Don't trust the NSA? China-based Huawei says, 'Trust us'
A year after charges it was a threat to U.S., Huawei touts its approach to global cybersecurity
Network World - What a difference a year makes.
At this time last year, China-based network vendor Huawei was being accused of being a threat to U.S. national security because it could "provide Chinese intelligence services access to telecommunications networks," according to the House Intelligence Committee report that made headlines. Now, the National Security Agency (NSA) in the U.S. stands accused of planting backdoors in network gear and weakening at least one encryption standard for its own cyber-spying purposes, based on documents released by former NSA contractor Edward Snowden.
In the midst of this turn of events, Huawei -- which was effectively shut out of the U.S. telecom market after last year's committee report -- today sought to initiate a fresh dialog about global cybersecurity by issuing what it calls its "Cyber Security Perspectives" report.
"We're trying to contribute to a broader collaboration on standards and best practices," said Andy Purdy, Huawei chief security officer.Huawei is making the argument that new standards for vulnerability assessment, tracking and fixing of software and hardware need to be developed, along with compliance testing. In its "Cyber Security Perspectives" report, Huawei also advocates that "governments, the industry and end-users worldwide need to collectively come to an understanding on how we will work together to define and agree on new, specific norms of behavior, standards and laws, and how we promote privacy and security in global networks."
"The imperative is to try and have agreements on what is OK and not OK globally," said Purdy, and especially to establish trust in governments and the private sector.
Huawei's 52-page report outlines that company's internal procedures and practices as a global manufacturer. The report contains no surprises in its discussion of code-quality checks, supply-chain safety, concern about open source, which Huawei uses to some extent, and vulnerability reporting.
But Huawei also wants to open the door to the possibility of a new approach to global cybersecurity and conformance testing that would likely tilt away from efforts driven by the National Institute of Standards and Technology (NIST) and the NSA, including the existing IT product-testing program called Common Criteria.
Common Criteria was created in 1998 by the U.S., Canadian and European governments as a way to have accredited labs test IT gear for security and assurance purposes and it's sometimes a requirement in government procurements. China never joined the Common Criteria effort, though Huawei indicated it has had some equipment tested in Common Criteria labs.
"There are things that can be done that are a lot less expensive than the Common Criteria," says Purdy. He says Huawei is advocating an approach that would rely on independent assessments but be "much more dynamic."
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts