In the face of growing scrutiny over espionage concerns, Chinese ZTE detailed how it ensures the security of its products, especially devices that carriers will use for 5G infrastructure. In addition to the report, the firm vowed to make new investments in the segment and establish additional security labs meant to benefit the industry as a whole.
Like Huawei, ZTE claims that it has never received any request from the Chinese government to install backdoors into their equipment and to further allay the fears of governments, network operators, and other stakeholders, the company announced that it will open security laboratories where experts may inspect the source code that runs inside its products. Moreover, these laboratories allow stakeholders to view important technical information about ZTE's products either manually or automatically test that tech. The company will set up its main testing facility in China, although it will also open other laboratories in Brussels and Italy within a year. Moreover, ZTE's Product Security Incident Response Team (PSIRT) continuously inspects its products to find potential security issues, and informs its customers of any vulnerabilities found in its equipment as well as the process of how the company resolves these concerns, the firm is quick to point out.
Furthermore, the company’s cybersecurity assurance program, called the ZTE Cybersecurity Governance, prompts the network equipment manufacturer to verify the security features of its products at multiple levels, and it even employs internationally certified professionals and independent experts to examine the security of its equipment. ZTE further highlighted that it already received multiple ISO certifications, which shows that the company follows the international standards on securing both its supply chain and the information managed by its equipment. Regarding the possibility of hardware backdoors or any compromised components, ZTE claims that it employs a traceability policy, which means that the company can quickly trace the affected part included in its networking equipment. Furthermore, this policy makes it easier for ZTE to figure out where the affected products are deployed since it also maintains a record of the locations where it installs its devices. This program helps resolve another issue that Chinese networking companies may face, which is the possibility that individual equipment may include compromised components, a situation that the establishment of security laboratories in the tech firm’s home country and overseas may not sufficiently resolve.
ZTE and Huawei have faced criticisms over the past few years from the United States regarding the issue of cybersecurity, and the two companies are now dealing with an escalated effort from Washington to convince its allies to stop purchasing 5G equipment from China. Recent issues over the past few months, which include a UK discovery of unresolved vulnerabilities within Huawei’s telecommunications solutions and the arrest of a Huawei executive over espionage charges in Poland, had an added negative impact on the reputation of the Chinese network equipment suppliers.
The establishment of security laboratories and the recent push to publicize cybersecurity assurance programs is clearly an effort on the part of ZTE to sway politicians and prevent governments from imposing an outright ban on its products. Many governments, especially in Europe, are still mulling over the matter, and whether ZTE and Huawei are successful in persuading policy makers remains to be seen.