SAN FRANCISCO — How the Trump administration has approached banning Huawei’s technology for 5G networks has raised a question at the annual RSA Conference: Is the decision rooted in national security issues or trade issues?
“The unfortunate answer is, it’s both,” said Kathryn Waldron, a fellow at the public policy research organization R Street Institute. “And it depends on who you’re talking to as to which one they’re going to prioritize.”
Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition and czar for the new Cybersecurity Maturity Model Certification, told Fifth Domain her thoughts on CMMC's “constant state of evolution.”
Bruce Schneier, a security technologist and lecturer at Harvard, said that while Huawei is a national security issue, the Trump administration has approached it as a trade issue. Throughout many of the last few years, Huawei has been a bargaining chip in trade negotiations between the United States and China.
“Either this is a national security issue, in which case, there are things we do and we don’t do, or this is a trade issue, in which case we negotiate on a variety of things," Schneier said. "It cannot be both; it just doesn’t work.”
He later added, “we really hurt ourselves with our allies when we try to play both ends of that."
And the Trump administration has struggled to convince allies to not use Huawei hardware when building out their 5G networks. Last month, much to the chagrin of the Trump administration and members of Congress, the United Kingdom announced that it would allow Huawei products in non-critical portions of its network. Germany is also considering Huawei’s role in its 5G network.
But for Katie Arrington — the chief information security officer at the office of the Under Secretary of Defense for Acquisition, who is leading an effort to bolster cybersecurity requirements for the defense industrial base — Huawei was both a trade and national security risk.
“China has been blatantly ignoring IP law; they have lately been taking whatever they want ... you can’t have your IP, your data rights be yours and then give it to a country who takes it, mimics, copies, undersells, under bids you continually,” Arrington said.
Arrington is heading work on the DoD’s new cybersecurity requirements for contractors, an effort started in part due to IP theft from China.
“Part of the reason that we are in this situation with China and 5G is that for so many companies over the past 20 years, their answer has been, ‘oh, I’m going to prioritize the economic aspects and not the security aspect,’" Waldron said. "And so if we really ... want to think about securing 6G, then we spend an awful lot of time about thinking how did we end up in the spot where we are now?”