Chinese tech company Huawei on Tuesday opened a cybersecurity lab in Brussels, the heart of the European Union, as it tries to win over government leaders and fight back U.S. allegations that its equipment poses a national security risk.
Company executives inaugurated the Huawei European Cybersecurity Center, which will allow the wireless companies that are its customers to review the source code running its network gear.
The launch comes amid a standoff between the U.S. and China over Huawei Technologies, the world’s biggest maker of telecom infrastructure for new high-speed 5G networks.
The U.S. has been lobbying allied countries and companies to shun Huawei because of fears its equipment could facilitate digital espionage by China’s communist leaders.
The new lab in the Belgian capital gives Huawei a venue to reassure the EU’s policymakers about its cybersecurity credentials.
It opened a similar center in Bonn, Germany, in November and funds a government-run British testing site, the Huawei Cyber Security Evaluation Centre, that opened in 2010.
Huawei said the Brussels center will be a platform where government agencies, technical experts, industry associations, and standards organizations can collaborate on cybersecurity.
It will also be a place where Huawei’s customers – wireless and internet companies – can test the company’s networking equipment.
That includes giving them access to Huawei’s source code — “our crown jewels,” John Suffolk, Huawei’s global cybersecurity and privacy officer told reporters.
Suffolk said that while Huawei lets telecom companies use the Brussels center’s facilities and access its software, it doesn’t necessarily know what they’re doing or searching for.
“It’s a little bit like a black box,” Suffolk said.
Europe is Huawei’s biggest market outside China, and the company hopes to play a key role in building the continent’s 5G networks, in competition with Scandinavian rivals Ericsson and Nokia. Fifth-generation mobile networks enable lightning fast download speeds and reduce signal lag, advances that will be used in smart factories, self-driving cars and remote surgery.
Western officials are worried that China’s cybersecurity law requires the company to cooperate with the country’s intelligence service. However, executives repeated their position that Huawei has never been asked to hand over sensitive information and would refuse to do so if asked. Neither would it install secret backdoors in its software.
“There’s no evidence,” said Vincent Pang, Huawei’s president for Western Europe.
Suffolk said there’s “some level of confusion” surrounding the interpretation of various countries’ cybersecurity laws.
“This is not uncommon and I think we’ll see this continue as time goes on,” he said.
Cyersecurity experts wondered whether the Brussels center was more a way for Huawei to press its public relations offensive against the U.S. campaign than for serious cyber protection.
“Simple auditing of source code, made in a limited capacity, and only at a small closed facility might not suffice to seriously establish the actual security level, and definitely not at a scale. But it is a nice demonstration of openness nonetheless,” said Lukasz Olejnik, a research associate at Oxford University’s Center for Technology and Global Affairs.
He said that creating dedicated and comprehensive cybersecurity standards and regulations would take a lot longer. He compared it with the new European data privacy regulations that took effect last year and were a “multi-year endeavor.”
The U.S. government’s campaign against Huawei has also included criminal charges against its chief financial officer, Meng Wanzhou, who the U.S. wants to extradite from Canada to face charges she misled banks about the company’s business with Iran.
Despite the U.S. pressure, there are signs that European governments and mobile companies are resisting a blanket ban on Huawei equipment. GSMA, the mobile industry’s trade group, has recommended a testing and certification program.
In an annual review of Huawei’s engineering practices published in July, Britain’s cybersecurity agency noted “shortcomings” that “exposed new risks in the U.K. telecommunication networks.” But none were deemed of medium or high priority.