Chinese telecom giant Huawei Technologies is suing the United States, claiming its equipment has been unfairly banned from America and wrongly identified as a security threat.
In a live-streaming press conference Thursday, Huawei said it had filed a complaint in a U.S. federal court in Texas challenging Section 889 of the 2019 National Defense Authorization Act (NDAA). The act bars federal agencies and their contractors from procuring Huawei equipment and services.
The U.S. government is concerned that Huawei’s gear facilitates spying by the Chinese government and is asking allies to boycott Huawei’s equipment. At the same time, the Chinese company has been stepping up its efforts to preserve its access to global markets for next-generation communications.
During the hour-long presentation, Huawei executives defended its security measures and emphasized its role in the global supply chain.
“The name on the box does not detail who made the components in the box,” said John Suffolk, global cyber security and privacy officer for Huawei. “[It is] wrong to assume that the label on a vendor’s box conveys that the contents are solely from that named vendor. The product may have Huawei’s name on it but typically only around 30 percent of the components are from Huawei.”
Huawei became the world’s third-largest semiconductor buyer in 2018, according to Gartner, spending more than $21 billion on semiconductors. More than 70 companies — including AMD, Intel, Microsoft and Qualcomm — have exposure to Huawei, Goldman Sachs reports.
Banning Huawei’s products would hamper a global rollout of 5G, its executives said, which in turn will impact component suppliers. Huawei is also a leading producer of smartphones.
“[Huawei] is still a major smartphone maker with major share in Asia and Europe and that’s not changing,” one analyst told EPSNews. “There are many semiconductor, component and PCB suppliers that sell into Huawei’s smartphone business. [It] doesn’t look like any of this would change; but if there is backlash against U.S.-based suppliers selling to them — or if China retaliates with tariffs — then it could hurt suppliers.”
Huawei smartphones use a fair bit of Qualcomm chipsets — specifically the mid to low end chipsets — for their products, said Wayne Lam, principal analyst for mobile devices and networks technology at IHS Markit.
“However,” Lam added, “like Samsung, they have their own in-house silicon design. The HiSilicon Kirin SoC has been powering much of their high-end flagships for a while now. This internal capability provides supply chain diversity and potentially a fallback plan if the U.S. were to ever ban them from U.S. components like Qualcomm mobile SoC.”
Huawei disputes charges that its equipment is, or contains, a security threat. Moreover, global supply chains aren't 100 percent hazard-free.
Suffolk pointed to a 2012 U.S. General Accountability Office report that examined risks in the supply chain. The report identified that a simple laptop might contain components from 18 separate companies. Other reports on supply chain components have confirmed the global nature of technology products and services.
"Many of the world’s well-known social media companies use technology built in Asia and China," he said. “Indeed in 2016, Apple had 766 global suppliers, among which 346 were on the Chinese mainland. In summary, around half of iPhones are manufactured China."
Some equipment used by European telecommunications vendors is made in China, Suffolk added, through joint ventures with Chinese Government-owned entities. Many of the components used in these systems are purchased from Chinese companies. “This so-called European technology is pervasive across the USA,” he said.
There are well-known breaches of network security that had nothing to do with Huawei, Suffolk said. In 2017, problems were generated through malware such as Wannacry, Petya and Locky; and there were major hardware issues with Intel, AMD, and ARM designs. In 2017 and 2018, the number of vulnerabilities published by some vendors totaled more than 30,000. All but one of the top 10 vendors, by volume, that released this data were U.S. technology companies.
Cyber-security is not the responsibility of any single company, Huawei executives said.
“What we need is a concerted, collaborative international effort to define globally accepted security standards, certifications and best practice," according to Suffolk. “The solution to cyber security will come from openness, agreed international standards, certification schemes and transparency. It will not come through political posturing."