Europe is pushing back against pressure from Donald Trump’s administration to lock Huawei out of next generation wireless markets, and is plotting a “third way” that stops well short of outright bans.
U.S. diplomats have spent months lobbying European allies to move against the Chinese telecoms giant, which they call a strategic risk and a potential tool for spying by Beijing.
But the full-court press is delivering mixed results with U.S. allies. EU leaders now openly dispute the need for a blanket ban on Huawei products. Instead they are pushing ahead with a series of midway network security measures that will ultimately preserve China’s presence in broad swathes of European telecoms markets.
It’s a classic “third way” approach — one that avoids alienating Beijing at a time when Trump himself has brokered deals with some Chinese companies amid a wider trade war, and even warned this week against “blocking out” advanced tech.
“A complete ban, I don’t think that’s the European way,” Ulrik Trolle Smed, chief cybersecurity adviser to European Security Commissioner Julian King, told an audience in Brussels this week.
Europe’s approach to Chinese tech — which will be in focus next week at the Mobile World Congress gathering of telecoms players in Barcelona — is emerging as a complex blend of small and large restrictions.
These stop short of blanket bans but include rules against Huawei and ZTE, another Chinese telecoms company, providing gear for the most sensitive communications networks, namely defense ministries, secure networks for government communications, so-called core telecoms networks and even parts of the radio grid.
“Huawei is present in certain parts of our network that we judge can be managed under present technologies,” the U.K.’s cyber chief, Ciaran Martin, told POLITICO this week.
In a rebuff to calls for a U.S.-style blanket ban, Martin, who runs the U.K.’s National Cyber Security Centre (NCSC), told an audience in Brussels that his country has “arguably the toughest and most rigorous oversight regime in the world for Huawei.”
The NCSC, which is currently finalizing its annual evaluation of Huawei’s security, has no plans for a blanket ban. The U.K. in October also informed telecoms operators that it is launching a supply chain security review, which could lead to stricter oversight but is unlikely to end up in exclusion of specific vendors entirely.
In Berlin, Chancellor Angela Merkel has in past weeks called for caution with regard to China, stressing the need for “safeguards” but dismissing persistent reports that Germany is close to imposing an all-out ban.
Meanwhile in France, Huawei is barred from providing gear for the country’s “core” network, as well as the radio networks in the area of Paris — a measure targeted at reducing the risk of surveillance of mobile communication — several industry experts told POLITICO.
No name, no shame
While European countries are proceeding cautiously on Huawei, they have been jolted by U.S. accusations.
The Huawei controversy has nudged the European Commission and other EU countries to beef up rules on cybersecurity, telecoms, competition and procurement to improve security for 5G networks, which will form the backbone of a digital society where everything from cars to fridges and factories will be hooked up to the network.
Click Here: Cheap Golf Golf Clubs
Where Europe’s restrictions differ from those of the U.S. is that its policymakers are uncomfortable with imposing company-specific measures. They dread the non-competitive nature of blanket bans.
Instead, European governments often wield “symmetric” measures challenging vendors to meet their requirements. Alternatively, they signal to domestic telecoms operators to procure European vendors rather than foreign ones, industry sources said, adding that much of the conversation is cloaked in the secrecy of intelligence communities and contractual confidentiality.
Some European governments do apply formal bans on Chinese telecoms equipment for presidential administrations or defense departments, but these are almost never publicized, according to officials and industry insiders in several EU countries who asked not to be named.
Huawei leans in
An important aspect of Europe’s approach to Huawei has been the company’s own efforts to reassure policymakers and preserve its market position on the Continent.
Huawei opened a cybersecurity center in Banbury, southern England, in November 2010. The center, known as “HCSEC,” is run by Huawei and its employees are on Huawei’s payroll, but the work is overseen by the NCSC, part of the intelligence service GCHQ.
Martin, who heads the NCSC, said that “because of our 15 years of dealings with the company and 10 years of a formally agreed mitigation strategy which involves detailed provision of information, we have a wealth of understanding of the company.”
Germany last year followed suit. In November, Huawei launched a “security innovation lab” in Bonn, and got Germany’s cybersecurity agency BSI to publicly support the launch. The Bonn center won’t have the same level of oversight by the German security services, but it serves as the company’s meeting place with regulators and lawmakers to discuss cybersecurity.
On March 5, the Chinese vendor is opening a similar center in Brussels, dubbed the European Cybersecurity Center, located close to the main EU institutions. The Brussels center will give operators and lawmakers access to Huawei’s source code, the company told POLITICO, and serve as a meeting point to discuss concerns.
Huawei in past weeks has also suggested opening up similar centers in Norway and Poland.
The centers serve for “testing, verification and engagement with stakeholders,” a company spokesperson said.
At the same time, the company has also pitched in to drafting industry-led certification schemes for products and networks. Yair Kler, who heads Huawei’s engineers working on implementing cybersecurity certifications in the EU, said the company “has been working with different governments and industry partners to put in place agreed standards, so that people can take those standards to measure how secure the products from all of the vendors are.”
The EU, under its new Cybersecurity Act, will work on its own cybersecurity standards too.
For vendors like Huawei, and its competitors Ericsson, Nokia and others, these certifications and standards are a way of meeting governments’ requirements without the hassle of having each new update, tweak or security patch checked.
The trust issue
Europe’s measured approach is drawing both criticism and praise in cybersecurity circles.
Even with source code scrutiny and constant evaluation, experts argue that it will become increasingly hard to control or police how technology leaks, accesses or routes data, especially when more 5G products enter the market.
“Ultimately one has to trust the manufacturer to keep devices secure and not exploit vulnerabilities,” Jan-Peter Kleinhans, a researcher at the Berlin-based Stiftung Neue Verantwortung, wrote in a recent analysis of 5G security — calling it the “politicization of the supply chain.”
The U.S., however, drew its conclusions on trusting Huawei many years ago.
A lawsuit against Huawei filed by U.S. equipment maker Cisco back in 2003 kicked off intense scrutiny of the Chinese company’s activities, and reverberated across the Western telecoms world for years.
Suspicions on the government’s part date back to at least 2012, when the U.S. House of Representatives’ permanent select committee on intelligence published a report saying “China has the means, opportunity and motive to use telecommunications companies for malicious purposes.”
But the most clear stab at the Chinese vendor came this January, when the U.S. Justice Department announced criminal charges against Huawei and its affiliates, accusing the Chinese telecommunications firm in two indictments of violating intellectual property law and lying about its compliance with U.S. sanctions against Iran.
This article is from POLITICO Pro: POLITICO’s premium policy service. To discover why thousands of professionals rely on Pro every day, email [email protected] for a complimentary trial.