A senior U.S. State Department official said there is no need for President Donald Trump to sign an executive order to explicitly ban Chinese telecommunication company Huawei from taking part in the buildout of the U.S. 5G networks. Strayer spoke with Media about U.S. 5G policy and security concerns over Huawei.
Below is a full rush transcript of the press conference by Ambassador Robert L. Strayer, Deputy Assistant Secretary for Cyber and International Communications and Information Policy , BUREAU OF ECONOMIC AND BUSINESS AFFAIRS.
DAS Strayer: The United States recognizes that we must maintain a secure cyberspace for future generations. We and our partners recognize that cyber policy issues are critical to not just protecting our communications networks but also to our national security, our economic prosperity, and securing fundamental human rights all around the world.
The security of Information Communications Technology, or ICT, is an essential element of national security. The networks and services that comprise ICT play a critical role in the safety, security and prosperity of each nation.
The 5th generation of wireless technology, or 5G, will be transformative by providing consumers and businesses with up to 100 times faster connections than 4G networks provide and they will be done with low latency, which is the time devices need to communicate with one another. This will result in billions of new devices becoming connected to the internet, enabling what is called the Internet of Things. And with these devices connected in what they call Mobile Edge Computing with low latency, we’ll begin to see a vast array of new critical infrastructure services being provided to the public on top of this 5G network. We’ll see things like autonomous vehicles, autonomous transportation networks, telehealth and automated manufacturing.
As countries around the world expand and update their ICT infrastructure we are urging them to adopt a risk-based security framework. An important element of this framework is a careful evaluation of the supply chain of equipment vendors. In particular, this evaluation should result in the exclusion of equipment vendors that are subject to unchecked or extrajudicial control by a foreign power. These vendors could be ordered to undermine network security, to skim personal information, conduct espionage, or to disrupt those critical services that are provided by the 5G network.
A significant cause for concern are a number of Chinese laws that compel their companies to cooperate with intelligence and security services without independent judicial controls.
The United States has sought to address this risk through its National Defense Authorization Act which prohibits our federal government from using services provided by Huawei or ZTE or other high-risk companies.
We also have commitments from our four largest wireless carriers not to use these high-risk vendors in their 5G networks.
I was very pleased to attend the Czech Republic’s hosted 5G Security Conference last Thursday and Friday. That conference was organized into four main tracks on policy issues, technical issues, economic issues, and cyber security and resiliency considerations. There was an active discussion among the 32 governments represented and more than 140 experts that participated in those four tracks.
At the end of the conference the Czech Republic published a set of guidelines or principles that can be used by countries as they start to think more deeply about how they’re going to secure their 5G networks. Those principles cover a wide range of considerations from cyber security technical issues to considerations about third party influence over vendors that could result in the intentional intrusion or manipulation of 5G networks.
As countries around the world make their decision about how to build out 5G, we urge them to refer to these best practices that are embodied in the Prague Proposals, as it’s called, so that they can incorporate those security ideas into the critical networks from the very start, before they build them out.
Question: A Huawei official recently said that the U.S. is undermining the political independence of Europe. From your side, is the undermining intentional or not?
DAS Strayer: We’re working very closely with our partner and allies all around the world. I think over the last year we’ve all been on a shared path forward to better understand how security will be incorporated into 5G and to also understand the stakes of 5G. What could be enabled by 5G, both in the ability to facilitate new types of critical infrastructure services, as well as the ability for data potentially from all the Internet of Things that surround us to be transmitted over those networks to other places in the world.
Our focus in all these discussions to have both a technical discussion as well as a policy discussion. On the policy discussion, of course we are talking about how companies may not adhere to best practices and may be influenced by third parties including foreign powers that might have an adversarial interest to the interests of our citizens — citizens in Europe and citizens of the United States. So we want to make countries very much aware of those concerns from the start.
This is in no way a political dynamic that’s playing out. These are the best practices related to security and we are, like we do in all of our discussions about transnational concerns, we are very frank and forthright with our partners about this, and I would say that it is a mischaracterization really to say that this is in some way political.
Question: No single European country has gone ahead and banned Huawei as the U.S. has been asking, so is the campaign failing?
DAS Strayer: Our campaign request is that countries include security practices into their consideration of 5G networks. We’ve seen, of course, the European Union Commission’s recommendation, March 26th, that said that countries as they roll out their 5G as a security consideration should think about other non-technical factors like the model of governance and the track record of the country where the vendor is located. So we’ve seen the European Union Commission, we’ve seen Germany also announce that it has a set of principles that it will apply that include the reliability of a vendor to abide by data protection standards.
We know that privacy is very important to citizens in the European Union, it’s very important to citizens in the United States by the way, it’s part of our Constitution. But we think that countries should think very carefully about a track record of a country and its vendor related to data protection.
We’ve also seen the French government move forward on a law that would apply additional security standards to the rollout of 5G networks there.
So we’ve seen a first very important step of countries move along this path of coming to a recognition that 5G must be part of decisions about the build-out of the technology. While we have not seen bans on any particular company, I think that’s a little premature. Over time if principles related to the influence of 3rd party countries that are embodied in the European Commission recommendation and in these Prague Principles, that those are rigorously applied, as they should be, that should lead inevitably to the ban of companies that are subject to the type of control that they are in China.
Question: Countries like Malta are developing Huawei’s Safe City Concept by planning advanced video surveillance inside crime-prone areas, but a facial recognition CCTV option was apparently discarded. What are the risks for European countries that use Huawei technology for advanced surveillance systems?
DAS Strayer: As I just mentioned, we are very concerned in the United States about the privacy of our citizens, and we recognize as well that European countries and their governments are very concerned about the privacy of their citizens which is embodied in things like the General Privacy Protection Directive.
We see the use of surveillance technology by China within its own borders used for ends that include using it to assign social credit scores, to then surveil the movement of people, and to identify who they are interacting with, and then to cause more than a million Uighurs to be sent to reeducation camps. We are very troubled by that kind of use of data by authoritarian regimes. We know that suppresses fundamental human rights and civil liberties, including the right of free association, freedom of speech, and freedom to exercise religion. So we’re very troubled by that. We think that as technology used in [inaudible] cities is integrated into broader wireless networks, that would be a cause for concern because that data could end up back in places such as Beijing where it would not be used for the purposes that we want to see all of our data subject to which is protected uses, limited uses, and not to be exploited for authoritarian purposes.
Question: You participated in a meeting with the UK networks the other day. It seemed like an information gathering exercise rather than a sort of more sort of event warning. I’m wondering what you heard from the UK networks to give you confidence that they either agree or disagree with you and your approach to Huawei.
DAS Strayer: I can’t reflect on the exact discussions that we had because they were confidential. But I will say that as we do in all of our engagements across Europe, we have very frank discussions about our concerns, many of which I’ve highlighted on this call today. We highlight those for governments and for telecommunications operators, and we’re still having an active discussion with our partners both in the governments and in the private sector.
Question: I wanted to ask about a distinction between core and non-core. Have you considered if a telecom operator, let’s say like BT or KPN decides not to use Huawei on core networks, is that good enough? And they just use them for peripheral non-core parts of their network. Would that be sufficient?
DAS Strayer: As we move to 5G, there will be increasingly a blurring of the lines between a core and the periphery. What fundamentally people have looked at in 4G networks to say the core was different than the edge or periphery was that the computing, the major computing power occurred only in the core. In a 5G network, we’re going to see computing having to occur closer to the user, whether that’s a business user or a consumer, because there has to be very low latency for things like autonomous vehicles, or for telemedicine, or for other uses that will have massive amounts of data that need to have computing power and what they call cacheing of that information near the user, near the radio access network at the edge.
So we don’t think that anywhere in the network we should have untrusted vendors. High risk vendors at the edge could just as easily manipulate data and the overriding critical services that are being provided based on top of that infrastructure. So we shouldn’t have untrusted vendors in any part of the networks.
Question: I was just wondering if you could be more explicit about the consequences if Britain and others do allow Huawei into their 5G network? What will America do as a result of that?
DAS Strayer: We have very closely integrated information sharing relationships with United Kingdom and a range of countries around the world. In all of those relationships we rely on trust and protection of information. We would, if a country had Huawei in its 5G network have to reassess how we are sharing information with those countries to ensure that we are protecting the information that we are sharing with them.
Question: Do you think that the international conference in Prague was a step forward in Western coordination for 5G security?
DAS Strayer: Yes, we definitely think it was a very important step forward to have 32 governments together and more than 140 experts to talk about these issues in a two-day set of meetings. We think that as we all progress on this education and evaluation campaign for 5G it’s important that we continue to have close collaboration about our concerns about risk and also about opportunities in the 5G networks. There’s things beyond security, of course, that we’re coordinating on, on talking about regulatory policies and freeing up spectrum that will be so important for 5G networks. So this conference was an important step forward to put out country agnostic principles that should be rigorously applied to ensure that we have the highest levels of security in our 5G networks.
Question: Some of the countries gathered in Prague, including France and Germany, talked down it seems what was being discussed from principles to proposals. Does that leave you short of the goal you sought going in?
DAS Strayer: I don’t really see a distinction between those two terms that characterize the overall effort. It was a very active discussion among all the participants. In the summation at the end, no one had any reservations about any of the principles that were tabled as far as, by the Czech government as part of their statement.
Question: Italy has just signed agreements with China for the Belt and Road Initiative. Has the United States spoken with Italy regarding the possible inclusion of 5G with agreements?
DAS Strayer: Thanks for that question. We’re talking with all of our partners and allies around the world about transparency in funding and financing related to the Belt and Road Initative. I would also note that this Prague Conference highlighted the importance of having transparency about the funding mechanisms for finance deals related to 5G. But more broadly, to have commercially reasonable terms in terms that are not predatory as the Secretary of State has mentioned previously.
So we’re having conversations, all of our partners, allies, about the overall Belt and Road Initiative finance mechanisms related to 5G. We’re also emphasizing the same points that I’m making here, maybe in a little more detail with partners. But we’re continuing to engage actively with all of our partners about concerns about Chinese vendors and how that does not fit into, in our view, a rigorously applied set of principles about the potential influence by third party countries over vendors for 5G.
Question: How Huawei has its European Regional Logistics Center in Hungary employing 2000 workers. Hungary’s government made recent remarks that it is of strategic national interest to continue cooperation with them. Is the U.S. concerned with Hungary’s position? And what incentives can the U.S. offer in order for Hungary to revise its support for Huawei?
DAS Strayer: As we continue to have our discussions with our partners out there about the national security implications, and indeed the economic implications over the long run because a foreign power’s control over the network could affect dramatically our economic futures if it disrupts critical infrastructure, results in a theft of intellectual property, or the derivation of private data, that could fundamentally affect our economies. So we’re asking countries to think carefully about the overall economic proposition that they’re being offered by Chinese companies relative to their long-term economic futures.
So we think that a true assessment of technologies that are being provided such as by Huawei that contain, as the United Kingdom just found, hundreds of vulnerabilities in their software, would over the long term be potentially more costly than other alternative vendors that come from Finland or Sweden or South Korea. We encourage them to carefully consider the life cycle costs of those vendors, as well as to the potential that down the road an untrusted vendor might be something that a country and its telecom carriers might have to find an alternative to after it’s already further embedded into their networks.
Question: We understand obviously that he is meeting with Theresa May today and it’s been reported in various media outlets that he will be issuing a warning to the UK stance on Huawei. I just wondered if you could give us any sort of an insight into what exactly he may have, or will be saying during those talks.
DAS Strayer: I will let the Secretary speak for himself today. I’m not going to comment further. As you know, we have made a statement that in the past to a number of countries about our national security concerns, and indeed the potential impact that Huawei technology in any part of the network would have on our ability to share information in the same way that we do today.