March - Wikileaks' Vault 7 release features Huawei backdoors
When Wikileaks began disclosing the 'Vault 7' series of documents in March 2017, it was revealed that the CIA had been sitting on a long list of known software bugs in all types of hardware, from cars and smart TVs to smartphones, web browsers and infrastructure equipment.
An extremely long list of vendors were impacted by the CIA's capabilities. In many cases it emerged that intelligence agencies had been deliberately withholding security bugs from vendors.
Huawei was one of many vendors implicated in the leaks - so while security concerns were increasingly being cited by US-allied countries, there was evidence that America was sitting on vulnerabilities related to Huawei products.
May - 'Tappy the Robot' sparks industrial espionage controversy
As far as we can tell, the latest tranche of industrial espionage controversies faced by Huawei started here, when it was alleged that the company had stolen IP from T-Mobile USA.
T-Mobile USA sued Huawei, alleging that it had stolen trade secrets concerning a phone-testing robot used by American carrier Tappy. T-Mobile USA alleged that Huawei employees at its testing lab, as part of a partnership, had copied the design of the robot, said the Register.
However, Huawei filed counter-claims, where the company said: "T-Mobile's statement of the alleged trade secret is an insufficient, generic statement that captures virtually every component of its robot".
Huawei added that T-Mobile had publicly demonstrated the robot at a launch event in September 2012 - accompanied by coordinated publicity including a YouTube video.
The Tappy controversy would return in January 2019, described as a "flagrant abuse of the law" by first assistant US attorney Annette L Hayes of the Western District of Washington.
January - National security allegations surface again
There was relatively little further movement on the accusations front until January 2018. Towards the end of 2017, the security spectre was raised once again with an article in Politico about Huawei's infrastructure position in the European market.
Friendly articles appeared in the Canadian specialist business press about 5G partnerships between the local government of Ontario and Huawei - and there were even murmurings that Huawei devices, on track to outpace sales of all other vendors but Samsung later in 2018 - would finally find a home with more US carriers.
In fact, in the same week the vendor was expected to announce a deal with AT&T to distribute the Mate 10 Pro, American lawmakers insisted that the deal be placed under closer scrutiny.
As the Register wryly noted at the time, the "US's guardians of security seem content to allow the United States' consumer electronics to be made in China".
And so the AT&T deal was cancelled following US Senate and House intelligence committees raising their concerns with the FCC.
Motherboard said: "there's no public evidence Huawei spies on Americans, but the company is getting blackballed anyway."
Verizon, another major American carrier, quickly followed suit in rejecting selling Huawei gear directly.
February - Huawei hits back at accusations at MWC talk
Chief executive at Huawei Ken Hu rebuked the American accusations, describing the concerns as "groundless".
"The view that a company headquartered in China cannot be trusted is problematic," Mr Hu said, speaking at Mobile World Congress. "Technology is a global value chain, and many components come from China as well."
Consumer business chief exec Richard Yu added, according to Bloomberg: "Some people, some of our competitors, are using political ways to try and kick us out of the US market - they can't compete with us on the technology and innovation so they compete with us on the politics. We're independent from any country, any government. We're not involved in politics."
Hu added that the company had enjoyed success with its 4G business worldwide, and is "happy to conduct open discussions". It "may not be fair if 30 years of track-record are disregarded based on groundless suspicions," he said.
In the same month, Huawei's global government affairs vice president Simon Lacey said that national security shouldn't be "used as a blank cheque to justify or disguise protectionism," reported the Register.
March - Australian concerns on Huawei in 5G networks
According to a report in the Sydney Morning Herald, there were growing concerns within Australia's parliament over Huawei exerting too much control over the "world's 5G network".
It said at the time that the Turnbull government was in discussions with "a range of other countries about the security concerns with 5G".
An anonymous former security official conceded that there was "a bigger strategic question about industrial supremacy here".
April - American regulators target Huawei, ZTE
The American regulator the FCC voted unanimously to ban federal funding from being spent on companies that were deemed a threat to US security, and in a draft, specifically named Huawei and ZTE.
FCC chairman Ajit Pai said: "For years, US government officials have expressed concern about the national security threats posed by certain foreign communications equipment providers in the communications supply chain. Hidden 'backdoors' to our networks in routers, switches, and other network equipment can allow hostile foreign powers to inject viruses and other malware, steal Americans' private data, spy on US businesses, and more."
The comment followed the early stages of a trade war that was forming between Beijing and Washington.
The FCC's announcements forced another rebuke from Huawei, which dismissed the regulators' claims. In a statement, Huawei said that it was a "100 percent employee-owned company" and that it doesn't pose a "security threat in any country".
"No government agency has ever tried to intervene in our operations or decisions," the statement read. It added that it was "disappointed" by the actions of the FCC, and that the draft bill would further limit infrastructure options available to rural operators, the Verge said.
April - America alleges possible Iran sanction violations from Huawei
In another issue that would become a major talking point, prosecutors in New York had been investigating Huawei for the potential violation of US sanctions on Iran.
The investigations date back to at least 2016, according to a report from Reuters, and concern Huawei allegedly shipping products that originated in the USA to Iran, and "other countries in violation of US export and sanctions laws".
May - Pentagon bans Huawei, ZTE devices from shops on American military bases
A Pentagon spokesperson told the Wall Street Journal that consumer devices from ZTE and Huawei being sold on military basis could "pose an unacceptable risk to the department's personnel, information and mission".
"In light of this information, it was not prudent for the department's exchanges to continue selling them," the spokesperson said.
However, there was not yet an outright ban on the devices - just their being sold in American bases.
Huawei told the Verge: "Huawei's products are sold in 170 countries worldwide and meet the highest standards of security, privacy and engineering in every country we operate globally including the US."
June - Proposed 5G ban in Australia rebuked by Huawei's John Lord
Australian Huawei chair John Lord defended Huawei and said that the decision to cut out the company from the National Broadband Network resulted in equipment used by Alcatel Lucent, now Nokia, that was made in China anyway - "barely a kilometre" away from Huawei's Shanghai facility.
"I highlight this not to be critical of Nokia, because Huawei obviously manufactures its products in China, but I do it to underline the reality of the world we live in," Lord said. "Our supply chains are global, our production lines are similar. Huawei or no Huawei, much of the 5G equipment will continue to be made in China."
July - Concerns surfaced in HCSEC annual report
There were four products found by Britain's National Cyber Security Centre (NCSC) that lacked binary equivalence, although Huawei had been working to correct deficiencies "in the underlying build and compilation process".
Another issue was related to third-party components - but there were ongoing "detailed technical discussions" to address this, and work towards a full understanding of a problem rooted in third-party code. Ironically, one of the components based on ageing software was sold by a firm based in the USA.
As ZDNet noted, the oversight board also found medium-term concerns surrounding 5G.
"Due to areas of concern exposed through the proper functioning of the mitigation strategy and associated oversight mechanisms, the oversight board can provide only limited assurances that all risks to UK national security from Huawei's involvement in the UK's critical networks have been sufficiently mitigated," said the report. "We are advising the National Security Adviser on this basis.
"Until this work is completed, the oversight board can offer only limited assurance due to the lack of the required end-to-end traceability from source code examined by HCSEC through to executables use by the UK operators."
The report noted that Huawei was addressing the issues. However, it would prompt renewed fears.
Partners such as BT provided their own assurances about cybersecurity.
August - Australia bans Huawei 5G equipment outright
The Australian government again cited national security fears, and said that regulations that apply to telcos would also be extended to telco equipment suppliers.
As the BBC reported: "Companies that were "likely to be subject to extrajudicial directions from a foreign government" could present a security risk."
The country extended the ban to ZTE as well.
China's foreign ministry spokesperson, Lu Kang, accused Australia of using "various excuses to artificially erect barriers" and added that the country should "abandon ideological prejudices and provide a fair competitive environment for Chinese companies".
Towards the end of August 2018, the Japanese government announced that it was also considering a ban on equipment from Huawei and ZTE.
And reports also surfaced of Canada's prime minister Justin Trudeau being "increasingly alarmed" about national security threats.
September - Canada intelligence head allays security fears
Scott Jones, the head of the Centre for Cyber Security in Canada, said that his country could take a different tack to Australia's outright ban - and that agencies in Canada had the technical nous to be able to spot serious security holes.
The comments were similar to David Cameron's - that the cyber security programme is "very deep" and that Canada has strong resilience programmes in place for telecommunications networks.
He suggested a more holistic, network-wide approach to security rather than singling out any particular vendors.
October - Spy chiefs, military figures all out against Huawei
A raft of renewed fears emerged from military and intelligence figures past and present of the USA and its allies towards the end of 2018.
While Australian Signals Directorate head Mike Burgess did not name Huawei specifically, he did claim that "high-risk vendor equipment" used in the creation of Australia's 5G network could threaten the country's security - everything from the electricity grid and health systems to self-driving cars.
It followed an outright ban on Huawei and ZTE for providing 5G equipment. The "stakes could not be higher" said Burgess, and that "historically" the country had "protected the sensitive information and functions at the core of our telecommunications networks by confining our high-risk vendors to the edge of our networks".
In the same month, former First Sea Lord and security minister under Gordon Brown, Admiral Lord West, said that the British government should create a unit that reports directly to the prime minister to monitor security risks from Chinese 5G vendors
"We've got to see there's a risk," he said. "Yes, we want 5G, but for goodness sake we need to do all of these things to make sure it's not putting all of us at risk."
However, the former director of GCHQ, Robert Hannigan - who would later go on to pen an editorial in the Financial Times warning against blanket bans of Huawei - said at the time that the "best companies in 5G are probably the Chinese ones and there aren't many alternatives".
He told Sky News: "We do need to find a way of scrutinising what is being installed in our network, and how it is being overseen and how it is being controlled and how it's being upgraded in the future. And we have to find a more effective way of doing that at scale."
October - Trudeau urged by USA to ban Huawei from 5G networks
Virginia Democrat Mark Warner and Florida Republican Marco Rubio both warned Canada's prime minister Justin Trudeau to exclude Huawei from building out Canada's 5G capabilities - because it could create risks for American networks.
Reuters reported that the two lawmakers penned a letter to Trudeau, which read: "While Canada has strong telecommunications security safeguards in place, we have serious concerns that such safeguards are inadequate given what the United States and other allies know about Huawei."
October - Huawei agrees to open security lab in Germany
Huawei committed in October to open up its source code to German regulators at a similar lab to the one it opened in Oxfordshire.
While America's trade war with China picked up pace, much of Europe had been seeking closer ties with Beijing.
The Federal Office for Information Security (BSI), Reuters reported, planned to open the lab in November in Bonn, where other regulators are also based - as well as the partly state-owned Deutsche Telekom which is a partner of Huawei's.
November - Washington pressures allies into dropping Huawei
In a move described as "extraordinary" by the Wall Street Journal, the US government started a campaign to foreign allies to urge them to drop Huawei from 5G networks. Officials briefed countries including Germany, Italy, and Japan, and the US was even considering increasing financial aid for countries that did not sign up to contracts with Chinese vendors.
The WSJ quoted an unnamed US official as saying: "We engage with countries around the world about our concerns regarding cyber threats in telecommunications infrastructure. As they're looking to move to 5G, we remind them of those concerns. There are additional complexities to 5G networks that make them more vulnerable to cyber attacks."
Huawei said that it was "surprised by the behaviours of the US government" and that if a government's behaviour "extends beyond its jurisdiction, such activity should not be encouraged".
Voices from the telecommunications companies have been more sceptical than political figures. Vodafone's incoming chief executive Nick Read backed Huawei - and described it as being "actively engaged" with British and European security agencies.
"I think they're doing everything possible to ensure they remain a very serious and credible supplier," Read said.
Neil McRae, chief network architect for BT Group, described Huawei as the "only one true 5G supplier" at a Huawei event in London.
In the same month, New Zealand's intelligence agency rejected a bid from telco Spark New Zealand to use Huawei equipment - something Spark said it would seek "clarity" on.
Huawei also requested an explanation from authorities in New Zealand.
December - arrest of Huawei CFO Meng Wanzhou
Chief financial officer of Huawei Meng Wanzhou was arrested in Canada where she was threatened with extradition to the USA - under the pretence of sanctions violations. She was threatened with extradition to the United States.
The CFO, who is also the daughter of Huawei founder Ren Zhengfei, was arrested on 1 December at the request of American authorities. First reported by Canada's Globe and Mail, Meng was accused of violating sanctions pertaining to Iran.
An unnamed Canadian law enforcement source told the Globe and Mail that the USA believes Meng was attempting to evade the American embargo against Iran.
The accusations appear to relate to Meng serving on the board of a Hong Kong business Skycom which is alleged to have worked with Iran between 2009 and 2014. The Verge reported that the prosecutor said that because American banks worked with Huawei at this time, sanctions on Iran were indirectly violated. Prosecutors have said that Skycom was an unofficial subsidiary of Huawei.
Commenting in a statement, Huawei said: "The company has been provided very little information regarding the charges and is not aware of any wrongdoing by Ms Meng. The company believes the Canadian and US legal systems will ultimately reach a just conclusion.
"Huawei complies with all applicable laws and regulations where it operates, including applicable export control and sanction laws and regulations of the UN, US and EU."
December - MI6 chief Alex Younger raises concerns
The usually elusive MI6 boss Alex Younger said that Britain should take stock on how comfortable it is with the ownership of 5G networks by Chinese vendors, and that the UK must make "some decisions" about the role they play in Britain. He added that British intelligence should do more to innovate in network intelligence.
December - no evidence of spying, says German watchdog
The head of the Federal Office for Information Security (BSI) in Bonn, Arne Schönbohm, said that his agency had found no evidence of Huawei conducting espionage. Schönbohm told der Spiegel: "For such serious decisions, you need proof."
The BSI, Schönbohm said, had looked at Huawei products and components from around the world.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.