Cybersecurity

cross-posted from: https://lemmy.sdf.org/post/39439229

Op-ed by Dr. Dave Venable, Chair of the Institute for Strategic Risk and Security (ISRS), and Mykola Volkivskyi, President of the Geneva Center for Diplomacy and Conflict Resolution who previously served as Advisor to the Chairman of the Committee in the Ukrainian Parliament.

Archived

Spain's recent decision to award Huawei a contract worth €12.3 million to manage and store legally authorized wiretaps raises significant concerns about the country's commitment to digital sovereignty. This move jeopardizes Spain’s national security and undermines the trust that is essential for the intelligence-sharing frameworks of the European Union and NATO.

While Huawei has made considerable efforts to demonstrate technical compliance with European standards, the political reality is more complicated: any sensitive system it builds is, by default, subject to exploitation by Beijing. Huawei is subject to China’s 2017 National Intelligence Law and cannot credibly claim complete independence from the Chinese Communist Party’s (CCP’s) security and intelligence apparatus. Despite this, Madrid’s procurement process proceeded as if the controversy around Huawei had no bearing on the domain of sensitive state surveillance networks.

[...]

Spain’s SITEL Contract is Effectively A Security Breach

Spain’s wiretap system, SITEL, functions as the core for Spanish law enforcement and intelligence wiretap activities, storing sensitive data about targets involved in terrorism, organized crime, and even foreign espionage.

Huawei is technically capable of managing such a system, but under China’s 2017 National Intelligence Law, the company is compelled to cooperate with Chinese intelligence services. This creates a constant vulnerability in any critical infrastructure that Huawei or any PRC company operates abroad. However, Spain's procurement process treated Huawei's bid as if it were a neutral supplier.

[...]

Belgium’s State Security Service (VSSE) added Huawei to a watchlist in 2023 due to concerns about potential espionage. The country’s cybersecurity agency later banned Huawei from 5G networks used in critical sectors after detecting unusual data traffic patterns at a Brussels telecom hub.

The “Generation” bribery scandal worsened these concerns. Members of the European Parliament accepted lavish perks from lobbyists linked to Huawei, raising fears that influence operations had penetrated EU regulatory bodies. This incident eroded public trust and showed how corruption scandals can weaken vendor neutrality.

Belgium’s swift and decisive response demonstrates a security-first approach, which should be adopted across the EU and transatlantic alliance. In contrast, Spain’s SITEL contract indicates either a gap in awareness or a willingness to take risks that could affect Europe’s shared security framework.

[...]

The approach to Huawei varies further across Europe. Greece demonstrates how economic dependence can override security concerns — the country chose Huawei as a key provider for its telecommunications infrastructure. Huawei has even offered discounted equipment and “training centers” for Greek engineers to strengthen this relationship further. However, leaked documents in 2024 revealed that Huawei provided perks to Greek officials to secure these contracts.

[...]

Recent patterns emerging from conflict zones further emphasize the urgent need for a unified security policy [in the EU member states]. In Russian-occupied parts of Ukraine, local populations and military operations are increasingly served by unauthorized mobile operators using Russian and potentially Chinese-supplied infrastructure. These networks—established in Crimea, Donbas, and southern Ukraine—are not only illegal under international law but also structurally opaque, enabling surveillance, population control, and disinformation on a large scale. Evidence indicates that Chinese vendors have been involved in providing equipment to these unauthorized operators, either directly or through intermediaries. In Crimea, for example, existing infrastructure was reportedly transformed using Russian intercept technology (SORM), raising concerns that Chinese equipment may have aided these transitions.

[...]

Spain’s Huawei contract highlights a deeper problem: the lack of binding standards to safeguard Europe’s intelligence infrastructure. Procurement policy is a matter of national security. As hybrid threats grow and alliances face unprecedented pressure, EU and NATO leaders must act to address this critical gap. Without enforceable guidelines, the trust that underpins Europe’s security framework is in jeopardy.

Europe’s credibility hinges on its ability to align its intelligence infrastructure with alliance standards; otherwise, it risks increasing strategic division.

To the casual observer, cybercriminals can look like swashbuckling geniuses.

They possess technical skills formidable enough to penetrate the networks of the biggest companies on the planet.

They cover their tracks using technology that is arcane to most people—VPNs, encrypted chat apps, onion routing, aliases in dark web forums.

Read full article

Comments