Huawei Secretly Launched DPRK 3G Network
Huawei secretly helped the DPRK government build their 3G network, according to a Washington Post report. A former employee provided the Post with work orders, contracts, and a detailed spreadsheet revealing that Huawei partnered with Panda International Information Technology Co. Ltd. on DPRK projects over the last eight years. This revelation will likely push the US government forward in its attempts to block Huawei (with ties to the PLA) from operating within the US and allied countries. We should also expect difficulties in President Trump’s negotiations with the PRC and the DPRK should entities from the latter be designated for sanctions violations. Further, this revelation underscores the necessity for organizations to conduct supply-chain risk management analyses.
Background
The DPRK began pushing for modernization of its Information Technology infrastructure in 1993, with a letter sent to the National Conference for Telecommunication Employees from Kim Jong Il. KJI visited the PRC in 2001 and indicated a desire for mobile telecommunications service before 15 April 2002, but this plan was scrapped following the Ryongchon explosion — and possible use of a mobile device to detonate the explosion. Consequently, the IT development program was delayed until 2008, a year after Panda began cooperation with Huawei in projects abroad.
The DPRK-based mobile network, Koryolink, was formed in 2006 after KJI visited Huawei headquarters. According to the leaked documents, Huawei and Panda worked together to provide the DPRK with infrastructure necessary to launch Koryolink, and Huawei provided additional consultancy services. Further, Huawei worked with the North Koreans to develop an encryption protocol for elite users and a network monitoring regime for standard users. The network monitoring regime uses standard Legal Interception Gateways (LIGs), which allows LEOs to intercept real-time communications and communications-related information. In the West, LEOs are able to intercept calls, text messages, data transfers, geolocational data, and interception-related information following legal authority to target a specific device/service. However, the DPRK does not operate within similar legal constraints. Further, former Koryolink Techincal Director Ahmed El-Noamany indicated the DPRK may have developed and deployed automated network monitoring software.
El Noamany also denied that Koryolink blocked Chinese signals from entering the DPRK, but the recently leaked documents show the North Koreans procured spectrum and signal analyzers from the German company, Rohde & Schwarz, for use in researching and manufacturing a jamming system. Also, other reports have indicated that the North Koreans deploy jamming and geolocation systems on the PRC borders. This seems to indicate that German and Chinese components were used to aid the DPRK government in censoring its population, with direct support provided by Huawei. Moreover, the secrecy with which Huawei operated indicates an implicit understanding of sanctions violations and an attempt by the organization to avoid detection.
US Concerns
Concerns over Chinese tech companies have hampered US negotiations with the PRC. For example, in April 2018, the Dept. of Commerce banned US tech companies from exporting components to the Chinese firm ZTE over the latters’ sanctions violations on Iran and the DPRK. This action was later overturned in July 2018 after ZTE nearly collapsed. More recently, last May, the DOC placed a similar ban on US exports to Huawei. Also, the DOC banned US exports of components to Panda in 2014, which prohibits products exported to the DPRK from containing more than 10% US-origin components. The use of Huawei/Panda components in the DPRK’s 3G infrastructure may have violated these sanctions.
Additionally, entities can be designated for facilitating censorship by the DPRK government.
The President shall designate under section 9214(a) of this title any person listed in the report required under subsection (a)(1) that—
(1) knowingly engages in, is responsible for, or facilitates censorship by the Government of North Korea; or
(2) knowingly engages in, is responsible for, or facilitates serious human rights abuses by the Government of North Korea.
Meanwhile, PRC state media has indicated that trade negotiations may start soon between the US and the PRC. However, further designations may serve as a stumbling block to these negotiations, which President Trump hopes to resolve to score a foreign policy win.
Furthermore, the US has been pressuring allies not to incorporate Huawei’s 5G infrastructure. While Australia has followed the US in this domain, many of the US’s other partners have expressed a lack of concern. Last month, cybersecurity firm Finite State published research indicating that Huawei’s enterprise equipment contains hundreds of vulnerabilities hardcoded into the firmware. This research juxtaposed with the recent revelations of Huawei’s activities in the DPRK should provide the Trump Administration with additional leverage in its war against Huawei, should the president decide to use it. But with Trump, you never know where US policy will go.
ROK Concerns
ROK exports to the PRC are down 15% this year amid the US-PRC trade war. And despite US pressure against Huawei, ROK-based conglomerates export components to the organization, and import components used in the ROK infrastructure. The ROK has suffered a declining economy caused by President Moon’s policies that has only been exacerbated by the US-PRC trade war and the mismanagement of ROK-Japanese relations. Thus, the South Koreans have an economic interest in maintaining these trade relations with the Chinese.
However, the ROK’s exports of components used by Huawei may further damage its reputation. Japan’s restrictions on etching gas exports to the ROK included mentions of inadequate export controls — etching gas can also be used in weapons programs. Theoretically, ROK exports to Huawei and Huawei cooperation with the DPRK could aid Japan in raising these questions about export controls. Moreover, trade with a company that built a vast surveillance regime in the DPRK does little to mitigate President Moon’s pro-DPRK appearance. I suspect these issues to be raised in future ROK-Japan trade negotiations as well as US-ROK mil-to-mil talks.
Conclusion
The US must investigate whether entities violated sanctions related to the recent Huawei/DPRK news. This story also underscores the necessity for organizations to conduct supply-chain risk analyses to ensure their components are not involved in sanctions violations. Further, the issues surrounding Huawei specifically, and the PRC more generally reflect the difficulties in balancing national security and economic interests. The Trump Administration needs to develop a coherent policy to tackle these issues and present this policy to its partners around the world. Otherwise, the US will continue to suffer the loss of leadership we’ve seen in Northeast Asia and beyond.