Huawei’s VP for cybersecurity Mika Lauhde: citizens will be paying more


At the end of the day it will be the taxpayer who pays the bill,” Mika Lauhde, VP of Cyber Security & Privacy and Global Public Affairs at Huawei, told CyberNews. According to him, the company has enough components for approx. a year, afterwards it may face a supply chain resilience issue.

As Washington has banned Huawei from buying certain components made in the US, the UK followed suit and decided to remove Huawei equipment from the country's 5G network. Mr. Lauhde reckons that some small countries, allies of the US, will do the same. In that case, he implies, voice services’ costs in some countries might go up despite the European Union’s roaming agreements.

Huawei is now forced to create its ecosystem as new Huawei Android phones must run without Google, to look for and even develop its chipsets as an alternative for American components, that Huawei is now banned from buying.

“Is this now improving the situation with the security or is it downscaling the situation?”, asks Mr. Lauhde.

Recently, the situation has escalated. How was it - being on the Entity list, Washington sanctions, now the 5G ban in the UK?

I see you are going straight to the point. This is something that we were predicting. But let’s take one step backward. The US has been imposing restrictions for Huawei, for the EU, for China. There's a question now what happens with Huawei employees (the US announced visa restrictions for employees of Huawei CyberNews), so it is very difficult to predict what will be happening in the coming weeks or months. What Huawei can do in this area?

We can’t predict everything that is going to happen. I am concerned as a Huawei employee, and I am equally concerned about Europe overall. What will be happening in Europe? The European Union Court of Justice invalidated the Privacy Shield contract with the United States. It won’t be improving the situation at all.

EU Court of Justice tweet screenshot

What happened in the UK was imposed by the president of the United States, he has stated that himself. This was something that the US made happen in the UK. We are very disappointed.

At the same time, we are saying that we will be supporting every single customer that we have in the UK at the moment. We are not abandoning them, we have enough components and resources.

The UK’s cybersecurity center is saying that we might have supply chain resilience issues with our components so that we are not able to support countries and governments. This is a slippery road. We have to start replacing more and more components that we have been using with something else. This is the reality.

So far we’ve been purchasing quite a lot of components, for example, from Europe. Now, because we can’t directly purchase quite that many anymore from the US, it means that European countries are not allowed to sell components to Huawei, because they will be violating the US sanctions. This is a bad thing. If a European company has any software or hardware from the US, it will be illegal for them to sell it to us. So the US is controlling the supply chain on European soil. This is violating every kind of economic treaty we have on this planet, but this is the situation. What we are doing now with the UK’s government, is that we are saying OK, tell us what we need to prove to you so that we could avoid this supply chain resilience issue anymore.

Does it mean higher costs for you? Now you have to look for alternatives. I know you are developing your digital ecosystem to replace Google’s Play store in your new phones?

There will be an increase in prices for everybody in this ecosystem. Not only for Huawei but for Nokia, Ericsson, Cisco, and for everybody else. And the result will be that the citizens will be paying more. These things are not happening cheaply. If, for example, we are not existing here, there would be only two companies. How brutally they would like to use their competitive advantage? They could be doubling the prices tomorrow and there would be no negotiation position for anybody.

When we are the leading manufacturer (Huawei is the world’s largest telecom supplier and the second-largest phone manufacturer but the company is a pariah in countries like the US – CyberNews), we have the best equipment and we are two years ahead of our competitors (in the UK it is estimated that the ban of Huawei will delay the roll out of 5G network by a year – CyberNews). If we are not there, it means that the whole industry will go two years back.

It is not only impacting 5G, but it also means that you are paying more for the safety components. Operators might say that the EU set certain guidelines for pricing (under the EU Roaming agreement, when you travel outside your home country to another EU country, you don't have to pay any additional charges to use your mobile phone CyberNews) and we might forget those now because these guidelines can’t be valid under these circumstances when we are forced to purchase certain components with a certain price that we are not able to influence. Let’s forget these European rules. At the end of the day, it will be the taxpayer who pays the bill. We are talking about a huge cost for Vodafone, Orange, everybody in the UK. 

Is the UK’s government also going to force all those partners, having some kind of partnership with Vodafone, to replace the components? Will it have an impact in other countries? Those operators who can still use our components, are partners with Vodafone, they will be having cost advantage, technology advantage, but then Vodafone has to say hey, I can’t do that, and citizens of a certain country have to pay this bill. So these are the consequences. How far will this chain be going? How many partners does, for example, Vodafone has, that also are going to be affected? Do they need to follow the UK’s rule? Its government doesn’t have an answer. This will cost money for the US as well as Europe.

Mika Lauhde, VP of Cyber Security & Privacy and Global Public Affairs at Huawei

So it will not only slow down the rollout of the 5G, but the prices of various devices and services can go up as well?

If you are hurting the leader who has been making the biggest amount of patents and innovation, of course it will be slowing down the whole industry. It will be changing the competitiveness in this area. Oxford Economics calculated how much it will cost for the whole of Europe if something happens to Huawei. They estimated that Germany would be paying 600 billion more every year if Huawei disappeared. (Experts expect the increase in average annual investment costs over the next 10 years due to competition restrictions to vary between $200 million and $600 million – CyberNews).

Vodafone has been saying that it will cost billions of pounds (single digit) for us if we are taking the components out without even replacing them (Earlier this year BT said it expected to take a £500 million hit over five years CyberNews).

So where is this money coming from? The UK’s government doesn’t have that amount of money at the moment. How expensive will the bill be at the end of the day? It will also slow down the development. A lot of bad things might be happening.

We have been providing our source code for the UK’s government, they haven’t found any issues. We have been working with local operators for the past 30 years. What can we do? We are not abandoning our operator friends there, because they need our support, but anyway, in the coming years, they will be gradually taking our components out.

We are hoping that we will be able to revise the UK’s decision, but we also see that the pressure from the US towards the UK and all the European countries, and China as well, is just increasing, there’s no limit for that at the moment.

Do you think other European countries will follow suit? Can the same happen in, for example, Germany, which, at least until now, has been your ally?

Quite many countries have been indicating that they will not be following the UK’s decision, because that was purely political. It wasn’t based on any kind of technological issue or risk. The European Commision was just removing the high risk vendor definition even for the 5G toolbox, it doesn’t exist there anymore (in January, the European Union has published a toolbox for its member states, mentioning that they could either restrict or exclude any 5G networks from the core parts of their telecoms network CyberNews). And we are open to scrutiny.

I know that many governments say they understand why the UK did this, but the justification for this was not acceptable. I expect that there will be some countries that will not allow our components to be used.

If there's another country that will ban our components, who will be paying for the replacement? The government? Small countries do not have the money in their pockets either. They will be saying “dear operator, you have to pay for this.”

European Commission has rules for roaming. It means that the countries which are not allowed to use Huawei components will have to say to the European Commision that their cost structure was just changed by the local government, which it is not willing to compensate. So they will say that roaming agreements can’t be valid anymore. It would be once again hitting the unified EU in that sense that some companies will be more competitive than others, and some countries will become more competitive than others. So how is the EU going to compensate? I don’t see any good solutions.

You are engaging with governments and saying that you are ready to come under scrutiny. Does any country actually want to scrutinize you or are they just picking sides?

Many countries have been coming to our R&D centres and looking at our source code. We have much deeper cooperation with the main countries like Germany, the UK, Canada, etc. We have the Brussels hub, where we have countries and governments coming and screening our systems.

Last month Germany published a report, saying that the quality of Huawei source code is above the industry level.

(ERNW, an independent IT security service provider in Heidelberg, Germany, released an evaluation of Huawei’s unified distributed gateway in May. Here are the conclusions: Considering the results of the technical review and the project constraints mentioned above,the overall source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process for UDG. Given the complexity and size of the product and platform code, it is not surprising that aspects like test coverage and general code quality can be improved in some components. The auditors were able to identify shortcomings in a minority of the components, but were also able to identify compliance with best practices in the majority of the components in scope.)

But the question that I can’t answer is which countries will succumb to the pressure? At least what I will be asking my government, if the US is able to dictate the rules here in my home country (Mr. Lauhde is from Finland), what kind of purpose does my government really have? It seems that we are not an independent country anymore, that we are heavily influenced by one single country that is not even a European country.

As the Privacy Shield agreement between Europe and the US is revoked, it will also have an impact, it will not improve the situation, it will destroy the trust, because the US has to enact some kind of sanctions because of this.

Have such global events as the coronavirus and new national security law that China has passed in Hong Kong had an impact on Huawei?

Of course, everything has influence. It is just hard to understand how much. When the president of the US is saying that the coronavirus was invented by China and the head of the CIA is saying that it has nothing to do with human creations, who do you believe?

Just recently I had a meeting with the former head of the BBC. He was saying that from the point of view of the press, we are living in very dangerous times. If the most influential person on this planet is always saying “fake media” whenever something he does not like comes up, there’s a big question of reliability of the news on this planet in general. So every newspaper can be challenged by saying that it is fake media. These are bad signs.

Here’s Trump’s newest tweet about “fake media:”

Do you see any possible positive outcomes from the recent events?

What will be the end result is a good question. The lead negotiator of the dispute between the US and China, American guy, was saying that he does not have the slightest idea what is the end game that the US would like to have (according to South China Morning Post, US Trade Representative Robert Lighthizer said: “I don’t know what the end goal is.” CyberNews). So if the lead negotiator does not know what is expected from him, it is very difficult to predict where we are going to go. We are hoping that we will be able to come back to the old normal business, to be allowed to purchase European components, the US components, to be able to provide the best components for everybody globally.

We do not have any fear of being beaten up by security. If anybody brings any evidence in this game then of course it is a good thing. We can say that now we have something to fix because somebody has been able to find an issue this us. The spying machine, which is the National Security Agency, hasn't been able to find anything in our product in the last five years, so we can’t be very bad from a security point of view. If they found anything, they would have been telling it publicly. So we can not very much improve the security if we do not know what is the issue with our security.

We will try to survive. When we were able to see this coming at some point, we have been increasing our stock so we can take care of our customers for the next year perhaps.

We are also forced to look for components, for example, chipsets. At the same time, we are developing our own chipsets. We are now starting the sourcing of different chipsets, but the question is, is this once again good for global security? I mean if we are bringing now some small Japanese vendor to make chipsets for us, they not necessarily have a long history behind them, they are not a global network, and we suddenly start producing all our chipsets with those vendors... Is this now improving the situation with the security or is downscaling the situation?

Huawei posted a 13.1% year-to-year revenue jump, so I guess the damage is yet to be seen?

Without all these restrictions, instead of 13%, what it would have been? We are still growing, but it is not necessarily what we have been hoping and wishing for in this area. On the other hand, we are still collecting money to come over the challenges that we are facing. We are not going bankrupt this week or next week. That’s for sure. But in the long run, if we are not finding this kind of feasible solution for this ecosystem game, it will mean that there will be less money to be used for R&D, security, and everything else.