Sep 092019
 

Is Huawei Now Spying in the Cloud?

Huawei’s ability for gathering intelligence data and intellectual property now extends to its cloud network in Latin America and reaches the US

James Gorrie Updated: September 5, 2019

While the U.S. government attempts to unwind its reliance on Huawei networking equipment, the dimensions of Huawei’s threat to U.S. intelligence and technology IP continues to grow. In fact, according to Gary Frost, former Chief Technical Officer of NexGenEx Telecom Equipment and current CTO/Managing Partner of FastPath NexGenEx Global Networks, the risk has risen to a whole new level, which may well post a great challenge to the U.S. anti-Huawei policy.

China’s Big Play in Latin America

Last week at the Summit in Santiago, Chile, the Huawei Cloud Partner Network (HCPN) program was initiated. This most recent venture from China’s biggest telecom and infrastructure provider already has 36 Huawei-certified cloud partners throughout its Latin American network. More importantly, the HCPN will provide its partners with a variety of go-to-market support, including business, technical, and marketing services, all via the Huawei Cloud.

And therein lies the biggest risk of all—at least that we know of.

The potential for intellectual property theft and intelligence gathering in the cloud is staggering. Every business, organization or government institution that uses the Huawei Cloud will immediately become vulnerable to intrusion and data exfiltration by the very cloud services they rely on to function and store their work. It’s an extraordinary opportunity for the Chinese regime to gain a level of intrusion and data access they could only dream of just a few years ago.

The technical details can be a bit complicated, but essentially, secure memory within the Huawei cloud isn’t present or implemented; or it simply may not be an option for most cloud system users. That would include Huawei Cloud users.

That may not be always the case with the enterprise-level cloud users, however. Some of the world’s larger firms—such as IBM for example—will have the technological and financial resources to protect their cloud-based data and operations, likely in their own, proprietary cloud environment. But for most smaller businesses and organizations, especially those in the Huawei cloud, operating within them comes with considerable security risks.

This potentially gives China’s Huawei operatives far more reach into every institution that uses its cloud services. The process could be as relatively simple, Frost said, such as routine maintenance. For example, “Huawei or a connected contractor, could simply install ‘services upgrades’ on interconnected equipment and have an entrance into a variety of their users’ infrastructure.”

American Technology Firms at Risk

What’s more, companies such as Amazon, Microsoft, IBM and Google are linking cloud in their services, and—given their level of investment in China— may well become vulnerable sooner or later to risks posed by Huawei’s cloud network. The degree of risk is unknown in many cases, but the interconnection of cloud services and the opening of doors to espionage by the Chinese regime via Huawei are certainly real.

For instance, since China requires joint ventures for all foreign investment, one may reasonably wonder what cloud interconnection arrangements Google and Facebook made in their $400 million fiber project from Hong Kong to Los Angeles. More to the point, given that these companies have continually bent over backwards to assist China in its censorship efforts in exchange for operating there, perhaps the greater risk is their cooperation with China in sharing user data and other sensitive information.

Huawei’s Strategic Positioning

A Huawei—and therefore, China—another critical footprint throughout Latin America, and by extension, the United States. That’s simply because cloud interconnections in South America are a key entry point into U.S. infrastructure.nd, from a geopolitical perspective, the new cloud partnership program gives 

And of course, digital technology doesn’t have to penetrate American territory to access sensitive American cloud networks. America’s business and military presences are global, and certainly in Latin America. What’s more, Huawei’s cloud operations extend well beyond Latin America as well.

This gives China a significant advantage in deepening its economic relationships with the region’s political and business interests, as well as others. In fact, as of June 2019, Huawei Cloud and its partners have opened 23 regions with a total of 44 availability zones, and launched over 180 cloud services and solutions. Clearly, Huawei’s cloud partnership represents many opportunities for China’s biggest intelligence and cyber-attack asset.

Challenge to America

What’s America’s best response to China’s Huawei cloud offensive? In the short term, there may not be an easy or quick solution, as Huawei can impact existing equipment or upgrades in this interim time. Damaging data breaches, theft, sabotage and other clandestine acts could be performed over the network disguised by automatic upgrades, just like an app automatically upgrades itself on a smartphone.

As U.S. officials and small rural telecom firms are finding out, announcing a change in political policy is easier than divorcing technological, 

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)