Telcos love Huawei. The Chinese company undercuts other global telco equipment vendors and represents real competition in a market otherwise dominated by just a few companies.
The reason Huawei's grown from zero to global mega hero in a decade is hard work and bending over backwards with huge resources when telco customers need something special.
That can-do attitude and cheaper gear clearly outweighed national security risks and the ensuing controversy for local network builders and telcos.
But there's no reason to think our and cyber spies at the Government Communications Services Bureau are wrong when they say they're concerned about Huawei.
What about existing networks then? Huawei gear sits in all three New Zealand telcos' 3G and 4G networks along with the taxpayer-funded Ultra Fast Broadband.
No matter. The Telecommunications (Interception Capability and Security) Act of 2013 applies for proposed network designs only.
GSCB can't order telcos and internet providers to rip out and replace Huawei gear for national security reasons under TICSA. Doing so would create enormous disruption and cost vast amounts of money. It's not going to happen.
The technical justification that 5G networks are different and more highly integrated than 3G and 4G ones, and therefore some vendors must not have access for support and maintenance, doesn't quite hold water either.
It's nice to think there are super-secure and reliable controls between, say, the radio access network and the telco's core network, that prevent Vendor A from taking a peek at Vendor B's stuff. Nice, but wishful thinking as anyone who's kept an eye on security research will tell you.
Would deleting Huawei from our networks make them more secure and resilient then?
That question is a real side splitter for infosec and telco people I've talked to who, between fits of giggles, remind you of Telecom's XT rollout fiasco courtesy of Alcatel-Lucent (now Nokia).
Across the ditch, Telstra has had frequent outages this year. Telstra's network died in South Australia recently, and created a real-world security incident as 774 criminals with monitoring bracelet "went dark" for 24 hours during the outage.
There are plenty more examples, near and far, of an industry struggling with security and resilience as it tries to survive the onslaught of the internet by cost-cutting, consolidation and outsourcing capability.
Meanwhile, we have no qualms about putting an increasing amount of sensitive data and critical functions such as financial transactions, health care and disaster alerts over technology run by an industry in distress.
Technology that, said industry itself, no longer has the competence to build or support.
I'll leave you with that comforting thought, shall I?
