09 October 2012

China, Cyberwar and your Phone Company

Why we are not paranoid about Huawei

Yesterday, the House Permanent Select Committee on Intelligence published a watershed report highlighting the strategic importance of telecommunications equipment and recommending that US companies not buy gear from either Huawei or ZTE. News coverage of this topic has been widespread, including 60 Minutes and The Wall Street Journal.   The primary fear is that Huawei and ZTE will insert "back doors" into telecom equipment that will allow the Chinese government to disrupt or intercept communications inside American networks.

Such back doors are not unheard of.  Although few are reported publicly, there are publicly known examples of large-scale telecom exploits, like

Whatever Huawei says about "just being a business", do not doubt that the Chinese government can induce a Chinese company into supporting its missions, through coercion, payment, regulatory favors or even simple patriotism.  While some may try to pass off these concerns of the US government as xenophobia or paranoia, there are enough publicly-exposed precedents just in recent years to justify concern, and you can be sure that the people in the intelligence community who raise these concerns are aware of other incidents that were never publicized.  This is not paranoia.  The concerns raised by this report must be taken very seriously.

Multiple threats to US carriers

The internet was designed with the assumption that there are malicious actors inside the network, but telephone systems are different.  The SS7 network, on which the public telephone and cellular networks run, is a true "network of trust", with few internal security controls.  Once malicious code is introduced into a telephone company's core network, there is very little that can be done to control it.  This is what Rep. "Dutch" Ruppersberger, ranking Democrat on the intelligence Commitee meant when he said, "In the telecommunications world, once you get the camel's nose under the tent, you can go anywhere."  This is why the introduction of suspect equipment into US telephone networks raises such serious alarms, much stronger alarms than in the IP routing world.  In some cases, the government has already intervened directly to stop large companies from purchasing suspect equipment, but small companies may make such purchases and not be noticed until after the fact.

Not being noticed does not mean there isn't risk for carriers.  The government could take actions post-facto to limit the perceived security threat.  One measure might be to refuse new spectrum licenses to limit geographic extent of the threat.  Another measure might be to prevent the merger or purchase of the company to prevent the suspect equipment from infiltrating into larger networks.  Either of these actions would be devastating to the growth and valuation of the affected company.  Whether the suspect equipment is a real threat to security or not (and I would wager that it is), just having the government take such a strong position against these vendors makes their equipment a threat to the businesses who use it.


The immediate solution, and the strong advice of the government today, is for carriers avoid Huawei or ZTE equipment.  But this issue of Chinese back doors raises a larger question of how to determine the trustworthiness of any telecom system, Chinese or otherwise.  The real answer is open source software.  By "open source", I am not necessarily referring to software that is released to the public, but simply referring to software that can be provided to customers in source code form.  The license may be GPL or may be something more restrictive, but by allowing end users to review source code and build their own binaries, either for installation or comparison, everyone involved in the process can insure that the software is what it claims to be.  So far, the selection of open source software for cellular and core networks is limited, but it is growing, with products like OpenBTS and yate, and projects like Osmocom.  Security is just one more reason that these products represent the future of telecommunications.

(David Burgess is the lead developer of the the OpenBTS software and co-founder and CEO of Range Networks.)

Follow-up Comment

An advisor to our company read this post and asked some questions: Why is the open source solution adequate? What about hardware? Those questions go to an excellent point, that the open source approach cannot end just with the application source code, but must go down to "bare metal", including operating systems, device drivers, firmware and device schematics. For an "old school" approach, with custom chips and lots of special-built circuit boards, that is anathema, because astronomical development costs and hazy legal standards (like the copyright status of a circuit board) justify strict non-disclosure controls on the intellectual property. But as modern systems move toward commodity hardware, this becomes less of an issue, since more and more of the functionality (and value) of a system can be expressed in source code and protected with well-established copyright law.

I Almost Forgot...

The OpenBTS test network at Burning Man was a great experience.  We had a world-class team and used the unique environment of Black Rock City to run a lot of experiments, with SMS applications, yate, Tropo, and handover.  The detailed results are written up at in the public wiki, including coverage estimates, traffic statistics, photos, and links to other reports.