Huawei's retail store in downtown Chengdu, China

Huawei's retail store in downtown Chengdu, China B.Zhou / Shutterstock

Ideas

Cyber Deterrence Done Right: The Coordinated Actions Against Huawei

By marshalling the collective power of its allies, the U.S. may have finally found a model for imposing costs on cyber adversaries.

Annie Fixler

|
Foundation for Defense of Democracies

An arrest in Canada. Another in Poland. Government bans in CanberraWellington, and Tokyo. Corporate snubs and ostracism in South KoreaBritainGermany, and France. The loss of purchase orders by one of the world’s largest wireless providers. And now a 13-count indictment by the U.S. Justice Department. It has been a bad few months for Chinese telecommunication titan Huawei. Unleashing the collective power of its democratic allies, the United States may have finally found the formula for imposing real costs on its cyber adversaries. 

The indictment unsealed on Jan. 28 alleges that Huawei willfully violated U.S. sanctions on Iran and repeatedly lied to U.S. financial institutions and federal authorities about Huawei’s business in Iran. The sanctions violations began in 2007 and continued after investigative reporters revealed Huawei’s involvement in human rights abuses in Iran and its transfer of U.S. technology products to Iran in violation of U.S. sanctions and export controls. Reporting earlier this year revealed that Huawei is also operating in Syria

A separate indictment unsealed the same day describes how “Huawei intentionally conspired to steal the intellectual property of an American company in an attempt to undermine the free and fair global marketplace,” according to FBI Director Christopher Wray. The indictment details a directed espionage campaign complete with bonuses for employees who stole valuable trade secrets. This is not the first time the company has been accused of intellectual property theft. In 2004, Huawei settled claims for misappropriating and copying Cisco’s source code. Huawei settled another case brought by Motorola in 2011.

The company has long been under scrutiny for ties to the ruling Chinese Communist Party. A 2012 Congressional investigation revealed a “potential pattern of unethical and illegal behavior by Huawei officials” and accused the company of providing “special network services to an entity” believed “to be an elite cyber-warfare unit” of the People’s Liberation Army.

But where previous investigations and lawsuits appeared to make no measurable impact on the company’s growth, the new coordinated campaign by U.S. allies and aggressive diplomatic outreach by Washington is beginning to take its toll. At Davos last month, Huawei Chairman Liang Hua admitted that the company may withdraw from countries where it does not feel welcome

The synchronized steps by the United States and its allies against Huawei build on the diplomatic efforts earlier in the Trump administration to issue joint condemnations of North Korea and Russia for the 2017 WannaCry and notPetya attacks, respectively. Attribution alone is not a cyber strategy, but it does communicate to U.S. adversaries that they cannot rely on the plausible deniability of cyber operations to avoid retaliation. Together, Washington and its allies can thwart that advantage.

These coordinated efforts demonstrated that joint punitive actions can be more powerful than unilateral measures. When the United States and European Union banned equipment and software from Russia’s Kaspersky Lab within three days of each other, the company’s CEO lashed out in frustration. But to date, these have all been ad hoc initiatives. It is time for Washington to create a standing consortium of likeminded nations to identify companies and technology that pose risks to the integrity of critical infrastructure and communications systems and take joint action to excise them from allied systems.

This coalition of the willing can share intelligence about potentially nefarious software or hardware providers so that each nation can take steps to protect its own networks. The U.S. and its partners should also exclude products from companies that benefit from cyber and traditional intellectual property theft since these companies gain unfair economic advantages. There will no doubt be economic costs to banning cheap but insecure products, but the coalition will also create market incentives for Huawei’s competitors who can meet the need for alternative, more secure information technology supply chains.

Together, a cyber coalition of the willing can open the innovation floodgates by protecting private companies from being undercut by Chinese competitors who steal intellectual property and rush to market. A meticulous study by the bipartisan IP Commission found that intellectual property theft diminishes the incentive to innovate. Instead, the cyber coalition can ensure that companies that invest in research and development will be able to reap the commercial benefits of their innovations.

As trust and intelligence-sharing mature, this coalition should take the next step toward becoming a true cyber alliance. The alliance could begin to jointly create and field new capabilities to protect the networks upon which its members depend for security and prosperity. The United States and its allies must also invest in long-term, strategic research and development. The technology battlefield is where the American economy and national security are most at risk. Collaboration with our closest allies is our best defense.

NEXT STORY: Two Ideas That Might Stop a Post-INF Arms Race, and One That Won’t

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.