The House Intelligence Committee said US businesses should not use parts manufactured by Huawei and ZTE after deeming use of technology made by the companies a national security risk. Huawei has criticised the report findings, claiming that the Committee had "failed to provide clear information or evidence to substantiate the legitimacy" of its "concerns".
The Committee's report (60-page / 633KB PDF) follows an 11-month investigation into concerns that links between Chinese companies and the Chinese Government provide China with "greater opportunities for foreign and economic espionage". The investigation focussed on Huawei and ZTE, the two largest Chinese telecoms firms, and the Committee said that neither company had convinced it that they did not pose a national security risk.
"Neither company was willing to provide sufficient evidence to ameliorate the Committee’s concerns," the Committee's report said. "Neither company was forthcoming with detailed information about its formal relationships or regulatory interaction with Chinese authorities."
"Neither company provided specific details about the precise role of each company’s Chinese Communist Party Committee. Furthermore, neither company provided detailed information about its operations in the United States. Huawei, in particular, failed to provide thorough information about its corporate structure, history, ownership, operations, financial arrangements, or management. Most importantly, neither company provided sufficient internal documentation or other evidence to support the limited answers they did provide to Committee investigators," it added.
"During the investigation, the Committee received information from industry experts and current and former Huawei employees suggesting that Huawei, in particular, may be violating United States laws. These allegations describe a company that has not followed United States legal obligations or international standards of business behaviour. The Committee will be referring these allegations to Executive Branch agencies for further review, including possible investigation," the report said.
"The investigation concludes that the risks associated with Huawei’s and ZTE’s provision of equipment to US critical infrastructure could undermine core US national-security interests," the Committee said.
The Committee said that the US should "view with suspicion" Chinese telecoms companies' "penetration" of the US telecoms market, and that the US intelligence community "must remain vigilant and focused on this threat".
It called on the Committee on Foreign Investment in the United States (CFIUS) to "block acquisitions, takeovers, or mergers" that involve Huawei and ZTE, and said that US Government systems should be completely devoid of "Huawei or ZTE equipment, including component parts". Government contractors too should also prevent the two firms' equipment from being used as part of their systems, it recommended.
The Committee also said that businesses should review their association with Huawei and ZTE after deeming that they "cannot be trusted to be free of foreign state influence" and therefore pose a national security risk.
"Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services," the Committee said. "US network providers and systems developers are strongly encouraged to seek other vendors for their projects."
The Committee also called for further investigation to take place into what it called "the unfair trade practices of the Chinese telecommunications sector" after raising concerns about Chinese state funding for "key companies".
In addition it said Chinese firms should be more open and transparent and be willing to list on "a western stock exchange" which has "advanced transparency requirements" so that their "financial information and cyber-security processes" can be evaluated by independent assessors for compliance with "US legal standards of information and evidentiary production" and for "obeying all intellectual-property laws and standards".
New US legislation could be introduced to require better "information sharing among private sector entities" and allow CFIUS to be able to investigate "purchasing agreements", the Committee said. The new laws would "better address the risk posed by telecommunications companies with nation-state ties or otherwise not clearly trusted to build critical infrastructure," it added.
In a statement Huawei defended itself from the Committee's criticism and said that it had a "proven track record of network security in the United States and globally". The company said that the Committee "appears to have been committed to a predetermined outcome" with the aim of shutting Chinese firms out of the US telecoms market.
"The report released by the Committee today employs many rumours and speculations to prove non-existent accusations," Huawei said. "This report does not address the challenges faced by the ICT industry."
"Almost every ICT firm is conducting R&D, software coding and production activities globally; they share the same supply chain, and the challenges on network security is beyond a company or a country. The Committee's report completely ignored this fact. We have to suspect that the only purpose of such a report is to impede competition and obstruct Chinese ICT companies from entering the US market," it said.
Huawei added that it had "cooperated" with the Committee's investigation "in an open and transparent manner" and that it had, among other things, "offered a wealth of documentation" to the Committee for it to scrutinise.
In a statement Mike Rogers, chairman of the House Intelligence Committee, said: "Any bug, beacon, or backdoor put into our critical systems could allow for a catastrophic and devastating domino effect of failures throughout our networks."
"As this report shows, we have serious concerns about Huawei and ZTE, and their connection to the communist government of China. China is known to be the major perpetrator of cyber espionage, and Huawei and ZTE failed to alleviate serious concerns throughout this important investigation. American businesses should use other vendors," he added.