Under tough questioning yesterday from Silicon Valley-area U.S. Representative Anna Eshoo (D-CA), John Lindquist, the CEO of highly regarded defense contractor and security firm Electronic Warfare Associates (EWA), said that a major American telecommunications company paid for a recent cybersecurity audit of technology from controversial Chinese telecom equipment supply giant Huawei. Speaking at a hearing on supply chain cybersecurity issues before the the House Energy and Commerce Committee's Subcommittee on Communications and Technology, John Lindquist, President and CEO of EWA was asked by Eshoo who paid for the cybersecurity "seal of approval" that she assumes EWA gave to Huawei.
Eshoo had presumed that Huawei had paid for the evaluation given that Huawei itself has said on several occasions that it has "hired" EWA "to audit our products in order to certify the safety and reliability of the products at the source code." If that were the case, Eshoo said, it could be the "equivalent of what happened on Wall Street" when the ratings agencies gave glowing marks to some unstable financial institutions that paid the agencies.
To Eshoo's surprise, Lindquist said that in fact Huawei didn't pay for the evaluation but that an unnamed major American telecommunications company did instead. Lindquist said that an NDA barred him from naming the company. In his written testimony, Lindquist did note that EWA's business practices, as is the case with many technology evaluation firms, call for the telecommunications company, as the primary beneficiary, to pay for security evaluations of vendor products.
It wouldn't be surprising, then, that a major U.S. telecom company would pay for an evaluation of Huawei's products. A number of U.S. telecom companies do business with Huawei, including Cricket Communications, Clearwire, Cox and Level 3/BTW, according to a report by Chairman Mike Rogers (R-MI) and Ranking Member C.A. Dutch Ruppersberger (D-MD) of the Permanent Select Committee on Intelligence. In addition, a number of other Tier 1 telecom providers, such as Verizon, are clearly evaluating if not currently using Huawei technology.
Whichever telco it is, "they are in the process" of contemplating a purchase and "we are in the process of evaluating their system. The evaluation is by no means complete and we’re only evaluating the radio area network portion," Lindquist said.
Lindquist stressed, however, that "we do not give a seal of approval. What we do is take known threats and we have very good access in the government to the agreed list of cyberthreats...what we do say is what we looked at and what we found and if we found things, what corrections were made."
Huawei, an equipment and networking giant whose global sales of gear and software skyrocketed over the past ten years, topping $30 bil. in annual revenue, is viewed by some military and cybersecurity specialists as a threat to the security of critical telecommunications infrastructure. Some Huawei opponents believe that the company is bankrolled and controlled by the Chinese government, which is arguably the most active nation-state engaged in cyber espionage and hacking. They further suspect the motives of Huawei's founder, Ren Zhengfei, who formed the company after leaving a civilian-ranked engineering post in the Chinese military.
As a consequence, Huawei has the capability of introducing, and incentive to introduce, undetectable backdoors and other vulnerabilities in the products it sells to telecom companies, for the benefit of China's economic and military interests, detractors argue. Other experts, however, contend that the focus on Huawei, and to a lesser extent another telecom tech giant, ZTE, is a form of paranoia inappropriately focused on Chinese companies due to the often overheated and sometimes nationalistic rhetoric surrounding cybersecurity matters.