LIVE FROM CCA ANNUAL CONVENTION, PROVIDENCE, RHODE ISLAND: FCC Commissioner Geoffrey Starks laid into Huawei on the keynote stage, criticising the vendor’s software as flawed and calling for its kit to be replaced in networks across the country.

Speaking before an audience of regional operators more likely than most to have Huawei gear in their networks, Starks decried “front door” vulnerabilities in the Chinese vendor’s software which make it accessible to both the vendor and outside attackers.

Though the US has taken steps to block further use of Huawei products in domestic networks, he noted “we can’t ignore the equipment that is already here, already in infrastructure”. Starks said he is open to interim measures to mitigate risks, but said complete replacement of the kit will likely be necessary.

He added the government should step in to help regional operators shoulder the financial burden: “A national problem requires a national solution. We shouldn’t expect small carriers who acted legally and in good faith to replace insecure equipment on their own.”

Starks said Nokia and Ericsson offered to create products and financing options tailored to the needs of rural operators, but urged domestic telecom innovators to step forward.

“Growing our capability to make secure infrastructure makes sense from both a security and economic standpoint. We need to invest in research and development so we can lead in this area and not have to rely on foreign manufacturers for our security.”

Counterpoint
In his remarks, the commissioner expressed concerns about the China-based nature of Huawei’s systems.

But Huawei VP of Risk Management Tim Danks told Mobile World Live in a recent interview the company implemented special security controls for US customers years ago to isolate operators’ infrastructure from Huawei’s internal systems.

When customers have a problem which requires Huawei’s help to solve, he said the vendor’s technicians connect to the operator’s network through a third-party private cloud managed by a US company using generic laptops which record each transaction.

Danks said the US has yet to elaborate on its exact security concerns, adding the company has been unable to engage government officials in any sort of discussions to date.