WaPo's spinning of security report on Huawei
Updated 12:42, 29-Mar-2019
John Gong
Editor's note: Dr. John Gong is a research fellow at the Charhar Institute and professor at the University of International Business and Economics in Beijing. The article reflects his opinion, and not necessarily the views of CGTN.
The Washington Post's national security reporter Ellen Nakashima's Thursday piece regarding the British government's security risk assessment of Huawei's 4G telecom equipment is a prime example of misinformation and disinformation by telling a half-truth. In President Trump's jargon, that would qualify as an example of “fake news.”
Huawei runs a research facility in the UK under the name Huawei Cyber Security Evaluation Center (HCSEC) in collaboration with the UK's National Cyber Security Center (NCSC), which is the equivalent of the U.S. government's National Security Agency (NSA). Both organizations represent the world's most sophisticated spy agencies.
Tasked with assessing and mitigating security risks associated with Huawei equipment, HCSEC has been in operation for eight years. It assesses Huawei equipment's exposure to malicious cyber hacking as a means of protecting British telecom networks that have been using Huawei equipment. Through that process, it also develops a deeper understanding of Huawei's equipment, particularly its product development and software engineering process.
This makes Huawei equipment more transparent to government agencies, particularly with respect to refuting theories, hypotheses or claims of installed backdoors. The benefit certainly goes both ways. Huawei also gains by improving its product quality and enhancing its worldwide reputation.
This year's HCSEC report puts out some issues that Huawei still needs to work on. Of particular concern as pointed out by this 46-page report are Huawei's software engineering process and the equipment's third-party operating system.
/VCG Photo

/VCG Photo

These are fair criticisms in my opinion, and Huawei has made the commitment to the British government that it will invest 2 billion U.S. dollars to make improvements.
So this report is nothing more than a bit disgruntled customer pointing to its vendor areas where it needs to improve. In the conclusion section of the report, it writes,
"NCSC continues to believe that the UK mitigation strategy, which includes HCSEC performing technical work and the Oversight Board providing assurance as two components, is the best way to manage the risk of Huawei's involvement in the UK telecommunications sector."
 -  Huawei Cyber Security Evaluation Center Oversight Board: Annual Report 2019
In addition to that conclusion, the last conclusive sentence in the main body of the report appears to be more important.
"NCSC does not believe that the defects identified are a result of Chinese state interference."
 -  Huawei Cyber Security Evaluation Center Oversight Board: Annual Report 2019
But in Ellen Nakashima's report in Washington Post, this last conclusion is deliberately left out, and furthermore, the lengthy ranting and raving about Huawei's so-called close ties with the Chinese security apparatus run exactly opposite of what this important NSCS conclusion entails.
In other words, Ellen Nakashima has been using a totally irrelevant, totally speculative and totally evidence-devoid hypothesis theory to interpret an entirely different technical matter, which by the way also refutes that hypothesis theory 100 percent.
A sign for the Huawei Mate20 smartphone series is seen at a launch event in London, Britain, October 16, 2018. /VCG Photo

A sign for the Huawei Mate20 smartphone series is seen at a launch event in London, Britain, October 16, 2018. /VCG Photo

What is even more ironic is that what the NSCS and Huawei have been collaborating on is to precisely prevent the kind of cyber intrusion and theft that was one time proven to have been committed by the NSA against Huawei equipment.
If Ellen Nakashima needs a stretch of the imagination to fill some more space in her twisted report, that would be more relevant. How come that is not mentioned?
If that is not fake news, I don't know what is.
Not to be apologetic for Huawei, NSCS's assessment is a study of Huawei's equipment alone. I am sure other telecom vendors' equipment also has a fair share of security weaknesses as well. In today's complicated and dynamic network environment, it is very difficult to come up with 100 percent bullet-proof solutions.
If one subjects Ericsson, Nokia and Samsung's equipment to the same kind of rigorous examinations by the NSCS, there is a high probability that more or less similar security weakness would also be identified.
Nevertheless, that is not an excuse and Huawei needs to do some soul searching and put its act together.
‍(If you want to contribute and have specific expertise, please contact us at opinions@cgtn.com.)