Managing Geopolitical Risk in Mexico’s ICT Sector

Introduction

As digital technologies and the ever-increasing flow of information have flattened the limitations of distance and geography, so too have they abstracted traditional conceptions of security. With communications and data capable of moving from country to country at the speed of light, no longer is it sufficient to conceive of national security as something that stops at the water’s edge. Especially when it comes to the growing geopolitical tensions between the United States and the People’s Republic of China (PRC), control over the information space in many ways represents a contest already underway. The PRC has shown an aptitude for using the information space to steal industrial and defense secrets, undermine trust in democratic institutions through mis- and disinformation campaigns, and suppress dissent both at home and abroad. These challenges by their very nature transcend delineated front lines and represent a fluid, ever-changing threat to the defense and security of the United States and its allies.

For this reason, the 2022 National Security and National Defense Strategies both refer to securing information and communications technology (ICT) networks against malign influence. In doing so, they note the PRC is a growing threat in its efforts to rewire global telecommunications through state-owned enterprises and technology, which could offer back doors for Beijing to exploit. Spearheading these efforts are corporations that blur the line between private enterprise and tools of the state. The most notable is Huawei, which gained fame and notoriety after its emergence as a leader in providing low-cost 5G infrastructure and other ICT tools throughout the world. In Latin America and the Caribbean (LAC) especially, the PRC’s state capitalist model has dramatically augmented Huawei’s reach and influence.

Whereas concerns expressed by the United States and allies have caused many countries to rethink the level of access they grant companies like Huawei, LAC has largely bucked this trend. Indeed, the Clean Network initiative, launched under the administration of U.S. president Donald Trump as a more secure approach to ICT development, succeeded in attracting just three LAC countries to join: Brazil, the Dominican Republic, and Ecuador. Today, Huawei remains at the leading edge of 5G deployments from Argentina to Costa Rica. Huawei has participated in at least one-third of all 5G tests conducted in LAC. In some cases, such influence has been acquired seemingly against the wishes of the host country. For example, after joining the Clean Network, Brazil sought to exclude Huawei from bidding on its first 5G spectrum auction only for the PRC to threaten to withhold sorely needed Covid-19 vaccines. In other cases, Chinese firms are seen as the only available option providing affordable telecommunications services, which are critical for a region looking to capitalize on the potential of its burgeoning digital economies.

While the advancement of PRC-affiliated telecommunications and other digital infrastructure throughout LAC should be cause for concern, Huawei’s advancements in Mexico stand out as especially troubling. Mexico’s extensive land border with the United States means developments there have an outsize ability to influence U.S. security and prosperity, a trend further reinforced by historic levels of trade and economic integration between the two countries. Such ties create significant opportunities for individuals and companies in both countries, but they also expose the United States and Mexico to shared risks.

Cybersecurity, for instance, has featured as a subject of concern in both the Bicentennial Framework for Security, Public Health, and Safe Communities and the 2023 North American Leaders’ Summit as a consequence of the vulnerability of cross-border critical infrastructure. The devastating Guacamaya hack of fall 2022, which exposed more than six terabytes of data from Mexico’s Secretariat of National Defense (SEDENA), should further underscore the urgent need for Mexico to redouble its cybersecurity and data protection efforts. Nevertheless, Huawei’s expansion in Mexico, including within advanced 5G and cloud computing infrastructure, has continued apace.

The remainder of this paper examines Huawei’s risk profile as an actor in the telecommunications space and its recent advancements in Mexico’s ICT sector. The paper concludes by identifying options for both Mexico and the United States to manage this geopolitical risk while improving access to telecommunications infrastructure through sound, competitive reforms and policy incentives.

Huawei’s Risk Profile

While Huawei's name has become synonymous with PRC digital espionage efforts, at least within U.S. policymaking circles, the company assiduously denies its connection to the Chinese Communist Party (CCP). In contrast to other corporate actors that have risen to notoriety in the context of U.S.-China competition, such as the China Communications Construction Company or telecommunications giant ZTE, Huawei officially maintains itself as a privately owned enterprise. According to its leadership, Huawei is entirely employee owned, with financial disclosures from the company showing no CCP holdings. Nevertheless, the opacity of Huawei’s corporate governance and decisionmaking processes leaves ample room for skepticism, while the nature of the PRC’s state capitalist model gives the party a diffuse array of tools with which to coerce and co-opt actors that are, on paper, independent from government influence.

Indeed, Huawei’s designation as one of the PRC’s “national champions,” along with e-commerce giant Alibaba and entertainment conglomerate Tencent, is a striking acknowledgment that the information technology firm represents a crucial link in Beijing’s chain of global influence. These ostensibly private enterprises can leverage generous lines of credit and subsidies from state banks to increase their competitiveness abroad and more readily exploit openings in international markets while adhering to the overall steering of the CCP. It is also a strategic asset that China is clearly willing to go to lengths to protect. In 2018 the PRC unlawfully detained two Canadian nationals shortly after Huawei chief financial officer Meng Wanzhou was arrested in Vancouver on sanctions evasion charges. The case of the “Two Michaels”—named after Michael Kovrig and Michael Spavor, the Canadian nationals detained—was roundly condemned by the United States, Canada, and their allies as a blatant instance of the PRC using hostage diplomacy to protect Huawei’s interests.

The opacity of Huawei’s corporate governance and decisionmaking processes leaves ample room for skepticism, while the nature of the PRC’s state capitalist model gives the party a diffuse array of tools with which to coerce and co-opt actors that are, on paper, independent from government influence.

The integration of Huawei into the PRC’s intelligence-gathering infrastructure comes as little surprise. As scholars and analysts have noted, while the PRC tends to lead with economic and trade integration, its practice of civil-military fusion means that both physical and digital infrastructure projects routinely contain provisions that lend themselves to security applications. Just as ports built by Chinese state-owned enterprises have been found to include hidden military facilities or specifications allowing warships to dock resupply, so too has the PRC on numerous occasions deployed ostensibly benign ICT projects for nefarious purposes.

More broadly, the sheer level of control the CCP wields over China’s business ecosystem means the party can easily obfuscate on-paper distinctions. The PRC’s 2017 National Intelligence Law, for instance, establishes a legal framework for the state to enlist telecommunications companies with digital surveillance: “Any organization or citizen shall support, assist, and cooperate with state intelligence work.” In addition to this legal framework, a string of controversies regarding Huawei’s overseas activities has resolved any lingering doubt about the company’s role in the PRC’s intelligence-gathering architecture.

In Cuba, for instance, U.S. intelligence services tracked personnel from Huawei and ZTE moving in and out of alleged PRC-operated signals intelligence facilities used to conduct electronic eavesdropping off the coast of the United States. These personnel were likely involved in maintaining and sustaining the equipment used to collect radio and satellite transmissions, directly participating in state-led espionage efforts. Elsewhere on the island, Huawei’s role in building Cuban telecommunications infrastructure has been linked to digital authoritarianism, allowing Havana to selectively shut off internet connections or draw down bandwidth in the face of mass protests to disrupt organizers’ ability to coordinate.

Huawei’s role in the vanguard of digital authoritarianism extends well beyond the Western Hemisphere. In Uganda and Zambia, for instance, technicians from the company assisted government intelligence services in monitoring political opponents and dissident organizations. Whether or not such actions were performed at the direct behest of Beijing, they nevertheless evidence a troubling pattern of behavior on Huawei’s part and a willingness to coordinate with authoritarian regimes to maintain their grip on power.

Now-public reports indicate Huawei’s far more direct role in supporting PRC espionage efforts. In 2012 Australian intelligence officials found evidence that updates to Huawei devices for the country’s diplomats were loaded with malicious code that could grant the PRC a back door to capture sensitive information. Meanwhile, in perhaps an even more dramatic instance of Huawei’s digital snooping, reports surfaced that Huawei-supplied equipment in the African Union (AU) headquarters in Addis Ababa had regularly copied and exported data to Shanghai, including camera footage, email traffic, and documents, in the early hours of the morning for at least five years. The aftermath of these reports proved telling. While the AU replaced its servers and conducted a security sweep of the building, which reportedly revealed further listening devices (the suspected origins of which were not disclosed), its official response belied an unwillingness to jeopardize relations with China. AU spokesman Moussa Faki Mahamat joined the PRC in dismissing the reports as “totally false,” and while AU officials would subsequently express concerns, these remained tepid and calculated to avoid inflaming tensions with Beijing.

Taken together, these reports should lay to rest the notion that Huawei can be insulated from the PRC’s intelligence-gathering and broader geopolitical activities. Nevertheless, even in cases that lack such clear-cut signs of malfeasance by the company, it is nigh impossible to detect vulnerabilities hidden within millions of lines of code across thousands of devices. For instance, prior to its ban in the United Kingdom, the Huawei Cyber Security Evaluation Centre (HCSEC) routinely noted the presence of major vulnerabilities in Huawei’s systems despite the absence of a single watershed case of hacking or espionage.

Finally, beyond the security risks associated with Huawei’s penetration of mobile and 5G networks, there are practical concerns for the ICT industry and competitiveness of other firms. Huawei controls more than 30 percent of the market share of telecommunications equipment (estimated to be even higher in LAC), trailed by Nokia, Ericsson, ZTE, and Cisco. The company also invests dramatically more than its closest competitors in research and development, spending more than three times as much in 2023 as Cisco. This has allowed the quality of Huawei equipment to grow substantially, from cheap and subpar equipment suitable for countries looking to quickly upgrade their telecoms infrastructure to equipment that meets, and in some cases surpasses, the quality of its peers while remaining competitive on price. In all of these respects, Huawei almost assuredly benefits from its linkages to the PRC, which provide easy funding and political backing to negotiate favorable contracts and improve equipment, often with the help of stolen intellectual property. Should Huawei extend and cement its lead, it will carry harmful consequences for the global telecommunications industry, already an overly concentrated market, as well as for clients, who may face increasingly unequal negotiations, prohibitive pricing structures, and delays in service deployment with few options for recourse.

Huawei’s Presence in Mexico’s ICT Sector

China’s economic forays in Mexico have been relatively limited compared to its efforts in the rest of LAC. This is in large part due to the significant degree of economic integration between Mexico and the United States. Indeed, as companies look to extricate their supply chains from East Asia and move them closer to home, Mexico increasingly competes with China in the manufacturing sector. Nevertheless, the PRC has sought inroads in Mexico in keeping with its 2016 white paper on Latin America and the Caribbean, recognizing that any degree of influence over U.S. neighbors will be invaluable for strategic competition. For instance, in some cases, Chinese firms have acquired or developed Mexico-based enterprises in order to avoid U.S.-imposed trade restrictions. The ICT sector also represents a fruitful area for competition, taking advantage of Mexico’s concentrated telecommunications sector, the Mexican government’s efforts under President Andrés Manuel López Obrador (AMLO) to distance itself from Washington, and the lack of an appealing counteroffer from U.S. and other firms.

Huawei has had a presence in Mexico for more than two decades, opening its first operations there in 2001 and growing steadily as the country’s demand for digital connectivity increased. In 2012 it launched a partnership with Telcel, a subsidiary of América Móvil, the predominant telecommunications provider in Mexico, to update the company’s commercial cellular network. In 2014 Huawei announced a multimillion-dollar investment to build an industrial park and education center in the state of Querétaro in partnership with Mexico’s Secretariat for Sustainable Development. Huawei phones, modems, and other devices have proliferated throughout the country as well, with one representative from the company estimating in 2021 that “the probability that you make a phone call that goes through a Huawei device is very high, over 80%.” Huawei has also increasingly forged inroads across Mexico in designing and deploying both the physical and digital infrastructure used to connect users and their data.

In 2017 Mexican firm Altán Redes selected Huawei and Nokia as technology partners in developing the Red Compartida, Mexico’s first 4.5G wholesale mobile network. The decision to engage both companies also established a bifurcated model for Mexico’s ICT infrastructure, with Huawei deployed in the south and Nokia in the north. Furthermore, Nokia was responsible for developing the core of the network, allegedly following concerns expressed by U.S. officials over security vulnerabilities. Nevertheless, the United States and Mexico did not reach a formal agreement to circumscribe Huawei’s operations. The limitations of this were quick to manifest as Huawei infrastructure began cropping up in the northern cities of Tampico, Torreón, and Culiacán, locales originally slated to fall under Nokia’s purview. While both Huawei and Altán Redes claimed the company’s presence in these three cities was still far enough removed from the U.S. border that it posed little to no risk to the United States, the incident underscores how relying on informal boundaries on where and how Huawei may operate opens the door for quiet expansion of Huawei’s presence throughout Mexico.

The risks associated with Huawei’s involvement in the Red Compartida may be mitigated to an extent thanks to Nokia developing the core network infrastructure. Core systems functionality includes switching and routing signals from users to their correct destinations, interfacing with other networks and providers when they try to connect with a different network provider, and housing user data. Access to a network’s core, accordingly, opens a trove of sensitive data including the real-time locations and identities of every user in the network. Control over the core is therefore far more relevant to the security of a network than the geographic distribution of signal towers and cell phones. The alleged absence of Huawei from this core infrastructure thereby helps mitigate some of the concerns associated with its aforementioned role in PRC electronic espionage campaigns.

No formal agreement has been made to limit or prevent Huawei from developing core network or data center infrastructure in Mexico. This permissive approach to Huawei’s engagement is likely due, at least in part, to the Palacio Nacional’s seemingly high comfort level with the company. Huawei and the Mexican Agency of International Cooperation for Development (Amexcid), for instance, have launched a joint initiative to provide start-ups in Mexico, Peru, Chile, and Colombia with training and access to Huawei cloud computing infrastructure. AMLO, for his part, has sought closer ties with the PRC as a potential counterbalance to the United States, a position that may open further opportunities for Huawei to advance in Mexico’s telecommunications sector.

Meanwhile, in 2022, when América Móvil announced a $1.8 billion investment to expand 5G coverage to more than 100 cities across Mexico, it made similar promises to restrict Huawei equipment to the south and rely on Swedish vendor Ericsson for the north. Notably, in contrast to the Red Compartida, there was no indication Huawei would be kept from engaging in the more sensitive data centers and core network infrastructure. To the contrary, with Mexico’s pivot to 5G telecommunications networks, Huawei has new opportunities to insert itself at the most sensitive points of Mexico’s ICT backbone. Huawei already represents one of the top data center providers in Mexico and has greatly increased investments in cloud computing.

In 2021 Huawei opened its second cloud data center, based in the State of Mexico, with a promise to augment its cloud services provision throughout the country. Cloud data centers play an important role in the deployment of 5G networks. The higher speed, lower latency, and improved reliability of 5G makes storing data to the cloud more practical, with significant implications for sectors as diffuse as financial services, e-commerce, and heavy industry. Greater access to the cloud also stands to benefit small and medium-sized enterprises (SMEs) significantly through access to greater computational power at a fraction of the cost, which is critical to emerging technologies and start-ups.

While the cloud offers potential to accelerate Mexico’s digital growth, Huawei’s expanded role in this space exposes Mexican businesses, government entities, and those who connect with them to elevated levels of geopolitical risk. As one CSIS report recently found, “Huawei is reportedly leveraging its 5G wireless business, adding cloud infrastructure to existing networks and data centers that it built for 5G, and then offering it to governments for a limited cost.” Such measures are not only anticompetitive, further boxing out competitors, they help to cement Huawei’s control over the entire ICT space, a troubling proposition given the volume and highly sensitive types of data that pass through the cloud. Furthermore, the flexibility and storage capacity of cloud computing has prompted countries both in the Western Hemisphere and around the world to incorporate it into their critical infrastructure, from managing energy and transportation networks to supporting artificial intelligence–enabled surveillance and intelligence-gathering efforts. These emerging use cases mean that an increased presence by the PRC in Mexico’s cloud infrastructure may have direct implications for both Mexican and U.S. national security. 

While the cloud offers potential to accelerate Mexico’s digital growth, Huawei’s expanded role in this space exposes Mexican businesses, government entities, and those who connect with them to elevated levels of geopolitical risk.

The extent to which this model has progressed in Mexico remains unknown. Yet there are troubling signs that Huawei, and by extension the PRC, may already have a worrying degree of access throughout Mexico. América Móvil is a partner with Huawei on cloud data centers and has given little indication it wishes to limit exposure of its core network. On the contrary, amid the U.S. pressure campaign to convince allies to reduce their usage of Huawei devices, América Móvil CEO Daniel Hajj Aboumrad maintained Huawei was “an excellent provider.” In the case of Altán Redes, the company responsible for rolling out the Red Compartida, which recently emerged from bankruptcy proceedings, financial constraints might prompt reexamination of the decision to rely exclusively on Nokia for core infrastructure, especially when it comes to future migration to 5G. In each of these cases, lack of a comprehensive strategy for mitigating digital risks or for improving the competitiveness of Mexico’s ICT sector further undermines the security of customers, companies, and governments across North America.

The Spectrum, Security, and Competition Nexus

Geopolitical risk in Mexico’s ICT sector is exacerbated by the anticompetitive practices of two main offenders: Huawei and América Móvil. On the one hand, Huawei has a well-documented history of leveraging its connections and “national champion” status to undercut competitors, allowing it to undertake riskier investments and bring to bear greater resources than wholly private entities can muster. On the other, América Móvil, which controls 70 percent of mobile internet services and over 62 percent of the mobile telephone market, has used its position to limit the ability of competitors to enter the market and minimize competitors’ threat to its market share. The goals of these two actors feed into each other: Huawei finds it easier to interface with a single company rather than negotiate with many, while América Móvil seeks the lowest-cost equipment possible to maintain its lead in the market, especially over foreign companies, which may face stricter controls on the types of vendors they may interact with.

These two factors portend ill for both Mexican and U.S. national security. Especially at present, even though Huawei equipment has thus far been kept away from the border, there are few formal commitments to limit Mexico’s exposure to potentially malign digital activity, and physical distance in any case means little when it comes to determining access to data and digital networks. Should América Móvil decide to drop Ericsson in favor of Huawei for its ICT infrastructure throughout Mexico, U.S. options for recourse would be limited. Of course, such a decision would in all likelihood be more symbolic than anything else, as the presence of Huawei in the data centers and core infrastructure of América Móvil and its subsidiaries means that even those communications received from third-party devices would be routed through Huawei infrastructure at some point in their journey.

In addition to the risks posed from compromised ICT infrastructure, anticompetitive practices in Mexico have a more subtle but no less pernicious effect on telecommunications policy at the highest levels. In August 2021, for instance, Mexico released an updated digital strategy through the end of 2024. While a welcome move, the vision it espoused for Mexico’s digital future was fundamentally limited, focusing first on digitization of the public sector and second on expanding broadband connectivity. Undeniably important in their own right, these two pillars rest on shaky foundations absent serious consideration of how to mitigate risks in the digital sector or promote greater competition among ICT providers.

One key impediment to a more competitive, secure, and dynamic ICT sector in Mexico is the country’s regressive spectrum pricing scheme. Spectrum represents the means through which governments apportion different radio frequencies for different uses, and it grants telecommunications providers permission to use certain bands to provide mobile services. Since the landmark 2013 telecommunications reforms, which opened the ICT space to greater international competition, Mexico has assigned spectrum through a series of auctions run by the Federal Telecommunications Institute (IFT). Five such tenders have been hosted since 2013, but interest has been limited, primarily due to Mexico’s dubious status as home to the highest spectrum fees in Latin America. During the 2021 IFT-10 tender, for instance, just two companies—Telcel and AT&T—placed bids on three out of forty-one blocks of available frequency.

High spectrum prices systematically benefit monopolistic actors like América Móvil. Smaller operators often must pay higher per-use fees than larger ones, making it prohibitively expensive for firms with lesser means to enter the market. This problematic pricing structure lies behind mobile provider Telefónica’s decision in 2019 to return its spectrum to the IFT upon determining holding the bands was no longer profitable. The spectrum pricing scheme also makes it unattractive for even large firms to extend coverage to rural areas stranded on the wrong side of the digital divide, as these are unlikely to generate the volume of traffic to turn a profit. Finally, while spectrum auctions represent an important source of revenue for the Mexican federal government, lack of interest impairs Mexico’s ability to fund agencies like the IFT, which play a key role in setting and enforcing standards for the digital sector.

Lowering spectrum fees, especially for 5G tenders; providing incentives for purchasing bands that extend to underserved areas; and curbing Telcel and América Móvil’s dominance could help diversify the providers in Mexico’s ICT space, expand coverage, and lower prices for customers across the board. However, the IFT, which would in theory be at the vanguard of such an effort, has faced systematic pushback from the AMLO government, including budget cuts, proposals to combine the independent regulator with other federal agencies, and refusal to fill vacant commissioner positions in the IFT (three out of seven seats have remained vacant since 2019). Such moves have hampered the IFT’s ability to implement its core function of regulating and promoting ICT development in Mexico. For instance, when the agency proposed measures for the Senate to reduce the price of 5G spectrum and offer incentives for operators to expand coverage in areas without mobile internet service ahead of the IFT-12 tender, it not only lacked mechanisms to implement such changes but also prompted little to no movement from the legislature. As of September 2023, Mexico’s Secretariat of Finance and Public Credit once again rejected a an IFT proposal to lower spectrum prices ahead of the country’s first-ever 5G auction. Telcel, which currently owns a sizeable 100 megahertz of spectrum in the 3.5 gigahertz bandwidth that serves as the primary band for 5G delivery, is therefore likely to extend its grip over this market.

Even though Huawei equipment has thus far been kept away from the border, there are few formal commitments to limit Mexico’s exposure to potentially malign digital activity.

While the IFT has seen its capabilities reduced, it continues to play an important role as watchdog for efforts to further cement a monopoly in the ICT space. In 2022, for instance, the agency opened an investigation into the supermarket Oxxo, which allegedly was selling only Telcel SIM cards.

América Móvil’s virtual omnipresence in the Mexican ICT space means its unilateral decisions can have significant implications for the lives and livelihoods of tens of millions of internet users. Furthermore, its market dominance leaves many Mexicans with few options for their mobile phone and internet needs. This is doubly concerning in light of América Móvil’s embrace of Huawei and the related data privacy risks. Indeed, having a monopolistic ICT operator perched on the U.S.-Mexico border is bad for almost all business, save Huawei’s. For the United States, the possible interception of communications with one of its biggest trading partners and keystone allies in the Western Hemisphere is a clear vulnerability. However, the risks to Mexican citizens should not be downplayed as they face compromised networks that could see intellectual property and trade secrets stolen or even use of Huawei-backed digital networks to surveil and intimidate political opposition. Given Mexico’s past and present struggles with use of spyware by political elites to suppress civil society, as well as the troubling trend toward authoritarianism under the AMLO administration, such fears are anything but far-fetched.

Managing Geopolitical Risk

For all the concerns raised by Huawei’s presence in Mexico, efforts to outright ban the company are likely to fall on deaf ears. Rather, the strategy both U.S. and Mexican policymakers ought to adopt is one of curtailment, which seeks to reduce the ability of malign actors to penetrate digital networks. Such efforts naturally lend themselves to a strategy that seeks to break down concentrations of market power and level the playing field for digital enterprise in Mexico.

1. Clarify the nature of the risk.

U.S. officials should emphasize to their counterparts in Mexico that their concerns lie in the degree to which Huawei provides the core network architecture, not geographic proximity. Mexico’s bifurcated approach to Huawei rollout is not only informal but ineffective as well. Rather than rely on tacit agreements and pledges by actors like América Móvil not to deploy Huawei infrastructure near the U.S.-Mexico border, the United States should seek to engage Mexico in a formal dialogue on the concerns associated with Huawei technology and how best to limit potential for backdoor attacks on sensitive networks on both sides of the border.

The development of the Red Compartida represents a partial success in this regard. Huawei was ostensibly kept out of core infrastructure, though the lack of binding or official commitments failed to set a precedent that could form the basis of subsequent dialogues with Mexican ICT authorities. By clearly outlining the types of digital infrastructure that pose the greatest risk, the United States could avoid miscommunication and reframe the conversation on Huawei from a perceived zero-tolerance mindset to an approach that minimizes the potential risks for both countries. Especially when it comes to procurement of ICT technologies by the Mexican government, cooperation to ensure any such purchases comport to high standards for security and data protection would be an important step forward. The upcoming U.S.-Mexico High-Level Security Dialogue presents one such opportunity to place digital security front and center. Such a conversation could even serve as a test bed for an updated Clean Network analogue that seeks to curtail the most deleterious effects of Huawei’s ICT infrastructure in countries where it already has a foothold.

2. Uplift alternative vendors.

Easing U.S. content restrictions for export credits to companies like Nokia, Ericsson, and Samsung can enable these firms—all of which have significant equities within the United States—to engage in countries like Mexico on more even footing. Given the anticompetitive nature of the Mexican telecommunications market, companies looking to enter often find themselves on the horns of a dilemma. If they hail from a country that has placed restrictions on the use of Huawei-provided equipment, they are at an inherent disadvantage from a price standpoint. Even if they do not face such restrictions, they will likely feel pressure to adopt Huawei technology as the lowest-cost option in order to remain viable in the face of actors like América Móvil. In either scenario, it is clear there is a dearth of credible, competitive counteroffers to Huawei in the ICT industry.

This is not to say worthy alternatives do not exist. Indeed, the presence of Nokia and Ericsson in Mexico is a case in point. These alternatives should stand out as equal, if not superior, to Huawei if the United States and its allies are to successfully define the next generation of digital connectivity on their own terms. A first step in doing this is to work with companies already on the ground. While Washington has sought to prioritize U.S.-based firms when outlining industrial policy for strategic sectors, companies based in the European Union, Japan, Korea, Canada, and the United Kingdom can all bring resources to the table that Washington alone cannot marshal.

3. Invest in Open Radio Access Networks (ORAN).

The United States should seek to leverage North America as a test bed for ORAN and pair incentives for traditional non-Huawei vendors with new investments supporting specialized firms in the United States and Mexico that are looking to take advantage of a more distributed network. ORAN represents some of the most potentially transformative innovations in the ICT sector. One of the limiting factors for expanding internet connectivity and digital development is the need for ICT companies to be highly vertically integrated. These companies must lay their own cable, build their own signal towers, sell their own data plans, manage their own traffic, and ensure their ability to interface with networks, which creates a cumbersome, often prohibitively expensive ecosystem with high up-front costs. By contrast, ORAN opens the potential for providers to pick and choose which physical or digital infrastructure they want to include in their network, enabling a phone provided by one company to receive wireless signals from another and store user data on a cloud provided by a third.

This carries the potential to inject greater dynamism into the ICT and broader cloud and digital market, allowing a variety of smaller firms to specialize in individual elements of a composite network. In doing so, it not only weakens Huawei’s ability to centralize control over data by allowing providers to pick from a wider range of service providers but also, more broadly, gives mobile operators a wider range of tools to select from to expand coverage and close the digital divide. While the potential of ORAN is great, progress toward a fully realized network will likely be slow and face substantial opposition from incumbent vendors—Huawei, Nokia, and Ericsson included. For this reason, the United States should engage its allies, especially Mexico and Canada, on ORAN promotion sooner rather than later.

4. Fortify competition.

The United States should encourage greater competition throughout Mexico’s ICT sector. A more diversified ICT landscape holds the greatest potential for Mexico and the United States to not only reduce the risks to their digital networks, but also realize the full potential of the digital economy in both countries. More firms engaging more vendors under a more competition-friendly regulatory structure will incentivize expanded coverage and diminish the extent to which companies like Huawei can centralize all aspects of a network. Spectrum pricing reform should be a priority, though this, in turn, will require an IFT that is more empowered to push a pro-competition agenda. The vacant spots on the commission ought to be filled posthaste, and while recent decisions from the Secretariat of Finance and Public Credit mean it is likely too late to reform IFT-12 tender in time to draw significant attention beyond Telcel, subsequent spectrum auctions ought to be aimed at enticing smaller firms and expanding coverage to underserved markets.

Furthermore, the IFT can reassert itself as the go-to source for adjudicating unfair practices by establishing an expedited process or “shot clock” for allegations brought against América Móvil, starting with a swift conclusion of its investigation into Oxxo. Such efforts will be difficult as long as the IFT faces criticism from the presidency but are within reach, especially as the 2024 elections offer a chance for candidates to develop their digital strategies and elevate the importance of the ICT sector in their platforms.

5. Bolster cybersecurity.

Mexico should establish a centralized civilian-ledagency in line with those of its partners in the Western Hemisphere. Beyond efforts to limit the risk posed by Huawei in particular, Mexico should take steps to enhance its cybersecurity efforts across the board. In 2022, the country faced the highest incidence of cyberattacks in all of Latin America, a status that has hindered private enterprise and hindered Mexico’s ability to take full advantage of the digital economy. Responsibility for cyber defense remains largely in the hands of SEDENA, which is still reeling in the aftermath of the Guacamaya hacks and reportedly suffers an average of 38 cyberattacks a day. Nevertheless, Mexico’s new proposed cybersecurity law would further elevate the military’s role, drawing criticism from civil society and data protection experts.

Rather than leaning further into a militarized approach to cybersecurity, Mexico should look to stand up a new agency to entrust with cyber defense. Such an entity will be important not only to meet the growing threat of cyberattacks and cybercrime but also to investigate foreign providers and identify potential data risks these actors may pose. In doing so, the government of Mexico can draw upon best practices, not only from national cyber agencies like the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Canadian Centre for Cyber Security (CCCS), but also regionally with the Organization of American States, which was the first regional body to develop a cybersecurity strategy, and has continually updated its efforts including through the Inter-American Committee against Terrorism’s cybersecurity program. The Latin American and Caribbean Internet Addresses Registry, a nongovernmental organization first established in 2002, has also stepped up its technical assistance efforts on cybersecurity as countries throughout the hemisphere face growing digital threats. Finally, Costa Rica may serve as an important Central American partner that has made major strides in bolstering cybersecurity following the 2022 Conti ransomware attacks, including a recently launched partnership with U.S. Southern Command to further enhance cyber cooperation. The United States, for its part, can support the development of such an agency by leading delegations from CISA to provide training and capacity-building programs, as well as share intelligence on vulnerabilities identified by the United States with Huawei ICT infrastructure.

Ryan C. Berg is director of the Americas Program and head of the Future of Venezuela Initiative at the Center for Strategic and International Studies (CSIS) in Washington, D.C. Henry Ziemer is a research associate with the CSIS Americas Program.

This report was made possible by general funding to CSIS. No direct sponsorship contributed to this report.

The authors are grateful to Andrea Michelle Cerén, an intern with the CSIS Americas Program, for her contributions to this white paper.