 5G systems. It also rests on the fact that the Chinese government could pressure Huawei to comply with a short-term national interest despite broader long-term interests that might be at play, such as Huawei’s marketability in other countries.

Second, and relatedly, is the war risk. Alternatively thought of as the crisis risk, this acknowledges the possibility that Huawei, in a period of high tension or a warlike scenario, could be compelled by the Chinese government to intercept 5G communications, tamper with them or turn off the underlying systems altogether. Under such a hypothetical crisis scenario, Huawei could enhance China’s military and intelligence posture.

Third, there is the generic cybersecurity risk. All complex, code-based systems today have vulnerabilities. This opens the door for exploitation by cyber deviants. The March 2019 report from the U.K.’s Huawei Cyber Security Evaluation Centre (HCSEC) to the U.K. national security adviser underscores that Huawei system code, along with the company’s system development and maintenance processes, results in a high number of vulnerabilities that go unpatched for prolonged periods of time. According to the report, if attackers had “knowledge of these vulnerabilities and sufficient access to exploit them,” they could cause the network to “cease operating correctly,” “access user traffic” or reconfigure network elements. Contrary to the espionage risk, the attackers in this scenario do not need to be enabled by Huawei, and the risk is largely agnostic to the geopolitical or political threat from China.

Each of these first three risks is a national security risk worth considering and managing. However, Huawei also poses a risk to U.S. economic interests in two additional ways.

First, Huawei’s only true competitors in the 5G radio equipment market—Nokia and Ericsson—have struggled financially. Unlike Huawei, those companies are also not capable of offering the entire package of products and services across the 5G technology stack. Combined, Huawei and ZTE (another Chinese infrastructure provider) hold approximately a 55 percent market share for existing telecommunications infrastructure—and given the perception that Huawei is 12-18 months ahead of competitors on developing 5G infrastructure, there are reasons to forecast that this market share could increase in the future. Market dominance by Huawei not only could drive up costs for customers, as monopolies or near monopolies are less receptive to market pricing pressures, but also could remove disincentives for malfeasance due to a lack of viable substitutes.

Second, Huawei possesses a unique capacity to manufacture and sell many of the components of the 5G “tech stack”: everything from the smartphones that would run on 5G cellular networks to the radio tower receivers that would carry the traffic between many different types of devices. It even designs computer chips. This broad offering of products potentially poses a risk to American companies that may not supply the finished 5G “product” writ large but that do contribute via the design and manufacture of components—meaning they can’t compete across the board with Huawei. In addition, there are concerns that Chinese trade representatives use deployments of Huawei telecommunications infrastructure as a platform to offer other Chinese technology preferentially as part of the Belt and Road Initiative. Some commentators also suggested that Chinese digital technology is more conducive to authoritarian applications. If this is the case, applications designed in and for use in autocratic environments may have a leg up, and Huawei deployments may stand to further shut out U.S. competitors from markets in Europe, South Asia, Africa and elsewhere.

U.S. Messaging on Huawei

Following bilateral meetings with Trump administration officials, European policymakers expressed concern that an “America First” policy is resulting in the conflation of security threats with trade threats. And this is not an issue unique to the United States’s diplomatic messaging on risks posed by Huawei—it’s a challenge more broadly with the current administration.

In November 2017, President Trump tweeted:

As Robert Williams wrote last year for Lawfare, even the Commerce Department has taken “self-defeating” conceptions of national security that could “open the door for other countries to invoke similarly broad interpretations of national security to justify protectionist policies.” Whereas “[p]ast presidents generally tried to keep national security issues in one lane and trade policy in another lane,” a former State Department official told the Washington Post, “Trump is just more willing to make trade-offs between the two.”

This has proved quite problematic for the United States’s messaging around Huawei, and it doesn’t help with risk parsing domestically, either. Despite the fact that these categories of economic and national security risks are different, the Trump administration’s narrative frequently blurs the line between the issues, affecting the narrative presented to other countries. Conflating these risks harms the United States’s international messaging campaign around Huawei.

Many governments have decided to allow Huawei into the entirety of their networks, while others have implemented a “partial ban” allowing the company to enter into their network’s periphery. A key factor in these decisions has been a different assessment of the risks at play. Some countries view the likelihood of a warlike scenario with China as low and, therefore, assign a lower likelihood of the war risk manifesting. Huawei’s ability to provide massive discounts, to use another example, won’t bother countries that don’t care about having their own international competitor to Huawei in the global 5G market.

The U.S. government has spoken at great length about the risk of Beijing spying on foreign communications through Huawei 5G systems—with, in these scenarios, varying degrees of involvement on the part of Huawei. The company might, say, install backdoors for the Chinese government, or it might leave vulnerabilities unpatched so that Chinese intelligence services can exploit them. Yet the potential for market dominance by Huawei over American companies also raises concerns over economic risks, particularly in an administration that has made a lot of noise about a U.S.-China trade war. What could happen when U.S. companies miss out in large part on the potential gains to be reaped from the global 5G revolution?

The frequent conflation of these risks by the Trump administration makes it harder for the U.S. to raise international awareness of what it may see as a legitimate security concern without coming across as pushing a trade war line. As Russell Brandom wrote for The Verge, “From afar, it’s easy to see the measures against Huawei as part of that same logic: pressure placed on China’s economy to extract concessions down the road.”

When Secretary of State Mike Pompeo visited London recently, for instance, he spoke of the economic security as well as national security risks posed by China. Before diving into the issues posed by Huawei, he emphasized that the world now faces “a new kind of challenge, an authoritarian regime that’s integrated economically into the West.” He once again underscored the administration’s dual-hatted concerns about China: its economy and its security threats. While there may indeed be legitimate security risks around Huawei and 5G, many countries, particularly in Europe, now have reason to harbor doubts that U.S. claims might just be motivated by a trade war.

Within the U.S., this can similarly affect both public and policymaker perceptions of the risks posed by Huawei and thus affect the design of risk mitigation strategies as well. Brooking Institution’s Joshua Meltzer pointed this out several months ago with respect to the U.S.-China trade deal conversations. Conflating national security issues with economic concerns around U.S.-China trade, he told CNBC, will make it harder for the administration to produce a deal “passable” to both Congress and the American people. Recent comments from Trump about reconsidering penalties against Huawei as part of a trade deal prompted such concerns—demonstrating even domestic concerns about the blurring of national security and economic risks, and about the potential use of real national security risks as political leverage.

Moving Forward

In the words of the U.S. Assistant Secretary of State for Cyber Policy, Robert Strayer, other countries “understand there’s a security concern. The issue is how you solve it.” And for some, the risk of a warlike scenario with China, for instance, is simply not seen as equally likely (or, perhaps, even equally severe) as the United States would like others to believe. It comes down in many ways to one’s perception of China and the Chinese government, along with one’s country’s relationship with China writ large.

Convincing others to align with the United States’s position on Huawei 5G risks is therefore heavily dependent on effective communication of risks. And perceived conflation by the U.S. of economic risks with national security risks is simply not proving effective. For evidence of this fact, look no further than the U.S. allies, partners and potential partners who remain unconvinced that the risks justify total or partial bans on Huawei supplying 5G equipment.

The solution is not an easy one: It involves a decoupling of economic and national security concerns, at least in messaging, that the Trump administration appears far from willing to engage in. For instance, the administration would be wise to discuss backdoor risks around Huawei as independent of Huawei’s prospective market dominance. This could help to better message U.S. concerns to European partners whose decisions about Huawei may be centered primarily on economics, or to those who doubt that the Trump administration is advocating these risks independent of its motives in the U.S.-China trade war. Even if the U.S. did alter its messaging in this fashion, many countries would likely still come to fundamentally different risk assessments around Huawei and 5G than their European counterparts. Yet for those in the U.S. government and elsewhere looking to make the United States’s messaging more effective, halting the conflation of economic and national security risks is a good place to start.


Justin Sherman is a contributing editor at Lawfare. He is also the founder and CEO of Global Cyber Strategies, a Washington, DC-based research and advisory firm; a senior fellow at Duke University’s Sanford School of Public Policy, where he runs its research project on data brokerage; and a nonresident fellow at the Atlantic Council.
Robert Morgus is a senior director for the Cyberspace Solarium Commission. At the commission, Morgus has led the development of the ecosystem pillar of the commission’s final report as well as the “Pandemic White Paper,” the “Supply Chain White Paper,” and the “Transition Book for the Incoming Biden Administration.” Previously, he helped build New America’s Cybersecurity Initiative, where he headed the organization’s international cyber policy work.

Subscribe to Lawfare