Olivera Zatezalo has, arguably, the toughest job of any cybersecurity officer in Canada.
She has to convince the government and Canadians that the products her company builds are safe. But that’s been increasingly difficult as she finds herself squarely in the middle of a high stakes international battle involving China, the United States and Canada.
So she chooses her words carefully when asked how difficult would it be for the Chinese government to hack into the next generation wireless network and spy on Canadians using Huawei supplied equipment?
According to the telecom giant’s Canadian chief of cybersecurity, regulatory safeguards mean that such a scenario would be difficult, if not impossible since the Shenzen, China-based company would not be able to access information distributed by their own technology.
“Once we sell the equipment to carriers, we no longer have control over it,” Zatezalo said in an interview with the Star. “We give the keys to carriers and we absolutely cannot see the data once it is deployed.”
Huawei CFO’s ‘complex’ extradition request is just 33 pages long
Extradition proceedings for Huawei CFO Meng Wanzhou could wrap in 16 months
Huawei pushes ahead with rural internet strategy in Canada despite controversy
The stakes for Canadians are significant. The United States says Huawei is a major security risk because the company has close ties to the Chinese government. The Canadian government is also reviewing whether to use the company’s 5G equipment, a transformative new technology that would create a much faster wireless network. And Conservative Leader Andrew Scheer has already said he would block the company in Canada if elected prime minister in October.
“I trust the Canadian government. They know absolutely what they are doing,” says Zatezalo. “I am absolutely confident that there is nothing that can be exploited. There are security controls in place and the equipment is monitored.”
Security analysts have argued that Chinese surveillance agencies could still sneak malware into any network, with or without the co-operation of Huawei. The U.S., Australia and New Zealand have already barred domestic companies from using Huawei’s 5G equipment.
“What Huawei is saying is right, in the sense that once they meet the standards they are similar to any other device in the field and if a hacker compromises it, they won’t have any view of that,” says professor Ali Dehghantanha, director of the newly formed Master in Cybersecurity and Threat Intelligence program at the University of Guelph. “But what they are not highlighting is whether they are giving any backdoor access to any government, whether it is the Chinese or not.”
Ottawa’s relationship with Beijing has deteriorated significantly since the December arrest of Meng Wanzhou, the chief financial officer of the company, at the request of the U.S.
The arrest has caused anger in China, since Meng also happens to be the daughter of Huawei founder Ren Zhengfei. Even the Huawei name is significant, roughly translating to “Chinese achievement” in a company that has come to symbolize national pride.
Two Canadians, Michael Kovrig and Michael Spavor have been under arrest in China since the detention of Meng in what Canada says was an “arbitrary” move, as Prime Minister Justin Trudeau has sought international support to condemn the imprisonments.
“It’s obviously a very difficult situation,” says Zatezalo. “But our focus is on supporting our customers. I’m not a lawyer, my focus is on cybersecurity. But I’m positive that they will find a way to resolve this. They have great diplomats on the Canadian side and the Chinese side.”
Outgoing Chinese Ambassador to Canada Lu Shaye told reporters bluntly on Tuesday that “the Chinese side is not responsible for this issue.” Meanwhile, U.S. Vice-President Mike Pence on a visit to Canada told reporters that letting Huawei participate in 5G would be against American security interests. Trudeau said he would rely on evidence from his own security agencies before making a decision.
Zatezalo says that in the 10 years the company has been in Canada there have been “zero incidents” of any kind in terms of a security breach.
The company, which is headquartered in Markham has more than 1,000 employees in Canada with more than 600 working in research and development, she said. Over the next five years, Huawei has also budgeted $2 billion to improve cybersecurity globally.
“Huawei Canada is a Canadian company. I am a Canadian and everyone on my team is a Canadian,” says Zatezalo. “We care about this country.”
Zatezalo says Huawei’s equipment is also scrutinized by third party testers to ensure they meet security standards.
The University of Guelph’s Dehghantanha says Huawei isn’t necessarily the problem. He argues that what would help to solve security issues with 5G is if Canadian regulators commissioned a government body that was responsible for all testing and evaluation of sensitive equipment, instead of a patchwork of auditors paid for by the companies themselves.
“We need to have a systematic evaluation of all the devices that they are going to use. Instead of finger pointing to one provider, we should be testing all equipment at the same standards. The focus is on Huawei at the moment, but it doesn’t really matter who the provider should be as long as they are meeting the requirements. This is, after all, a critical part of our infrastructure.”
Dehghantanha says telecom equipment is also imported into Canada from other countries, including Mexico, and it is not currently being given the same level of public scrutiny.
“It almost makes sense for China, or whoever, to go after the Mexican devices, for example, because it would be an easier route if they wanted to spy.”
If Huawei were really serious about meeting standards, says Dehghantanha, they would consider providing schematics that would allow testing labs to reverse engineer their equipment. It would be a radical move, since telecom manufacturers would be wary of doing this because of patent protection. And Dehghantanha says nondisclosure agreements would have to be implemented and enforced.
Meanwhile, Huawei’s competitors, including Nokia and Ericsson, which also produce 5G equipment are waiting in the wings to pick up any business Huawei might be blocked from.
“It doesn’t make sense in the modern world to say that I’ve built a product and secured it, and now it’s secure,” says Marc Bellini, vice-president of technology for Nokia Canada in an interview. “Security is an ongoing process of software updates and upgrades.
Nokia announced Monday that they are on a tear, having signed 42 commercial 5G deals globally, and averaging a new deal every week since March.
“It’s a competitive market globally and we’re succeeding,” said Mike McKeon, director of business development for Nokia Canada. “We don’t get involved with the (Canadian) government decision with what they do with other vendors. That’s outside of our span of control … But we can certainly pick up any business that comes our way.”
The stakes are high, and not just for Huawei. With the rollout of 5G technology, which will be up to 100 times faster than the current 4G standard, this means cybersecurity will become even more paramount, warn experts.
“The threats, especially with 5G will increase immensely because you will have many more devices that can be deployed,” says Nokia’s Bellini.
“When we talk about 5G, security is paramount because it will be at the heart of control systems for the world, including smart cities, smart manufacturing, autonomous vehicles and public safety. Cybersecurity will never be more crucial.”
There is some irony, meanwhile, that Huawei’s Zatezalo has also been on the other side of the regulatory fence, as a former member of the Canadian Security Telecommunications Advisory Committee, an elite federal group that looks at cybersecurity threats to Canadians.
“As for now, we are constantly working with carriers and the Canadian government to do what is best for Canadians,” said Zatezalo. “Whatever the government is asking from me we will provide it to them, whatever the documentation. I know they are doing their best and we are doing our best.”
Tony Wong is the Star’s technology reporter covering big tech, disinformation and regulation. Follow him on Twitter: @tonydwong