On January 11, Reuters reported that the Polish Internal Security Agency (ISA) detained and charged two individuals — a Chinese employee of the Polish division of Chinese telecommunications company Huawei and a former Polish security official — on allegations of espionage for China. An ISA spokesman said that the two men would be held for three months. The Chinese Foreign Ministry reportedly stated that it was “greatly concerned” by the reports, and urged Poland to handle the case “justly.”
The ISA spokesman also said that “the allegations related to individual actions, and were not linked directly to Huawei.” Nonetheless, this report is likely to exacerbate concerns in a number of jurisdictions about Huawei’s compliance with foreign laws and the Chinese government’s ability to exploit Huawei technology to access networks and computers in other countries.
In addition to the December 1 arrest of Huawei’s Chief Financial Officer based on allegations that Huawei has violated sanctions against Iran, the United States and other Western nations have been expressing concerns for some time about the potential for China to exploit Huawei hardware and software in other countries to conduct online espionage. For example, the United Kingdom National Cyber Security Centre stated that it had concerns “around a range of technical issues” associated with risks in Huawei hardware and software, and required Huawei to accept a number of technical requirements to reduce security concerns. In addition, similar concerns about Chinese exploitation of Huawei technology have been voiced by various companies and European government officials, including statements by Deutsche Telekom, the Czech Republic’s Prime Minister, a senior European Union official, and the Norwegian Justice Minister.
Accordingly, chief information security officers whose companies are using or plan to use Huawei technology should closely track further developments regarding these reports and promptly evaluate whether additional security measures are necessary to reduce the potential threat of Chinese government exploitation and compromise of corporate data.