“They want to be the agents, not the victims, of history. They identify with God’s power and believe they are godlike. That is their basic madness. They are overcome by some archetype; their egos have expanded psychotically so that they cannot tell where they begin and the godhead leaves off. It is not hubris, not pride; it is inflation of the ego to its ultimate—confusion between him who worships and that which is worshipped. Man has not eaten God; God has eaten man.”  -The Man in the High Castle, Phillip K. Dick

The end. Wait. That’s not right. We’ve only just started. So let’s recap and make sure we’ve beat this dead horse appropriately. In “A Strategy 20 years in the Making,” I outlined the origins of the People’s Republic of China’s (PRC) strategy and covered the breadth of the nation’s efforts to use lawfare to undermine our efforts around the world. We then discussed in “Artifacts” how the Chinese use information technology as a two-sided strategy for controlling its people and attacking the U.S. to extract data and sabotage our critical infrastructure.

Remember, “In China, win-win means China wins twice.” As part of this discussion on strategy, I have walked with you here. So the question you might ask yourself now is, “What does a Chinese command-driven dual-purpose telecommunications network look like?” Funny you should ask. Because in the PRC, two is a lucky number.

Currently, the telecommunications architecture in the PRC is dominated by three state-run businesses: China Telecom, China Unicom, and China Mobile. While the choices are slim (and not atypical for a command driven economy), the architecture for these stretches across the PRC. Yet by many metrics, this is still a very centralized network with switches and hubs and specific protocols buoying data from one appliance to another. Most of the most recent appliances on this infrastructure belong to a wholly Chinese-owned company called Huawei. However, what you might see already and can expect to see more of in the future are HetNets.

Per Wikipedia, “A HetNet often indicates the use of multiple types of access nodes in a wireless network. A Wide Area Network can use macrocells, picocells, and/or femtocells to offer wireless coverage in an environment with a wide variety of wireless coverage zones, ranging from an open outdoor environment to office buildings, homes, and underground areas. Mobile experts define a HetNet as a network with complex interoperation between macrocell, small cell, and in some cases WiFi network elements used together to provide a mosaic of coverage, with handoff capability between network elements. A study from ARCchart estimates that HetNets will help drive the mobile infrastructure market to account for nearly $57 billion in spending globally by 2017.”

Device Programming Models

The expectation is that HetNets will alleviate bandwidth load and potentially reduce “last mile” issues. It remains to be seen if this works. For the layperson, picocells and femtocells are available, now, from many telecommunication providers here in the U.S. In essence, both function as tiny cell towers. Yes, they can be hacked. From Huawei’s stated intent, their idea is to saturate as much of this along their client infrastructure. To that end, they rely heavily on software-defined networking (SDN).

SDN essentially takes what used to be hardware-encoded information and uses software to do it. Your routers, switches, picocells, and femtocells all have firmware. That firmware is an instruction set that interprets your GUI inputs to routing tables for packet transmission. SDN’s foundational element is the OpenFlow protocol. Put simply, SDN allows you to program your network topology without having to rely on rule sets that govern each individual router or switch. Routers and switches essentially become slaves to the network controller (not domain controller). It also invalidates many proprietary designs.


Enter POF. A major chokepoint for SDN is that it requires coding to program new services on the fowarding plane, meaning if you need a tailored solution because your network is unusual, it takes time for a developer to code it. In essence, OpenFlow is cumbersome. Well, Huawei has a solution for that. They call it protocol oblivious forwarding. In essence, it gives a developer or network administrator the ability to manipulate in-transit packets, based on script written in POF, passing through the forwarding plane, in particular, packet headers. Here are some things you can program: statistics, time stamps, and anomaly flow states, data-path instructions that can create and modify flow tables,  MAC learning, active firewall, dynamic load balancing, and controller offloading.

As an analogy, imagine that our transportation system is a network. You have cars and trucks, and they all represent different types of packets. Imagine that they are all pushed to their respective cities and that the cities act as routers or switches. In its current format, there are different types of cars and trucks and different types of cities. Each city gives the cars and trucks a city-specific instruction set, and while all trucks and cars can receive the instructions, not all cities can directly communicate with each other.

Enter Huawei. Huawei has an automated process that changes all cars to red, and all trucks to blue. Huawei then acquires a contract with every city and introduces a common programmable infrastructure such that each city runs on the same software. Customizable at will. Now, as part of this contract, all control of the cities’ commands to cars and trucks are ceded to Huawei’s network controllers. In other words, all Huawei’s network controllers control the flow of car and truck traffic through the cities.

This all seems like a very good thing right? Very efficient. Highly customizable. Now let’s look at Huawei. Huawei is no stranger to controversy and has been accused of some serious and highly questionable actions. Huawei has been accused of corporate espionage and subsequently copyright theft and intellectual property infringement by multiple parties including Motorola and Cisco. Huawei has been identified by Indian intelligence services as possibly having supplied the Taliban with communication equipment. Next, according to Huawei, it’s employee owned, however employees have no idea how much they own, or (more likely) are not allowed to say how much they own as part of government ‘quiet’ censorship.

If you did own 51 percent of the shares of Huawei, per the by-laws, you still have no say in any executive decision-making. Finally, the Huawei board of directors is a cabal of technocrats ending in Ren Zhengfei. Zhengfei has ostensibly played down his role in the PLA. According to some media sources, he was a military technologist retaining rank. Other sources place him as an engineer or communications officer. Additionally, Zhengfei claims to only own 1.5 percent of his employee-owned company.

Huawei’s intent

Call me suspicious, but I have some concerns about Huawei’s intent.

What if Huawei’s general direction and intent is simply one of encirclement of the U.S.? Imagine in smoke-filled back rooms in the tall skyscrapers of Shanghai a meeting with one or two or even five of Huawei’s board members with personnel from the Ministry of Science and Technology (MOST) and the People’s Liberation Army (PLA). Remember MOST? This hypothetical meeting happened about the year 2000. At this meeting, relationships were solidified and outline in terms that both parties could understand.

Someone from the PLA says, “It’s not about controlling the company. Not at all. Why burn a good thing? We would just like access to place items on your architecture as it grows, in addition to information that is returned as part the metrics you collect for marketing.” Sound familiar? What’s different here is that when it comes from the PLA, and by extension from the Chinese Communist Party (CCP) politburo, it really isn’t a request at all. It’s an instruction.

It doesn’t matter if the PRC can’t penetrate the U.S. with Huawei. They just have to establish a significant market share in as many countries as they can. Huawei devices like smartphones are cheap. I purchased one to root in a Central American country for about $90 USD. They run on a Chinese variant of Android. Huawei routers are even cheaper now that they can build them on their SDN architecture and use POF to push them along a HetNet.

It’s very plug and play. In essence, you could extrapolate that every single Huawei device and appliance could very well ping home without the user and communications provider’s knowledge. If you went to travel and used your own device on a foreign country’s architecture, and they used a Huawei device anywhere along it, Huawei has the potential to retrieve data sans user knowledge. In essence, the PRC has an asset that works like a giant sound surveillance system (SOSUS).

Next, imagine that for a moment you could literally infect a network. That a network operated like a giant malware artifact. Appliances, devices, everything in the network operated as a scaled-up version for malware. Not just the nodes infected, but everything. Instead of a botnet, you now have a malnet. Seems like a pretty handy ‘secret weapon.’ Finally, imagine you could use the forwarding plane to run polymorphic code injection at the packet level?

Further, vulnerabilities have already been discovered in SDN. CVE-2014-5035 as identified by the Department of Homeland Security and the National Institute for Standards and Technology’s National Vulnerability Database identifies at least one vulnerability that we can associate with SDN. This vulnerability clearly states the following impact types “allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.” Open daylight is part of the OpenFlow protocol, essentially providing services from a network virtualization perspective. POF will not decrease this risk.

In summary, close scrutiny should be applied to any ‘commercial’ entity that leaves the ‘Great Chinese Firewall.’ It’s likely that any ‘free market’ entity has been carefully vetted by the PRC. Consider, how the Harmonious Fist of China is slowly closing and ask yourself if you really need to be worried about terrorists.

(Featured image courtesy of fastcompany.net)