화웨이, 이번에는 클라우드 서비스로 도청하나

James Gorrie
2019년 9월 7일 업데이트: 2019년 9월 7일

미국 정부가 화웨이 네트워크 장비에 대한 의존도를 낮추고 있지만, 클라우드 서비스를 통한 기밀 정보와 기술 유출 위협은 여전하다.

지난달 화웨이 클라우드의 파트너 네트워크사가 중남미 기업 36개와 계약을 체결했다. 비즈니스와 기술, 마케팅 등 다양한 서비스를 제공할 예정이다. 문제는 중남미가 미국 인프라의 핵심 진입점이라는 사실이다.

아마존, 마이크로소프트 등 제품서비스를 클라우드와 연결하고 있는 미국기업은 화웨이를 통한 중국정부의 도청에 문을 열어놓은 것과 마찬가지다.

클라우드 서비스는 태생적으로 지식재산 절도, 정보수집·파괴 위험성을 안고 있다. 화웨이 클라우드라면 더욱 그렇다. 화웨이와 중국 정부의 유착관계는 더 논할 필요가 없다.

이제 중국 정부는 미국 영토에 침투할 필요 없이 미국의 클라우드 네트워크에 접속만 하면 된다.

While the U.S. government attempts to unwind its reliance on Huawei networking equipment, the dimensions of Huawei’s threat to U.S. intelligence and technology IP continues to grow. In fact, according to Gary Frost, former Chief Technical Officer of NexGenEx Telecom Equipment and current CTO/Managing Partner of FastPath NexGenEx Global Networks, the risk has risen to a whole new level, which may well post a great challenge to the U.S. anti-Huawei policy.

China’s Big Play in Latin America

Last week at the Summit in Santiago, Chile, the Huawei Cloud Partner Network (HCPN) program was initiated. This most recent venture from China’s biggest telecom and infrastructure provider already has 36 Huawei-certified cloud partners throughout its Latin American network. More importantly, the HCPN will provide its partners with a variety of go-to-market support, including business, technical, and marketing services, all via the Huawei Cloud.

And therein lies the biggest risk of all—at least that we know of.

The potential for intellectual property theft and intelligence gathering in the cloud is staggering. Every business, organization or government institution that uses the Huawei Cloud will immediately become vulnerable to intrusion and data exfiltration by the very cloud services they rely on to function and store their work. It’s an extraordinary opportunity for the Chinese regime to gain a level of intrusion and data access they could only dream of just a few years ago.

The technical details can be a bit complicated, but essentially, secure memory within the Huawei cloud isn’t present or implemented; or it simply may not be an option for most cloud system users. That would include Huawei Cloud users.

That may not be always the case with the enterprise-level cloud users, however. Some of the world’s larger firms—such as IBM for example—will have the technological and financial resources to protect their cloud-based data and operations, likely in their own, proprietary cloud environment. But for most smaller businesses and organizations, especially those in the Huawei cloud, operating within them comes with considerable security risks.

This potentially gives China’s Huawei operatives far more reach into every institution that uses its cloud services. The process could be as relatively simple, Frost said, such as routine maintenance. For example, “Huawei or a connected contractor, could simply install ‘services upgrades’ on interconnected equipment and have an entrance into a variety of their users’ infrastructure.”

American Technology Firms at Risk

What’s more, companies such as Amazon, Microsoft, IBM and Google are linking cloud in their services, and—given their level of investment in China— may well become vulnerable sooner or later to risks posed by Huawei’s cloud network. The degree of risk is unknown in many cases, but the interconnection of cloud services and the opening of doors to espionage by the Chinese regime via Huawei are certainly real.

For instance, since China requires joint ventures for all foreign investment, one may reasonably wonder what cloud interconnection arrangements Google and Facebook made in their $400 million fiber project from Hong Kong to Los Angeles. More to the point, given that these companies have continually bent over backwards to assist China in its censorship efforts in exchange for operating there, perhaps the greater risk is their cooperation with China in sharing user data and other sensitive information.

Huawei’s Strategic Positioning

And, from a geopolitical perspective, the new cloud partnership program gives Huawei—and therefore, China—another critical footprint throughout Latin America, and by extension, the United States. That’s simply because cloud interconnections in South America are a key entry point into U.S. infrastructure.

And of course, digital technology doesn’t have to penetrate American territory to access sensitive American cloud networks. America’s business and military presences are global, and certainly in Latin America. What’s more, Huawei’s cloud operations extend well beyond Latin America as well.

This gives China a significant advantage in deepening its economic relationships with the region’s political and business interests, as well as others. In fact, as of June 2019, Huawei Cloud and its partners have opened 23 regions with a total of 44 availability zones, and launched over 180 cloud services and solutions. Clearly, Huawei’s cloud partnership represents many opportunities for China’s biggest intelligence and cyber-attack asset.

Challenge to America

What’s America’s best response to China’s Huawei cloud offensive? In the short term, there may not be an easy or quick solution, as Huawei can impact existing equipment or upgrades in this interim time. Damaging data breaches, theft, sabotage and other clandestine acts could be performed over the network disguised by automatic upgrades, just like an app automatically upgrades itself on a smartphone.

As U.S. officials and small rural telecom firms are finding out, announcing a change in political policy is easier than divorcing technological, financial and supply chain ties. That’s true in the best of times.

 

위 기사 내용은 본사의 편집방향과 다를 수 있습니다

추천