No Man An Information Island: How Tech-Nationalism, US Huawei Ban Harms Global Cybersecurity Efforts

A Closer Look At A Growing Trend in Cyber-Protectionism

According to an EastWest Institute report, tech-nationalism is the "direct or indirect measures" favouring ICT products and services from companies headquartered domestically in allied states against firms from competitors or adversaries.

The report wrote that increases in "nationalist and isolationist tendencies" undermined multilateral systems, as well as 'weaponised' international trade for geopolitical objectives were examples of tech-nationalism.

Tech-nationalism included forcing foreign companies to meet "enhanced requirements" such as inspections on source code, partnering with domestic companies and "banning specific foreign products or companies", the report added.

Mohammad Javad Azari Jahromi, Iran’s ICT minister, said at a World Economic Forum event last year that blocking tech firms over potential "backdoors" was irrational and governments should assume that all tech companies use them.

China should enhance interdependence by renewing calls for "win-win collaboration" while respecting security concerns, Pan Jiafeng, president of the Institute of Science and Development at the Chinese Academy of Sciences, said at the time.

The statements come as the world's largest telecom equipment provider, Huawei Technologies, remains embroiled in a trade war with the US, with many countries mulling whether to allow the Chinese tech giant to build national IT networks.

The Shenzhen-based firm responded by publishing its position paper on cybersecurity, outlining the need to "evaluate risks in a rational, objective, and evidence-based way," it read.

"If we focus our attention on irrelevant factors like vendors' country of origin, it will only delay the resolution of security issues. If our approach to risk is based in emotion or bias, then our outcomes will be uncontrollable and we will be unable to achieve our security goals," the report read.

Common Frameworks Promote Policy of Transparency, Accountability - Huawei West Europe Official

Huawei officials discussed concerns over the global rise of tech-nationalism in an event in mid-May, where the Chinese tech giant called for a common framework for tech industry standards.

Speakers at included Bob Xie, Huawei chief security officer in Western Europe, Andy Purdy, Huawei chief US security officer, John France, head of industry in security at GSMA and Chris Mitchell, Royal Holloway College professor at the University of London.

Huawei's work with the GSMA and 3GPP built new industry standard on 5G, with the tech firm passing key audits in March and set to pass further tests in June, Mr Xie said.

The European Union's Cybersecurity Act will enter force on 28 June, which will task the European Cybersecurity Agency with forming a unified cybersecurity agreement on standards, he explained.

Manufacturers and telecom operators could conduct basic EU cybersecurity assessments, with national and high level assessments taking place in national cybersecurity centres and labs, he stated.

Germany led the EU in cybersecurity policy and applied a unified set of standards to all vendors, he said, adding that critical components in end-to-end networks would face similar verification processes in the future.

Huawei's cybersecurity lab in Bonn was built in 2018 to address and collaborate on such standards, he added.

"We believe that cybersecurity can be verified by [systems] based on common standards, and that can build trust," he said.

Speaking on the need for Huawei's lab in Brussels, he said: "Because it's easier to work with the European Union and stakeholders. Because we believe that unified verification standards can benefit us and carriers in the EU and globally."

ICT Assurance and Transparency A "Shared Responsibility" In Cybersecurity Governance - Huawei US Official

Speaking further, Mr Purdy urged markets to incentivise telecom providers meeting "risk-informed" procurement requirements for customers and information and communication technology (ICT) sellers.

"The community should call upon us, our competitors and third-party providers to meet these requirements" as well as set minimum-industry standards and practices for "assurance and transparency" from the 3GPP, GSMA and others, he said.

Regional transparency centres built to test and evaluate products would help build trust in the ICT community, he said.

Further calls to action should include offering incentives to experts to strengthen transparency and assurance, as well as international norms to reduce the risk of malicious activity, he added.

Evaluating ICT equipment suppliers was a "shared responsibility" between telecom and mobile operators controlling most activities on networks and third-party suppliers, he said, adding boosts in R&D investment could increase transparency.

'Global trust agreements' similar to the General Data Protection Regulation (GDPR) could also enforce "major consequences for companies who steal intellectual property, put in back doors or cause malicious conduct", he added.

The comments came ahead of Downing Street's announcement that it had "sought new entrants" in the UK telecoms market to help compete with Huawei and other Chinese firms, with the National Cybersecurity Centre stating it would assess the consequences of removing the Shenzhen-based firm's telecom equipment from national IT networks. 

The Trump administration extended a ban on Huawei, ZTE and over 70 Chinese tech firms a further year, citing claims the companies could be used to spy for the Chinese government. Both Beijing and Huawei have sharply and repeatedly refuted the allegations and urged Washington to provide evidence for its claims.