Cyber Deterrence Done Right: The Coordinated Actions Against Huawei
By marshalling the collective power of its allies, the U.S. may have finally found a model for imposing costs on cyber adversaries.
An arrest in Canada. Another in Poland. Government bans in Canberra, Wellington, and Tokyo. Corporate snubs and ostracism in South Korea, Britain, Germany, and France. The loss of purchase orders by one of the world’s largest wireless providers. And now a 13-count indictment by the U.S. Justice Department. It has been a bad few months for Chinese telecommunication titan Huawei. Unleashing the collective power of its democratic allies, the United States may have finally found the formula for imposing real costs on its cyber adversaries.
The indictment unsealed on Jan. 28 alleges that Huawei willfully violated U.S. sanctions on Iran and repeatedly lied to U.S. financial institutions and federal authorities about Huawei’s business in Iran. The sanctions violations began in 2007 and continued after investigative reporters revealed Huawei’s involvement in human rights abuses in Iran and its transfer of U.S. technology products to Iran in violation of U.S. sanctions and export controls. Reporting earlier this year revealed that Huawei is also operating in Syria.
A separate indictment unsealed the same day describes how “Huawei intentionally conspired to steal the intellectual property of an American company in an attempt to undermine the free and fair global marketplace,” according to FBI Director Christopher Wray. The indictment details a directed espionage campaign complete with bonuses for employees who stole valuable trade secrets. This is not the first time the company has been accused of intellectual property theft. In 2004, Huawei settled claims for misappropriating and copying Cisco’s source code. Huawei settled another case brought by Motorola in 2011.
The company has long been under scrutiny for ties to the ruling Chinese Communist Party. A 2012 Congressional investigation revealed a “potential pattern of unethical and illegal behavior by Huawei officials” and accused the company of providing “special network services to an entity” believed “to be an elite cyber-warfare unit” of the People’s Liberation Army.
But where previous investigations and lawsuits appeared to make no measurable impact on the company’s growth, the new coordinated campaign by U.S. allies and aggressive diplomatic outreach by Washington is beginning to take its toll. At Davos last month, Huawei Chairman Liang Hua admitted that the company may withdraw from countries where it does not feel welcome.
The synchronized steps by the United States and its allies against Huawei build on the diplomatic efforts earlier in the Trump administration to issue joint condemnations of North Korea and Russia for the 2017 WannaCry and notPetya attacks, respectively. Attribution alone is not a cyber strategy, but it does communicate to U.S. adversaries that they cannot rely on the plausible deniability of cyber operations to avoid retaliation. Together, Washington and its allies can thwart that advantage.
These coordinated efforts demonstrated that joint punitive actions can be more powerful than unilateral measures. When the United States and European Union banned equipment and software from Russia’s Kaspersky Lab within three days of each other, the company’s CEO lashed out in frustration. But to date, these have all been ad hoc initiatives. It is time for Washington to create a standing consortium of likeminded nations to identify companies and technology that pose risks to the integrity of critical infrastructure and communications systems and take joint action to excise them from allied systems.
This coalition of the willing can share intelligence about potentially nefarious software or hardware providers so that each nation can take steps to protect its own networks. The U.S. and its partners should also exclude products from companies that benefit from cyber and traditional intellectual property theft since these companies gain unfair economic advantages. There will no doubt be economic costs to banning cheap but insecure products, but the coalition will also create market incentives for Huawei’s competitors who can meet the need for alternative, more secure information technology supply chains.
Together, a cyber coalition of the willing can open the innovation floodgates by protecting private companies from being undercut by Chinese competitors who steal intellectual property and rush to market. A meticulous study by the bipartisan IP Commission found that intellectual property theft diminishes the incentive to innovate. Instead, the cyber coalition can ensure that companies that invest in research and development will be able to reap the commercial benefits of their innovations.
As trust and intelligence-sharing mature, this coalition should take the next step toward becoming a true cyber alliance. The alliance could begin to jointly create and field new capabilities to protect the networks upon which its members depend for security and prosperity. The United States and its allies must also invest in long-term, strategic research and development. The technology battlefield is where the American economy and national security are most at risk. Collaboration with our closest allies is our best defense.