The Huawei risk should be managable

The damning indictment came in a year the Chinese telco equipment manufacturer was banned from tendering on a large national broadband contract in Australia and prompted a very simple question via email from a reader of my personal blog:

"Are the US being paranoid? Or not?"

Having worked as a designer (and patented inventor) of network resilience and security features on secure comms projects from 1997 to 2005 I feel qualified to answer.

No, the US are not being paranoid.

But this is just the start of a rich and complex question.  Had I been asked:

"Should the UK government ban Huawei from national telco projects here?"

My answer would simply be a resounding "no!"

So how can I acknowledge a credible threat on one hand and yet tacitly accept that I'm happy for UK telcos to route my internet traffic via Huawei equipment?

Because the risks are manageable and preferable to the alternative - a pre-qualification and security vetting procedure for civilian infrastructure projects - as this will inevitably lead to protectionism, inflated prices and hamper innovation.

So what exactly are the risks?

It's tempting to see network equipment such as that manufactured by Huawei as sitting at the heart of the internet.  

Therefore if you're a subscriber to an ISP using Huawei equipment you might fear Huawei will 'see' all your internet traffic and have the potential to play devious tricks, such as routing your banking transactions via Shanghai.

But this is somewhat simplistic and ignores a few pretty major practicalities.

Firstly, the internet is a distributed technology, a matrix of inter-connected autonomous networks; it does not have a heart, it has many hearts.

And secondly the damage that can be done at a network level is limited, particularly because we design equipment with an expectation of threats in the network.  

Equipment which connects to the internet is more secure because data travels over many autonomous networks, networks we can't always trust.  

Like an animal and its immune system we can't stop all pathogens getting into the network, but threats which haven't so far brought the internet to its knees have made it stronger.

A threat in the network and a double-edged back door

Network threats fall into two basic categories: data capture and man-in-the-middle attacks.

Data capture is pretty self explanatory.  It involves capturing some or all of the data packets being routed and represents an obvious privacy threat. 

A man-in-the-middle (MITM) attack typically involves injecting some data to achieve an aim. For example, an MITM attacker could impersonate my internet bank, steal my credentials and drain my account.

Looking at the privacy threat, capturing the data is only a small part of the challenge for an attacker.  The data needs to be processed in a meaningful way and relayed back to the attacker.

Given the sheer volume of traffic even for a single internet user it is simply not practical to clone the entire data stream and direct a copy at, say, China.

Therefore some local processing is necessary for either spying (data capture) or for nefarious network injection attacks (man-in-the-middle).

Local processing - ie. on-board data filtering, pattern matching etc - needs to be controlled.  Back door access to the equipment is required, instructions need to be received from, and results sent back to, the [overseas] attacker - undetected.

Whilst this is certainly possible, bordering on likely, the more it is done the higher the chance of detection by ISPs or security services, especially given the international angle as it should be reasonably easy for the likes of GCHQ to monitor patterns in most international traffic.

There's also a risk that any back door used to control network equipment would be discovered and exploited by a third party, turning one nation's attack vector into a major vulnerability for its own national infrastructure.

Whilst there is a credible threat in the network, the risk is self-limiting.  

A far bigger privacy threat exists in the compromising of user equipment, either via the operating system or third party software installed.  

Even more can be learned from poking around on a target's computer or smartphone than can be gleaned from remote monitoring of network equipment and piecing the bits and bytes back together, and the risk of detection is arguably lower.

A self-limiting threat; a one hit wonder

Could China turn-off our internet? Not if we don't try and centrally manage the internet.

By promoting competition between multiple independent ISPs we should maintain a diverse infrastructure built using equipment from multiple manufacturers thereby reducing the possibility of a common-mode failure or vulnerability.

Given this, if a foreign nation ever tried to cause substantial disruption to our networks it is highly unlikely the damage would be total, long-lived or repeatable. 

Any significant attack would in all likelihood be detected and quickly isolated; and the overall damage, whilst not insignificant, should be contained.

Of course there's always a risk that the government in its wisdom may feel compelled to try and eliminate this risk entirely, and in doing so create one single homogenised network; it certainly feels like this is an unstated aim in its willingness to hand broadband subsidies over to British Telecom.

But because of the underlying distributed nature of the internet and because it has had to continually adapt to network threats the overall risk from Huawei or any other network equipment manufacturer should be manageable and preferable to alternative restricted approaches to building networks.

Copyright © 2012 IDG Communications, Inc.

Shop Tech Products at Amazon