More than Huawei, more than 5G: Taking national security seriously

More than Huawei, more than 5G: Taking national security seriously
© iStock

While public discussions of U.S.-China relations focus overwhelmingly on tariffs, threats tied to cyberespionage also are getting increased attention from commentators and government officials. The Federal Communications Commission (FCC), for example, is tackling problems associated with Chinese firm Huawei, particularly its equipment’s use in next generation (5G) communications networks. Security concerns, however, go well beyond Huawei and beyond 5G.

Any process that incorporates computer chips as well as any process that occurs at the direction of an electronically transmitted instruction is potentially vulnerable to cyber-espionage and cyber-warfare. In the internet age, this covers virtually everything that relies on communication or information-processing. Notably, national-security-related diplomatic, strategic, and tactical communications and operations are at risk from vulnerabilities to concentrated hacking efforts, to potential sources of leakage, and to possible weaknesses in the internal instruction sets that govern computing functions.

Beyond obvious communications, much of what still takes place in the physical realm (including in the military sphere) — driving a car or a tank, piloting a plane, sending missiles toward targets — is governed by instructions communicated at a distance or directed by integrated circuits’ memory and computing processes within the operating equipment. These functions, too, are potentially at risk.

ADVERTISEMENT

Apart from its announced commitment to cyberespionage, China’s peculiar combination of strong export orientation, state-controlled economy, and authoritarian government poses a special threat. China has developed many firms with low-cost, high-quality products, including in the information and communications technology (ICT) sector. Many of its most recognizable firms and products are oriented toward sale in export markets, first and foremost the United States.

Unknown to most consumers, many of these firms also are either state-owned or state-controlled, with large investments from the Chinese government and corporate leadership intimately connected to the government. In addition to Huawei, the list includes Lenovo, Lexmark, ZTE and others. Just as state power can be directed at limiting information flows that might threaten current leaders, state control also can be used to pressure companies to take actions that facilitate espionage or permit strategic use of equipment to undermine others.

For the companies named above, product or service features that raise specific questions regarding intended or coincidental security risks already have been identified — by the Department of Defense’s Inspector General, among others. Problems include software “backdoors” and other weaknesses that open products to potential exploitation. For these firms, the argument isn’t that espionage-facilitating problems could occur but that they have occurred. An increasingly authoritarian and insulated Chinese government, where power is being concentrated in one man and those closest to him, is likely to amplify state pressure to incorporate or exploit such features.

While the U.S. government can protect against some threats by altering procurement rules, security lapses often have been traced to personal equipment of government officials — not to their work-purchased equipment and services — or to the equipment and networks of non-government personnel (particularly government contractors) and those who interact with them. Strengthening enforcement of rules respecting government personnel’s use of equipment or services even for strictly personal communications and of rules respecting government contractors could improve security, but there simply are too many points of interaction between government and non-government actors — and too many potentially compromised products — to rely on these changes to protect national security.

To address the broader threat to security from widely-adopted Chinese information and communications products, the government should initiate a broad investigation of Chinese ICT imports under Section 232 of the Trade Expansion Act of 1962. Following a Commerce Department investigation, section 232 gives the president broad authority to protect against threats to national security associated with imports. The section’s text does not limit presidential authority to acting against products explicitly tied to espionage, encompassing as well controlling products that could facilitate it or undermine security in other ways.

Although trade-restrictive actions commonly hurt the nation that imposes them, protection of security is too important, and the potential threats being identified too serious to ignore. Security depends on closing not just the most visible existing loophole, but acting to prevent new ones.

Ronald A. Cass is Dean Emeritus of Boston University School of Law, former Commissioner and Vice-Chairman of the U.S. International Trade Commission, and author of “National Security, Trade, and China: Risks and Responses in the Internet Age.”