Huawei: Should you put it in your data center?

Moderated by Larry Dignan | October 15, 2012 -- 07:00 GMT (00:00 PDT)

Summary: A U.S. House of Representatives report says no. But is this a question of security or competition?

Robin Harris

Robin Harris

Yes

or

No

David Gewirtz

David Gewirtz

Best Argument: No

21%
79%

Audience Favored: No (79%)

The Rebuttal

  • Great Debate Moderator

    Mic check....are my debaters ready?

    We'll be starting promptly at 11am ET.

    Posted by Larry Dignan

    Standing by

    Robin Harris

    I am for Yes

    Ready here

    David Gewirtz

    I am for No

  • Great Debate Moderator

    OK, let's get started:

    Why is Huawei such a controversial company?

    Posted by Larry Dignan

    It's the China connection.

    Otherwise they would be no more controversial than Sweden-based Ericsson, the #2 telecom equipment vendor.

    Robin Harris

    I am for Yes

    Patterns of behavior

    Huawei is controversial because the company is actively generating red flags among not only its customers and prospects, but also intelligence organizations and government legislators. Essentially, Huawei has been evidencing patterns of behavior that are often indicative of unethical practices and possibly espionage at both the corporate and nation-state level.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    Are the security concerns about Huawei warranted?

    Posted by Larry Dignan

    Yes, as much as they are with ANY telecom vendor.

    Much is made of Huawei's murky connections with China's army and top leadership, but those aren't required for the insertion of back doors in telecom gear. As the Intelligence Committee (IC) report states:

    . . . Chinese intelligence services need only recruit working-level technicians or managers in these companies. . . . under Chinese law, ZTE and Huawei would be obligated to cooperate with any request by the Chinese government to use their systems or access them for malicious purposes under the guise of state security.
    How is this different from US companies who do product development in China, which almost all do? How is this different from American companies under US law? It isn't.

    What I'm saying is that the security situation is equally bad with all telecom vendors and no better than Huawei for companies that develop products in China, including Cisco and Symantec.

    The fact is that Huawei is already in 80% of the world's largest telecoms. The idea that a "Fortress America" could stand alone when the rest of the world's telecoms are compromised is silly. We have no choice but to deal with Huawei.

    Robin Harris

    I am for Yes

    There is no black and white answer here.

    The U.S. has certainly conducted its share of witch hunts over the years. While some were justifiable, many were not. It's even harder to pin down acts of subtle espionage, especially when you and I are far out of the loop for this particular intelligence case.

    That said, it's not just the American government acting paranoid about this particular company. Nations including the U.K. and India have also noticed questionable practices on the part of Huawei, as well as equally uncertain loyalties among its management.

    So, yes, the security concerns are most likely warranted.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    How much will price matter to Huawei's pitch?

    Posted by Larry Dignan

    In America? A great deal.

    Wall Street sold out the entire American economy for a few billion in bonuses.

    The only company that benefits by locking out Huawei is Cisco, who maintains a large R&D effort in China.

    Large multi-nationals like Cisco only remember they are "American" when they need boots on the ground. Otherwise they put their jobs wherever they get the most economic benefit. Why should IT bleed for Cisco?

    Robin Harris

    I am for Yes

    Well, that depends on who's buying, doesn't it?

    One would hope that U.S. government agencies and contractors -- who are often required to go with the lowest bidder -- would see past that requirement and buy with intelligence.

    When it comes to business buyers, some buyers won't care and will just buy the least expensive gear. Others will think the whole fuss is unnecessarily paranoid.

    Just remember: if a deal seems too good to be true, it probably is.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    If Huawei derived from any other country, would it be such a hot topic?

    Posted by Larry Dignan

    Russia or Iran would be equally controversial.

    But the fact is that it isn't where the company is incorporated that matters: its where they do their R&D. And everybody has a presence in China.

    Let's face it: this report is driven by fear of China's rapidly growing economy. The US had similar fears when Japan's economy was booming in the 80s - and where is Japan now?

    Robin Harris

    I am for Yes

    Well, that would depend on the country.

    China is a "frenemy" nation, and while we're in deep debt to them, we're also in incredible competition with them. Plus, there are deep, emotional political disputes (like China's desire to assimilate Taiwan) that create constant disagreement among our diplomatic representatives.

    If Huawei were spying on behalf, of, say, the U.K., we'd probably be annoyed, but we share a lot of information with them anyway. China, on the other hand, is a huge hotbed of cybersecurity criminals doing everything from running distributed denial of service attacks to vast CAPTCHA solving enterprises.

    Plus, China has a measurable, if shadowy record of cyberattacks against the United States. Finally, as I wrote last year, many of the younger members of China's military (peers of Huawei's founder) have strong animosity to the United States, and are more likely to engage in skirmishes than their older leaders.

    All told, China is going to be America's biggest challenge (I believe even more so than Iran) in the coming century. And that's why a company like Huawei, affiliated with China's military, is such a concern.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    Why Huawei?

    Emerging market countries and their companies have gone with Huawei. Why do you think that is the case?

    Posted by Larry Dignan

    Competition.

    Huawei offers innovative products - they were 1st to market with end-to-end 100Gb networks - at good prices. Isn't that what free markets are supposed to provide? Except when a Chinese company wins, I guess.

    Robin Harris

    I am for Yes

    Sometimes smaller players have to pick their battles.

    Also, smaller players aren't much of a target of opportunity for China, so they're not at much risk. We're the big, juicy target and China wants a piece of us. Even a tiny piece of the U.S. opportunity is going to be far greater than the entire scope of the "take" from emerging market countries.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    Can you get fired in IT for buying Huawei?

    Posted by Larry Dignan

    No, unless you work for the government.

    Everybody gets hacked, so the problem isn't Huawei, it's corporate IT's shoddy security practices, which Congress refuses to address because some campaign contributions or job offers might dry up.

    The Republican congressmen blocking mandatory corporate security practices claim the cost would be too high for business. Baloney! The reality is that most hacking is done on non-Huawei equipment, and most of that is due to poor practices and buggy software.

    Our entire infrastructure is at risk, not because of Huawei, but because of our laziness and indifference.

    Robin Harris

    I am for Yes

    I don't know of specific corporate policies that set that out explicitly.

    But if you're responsible for your company's IT security, and you buy from Huawei (and you're not a Chinese company), you should probably find another career.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    Do you see Huawei's products as competitive with Cisco and other top vendors?

    Posted by Larry Dignan

    Obviously they are.

    You don't get to be the world's largest telecom equipment supplier without knowing how to build quality equipment.

    Robin Harris

    I am for Yes

    American companies make better products

    Well, if you believe Cisco, they are, a little...now. But that's after Huawei allegedly stole source code from Cisco and possibly other top vendors.

    Why buy from such a questionable source when there are excellent, blue-chip vendors like Cisco? Further, if you're buying on behalf of the American government, my contention is you should never buy from non-U.S. vendors unless there is, absolutely, no other choice.

    In each market Huawei participates in, American companies make better products.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    How do you explain Huawei's parnerships with the likes of Oracle and Intel?

    Posted by Larry Dignan

    The question is backwards.

    How do we explain the partnership of leading American companies like Oracle and Intel (and Symantec) with a company that is such an insidious threat to the security of the United States?

    Oh, there's money to be made? Never mind, nothing to see here.

    Robin Harris

    I am for Yes

    China has 1.3 billion (BILLION!) people.

    That's a very, VERY big market.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    Can Huawei dig out from its PR issues in the long run?

    Posted by Larry Dignan

    Yes, but they'll have to become much more transparent than they are now.

    The Intelligence committee report did not identify any actual security threats. Instead, they focused on the fact that Huawei wasn't as forthcoming as they liked.

    But what would happen if they asked the same questions of Cisco? Republican rants about anti-business policies, no doubt.

    Robin Harris

    I am for Yes

    Well, they could pull an AIG. You remember AIG, don't you?

    That's American International Group, the company that got billions of dollars in American bailout money, and then proceeded to pay its executives enormous, multi-million dollar bonuses and send them on exclusive junkets, all on our taxpaying dime.

    This news badly impacted AIG's ability to sell insurance, so what did they do? They changed their name. They're now 21st Century Insurance. While many people would think twice about buying insurance from AIG, most wouldn't blink at buying from 21st Century Insurance.

    Oh, by the way, the American International Group was actually started in Shanghai, China back in 1919.

    Huawei could get around their PR problem by calling themselves something else. Perhaps they'll go with American Technology Group.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    Is Huawei being victimized by politics?

    Posted by Larry Dignan

    Of course.

    We can't police the world's uptake of telecom gear, as Huawei's pre-eminence proves.

    But instead of driving towards a goal of trustworthy communications with untrustworthy infrastructure - the Byzantine General's problem cluster architects have grappled with for years - our do-nothing Congress is demonizing a successful Chinese company to help uncompetitive domestic companies.

    Robin Harris

    I am for Yes

    Aren't we all victimized by politics to some degree or another?

    Seriously, though, there are two ways to look at it. First, if they're completely innocent and subject to an incredibly bad run of luck, it's unfortunate for them, but you probably don't want to buy their gear anyway.

    Second, the more likely answer is that they're walking the fine line between legit and fishy. If they're practicing espionage at either (or both) the corporate and national level, they're not being victimized at all. They're just getting caught.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    What advice if would you give Huawei to crack the US markets as well as UK and AU?

    Posted by Larry Dignan

    Much more transparent

    They are already doing the right things in the UK. The IC report is correctly critical of private vendor-purchased certifications, so Republicans need to swallow their distaste of big government long enough to create and fund a government entity for testing and certifying critical telecom equipment.

    Huawei should support this to level the playing field for all telecom suppliers. They should also become much more transparent, as the IC report also calls for.

    Robin Harris

    I am for Yes

    Open source everything.

    At this point, the only answer that would make sense is for them to throw open their doors completely and offer completely open gear. Open their facilities to international inspection. Open source everything. Go out of their way to provide complete (and constant) verification. And stop screwing around doing things that raise the hairs on the backs of IT and security professionals' necks.

    But, honestly, I'm not really in a space to give Huawei advice. I'd rather give their sales prospects advice. That advice is this: Huawei is much too much of a risk. There are far better solutions. Just stay away.

    Let China know that if it truly wants to compete with products in the international market, it has to play fair. Build better products, not sneakier ones.

    And while I'm at it, I have something to say to China's leaders. This Huawei flap could have a negative impact on your other companies, as well. If we can't trust one company in a "managed" society, how can we trust the others? If you get caught conducting espionage through one of your industrial operations, it will damage the revenue potential of your other companies as well.

    It's clear you want to bring your populace into the middle class. The backlash against this, if it ripples to your other industries, could seriously undermine your efforts.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    What if every country starts recommending vendors based on security concerns?

    Posted by Larry Dignan

    Then the worldwide telecom industry would come to a grinding halt.

    Our telecom and network infrastructures are security nightmares, no matter what country they come from.

    Corporations want to foist the costs of security onto government, while the current Congress is ideologically opposed to expanding government. But the fact is that it requires a public/private partnership to improve IT practices and to test and certify critical IT equipment.

    Robin Harris

    I am for Yes

    Well, we do, sort of.

    The U.S. has all sorts of requirements for agencies and military branches specifying the companies or requirements for companies to purchase from. We have export rules, as well, that governs when certain technologies can leave the U.S. We also have (limited) consumer import rules, and if – for example – we deem a certain foreign crop unsafe for consumption, we block it at our ports.

    Unsafe technology is no different. If a foreign nation wanted to sell us poisoned products (like the Chinese toys made with lead paint), we’d do our best to protect our consumers. Tainted technology should also be blocked. If a foreign vendor wants to sell in the United States, they have to sell quality products, not products designed to undermine, rip-off, hurt, or steal from their customers.

    David Gewirtz

    I am for No

  • Great Debate Moderator

    Thank you Robin and David...excellent debate

    And thank you readers for joining us. The debaters will deliver their closing arguments tomorrow; then look for my final verdict at 2pm ET Thursday. And don't forget to cast your vote.

    Posted by Larry Dignan

    Thanks for inviting me.

    Robin Harris

    I am for Yes

    Always a pleasure

    David Gewirtz

    I am for No

Talkback

44 comments
Log in or register to join the discussion
  • watch the smart guys at work

    FX already found and demonstrated serious buffer overflow holes in Huawei routers at the July DefCon. Fortunately foolish misinformed types like Harris who spout their ignorance all over the internet are not running this show.
    Stroyde
    Reply 1 Vote I'm for No
  • How I wish that were true...

    "Only by integrating China into the world economy do we give them incentive to behave."

    Oh how I wish that were true.
    CobraA1
    Reply 3 Votes I'm Undecided
    • Robin mentions that

      "Huawei and ZTE should fund a US security lab, staffed by Americans with security clearances, to beat up their gear and test for backdoors.should fund a US security lab, staffed by Americans with security clearances, to beat up their gear and test for backdoors."

      Good question - why haven't Huawei and ZTE offered that up? Are they afraid of something?
      William Farrel
      Reply Vote I'm Undecided
    • Thanks to melamine, lead, drywall,

      slave labor conditions, and a list as tall as the Empire State Building, the history of China's inclusion has not been anywhere near what the rainbow unicorn peddlers have suggested. China has not behaved, and who is responsible - their government, their companies and the management (since workers who don't do what management says are "insubordinate"), or anything or anyone else...
      HypnoToad72
      Reply Vote I'm Undecided
  • Email Links

    Any chance you can fix the links in the zdnet emails? The one for this debate just goes to the zdnet home page. Same with the previous debate as well.
    DJL64
    Reply Vote I'm Undecided
    • Must be because of a ...

      Chinese router!
      Bradish@...
      Reply Vote I'm Undecided
      • Hungry...

        I just had a Chinese router an hour ago and now I'm hungry again.
        gribittmep
        Reply Vote I'm Undecided
  • Keep your friends close

    and your enemies closer!
    ElTel
    Reply Vote I'm for Yes
  • To many GOOD American companies out there like Enterasys to bother with ZTE

    They may be great products but there are to many GOOD American companies out there. Companies like Enterasys/Siemens who have a great enterprise security network platform to bother with anything questionable at this point.
    dwayneair@...
    Reply Vote I'm for No
    • Oy...

      Now hold on here. This debate is not touching on key issues here. They barely referenced the actual report, and at least half of this debate is them taking shots at each others remarks.

      Also, David calls for Hauwei to be moved to completely open source. I doubt Cisco or other competitors would ever do that, so why should they?

      Stryode, get real! That is an exploit, its going to be pretty tough for you to convince me that an EXPLOIT was put there purposely as a backdoor (esp, a buffer overflow). I mean, Windows has issues every time a new patch comes out, yet I don't see you questioning them.

      I don't see you questioning Cisco Safeharbor for telling me NOT to update to a certain patch to ensure my network setup is stable.

      It appears that once again the public can't distinguish GOVERNMENTS from CORPORATIONS. Yes, China is quite heavy handed in dealing with their own corporations as well as external corporations. But how many companies over here do research for the US government? How many former military men and cops are in high positions in the IT world in the US? How many corporations would fold if the government asked for information?

      I agree with Robin, and add my own information:

      It is a security professionals JOB to ensure that everything they put on their network is safe. NOT THE COMPANY THEY BUY FROM.

      Also, it is a security professionals job to assume anything that is untested is unsecure.

      Simple as that. It doesn't matter what company it came from, or what country. If your allowing compromised products on your network, your not doing your job. And sure, as scary as it sounds for an entire network to fall into the hands of the Chinese at the click of a button, use your technical knowledge and remember how improbable it is.
      Theory5
      Reply 1 Vote I'm Undecided