& cplSiteName &

Kontron Capitalizes on Security Jitters

Carolyn Mathas
News Analysis
Carolyn Mathas
2/20/2014
50%
50%

Is it true that telecom equipment companies are basing their purchasing decisions on where the design and development of components and modules takes place?

According to embedded computing platform developer Kontron AG , which undertakes its design and R&D processes in Montreal, Canada, it's already happening: The company, best known for its AdvancedTCA (ATCA) range of modules, claims it's wrestling business away from (unidentified) competitors that have design and development exposure in Asia/Pacific, particularly China.

And if that's more than just a one-off, the implications could be huge for telecom systems vendors and their suppliers.

Sven Freudenfeld, Business Development, Telecom for North America at Kontron, says that, increasingly, customers initiate discussion on where engineering takes place. "As we go further into cloud computing, trust is necessary to build platforms that will be deployed in the cloud. Moving the central office to the cloud where carriers no longer have access to hardware, they're forced to rely on what they don’t control," says Freudenfeld.

"When carriers owned their network hardware, they could handle situations as they arose -- they could see and identify an actual breach," adds Freudenfeld. "Now, with discovery left to third parties, reaction time is stretched out substantially. Carriers are demanding all network platforms -- interfaces, software, firmware, hardware -- be secure."

And for some (many?), China is regarded as posing a security threat, either directly or indirectly. Huawei Technologies Co. Ltd. and ZTE Corp. (Shenzhen: 000063; Hong Kong: 0763) know all about that: They are on the 'not trusted' list in the US, preventing them from supplying telecom equipment to the federal government or US companies. The main concern is that technology developed in China might include hidden back doors that would be used to either eavesdrop or disrupt networks, though no concrete evidence has been forthcoming. (See Nearly Everyone Trusts Us – Huawei CEO, US vs Huawei/ZTE: The Verdict and China Lashes Out at 'Cold War Mentality'.)

Customer concerns are not limited to just steering clear of China, though. Systems vendors are delving deeper into basic design methodology -- how network products are developed. Freudenfeld says there's a need for greater focus on: the design and creation of platforms with security as a central element; regulatory compliance; and the ability to identify weak points in a network.

There are many such weak points, he claims, and these will become more obvious with the introduction of virtualization, for example, or machine-to-machine (M2M) implementations, as each layer and each machine becomes a potential weakness.

And virtualization is going to happen: Indeed, Kontron is embracing it. (See Kontron Integrates OpenStack.)

There's reason to believe that virtualization is a major security concern. At the 2013 RSA Conference in San Francisco, the Cloud Security Alliance identified the Notorious Nine -- the top nine cloud computing threats for 2013. Of the top three concerns, number one is data breaches. In this case, a virtual machine, for example, could use side-channel timing data to extract private cryptographic keys in use by other virtual machines on the same server. The report indicated that one single client application flaw could allow a hacker access to all of the data -- not just that one client's.

The second top concern is data loss -- the kind where data is here and, then, well, it's not. Finally, account or service traffic hijacking. Once a hacker accesses credentials, eavesdropping on transactions and activities, data manipulation, information falsification, and moving clients to illegitimate sites, are all possible.

What cloud computing has done by concentrating a wealth of assets is magnify the consequences of breaches. On one hand, it's a bastion of data sharing -- on the other, a potential nightmare.

"Regulation will be especially important with telecom equipment and delivering the cloud. While there's great potential for software-defined anything --infrastructure, radio, networks -- there’s always a security element," Freudenfeld explained. While working groups and regulatory bodies exist, more progress will be necessary over the near and long term.

The security threat perception isn't limited to China, though, especially amid the NSA headlines and the FBI’s request for Facebook and Google to enable access for US government surveillance. (See Obama Weighs In on NSA Data Collection, Euronews: Merkel's Mad as Hell at NSA and NSA Humor Tops Congressional Hubris.)

Actually implementing back doors, or deliberately compromised telecom equipment, is very rare. It's the accidental vulnerabilities that are more common. But it's not that difficult to believe that Kontron customers are indeed citing security fears for a shift in procurement processes, especially as technology developments move faster than security advances and implementations can keep up with. Technical defenses may still be inadequate or not sufficiently implemented -- and that may leave non-technical ones, such as specifying that design and development take place in a more trusted environment, as the only immediate way to begin to alleviate fears.

— Carolyn Mathas, contributing editor, special to Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
The time has come for a telecom app store to save the industry.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Documentaries
Order From Chaos: The Steve Saunders BCE Keynote

5|24|17   |   17:27   |   (0) comments


Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability testing.
Think of this as the video sequel to the recent columns he's written about NFV and the prospect of a telecom app store. (See

LRTV Documentaries
Service Provider Panel: Partnering in the Digital Era

5|22|17   |     |   (0) comments


Coopetition has always been part of telecom, but the ecosphere now includes data centers, vendors, apps developers, cloud service providers and Internet content providers. This BCE 2017 panel explores the new attitudes among network operators as to the value and variety of ...
LRTV Interviews
Site Demo: AT&T's IoT Flow Platform

5|19|17   |   04:25   |   (0) comments


At AT&T's R&D center in Tel Aviv, Israel, project leader Eyal Segev talks about the operator's Flow platform and how it helps to prototype IoT applications.
LRTV Documentaries
Agent of Change: A Q&A With AT&T's John Donovan

5|18|17   |     |   (0) comments


Carol Wilson talks with the man leading AT&T's transformation efforts about the challenge of change.
LRTV Documentaries
BCE Service Provider Panel: The New Business Realities

5|18|17   |     |   (0) comments


For virtualization to happen, the telecom industry first has to grapple with key functional aspects of SDN and NFV that need to be universal, such as onboarding of virtualized network functions and federation of software-defined networks.
LRTV Interviews
BCE Service Provider Keynote: CenturyLink

5|16|17   |   22:32   |   (0) comments


Aamir Hussain leads the Product Development and Technology organization at CenturyLink, which includes the company's information technology function. He is an experienced senior technology executive with more than 25 years of proven success in the implementation of global technology operations, operationalization of complex technology, infrastructures and business ...
LRTV Interviews
CenturyLink CTO on Transformation

5|16|17   |   7:43   |   (0) comments


The 80-year-old telco has already gone through several transformations, including every time it made an acquisition, but its purchase of Level 3 coupled with changes in technology and customer expectations necessitates its biggest transformation yet.
LRTV Documentaries
Light Reading Hall of Fame 2017

5|15|17   |   5:05   |   (1) comment


Find out who made it into Light Reading's Hall of Fame this year.
LRTV Interviews
Site Visit: AT&T's Tel Aviv R&D Center

5|15|17   |   09:58   |   (1) comment


Nir Shalom, general manager and VP of application development at AT&T Israel, talks about the key service developments undertaken at the AT&T R&D facility in Tel Aviv and how the team there has adopted new ways of working.
Telecom Innovators Video Showcase
Act on Your Intelligence With Amdocs aia!

5|15|17   |     |   (0) comments


Amdocs CMO Gary Miles explains how communications service providers can seize the AI opportunity with Amdocs real-time digital intelligence platform.
LRTV Interviews
Logtel CEO: Making Sense of IoT

5|15|17   |   09:48   |   (0) comments


Jacques Bensimon, founder and CEO of Tel Aviv-based training and consultancy Logtel, talks about the need to make IoT more than just a buzzword.
LRTV Huawei Video Resource Center
The Challenges of Mobile Banking Implementation

5|12|17   |     |   (0) comments


Kamal Quadir of bKash Limited explains the challenges and needs of implementing mobile banking in the Bangladesh market.
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
AT&T's Donovan: Women Adapt Faster Than Men
Sarah Thomas, Director, Women in Comms, 5/18/2017
Verizon on M&A: Who Needs a Cableco?
Mari Silbey, Senior Editor, Cable/Video, 5/17/2017
What's Blocking 4K TV Today
Alan Breznick, Cable/Video Practice Leader, Light Reading, 5/22/2017
Fright Wigs & Cocktails: BCE 2017 in Pics
Mitch Wagner, Editor, Enterprise Cloud, 5/19/2017
When Gig Speeds Alone Aren't Enough
Mari Silbey, Senior Editor, Cable/Video, 5/23/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
Animals with Phones
What Brogrammers Look Like to the Rest of Us Click Here
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.