House Intelligence Committee on Huawei and ZTE
[Full report: HuaweiZTE_Investigative_Report_FINAL.pdf]
House Permanent Select Committee on Intelligence
Chairman and Ranking Member Investigative Report on The U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE
Executive Summary
In February 2011, Huawei Technologies Company, the leading Chinese telecommunications equipment manufacturer, published an open letter to the U.S. Government denying security concerns with the company or its equipment, and requesting a full investigation into its corporate operations.1 Huawei apparently believed – correctly – that without a full investigation into its corporate activities, the United States could not trust its equipment and services in U.S. telecommunications networks.2
The House Permanent Select Committee on Intelligence (herein referred to as “the Committee”) initiated this investigation in November 2011 to inquire into the counterintelligence and security threat posed by Chinese telecommunications companies doing business in the United States. Prior to initiating the formal investigation, the Committee performed a preliminary review of the issue, which confirmed significant gaps in available information about the Chinese telecommunications sector, the histories and operations of specific companies operating in the United States, and those companies’ potential ties to the Chinese state. Most importantly, that preliminary review highlighted the potential security threat posed by Chinese telecommunications companies with potential ties to the Chinese government or military. In particular, to the extent these companies are influenced by the state, or provide Chinese intelligence services access to telecommunication networks, the opportunity exists for further economic and foreign espionage by a foreign nation-state already known to be a major perpetrator of cyber espionage.
As many other countries show through their actions, the Committee believes the telecommunications sector plays a critical role in the safety and security of our nation, and is thus a target of foreign intelligence services. The Committee’s formal investigation focused on Huawei and ZTE, the top two Chinese telecommunications equipment manufacturers, as they seek to market their equipment to U.S. telecommunications infrastructure. The Committee’s main goal was to better understand the level of risk posed to the United States as these companies hope to expand in the United States. To evaluate the threat, the investigation involved two distinct yet connected parts: (1) a review of opensource information on the companies’ histories, operations, financial information, and potential ties to the Chinese government or Chinese Communist Party; and (2) a review of classified information, including a review of programs and efforts of the U.S. Intelligence Community (IC) to ascertain whether the IC is appropriately prioritizing and resourced for supply chain risk evaluation.3
Despite hours of interviews, extensive and repeated document requests, a review of open-source information, and an open hearing with witnesses from both companies, the Committee remains unsatisfied with the level of cooperation and candor provided by each company. Neither company was willing to provide sufficient evidence to ameliorate the Committee’s concerns. Neither company was forthcoming with detailed information about its formal relationships or regulatory interaction with Chinese authorities. Neither company provided specific details about the precise role of each company’s Chinese Communist Party Committee. Furthermore, neither company provided detailed information about its operations in the United States. Huawei, in particular, failed to provide thorough information about its corporate structure, history, ownership, operations, financial arrangements, or management. Most importantly, neither company provided sufficient internal documentation or other evidence to support the limited answers they did provide to Committee investigators.
During the investigation, the Committee received information from industry experts and current and former Huawei employees suggesting that Huawei, in particular, may be violating United States laws. These allegations describe a company that has not followed United States legal obligations or international standards of business behavior. The Committee will be referring these allegations to Executive Branch agencies for further review, including possible investigation.
In sum, the Committee finds that the companies failed to provide evidence that would satisfy any fair and full investigation. Although this alone does not prove wrongdoing, it factors into the Committee’s conclusions below. Further, this report contains a classified annex, which also adds to the Committee’s concerns about the risk to the United States. The investigation concludes that the risks associated with Huawei’s and ZTE’s provision of equipment to U.S. critical infrastructure could undermine core U.S. national-security interests.
Based on this investigation, the Committee provides the following recommendations:
Recommendation 1: The United States should view with suspicion the continued penetration of the U.S. telecommunications market by Chinese telecommunications companies.
The United States Intelligence Community (IC) must remain vigilant and focused on this threat. The IC should actively seek to keep cleared private sector actors as informed of the threat as possible.
The Committee on Foreign Investment in the United States (CFIUS) must block acquisitions, takeovers, or mergers involving Huawei and ZTE given the threat to U.S. national security interests. Legislative proposals seeking to expand CFIUS to include purchasing agreements should receive thorough consideration by relevant Congressional committees.
U.S. government systems, particularly sensitive systems, should not include Huawei or ZTE equipment, including component parts. Similarly, government contractors – particularly those working on contracts for sensitive U.S. programs – should exclude ZTE or Huawei equipment in their systems.
Recommendation 2: Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services. U.S. network providers and systems developers are strongly encouraged to seek other vendors for their projects. Based on available classified and unclassified information, Huawei and vii ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems.
Recommendation 3: Committees of jurisdiction within the U.S. Congress and enforcement agencies within the Executive Branch should investigate the unfair trade practices of the Chinese telecommunications sector, paying particular attention to China’s continued financial support for key companies.
Recommendation 4: Chinese companies should quickly become more open and transparent, including listing on a western stock exchange with advanced transparency requirements, offering more consistent review by independent thirdparty evaluators of their financial information and cyber-security processes, complying with U.S. legal standards of information and evidentiary production, and obeying all intellectual-property laws and standards. Huawei, in particular, must become more transparent and responsive to U.S. legal obligations.
Recommendation 5: Committees of jurisdiction in the U.S. Congress should consider potential legislation to better address the risk posed by telecommunications companies with nation-state ties or otherwise not clearly trusted to build critical infrastructure. Such legislation could include increasing information sharing among private sector entities, and an expanded role for the CFIUS process to include purchasing agreements.
[Full report: HuaweiZTE_Investigative_Report_FINAL.pdf]