Andrew Hastie (Canning, Liberal Party) Share this | Hansard source

We are now in the third month of the third decade of the 21st century, and the further we move into this century the further we move away from the certainties of the past 30 years. The optimism of the post-Cold War era has long faded. September 11 and the rise of authoritarian powers over the last 20 years remind us that there are realities in this life that we cannot avoid—the reality of competition, self-interest, disruption and conflict. Indeed, the coronavirus reminds us of how fragile modern life can be. As the Roman poet Horace wrote during the reign of Caesar Augustus, you can drive nature out with a pitchfork but she keeps coming back. Peace, order and prosperity are hard fought for, must be cultivated and cannot be taken for granted. We must work to secure them every single day, and that is the task of government. I'm proud to say that the Morrison government is leading to secure our health, prosperity and security during this uncertain time for our country.

We are also witnessing increasing competition between the United States and the People's Republic of China—strategic competition, economic competition, competition in artificial intelligence and technology. Both countries are building rival digital universes supported by virtual and physical networks. Fifth-generation mobile technology, or 5G, is a decisive battleground in this competition. At the heart of any debate on the 5G network in this country is the question of our digital sovereignty. Since the 1648 Treaty of Westphalia it has been a principle in international law that each state has exclusive sovereignty over its territory. The United Nations Charter recognises and upholds this principle. In the digital age, sovereignty now extends beyond the historical territorial definition. It must also include the right of nation-states to protect the privacy and security of their citizens' information and communication and the integrity and availability of the networks themselves.

The 5G network in this country will be the central nervous system of our political, economic and cultural life together. It will enable the Internet of Things, bringing together a host of devices transformed by artificial intelligence—driverless cars, fridges, robots—and will also include services such as accounting, remote surgery and key functions in the health sector, to name just a few.

What has changed? Why are there concerns around 5G and security? Why are the stakes so high? With 5G there is no distinction between the core and the edge of the network. That makes it much harder to protect. 4G and previous generations of mobile technology allow for this distinction between the core and the edge of the network. In 4G, the core is where data is stored and transferred. It is where the computing happens; it's the brain of the network. The edge is the customer-facing components—the radio towers and antennae that you see on buildings. Data is centralised and therefore easier to protect. 5G uses a different radio spectrum that doesn't reach very far, so you need more equipment closer together to overcome obstacles to transmission. As an aside, that poses unique challenges in our country, given the fast continent that we live on. You also need to decentralise the data to enable the Internet of Things, so the core in a sense ceases to exist, which make it far more difficult to cordon off the central nervous system.

With 5G you get a much faster network, but you also create a much larger surface for cyberattack. The whole network is virtualised, and therefore it must be protected. A big risk to our digital sovereignty will always be foreign interference in our networks through cyberattacks. Sadly, the record over the past few years indicates that we in Australia are a regional target of choice for denial of service, intellectual property theft and espionage. 5G disruption could be used against our interests in a number of ways. For example, a remote actor could stop a ship from communicating as ocean traffic approaches, causing a collision that disrupts more traffic and critical supplies to our domestic economy. Remote controllers could cause engines in power plants to overheat and disrupt power generation for hospitals, factories, storage facilities and other critical parts of our economy. Finally, systems that manage access to traffic lights, tunnels, bridges, airports and dams could be attacked, causing injury and fatalities. Therefore, our 5G vendors and providers must be trustworthy and have our nation's interests at heart. That is why the government framed the decision to exclude Huawei from our 5G network in the following terms. I'm quoting from the 23 August 2018 press release, which said:

The Government considers that the involvement of vendors who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law, may risk failure by the carrier to adequately protect a 5G network from unauthorised access or interference.

The government didn't name Huawei directly, but no-one pretends otherwise. Indeed, this was confirmed in late January by Simeon Gilding, a senior fellow at ASPI and the former head of the Australian Signals Directorate's signals intelligence and offensive cyber missions. I doubt there is anyone else within government who is as uniquely qualified to speak on these matters.

Gilding's chief concern was that Huawei could be compelled by the Chinese state to provide clandestine access to our network through back doors and that no amount of work by our smartest and brightest people at ASD could protect against such a risk or threat. He wrote a very influential article on 29 January 2020 posted on The Strategist on the ASPI website, '5G choices: a pivotal moment in world affairs'. This is how he concluded:

Although I remain sceptical about some of Huawei's marketing claims, my concerns are not about the company or the quality of its products. They relate to the legal and political power of the Chinese state to compel the company to do its bidding. It's simply not reasonable to expect that Huawei would refuse a direction from the Chinese Communist Party, especially one backed by law.

… it's all about capability, opportunity and intent. The ability to compel Chinese vendors of 5G equipment is a strategic capability for China's intelligence services.

We should be very thankful that we have people like Simeon Gilding working to preserve our sovereignty. I firmly stand by the government's decision to ban Huawei, as do my colleagues across the parliament, including those sitting opposite.

Interestingly, if our reasons weren't enough to the ban, we could look to the United Kingdom for guidance—and, no, I'm not being ironic. I refer to Huawei cyber security evaluation centre oversight board: annual report 2019, which is a report to the National Security Adviser of the United Kingdom. The Huawei Cyber Security Evaluation Centre Oversight Board is a facility in Oxfordshire in the UK. It belongs to Huawei Technologies and it was established with Her Majesty's government to mitigate any perceived risks arising from the involvement of Huawei in parts of the UK's critical national infrastructure. The report is very telling. Last year in March the key conclusions from the oversight board's fifth year of work were:

The Oversight Board continues to be able to provide only limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK;

The Oversight Board advises that it will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei's software engineering and cyber security processes are remediated …

Its final conclusion was:

… the Oversight Board can only provide limited assurance that all risks to UK national security from Huawei's involvement in the UK's critical networks can be sufficiently mitigated long-term.

This report was handed down seven months after we made our ban. I think those conclusions themselves would give any policy-maker, any decision-maker, pause when considering Huawei as a 5G vendor. So, as I said earlier, I support our government's decision, as do many in this House and in the other place. I should note in fairness though that the report also says:

These findings are about basic engineering competence and cyber security hygiene that give rise to vulnerabilities that are capable of being exploited by a range of actors. NCSC—

The National Cyber Security Centre—

does not believe that the defects identified are a result of Chinese state interference.

But that's where we part company with this report, because it is not good enough to just believe; you also need evidence.

This government, once again, is not prepared to risk our digital sovereignty when Huawei is subject to Chinese law. I refer to the 2017 National Intelligence Law in China, which says, 'All organisations and citizens shall support, assist and cooperate with national intelligence efforts in accordance with the law.' So I think it's entirely reasonable to expect Huawei—or indeed any other Chinese company—to cooperate with the wishes of the Chinese government. That would place us at risk if they were a vendor.

Huawei has been very unhappy with reports about its links to the Chinese government—and I don't want to get into a great deal of detail here except to say there is research on the internet which demonstrates the opacity of the ownership structure. One such report says the Huawei operating company is 100 per cent owned by a holding company, which is in turn approximately one per cent owned by Huawei founder Ren Zhengfei and 99 per cent owned by an entity called a 'trade union committee' for the holding company. We know nothing about the internal governance procedures of the trade union committee. We do not know who the committee members or other trade union leaders are or how they are selected. Given the public nature of trade unions in China, if the ownership stake of the trade union is genuine and if the trade union and the committee function as trade unions generally function in China, Huawei may be deemed effectively state controlled. I'm not asserting that. I'm saying there are reports out there that assert that or at least indicate that and I think it's up to Huawei to prove otherwise.

As I said, they've been very sensitive recently and there are examples in the press. It was reported in Bloomberg on 23 November last year that Huawei Technologies Company is suing critics in France who alleged it has ties to the Chinese state. It is suing a French researcher, a broadcast journalist and a telecommunications sector expert for their claims. Huawei, according to this report from Bloomberg, has confirmed those claims. This is worrying because, in order to make the right decisions on national security, we need to have a free press, we need to have free speech and we need people to be able to express their views without fear of defamation.

Unfortunately, that's not just confined to the European continent. We also have ASPI receiving threatening letters from Huawei itself. I have this letter dated 14 October 2019 before me. It says, 'To whom it may concern: we were informed that the Australian Strategic Policy Institute has completed a paper and will publish it soon.' It goes on to say what the paper is about. It says, 'Huawei categorically rejects the unfounded and inaccurate statements and allegations in the paper published by ASPI.' Then it says at the conclusion of the letter: 'We request ASPI state and/or report Huawei in a factual, objective and impartial way. Otherwise, we may commence defamation proceedings in the Federal Court of Australia against the office-bearers of ASPI and the authors of the paper.' It referred, of course, to a paper published in late last year. I don't have it here, but it was called Engineering global consent: the Chinese Communist Party's data-driven power expansion, dated 14 October 2019 and authored by Samantha Hoffman—a very good paper indeed.

What have they done since then? They hired Nick Xenophon, former senator, as their strategic counsel. It's an odd choice. Mr Xenophon is about to go on a public affairs blitz with town halls throughout the country, arguing the case for Huawei. I find it quite interesting because there's the old Nick Xenophon and there's the new Nick Xenophon. For example, in July 2009 he travelled to Tibet as part of an all-party parliamentary group to visit the Dalai Lama. There is a report on this online. They criticised the Chinese government:

Religious repression, "patriotic education" and undemocratic social-economic reforms, including the forced settlement of nomads, have fanned the flames of unrest in Tibet and brought untold suffering to the Tibetan people.

The report then goes on:

We commend His Holiness, with whom we had the privilege of conversing at some length, for his pragmatic and conciliatory approach to the Tibetan situation and for his calm determination.

So Nick Xenophon is now effectively pursuing the strategic aims of a large Chinese company with, I think, clear links to the Chinese government. My question to Mr Xenophon is: why is he not registered on the Foreign Influence Transparency Scheme? Why he is going through Australia, trying to influence our public policy process, but has yet to sign up to the Foreign Influence Transparency Scheme? In the remaining time, I call on Mr Xenophon and his associates to register and do so in the national interest so that we have full transparency about his dealings with Huawei and the Australian people.

See this speech in context