EU eyes tougher scrutiny of China cyber security risks

The EU is looking to toughen scrutiny of potential security risks with Chinese technology companies in the wake of growing concerns about cyber theft and cyber espionage allegedly linked to Beijing.

Brussels wants to step up efforts to map Chinese electronic infrastructure in the bloc, after pressure from Washington and growing unease in capitals from Berlin to Tokyo.

“A number of like-minded countries are increasingly concerned about China’s behaviour in this [cyber]sphere,” said one western diplomat, who pointed to the importance of upcoming 5G mobile communications spectrum auctions in Europe.

“EU countries, including Spain, Italy and Finland, held 5G auctions in 2018, with a clutch of others scheduled for 2019. The sales can raise billions of euros for government. We are urging everyone to avoid making any hasty moves they might regret later.”

READ ALSO: EU leaders deadlocked on recovery fund in marathon summit

The US justice department charged two Chinese nationals late last month with conducting a global hacking campaign, on the heels of accusations that a group linked to the People’s Liberation Army had infiltrated the EU’s diplomatic communications system — an allegation that Beijing denies.

Earlier in December, Meng Wanzhou, Huawei’s chief financial officer and daughter of the telecoms group’s founder, was detained at Vancouver airport after an extradition request by the US over alleged violations of Iran sanctions. Huawei has said it is not aware of any wrongdoing by Ms Meng.

EU diplomats say that alarm raised by countries such as the US, Japan and Australia about growing Chinese business involvement in crucial technological infrastructure has dovetailed with rising European fears.

Concerns about growing Chinese dominance have been fuelled by corporate takeovers such as the €4.5bn acquisition of Kuka, a German maker of industrial robots, by China’s Midea in 2016.

But attempts to co-ordinate EU efforts have been hampered by the desire of governments to be free to manage tenders such as the lucrative auctions of 5G spectrum to mobile phone networks. Huawei is a leading candidate to supply 5G equipment to these networks.

“It’s quite a serious strategic problem for the EU and we haven’t properly mapped the exposure,” said one EU diplomat. “The problem is every country is interested in the 5G auction because it’s a massive payday. Once these auctions have happened you need to avoid a situation where you end up with the entire continent being with one [equipment] provider.”

The security fears around 5G stem from the possibility that the technology could become deeply embedded in societies through its use for applications ranging from road and rail management to controlling household devices.

Diplomats say Brussels could also play a role in vetting and highlighting effective security measures in areas such as equipment supply chain transparency, monitoring and inspections.

They stress that taking reasonable precautions need not mean blanket bans on Chinese businesses — though some countries already favour a tough line. Germany last month toughened its rules on foreign investment in sensitive sectors including telecommunications.

The western diplomat acknowledged that finding the right way to deal with Huawei and other Chinese companies would be a “complicated matter”.

There would not necessarily be a “cut and dried ready-made solution”, given Huawei’s offer of “a reasonably good kit at reasonably good prices”.

Andrus Ansip, the top European Commission official on technology policy, has warned that EU countries needed to be worried about Huawei and other Chinese companies, because they could be ordered by intelligence services in Beijing to carry out actions such as building electronic “back doors”.

Huawei, whose founder Ren Zhengfei is a former People’s Liberation Army officer, said it was “surprised and disappointed” by the comments. It rejected “any allegation that we might pose a security threat”.
Huawei has pledged to invest $2bn to address serious security risks the UK believes exist in its equipment and software. The US, Australia and New Zealand have also restricted the company’s activities on national security grounds.

The Chinese foreign ministry said last month that it would be “ridiculous” for foreign authorities to obstruct the “normal operations of businesses” because of “speculations” about security risks.

It urged countries to “provide a fair, transparent and unbiased environment for Chinese enterprises seeking investment, operation and co-operation”.