A new cyber security directive that is currently being assessed by the European Parliament includes a section about defending European interests by not relying too heavily on foreign technology.
The recent concerns voiced by the United States authorities about Huawei and ZTE products echo this on concern. But with today’s global supply chains, how realistic is it to try to limit the country of origin of technology and is it even a problem?
President Barrack Obama believes so: At the end of March he signed a bill restricting the use of Chinese products by federal agencies including NASA, the National Science Foundation and the Commerce and Justice departments. The law blocks these agencies from buying information technology that has been “produced, manufactured or assembled” by a company with ties to the Chinese government unless the FBI or a similar agency determines the purchase would be in the national interest.
However a report by the U.S. Government Accountability Office (the so-called congressional watchdog) found that “no cyber-based incidents involving the core and access communications networks had been reported” between January 2010 and October 2012.
American IT businesses are also concerned that the bill might damage their business interests in China. In a letter to the authorities, the U.S. Chamber of Commerce, TechAmerica, the Software Alliance, the Information Technology Industry Council, the Software & Information Industry Association said the bill could even impede the end consumers receiving more innovative products at affordable prices.
In reality, equipment security is affected by how equipment is manufactured, used and maintained, rather than where it is produced and by whom.
John Suffolk, former U.K. government CTO and now Huawei Global Cyber Security Officer knows a thing or two about global supply chains. “Part of the problem governments face is that there is no real definition of non-national technology. As a concept it is pretty meaningless. Everything from personal computers to smart phones has components from all over the world. In fact around 70 per cent of what’s in a Huawei box is not directly manufactured by Huawei and around 32 per cent is from the U.S.,” he said.
The idea that a product is entirely manufactured by a single company ended about 20 years ago he continued. But it is taking time for governments to understand how things have changed.
Improving cyber security requires greater cooperation and collaboration around the globe and many believe that restrictions on certain countries could undermine the advancement of global best practices and standards on cyber security.
Certainly fears of spying have hindered Huawei Technologies from cracking the U.S. telecommunications equipment market. But Suffolk says that in some ways he welcomes the debate: “The issue is not going to go away. But the debate is giving people a chance to think. A year ago the debate was very different. We are all reliant on a global supply chain and that is something that needs to be explained.”
However in the European Union, there is still a feeling that more security technology must come from within the 27 member states.
“This lack of an E.U. brand is especially critical as the future key markets for security technologies will not be in Europe, but in emerging countries,” said European Commissioner Antonio Tajani.
The new cyber security directive will attempt to set standards on cyber security issues and aims to make European security technology a world leader. With the E.U. security industry valued between €26 billion and €36.5 billion with around 180,000 employees, perhaps this is as much an economic consideration as a security one.