What’s all this fuss about Huawei?
Right off the bat, I’ll stick my neck out and say that all this talk about technological dominance and the “5G race” is fake. I don’t think the Huawei scandal is about a race at all. The Chinese government may think it’s about a race, but I really doubt the US or other industrialized countries care about “technological superiority” as a matter of policy. The general idea in other industrialized countries is that ensuring free markets and ease of doing business is the best a government can do. Then innovation takes care of itself. That model has worked out pretty well so far. In China, it’s been about reacting to those innovative solutions coming out of the US or Europe or Japan by essentially reverse-engineering them and producing similar products. With Huawei – especially with regard to 5G – it’s the first time China seems to be on par with “the west”. The equipment that Huawei makes to facilitate 5G networks is as good, if not better, than those made by rivals Ericsson and Nokia. There is a section of the Chinese media (and, by extension, their government) that seems to believe that this “levelling” of technological capability is uncomfortable for “the west”. Yes, this is a new paradigm. But I don’t buy this theory of envy and chest-thumping.
From the non-Chinese perspective, the Huawei problem is a 4-part waterfall:
- The sheer scale and ubiquity of 5G compared to 4G and prior generations.
- Concerns about Huawei’s shoddy software supporting its supposedly state-of-the-art equipment. This makes it ripe for security breaches.
- Most importantly: It’s perceived and codified proximity to the Chinese Communist Party.
- #3 leading to security “backdoors” and potentially devastating effects on a type of network that’s bound to form the backbone of our hyper-connected civilization.
I’ll go through #1 and #3 in some more detail below. But on #4, let’s be honest. Nothing has been proven so far. No backdoors have been found – in software or hardware. So, why the brouhaha? It reminds me of two events:
- The crazy Bloomberg story late last year about “The Big Hack” that accused China of installing backdoors into the American server company Supermicro’s products. Nothing has been found yet. It’s been more than 6 months.
- That 2001 movie called Minority Report, starring Tom Cruise. Directed by Spielberg, it was that rare Tom Cruise movie that made me think. The premise was: In the near future, police forces would have a technology that would be able to accurately visualize a crime before it happened. And this technology gave the police the authority to arrest would-be criminals just for the intention of committing said crime.
The Trump Administration’s drastic moves on Huawei seem to reflect the Minority Report premise, as if to say, “we believe Huawei will aid the Chinese Government in compromising our 5G network, so we will penalize them for the intent even if there’s no proof of crime”.
The statement above sounds ludicrous, but if you think about it, it’s more reasonable than it sounds. And that’s because of the sheer scale of the consequences IF Huawei actually does what the Trump Administration thinks it will do. To me, the issue is a bit like tackling Climate Change – the consequences of not doing something are too dire to not risk some short-term pain in the fossil-fuel industry. Ironically, while the Trump Administration seems to apply this “better safe than sorry” logic to Huawei, it refuses to do so for Climate Change. Of course, the main reason is that the Huawei issue can be used as a chess piece in trying to “win” the trade war. To “win” any war – economic or military – is a politician’s dream before any re-election campaign. For us investors, however, our goal is to see through this geopolitical cloud of rhetoric and chest-thumping and invest in companies that should gain regardless of which way political winds blow.
But before that, let’s breakdown the Huawei problem. It’ll give us some idea about the gravity of the Huawei issue. And then we’ll move on to investments ideas that should do well whether Huawei is permanently banned or not. If not, then all’s good anyway –The Buylyst portfolio is sufficiently positioned for such a rally.
5G: This time it’s different.
I went over 5G in a lot of detail here. The main gist of that worldview was: 5G will be different because of the sheer scale and ubiquity of it. The bandwidth that it (theoretically) covers is big enough for a whole new world of connected devices talking to each other – Autonomous Cars, Robots and other “internet-of-things”. So far, the jumps from 2G (text and images) to 3G (download movies) and then onto 4G (live streaming) have been somewhat tame by comparison. Mostly, they’ve been about doing cool things on our smartphones. 5G opens up the possibility of connecting any device with a semiconductor in it – cars, robots, the smart grid, your refrigerator, and so on.
Having said that, the broad architecture of 5G isn’t all that different from 4G if we zoom out. CB Insights has the simplest diagram I’ve found to explain the 5G network to us non-engineers:
But there is one big difference that complicates the issue of security – Small Cells. 4G Networks – what we use today – have a bunch of Macro Cells that route data into our smartphones and vice versa. 5G networks need both Macro Cells and Small Cells. That’s because (as discussed here) 5G networks would accommodate wavelengths that are much shorter (higher frequency). And that means, they can’t travel very far. This brings up the need for antennas situated much closer to each other – the Small Cells. In other words, 5G networks will have many, many more cells to relay the waves. Think of it as a much more decentralized network than 4G. This is a boon and a curse as far as security is concerned. Theoretically, it’s a curse because there are many “entry points” into the network. And, theoretically, it’s a boon because nefarious activity could be stopped before it infects the whole network.
There is one other peculiar double-edged sword in the 5G architecture – Network Splicing. Put simply, Network Splicing refers to the ability of network providers to “splice” all that extra 5G bandwidth into different layers. Engineers believe that all the extra bandwidth can be split by use-case, for example. That would mean one band for cell-phones, one for Autonomous Vehicles, one for the Smart Grid, and so on. But Network Splicing will involve more hardware and software to facilitate this splicing. At the same time, theoretically, if one band is hacked, the others can be protected. So, maybe cell-phones will be down, but cars won’t run into each other. That’s the theory anyway.
Just as a reference point, CB Insights has another neat picture to help us visualize just how much more bandwidth 5G has to work with.
So, in short, a much broader bandwidth which accommodates multitudes more devices, to form the backbone of our hyper-connected civilization in a way that 4G never was – not even close. This is a big leap in cellular generations. And that’s why security is paramount. It’s not just about streaming movies anymore.
Where Huawei fits into the 5G Architecture.
So, how can evil Huawei hack into American 5G? Well, the simple answer is that Huawei is really one of three (maybe four) 5G infrastructure manufacturers in the world. The other ones are Nokia and Ericsson. Samsung is a distant fourth. Huawei is by far the most prolific maker of these critical 5G components. So, what is it that they make that’s so darn important? To visualize this concept, I’m going to delve into a little bit of theory and some rough sketches. Let’s start with the rough sketch of 5G Architecture as I understand it:
The point of this sketch is to show you that 5G security is a different beast. Let me explain:
- There are 3 basic components of a 5G (or any other generation’s) network: Transport, Routing and Access.
- Transport refers to literally sending data from point A to point B via, say, fiber optic cables.
- Routing refers to the “network optimization” part – the automated decision about which part of the bandwidth should be allocated to which data flow.
- Access gets closer to devices we use, like smartphones. With the spread of 5G, we can add Autonomous Cars and IoT devices to the list.
- All 3 components are managed by a software system to manage 2 types of functions: Core and Non-Core (aka Radio Access Network or RAN).
- Think of Core and RAN as Cloud and Edge. I’ve discussed this distinction here, but the gist is that some processing of data is done in the “mothership” or the Cloud and some of it is done on edge devices. This would differ amongst network providers.
- The middle component – Routing – can be classified as Core or RAN. Usually it’s classified as RAN, which means it sits outside a network provider’s Core.
- Routing is where Huawei mostly sits. Of course, Huawei also sells millions of smartphones, but the controversy is about the 5G infrastructure that sits mostly in the Routing part of this architecture. It has access to a lot of data.
- This is important - the key difference between a 5G architecture and a 4G architecture: The Core part of the architecture – think Cloud mothership – is “virtualized”, meaning that the networks are software-based, not based on wires and metal boxes. This is a complicated concept, so I’ll leave it at that. If you want to understand it further, Ericsson has a decent blog post on this topic. But the main point is that, hardware backdoors by Huawei won’t really work in this case. Software backdoors could work. But even that’s tough.
The reason it’s tough for Huawei to steal data willy-nilly is that network providers could use common sense and keep Huawei equipment outside the Core part of the network. All personal or mission-critical information can be ring-fenced within the Core network and routed as secure packets when needed via a different route. All other non-critical information may flow through Huawei’s routing equipment. This is the point UK’s Regulatory body made in this blog post, which did a great job of explaining why the UK didn’t ban Huawei. They’ve determined that the 5G network will be decentralized enough and software-oriented enough to make it pretty tough for Huawei to steal state secrets. Of course, that assumes that network providers and governments will be smart enough to know and/or assumed the following:
- Assume that Huawei (or any other vendor) will have backdoors. Always look for them.
- Assumed that Huawei equipment may fail. Have redundancies in place. Don’t depend on any single vendor.
- Know that security is multi-layered: From the Core part of the architecture to the Management system that monitors the entire architecture to the Edge devices themselves.
- Know that the Core Cloud infrastructure must have redundant security systems in place to look for any backdoor thieves.
With these common-sense measures in mind, the UK thinks banning Huawei is too extreme. In fact, they argue that systems can be hacked without backdoors. The best a provider can do is to be vigilant with the right cybersecurity infrastructure in place. And this may sound redundant, but Redundancy seems to be the best hedge.
The Key Issue: Government Overreach.
Chinese companies operate differently. They operate under the blessing of the Chinese government in a system that’s widely known as “State Sponsored Capitalism”. Years ago, The Economist magazine wrote a great article on this economic model. And that should give you a hint about why the US has a fervent dislike for the Chinese Model – it’s totally against the favorite American principles of Free Market Capitalism. Since Soviet-style Communism died, this is the latest ideological war. To be fair, in the hyper-globalized economy of today, one country’s way of doing things affects its trading partners. The “China Model” doesn’t play well with others. And Huawei is the poster child for this. Here are the issues in a nutshell:
- Intellectual Property Theft
- Government Subsidies to “price out” competition
- Laws demanding cooperation of local companies with the government at all costs.
The last issue there is the main complaint. It is now law that Chinese firms must cooperate with the government under the guise of national security. Huawei will have no choice but to hand over data about American companies or people if the Chinese government so chooses. This is the main point of contention with the US. In this matter, I agree with the Trump Administration that the “China Model” of heavy-handedness doesn’t work for most of the world. This law is an affront to democracies around the world if Huawei expects to win their business. As mentioned above, it is the expected ubiquity of 5G in our lives that gives countries around the world some pause with regard to Huawei. It’s like inviting the Chinese government into our personal lives.
But I disagree with the Trump Administration on banning Huawei outright. As I discussed in the section above, the 5G network is decentralized enough wherein Huawei’s access can be cordoned off. I think the UK approach is much more reasonable. This would involve several redundancies, fail-safe measures, and state-of-the-art network security.
Huawei or not…
Given my rough sketch of 5G Architecture above, I see 3 types of companies that should play a sizeable role in laying out 5G networks across the world.
- Equipment companies: Nokia, Ericsson and maybe Cisco.
- Network Management companies: Ciena and Cisco
- Network Security companies: Palo Alto, Cisco, Fortinet etc.
Cisco shows up in all 3 categories, so it’s obviously worth a look. I should mention that they don’t make the same type of 5G equipment that Huawei, Nokia and Ericsson make. But they’re heavily involved in other backhaul equipment required for 5G networks, including hardware and software for security and IoT.
Ciena is interesting, because it just reported some fantastic results last week, after which the stock shot up more than 20%. It’s right at the heart of the 5G revolution with products ranging from optical packet cores to optical network management.
The Buylyst has a thesis on Ericsson already. Initially, I had looked at it as a replacement for Huawei. But upon redrawing the map of 5G architecture, I’m beginning to think of it as a necessary redundancy. I’d say the same goes for Nokia.
Palo Alto was reviewed last week. Funnily enough, it is priced quite attractively now, and may enter The Buy List with a “Buy” rating.
This worldview will be followed next week by a thesis on Cisco, Ciena, Nokia or a revision of the already existing Ericsson analysis.