Posted 25 Feb. 2022 at 04:07 PMUpdated Feb 25. 2022 at 16:39
In Brussels, nothing stands out at first sight at number 9 rue Guimard. Right in the heart of the diplomatic quarter, this unremarkable building houses several businesses behind its glass facade. But on the second floor, at Huawei, the change of scenery is radical. Before entering, the few visitors are priced to leave their smartphones in lockers. You then have to go through a security gate, like in an airport.
On the other side, the “holy of holies” is finally revealed. Two small rooms, left and right, provide remote access to one of the best-kept secrets in the telecom industry: Huawei’s source code. This computer language is the “brain” of the 4G-5G antennas and network cores that the equipment manufacturer sells to telecom operators in 170 countries. A software layer jealously guarded at the historic headquarters in Shenzhen and which ensures product safety.
If an anomaly is detected, Huawei is able to identify “within the hour” who has been affected, for example among the operator’s other suppliers. The Chinese giant then describes a “patch”. The operator can then implement this patch himself in the source code, or entrust Huawei with the task of intervening on his network.
In 2019, the Chinese giant struck a blow by opening, in the heart of Europe and a stone’s throw from the American embassy, this 1,000 square meter center dedicated to “cybersecurity and transparency”. At the time, Donald Trump’s United States was waging a merciless war against the world’s number one antennae, suspected of spying by the White House. Across Europe, Washington was campaigning to get governments to block Huawei from building future 5G networks.
With this center, his third in Europe after the United Kingdom in 2010 and Germany in 2018, the Chinese telecom champion hoped to sweep away these accusations of espionage once and for all, by playing the transparency card. Since then, other similar sites have been opened, in Shenzhen, Toronto, Dubai and Rome, bringing the total to seven.
“If Huawei opened this center, it is because its transparency has been questioned, deciphers a good connoisseur of the sector. Usually, an equipment manufacturer does not need this to establish a relationship of trust with its operator customers…”
A veteran of Thales
In Brussels, a dozen customers in three years have also come to inspect the safety of its equipment. Huawei does not give any names or the results of these audits. “It may not seem like much, but the Covid has slowed things down. It should not be forgotten either that an evaluation can last two, three, four or even five weeks! recalls Yoann Klein, a Frenchman who worked for Thales and who joined the center’s small team (10 people), led by a Chinese expatriate.
These assessments are very framed, technically and legally, assures Huawei. In the “white box” on the second floor, operators who so request can view all or part of the source code on computer screens. The connection is protected by a VPN. But no question of leaving with it. Even taking notes is done in another room next door. “Customers cannot export code. The idea is not to come with a USB key,” jokes Yoann Klein.
Despite these safeguards, Huawei’s approach is intriguing in the sector. Orange sees it as an “interesting initiative”, without developing further. SFR, one of Huawei’s big customers in France, did not come to the center. Contacted, Anssi, the national agency in charge of the security of information systems, refuses for its part to say a word.
“Honestly, this cyber center is a bit of an exercise in style,” says the source cited above. The director of an operator’s network is more attentive to the performance and energy consumption of equipment than to its source code. Either the supplier is good or they are not. But in any case, it’s not up to the operators to baby-sit their suppliers…”