Don't trust the NSA? China-based Huawei says, 'Trust us'
A year after charges it was a threat to U.S., Huawei touts its approach to global cybersecurity
Network World - What a difference a year makes.
At this time last year, China-based network vendor Huawei was being accused of being a threat to U.S. national security because it could "provide Chinese intelligence services access to telecommunications networks," according to the House Intelligence Committee report that made headlines. Now, the National Security Agency (NSA) in the U.S. stands accused of planting backdoors in network gear and weakening at least one encryption standard for its own cyber-spying purposes, based on documents released by former NSA contractor Edward Snowden.
In the midst of this turn of events, Huawei -- which was effectively shut out of the U.S. telecom market after last year's committee report -- today sought to initiate a fresh dialog about global cybersecurity by issuing what it calls its "Cyber Security Perspectives" report.
"We're trying to contribute to a broader collaboration on standards and best practices," said Andy Purdy, Huawei chief security officer.Huawei is making the argument that new standards for vulnerability assessment, tracking and fixing of software and hardware need to be developed, along with compliance testing. In its "Cyber Security Perspectives" report, Huawei also advocates that "governments, the industry and end-users worldwide need to collectively come to an understanding on how we will work together to define and agree on new, specific norms of behavior, standards and laws, and how we promote privacy and security in global networks."
"The imperative is to try and have agreements on what is OK and not OK globally," said Purdy, and especially to establish trust in governments and the private sector.
Huawei's 52-page report outlines that company's internal procedures and practices as a global manufacturer. The report contains no surprises in its discussion of code-quality checks, supply-chain safety, concern about open source, which Huawei uses to some extent, and vulnerability reporting.
But Huawei also wants to open the door to the possibility of a new approach to global cybersecurity and conformance testing that would likely tilt away from efforts driven by the National Institute of Standards and Technology (NIST) and the NSA, including the existing IT product-testing program called Common Criteria.
Common Criteria was created in 1998 by the U.S., Canadian and European governments as a way to have accredited labs test IT gear for security and assurance purposes and it's sometimes a requirement in government procurements. China never joined the Common Criteria effort, though Huawei indicated it has had some equipment tested in Common Criteria labs.
"There are things that can be done that are a lot less expensive than the Common Criteria," says Purdy. He says Huawei is advocating an approach that would rely on independent assessments but be "much more dynamic."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts