Huawei and Ukraine’s Cybersecurity: A Narrowing Space for Kyiv to Negotiate

BY MARIA SHAGINA

On October 15, 2020, Ukraine’s State Service for Special Communications and Information Protection signed a memorandum of understanding with Chinese telecommunications giant Huawei on cooperation in the areas of cybersecurity and cyber defense. According to the joint press release, the proposed cooperation aimed to strengthen Ukraine’s state defense against cyber threats, create a channel for information exchange, and provide advanced training for personnel in cybersecurity and communications. The deal raised questions among Ukraine’s Western partners, and the press release was removed from the government’s official website and social media accounts the next day. The blunder has been attributed to poor interagency communication, but the ill-judged move illustrates Ukraine’s increasingly tight room for maneuver as a result of weaponized tech supply chains.

Tech Supply Chains in an Era of Hardening US-Chinese Rivalry
Since 2000, the Chinese telecom vendor has strengthened its presence in Ukraine. Huawei played an essential role in the development of the country’s 2G and 3G networks, offering low-priced and high-quality software and equipment. Huawei helped Ukraine increase its mobile broadband penetration from 8 percent to 65 percent over the last three years, and more than half of Ukrainian operators’ equipment is produced by the company. The Chinese provider was also chosen as the winner of the tender for the installation of a 4G network in Kyiv’s subway. Expanding into other spheres, Huawei offered a Safe City concept to Kharkiv, the second largest city in Ukraine, that involved the installation of intelligent video cameras, and established an educational and scientific partnership with Kyiv Polytechnic Institute to further cooperation in the sphere of cybersecurity. Despite increasing Western scrutiny of Chinese technology providers, in 2017 Huawei opened service and R&D centers in Ukraine.

With the hardening of US-China geopolitical tensions, the debate over surveillance technology moved from the technical realm into geopolitics. Washington’s politicization of tech supply chains has left little room for maneuver for intermediary countries such as Ukraine that are dependent on foreign vendors. Under the Clean Network Initiative, the United States imposed export controls on Huawei, limiting the company’s access to US-origin software and technology. Citing national security concerns, the United States claimed that Huawei is obliged to share data with the Chinese government and that its equipment can be manipulated. In light of China’s track record of intellectual property theft and cyberattacks, allowing Huawei to participate in the rollout of 5G networks would pose a significant security threat, according to the US and UK intelligence services. In August 2020 the United States further tightened the restrictions, extending the export control ban to foreign suppliers. That move prompted other countries in Europe and beyond to reevaluate their China strategies.

Sharing US concerns over espionage and surveillance risks, the EU implemented a risk-based approach to Huawei, limiting its dominance in 5G networks. The UK banned Huawei equipment from its 5G infrastructure, giving its telecom operators until 2027 to wind down. Other European countries followed the US suit, and currently all Eastern EU members, apart from Hungary and Lithuania, officially exclude Huawei from their 5G network infrastructure. In line with this trend, Ukraine’s Cabinet of Ministers signaled that the country would adopt European standards on implementing 5G technology, while Kyiv and Brussels launched a joint cyber dialogue. Against this background, Ukraine’s short-lived decision to cooperate with Huawei on cybersecurity seemed particularly ill-timed and controversial.

Ukraine’s Cybersecurity
Since 2014, the vulnerability of Ukraine’s critical infrastructure has been exposed by several Russian cyberattacks, and international cooperation with the EU and NATO has become pivotal. The climax of the cyberwarfare came in 2017 with the spread of the data-destroying malware NotPetya. In the most devastating cyberattack in history, the malware affected Ukraine’s banking and government sectors before spreading to another 64 countries. As a result, the EU and NATO stepped up their cooperation with Ukraine on cybersecurity issues. The EU helped establish effective legal frameworks to address cyber crimes and cybersecurity problems. The NATO Cyber Defense Trust Fund focused on strengthening Kyiv’s defensive technical capabilities. The EU, US, and NATO provided substantial funds for capacity-building and resilience-strengthening measures. In particular, NATO allocated $1 billion for Ukraine’s cybersecurity projects. In May 2020, the US Agency for International Development (USAID) announced plans to provide $38 million over four years to build up the country’s cybersecurity capabilities.

With Ukraine adopting Western cybersecurity standards, its links with Huawei will be more difficult to maintain. And as Ukraine becomes a participant in the global tech competition, its room for navigating between European risk-averse standards and Chinese low-cost technology will narrow. Concurrently, the deepening Sino-Russian tech cooperation should worry Ukraine’s authorities. In contrast to European countries, Huawei has gained a considerable foothold in Russia. Since 2014, Huawei has expanded its presence, making Russia its fastest-growing market. The geopolitical tensions with the United States have only intensified the Chinese company’s pivot to Moscow. Huawei signed an agreement with the Russian mobile operator MTS for the development of 5G technology, and the company has forged several partnerships with Russian universities, research institutes, and companies. Though the import substitution program requires the use of home-produced equipment, Russia’s lack of technical expertise gives Huawei a clear edge in the rollout of 5G technology. As cyber threats are not tied to physical borders, comprehensive international cooperation will be key for Ukraine. To avoid future misalignment and cybersecurity voids, Ukraine’s Western partners should augment their cooperation in cyberspace to enhance governmental communications and the resilience of critical infrastructure.

The opinions expressed in this article are those solely of the author and do not reflect the views of the Kennan Institute.