back to article Why worry about cost of banning certain Chinese comms providers? Fire Huawei, says analyst

The cost of banning Huawei from European 5G markets would be minimal, and not significantly slow the deployment of upgraded networks, according to an analyst whose opinion flies in the face of some mobile operators. Strand Consulting said it believes the cost of ripping and replacing Huawei equipment could be as low as $3.5bn …

  1. Duncan Macdonald Silver badge
    Stop

    Huh ?

    So spend $3.5bn to replace the possibility of being spied upon by China with the certainty of being spied upon by the USA.

    How much did Cisco pay this "analyst" to get this report ?

    As for the USA having a leading position in 5G - ROFL.

    1. Anonymous Coward
      Anonymous Coward

      Re: Huh ?

      It's a 'One Person Consultancy' business, I didn't even know they still exited.

      They were kinda hot during the mobile boom in the 'naughties. When Ericsson and everyone else needed media stories about our bright and glorious future to sell their wares, and their stocks.

      The Cold War is rebooting and all these 'You pay, we play!' 'experts' and 'consultants' come crawling out of retirement, telling Europe what to do and how to think, only this time it is more blatantly for the benefit of American Business interests and the detriment of ours.

      PS: I don't think Cisco paid, maybe some UK LLP shell company with ties to Langley, Virginia, did?

    2. LDS Silver badge

      "with the certainty of being spied upon by the USA"

      Nokia/Alcatel and Ericsson aren't US companies. I can't see why EU shouldn't promote its own companies, even when CEOs are just looking at the Chinese discounts and drooling over what it means for their bonuses.

      1. Anonymous Coward
        Anonymous Coward

        Re: "with the certainty of being spied upon by the USA"

        If you consider a company's nationality to depend on where their HQ is, then sure, they aren't American

        But Nokia have extensive American operations - the Lucent half of Alcatel-Lucent, some product lines that Alcatel themselves had (like their 7x50 routers and derivatives, coming from Silicon Valley startup Timetra)

        Works the other way of course - I used to work on a major Cisco product line where all of the R&D happened in a couple of European countries, originating from two companies that merged and then Cisco bought out - does that make the products American or not?

    3. YJotta

      Re: Huh ?

      European companies aren't American.

      Being cynical does not equate to being intelligent.

      1. Michael 43

        Re: Huh ?

        By not being cynical for sure means there can be no intelligence !

    4. DougS Silver badge

      Re: Huh ?

      Even if you assume that Nokia & Ericsson will help the US spy on you the only way to avoid it would be to rip and replace all their gear and go 100% Huawei. I guess that much larger cost is worth it to you if you think US spying is worse than Chinese spying.

      The bigger concern is that all telecom gear is rife with security holes, and even the basic protocols like SS7 have issues built into them. So you will probably get spied on by all the major powers regardless of who you buy from.

    5. pomegranate

      Re: Huh ?

      I wonder what failure modes we’re considering here? What British secrets the US or Chinese governments might be after? Troop movements? Military planning? Business or industrial information? Communications of dissidents? Consumer demographics and advertising targeting?

  2. Anonymous Coward
    Anonymous Coward

    Funny that......

    .......I NEVER heard anyone complain that the internet runs on a single supplier's kit (well mostly).

    *

    And who would that be? Cisco Systems of course!

    *

    And would it be that IOS has never had any bugs, and was never suspected of allowing taps on internet traffic? Of course not!!

    *

    Ah......but it's really those naughty Chinese people doing stuff that no one else would even contemplate.......Uh oh!!....I forgot about the Snowden stuff....silly me.

    1. EnviableOne Bronze badge

      Re: Funny that......

      theres more juniper brocade and xtreme kit in the core

    2. Muscleguy Silver badge

      Re: Funny that......

      And of course our own spooks are are heavily involved. I wouldn't be surprised if after Brexit the EU starts running cables to the US from Spain/France to opt out of our spooks' surveillance.

      And of course if you'e an 'enemy of the state', a climate protestor perhaps, a seditious Scottish independence campaigner or a member of CND. I lay claim to the last two. People are known to have MI5 files for less.

      I don't think I'm worth it, I'm just a foot soldier, but that doesn't seem to stop them.

  3. m0rt Silver badge

    "Companies know that the main threat they face in terms of cyber espionage and hacking comes from China."

    Do they really know that? Or is just repeating the other people who also state that with the same source worthiness?

    1. gnwiii

      The US was not like China

      Historically, the US presented a very different threat profile compared to China. US spying targeted governments and terrorist organizations, not industry. US taxpayers paid the bills, so the US government didn't need hacking for profit. The US has a history of cooperating with other countries to combat hacking for profit. The US once had effective whistle-blower mechanisms (intended to provide a way for someone like Snowden to pass information to overseers), Congressional oversight, and an independent court system. Before the Trump administration, a US entity found hacking for profit would have been shut down and faced legal proceedings. In

      practice, many such hacks come from jurisdictions beyond the reach of US and EC authorities.

      Today, the biggest security problem for individuals is the potential for leaks from data compiled by the "internet giants" and large corporations. These data are used in a variety of ways that involve internet access, and there have been many examples where "for profit" hackers have stolen data.

      We should be focusing on internet infrastructure without examining mechanisms (whistleblower protection, independent oversight and courts) to ensure that bad behavior can't be hidden and that bad actors are punished.

      1. Nick Kew Silver badge

        Re: The US was not like China

        US spying targeted governments and terrorist organizations, not industry.

        Not true. Not even true a generation ago in (at least the tail end of) the Cold War era.

        Google 'Menwith Hill' to find documentaries on the subject from reputable sources in the mainstream media.

      2. ThadiasVonBasterd

        Re: The US was not like China

        The Snowden leak happened 3 years before trump was elected, US "security" organisations have been spying and hacking for profit long before Trump got into power.

    2. YJotta

      It's very common knowledge, based on statistics and facts.

      Try again.

  4. Andy The Hat Silver badge

    No Huawei!

    Chinese kit : those pesky Chinese will might hack us ... possibly ... despite there being no evidence of state backed 'holes'.

    USA backed kit : easily hacked with hardcoded back doors and shown to be used by the USA state surveillance system.

    Do you trust Mr Orange or Winnie the Pooh? Make your choice.

    1. Chris G Silver badge

      Re: No Huawei!

      I'll go with Winnie, it seems both are bent on (at minimum) dominating Europe economcally but the Jaffa and co are on a shorter timeline.

      Plus they have military bases and all the hardware for eavesdropping already installed.

    2. Anonymous Coward
      Anonymous Coward

      Re: No Huawei!

      Let me fix this for you:

      "USA backed kit : easily hacked with hard coded protocols used by the USA, Europe and many other countries for "lawful interception"

      China backed kit : the same but from China."

      It's not a "back door" if the vendors publish documentation around the functionality and law enforcement publish it as a requirement.

      It's almost as if the state-mandated tapping of communications is a requirement rather than optional...

    3. Ian Emery Silver badge
      Pirate

      Re: No Huawei!

      Much faster to call them BOB and WTP, leaves more time to troll US users on Twitter and Quora.

  5. big_D Silver badge

    Fixed...

    CEO John Strand told The Register: "This is an important debate to have. Companies know that the main threat they face in terms of cyber espionage and hacking comes from China the USA any foreign country. They also know that the Chinese the US any government controls Chinese US their equipment makers."

  6. Pascal Monett Silver badge
    Mushroom

    I'm getting tired of this bullshit

    So, China has its fingers in Huawei, hmm ? And nobody mentions that the NSA has access to Cisco equipment ? If you're beating the security drum, beat it all the way.

    The main hacking threat comes from China ? Really ? So Russian hackers are not that much of a threat, then ? All the data encryption and ransomware we have heard about this year came from China ? I don't think so. And let's not forget North Korea. I seem to recall a lot of fuss centered around a state-sponsored Nork team, but that is not important anymore now, right ? Riiight.

    Strand Consulting is obviously just another Trump muppet, spouting the bull and spreading the FUD. He's toeing the line, dumping on China and waving unicorns. The US has achieved nothing in 5G. Show me the market using it before telling me how good you are.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm getting tired of this bullshit

      It's a private contractor. Basically a one-person business running from an office hotel located at an address in a good part of central Copenhagen. 'Strand Consult Aps' is registered under the main name of 'DIALOG MANAGEMENT ApS', but, same owner/CEO as always :).

      Info here (nasty url, if it doesn't work the CVR-number 20044586 will).

      https://datacvr.virk.dk/data/visenhed?enhedstype=virksomhed&id=20044586&soeg=Strand%20Consult%20ApS&type=undefined&language=da

      1. JClouseau
        Coat

        Re: I'm getting tired of this bullshit

        "Basically a one-person business"

        That's harsh, from the link you provide we can see that it's actually a "2-4 employees" company ;-)

        5G apart (and I'm still not sure about the usefulness of this) I do hope Trumpy gets off Huawei's back some day. Or gets impeached. Just bought a (very nice) Huawei tablet to one of the kids and if at some point she doesn't have access to the Play Store anymore I'll get into serious trouble.

        I know, alternate stores, sideloading APKs and all, but that was not the general idea when buying an Android tablet.

      2. Anonymous Coward
        Anonymous Coward

        Re: I'm getting tired of this bullshit

        Here: Working link

        Although, according to that link, John Strand was terminated in 2016, when Knud William Strand took over. So perhaps this is the wrong entry?

    2. Anonymous Coward
      Anonymous Coward

      Re: I'm getting tired of this bullshit

      Agreed, The BS level is really high.

      And this:

      "Strand said it is illogical to think the Chinese government has effectively locked down the country's communications networks but allows hacking to carry on."

      Who thinks the Chinese gov has comms locked down? Not somebody who's ever been to China, or even knows anybody living in China. VPNs there are a mainstream thing for anybody who wants to get through the GFW. It's well-known by regular phone users, not just tech-savvy types. And that's not even considering how common computer crimes are there, with dodgy websites, WeChat accounts and phone numbers.

      Oh yes, they do censor heavily, but that's not anywhere near an "effective lock down".

      Fearmonger and BS-peddler.

    3. Anonymous Coward
      Anonymous Coward

      Re: I'm getting tired of this bullshit

      "And nobody mentions that the NSA has access to Cisco equipment ?"

      Look through this thread and almost all anyone mentions is that Cisco snoops on you. And the NSA did it across Cisco/Fortinet/Juniper devices and appear to have alternative solutions for Checkpoint (OS level) and Palo Alto (SSL VPN client bugs that allowed significant levels of access).

      The idea that you can buy an alternative product and avoid these issues is ridiculous - if the state level intelligence agencies target you and your defences consist of a single unmonitored device, you

      The challenge with 5G is that you're not just buying the hardware, you are also buying support access from your vendor and support/licensing for a very visible service. While this is carefully controlled, in my view, the challenges are around the supply side of security rather than necessarily back doored equipment.

    4. YJotta

      Re: I'm getting tired of this bullshit

      No, the main hacking threat is from China. It's not a debate.

      Anyone with any involvement in InfoSec knows this, some outside of the industry know it too, unfortunately they require brains.

      Some people know not to comment on things they have no clue about, take that into consideration next time. trump is nazi btw

      1. Yes Me Silver badge

        Re: I'm getting tired of this bullshit

        "the main hacking threat is from China"

        That is amazingly irrelevant to the choice of supplier. Actually it means that Huawei is probably better at defeating Chinese hackers than the EuroAmerican companies are.

      2. ThadiasVonBasterd

        Re: I'm getting tired of this bullshit

        Have you noticed how not everyone in infosec agrees with you? Anyone with a brain would maybe stop and think that there is a reason for that? but no not you. You are the smartest man in the room, Always, Even when you don't know what on earth you're talking about.

        Trump is a national socialist is he? Get your head out of your arse. You realise nearly every one of his kids is married to a Jewish person right? Kosher step children isn't really a nazi thing.

        you realise he is in no way a socialist right? he is a capitalist. He is a businessman.

        No of course you don't. Not everyone you disagree with is Hitler. grow up.

    5. DougS Silver badge

      Look at how much of the Cisco spying was done

      The NSA/CIA was intercepting packages in shipment and modifying the hardware itself. That's always been their preferred method because they can insure their access will survive discovery of whatever holes they used (or planted, if you are suitably paranoid though Cisco code is buggy enough no one needs to go to the trouble of adding more bugs)

      The use of "0 days" like the one in the article you link to is what they do for more casual spying, but in a targeted attack they want to their hands on the hardware. Presumably via some type of black bag operation where the package is stolen from a Fedex warehouse or something and then reappears a couple days later. So if you are a high priority target and your tracking info goes dark and then comes back with a day or two long gap where the package didn't move, time to worry!

  7. iron Silver badge

    At least that's another Trump shill identified.

  8. Alister Silver badge

    CEO John Strand told The Register: "This is an important debate to have. "

    Except you don't seem to want a debate, just impose your (flawed) opinion on everyone else.

  9. alain williams Silver badge

    Cyber espionage does not just come from China

    So should we also ban kit from other vendors where there have been allegations (true or otherwise) of back-doors ?

    The ONLY way round this is to use open source firmware in all of your routers - that you install yourself. This is not a guarantee of no back-doors but it makes placing them much harder. Yes: the hardware might be compromised, but this is more difficult.

  10. sal II

    ROFL

    "Strand believes the US has achieved "a leading position in 5G" ROFL

    Stopped reading at this point, the man is clearly delusional and/or sponsored.

  11. LeahroyNake Silver badge

    How much?

    'as low as $3.5bn or $7 per subscriber.'

    As this is concerning Europe maybe that should have been €?

    Cisco sort your propaganda out please.

  12. Anonymous Coward
    Anonymous Coward

    US spooks cannot bug Huawei?

    US spooks cannot bug Huawei?

  13. dnicholas Bronze badge

    China can have my digital fingerprint. Seems everyone else has it already anyway

  14. Nick Kew Silver badge

    Blame Cisco?

    No, I really wouldn't blame Cisco for this nutter. There is (in my mind more than) reasonable doubt, so let's give them the benefit of it. Is there any evidence that Cisco have heard of "Strand Consulting", let alone commissioned him?

  15. EastFinchleyite

    Evidence vs Assertion

    Through my career I came from the networking side of IT rather than the applications side. I still think in terms of networks. Such is life.

    The problem I have with all this is the question of evidence.

    The case against Huawei is a syllogistic argument.

    a. Huawei (and indeed all Chinese tech companies) are subject to Chinese government control.

    b. The Chinese government (as with all governments) reserves the right to use their powers to conduct espionage on other nations.

    c. Therefore Huawei is spying for the Chinese government.

    The problem with this assertion is that it assumes that what may happen must be happening.

    For any individual country (the UK for example) to ban Huawei on this basis and remain consistent, it should also ban any other tech company's products from outside that country except where it has positive proof that spyware doesn't exist. Proving a negative can be a real bugger. They have been trying to do that at the joint GCHQ/Huawei centre in the UK for some time, apparently with little success :)

    As I said at the beginning, I am from networks. I ask where is the evidence that any of this spying is happening?. It is a truism that any network control/management system has access to all sorts of valuable information about the network and the traffic being passed across it. It is the collection, filtering and transmission of that information outside the network to "bad actors" that would give the game away. Has there been any evidence that this has happened? Network traffic analysis using kit from a different supplier would be a good start.

    All governments act in what they think is the good of their country. Trouble is governments are run by politicians and they are not particularly good people. They often confuse the good of the country with the good of their political position/party and sometimes even the good of their wallets.

    There have been many zillions of wasted internet packets spent arguing about what could and may be happening (this post included). I would like to see some evidence. One credible and testable instance of spyware found in a piece of Huawei kit would be a game changer. Where is it?

  16. MrReynolds2U
    Stop

    "Companies know that the main threat they face in terms of cyber espionage and hacking comes from China."

    So said the American... just LOL

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019