Light Reading

Kontron Capitalizes on Security Jitters

Carolyn Mathas
News Analysis
Carolyn Mathas
2/20/2014
50%
50%
Repost This

Is it true that telecom equipment companies are basing their purchasing decisions on where the design and development of components and modules takes place?

According to embedded computing platform developer Kontron AG , which undertakes its design and R&D processes in Montreal, Canada, it's already happening: The company, best known for its AdvancedTCA (ATCA) range of modules, claims it's wrestling business away from (unidentified) competitors that have design and development exposure in Asia/Pacific, particularly China.

And if that's more than just a one-off, the implications could be huge for telecom systems vendors and their suppliers.

Sven Freudenfeld, Business Development, Telecom for North America at Kontron, says that, increasingly, customers initiate discussion on where engineering takes place. "As we go further into cloud computing, trust is necessary to build platforms that will be deployed in the cloud. Moving the central office to the cloud where carriers no longer have access to hardware, they're forced to rely on what they don’t control," says Freudenfeld.

"When carriers owned their network hardware, they could handle situations as they arose -- they could see and identify an actual breach," adds Freudenfeld. "Now, with discovery left to third parties, reaction time is stretched out substantially. Carriers are demanding all network platforms -- interfaces, software, firmware, hardware -- be secure."

And for some (many?), China is regarded as posing a security threat, either directly or indirectly. Huawei Technologies Co. Ltd. and ZTE Corp. (Shenzhen: 000063; Hong Kong: 0763) know all about that: They are on the 'not trusted' list in the US, preventing them from supplying telecom equipment to the federal government or US companies. The main concern is that technology developed in China might include hidden back doors that would be used to either eavesdrop or disrupt networks, though no concrete evidence has been forthcoming. (See Nearly Everyone Trusts Us – Huawei CEO, US vs Huawei/ZTE: The Verdict and China Lashes Out at 'Cold War Mentality'.)

Customer concerns are not limited to just steering clear of China, though. Systems vendors are delving deeper into basic design methodology -- how network products are developed. Freudenfeld says there's a need for greater focus on: the design and creation of platforms with security as a central element; regulatory compliance; and the ability to identify weak points in a network.

There are many such weak points, he claims, and these will become more obvious with the introduction of virtualization, for example, or machine-to-machine (M2M) implementations, as each layer and each machine becomes a potential weakness.

And virtualization is going to happen: Indeed, Kontron is embracing it. (See Kontron Integrates OpenStack.)

There's reason to believe that virtualization is a major security concern. At the 2013 RSA Conference in San Francisco, the Cloud Security Alliance identified the Notorious Nine -- the top nine cloud computing threats for 2013. Of the top three concerns, number one is data breaches. In this case, a virtual machine, for example, could use side-channel timing data to extract private cryptographic keys in use by other virtual machines on the same server. The report indicated that one single client application flaw could allow a hacker access to all of the data -- not just that one client's.

The second top concern is data loss -- the kind where data is here and, then, well, it's not. Finally, account or service traffic hijacking. Once a hacker accesses credentials, eavesdropping on transactions and activities, data manipulation, information falsification, and moving clients to illegitimate sites, are all possible.

What cloud computing has done by concentrating a wealth of assets is magnify the consequences of breaches. On one hand, it's a bastion of data sharing -- on the other, a potential nightmare.

"Regulation will be especially important with telecom equipment and delivering the cloud. While there's great potential for software-defined anything --infrastructure, radio, networks -- there’s always a security element," Freudenfeld explained. While working groups and regulatory bodies exist, more progress will be necessary over the near and long term.

The security threat perception isn't limited to China, though, especially amid the NSA headlines and the FBI’s request for Facebook and Google to enable access for US government surveillance. (See Obama Weighs In on NSA Data Collection, Euronews: Merkel's Mad as Hell at NSA and NSA Humor Tops Congressional Hubris.)

Actually implementing back doors, or deliberately compromised telecom equipment, is very rare. It's the accidental vulnerabilities that are more common. But it's not that difficult to believe that Kontron customers are indeed citing security fears for a shift in procurement processes, especially as technology developments move faster than security advances and implementations can keep up with. Technical defenses may still be inadequate or not sufficiently implemented -- and that may leave non-technical ones, such as specifying that design and development take place in a more trusted environment, as the only immediate way to begin to alleviate fears.

— Carolyn Mathas, contributing editor, special to Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
LRTV Custom TV
Wind River Demonstrates Carrier-Grade Software for NFV

4|22|14   |   5:00   |   (0) comments


Wind River VP of Product Management, Glenn Seiler, takes a look the industry's first and only complete NFV software platform designed specifically for the unique carrier-grade and high-performance needs of telecom networks.
LRTV Documentaries
Cable Eyes Big Technology Shifts

4|16|14   |   03:02   |   (4) comments


US cable engineers are facing a lot of heavy lifting in the coming years, notes Light Reading Cable/Video Practice Leader Alan Breznick.
LRTV Custom TV
Maximizing Customer Experience & Assuring Service Delivery in an IP World

4|15|14   |   4:57   |   (0) comments


Steven Shalita, VP of Marketing, NetScout Systems, Inc., discusses the challenges cable/MSO operators face in assuring the delivery of new IP-based services. Key points include the value of proactively managing performance, and using rich analytics and operational intelligence to better understand service and usage trends, make smarter business decisions and ...
LRTV Documentaries
Bye-Bye DVD: Consumers Embrace Digital Video

4|10|14   |   04:17   |   (7) comments


Veteran video analyst Colin Dixon, founder and principal analyst of nScreenMedia, says research shows 56% are using digital video already.
LRTV Documentaries
Video: TW Cable Puts Multicast Gateways to the Test

4|8|14   |   04:13   |   (1) comment


Tom Gonder, a chief architect at Time Warner Cable, explains how its trial of multicast gateways is impacting IP-based video plans.
LRTV Custom TV
Managing & Monetizing Big Data in Operator Environments

4|7|14   |     |   (1) comment


At Mobile World Congress, Gigamon's Director of Service Provider Solutions, Andy Huckridge, and Heavy Reading Analyst Sarah Wallace discuss the 'big data' issues facing carriers and operators today.
LRTV Huawei Video Resource Center
Data Center Energy – Build Your Data Center in a Modular Way

4|7|14   |   2:13   |   (0) comments


Dr. Fang Liangzhou, VP Network Energy Product Line, shared his thoughts about the challenges for data centers during CeBIT 2014.
LRTV Huawei Video Resource Center
Agile Network Solution – An Overview of Huawei's Agile Network Solution

4|7|14   |   2:31   |   (0) comments


Ajay Gupta, Director of Product Marketing, Networking Product Line, gives an overview of the Agile Network Solutions during CeBIT 2014.
LRTV Huawei Video Resource Center
Huawei’s eLTE Voice Trunking, Video and Data Applied for Railways

4|7|14   |   1:38   |   (0) comments


Gottfried Winter is the Sales Director at Funkwerk, a German specialist in GSM-r terminals and a long-time partner of Huawei. At CeBIT 2014, Winter talks to Light Reading about this partnership and the integration of enhanced voice trunking, video and data functions.
LRTV Huawei Video Resource Center
LeaseWeb Speaks Highly of Huawei's Datacenter Products

4|7|14   |   1:37   |   (0) comments


Rene Olde Olthof, Operations Director LeaseWeb, talks about the next data center transformation during CeBIT 2014.
LRTV Documentaries
Comcast: Reshaping the Cable Network Architecture

4|3|14   |   07:11   |   (8) comments


Shamim Akhtar, Comcast's architect and senior director of network strategy, explains why the cable company is moving to a more distributed network architecture.
LRTV Custom TV
VMware CEO Pat Gelsinger at Mobile World Congress

4|1|14   |   3:41   |   (0) comments


VMware CEO Pat Gelsinger speaks to Heavy Reading about the value of virtualization spanning from the data center to service provider networks to mobile devices.
Hot Topics
WhatsApp Threatens Carrier VoLTE
Sarah Reedy, Senior Editor, 4/18/2014
The Hungry, Hungry Cloud
Dan Jones, Mobile Editor, 4/22/2014
Who's Ready to Play Broadband?
Carol Wilson, Editor-at-large, 4/21/2014
What's the Magic of Private Equity?
Carolyn Mathas, 4/22/2014
AT&T Turns Up Gig Heat in 21 New Metros
Dan Jones, Mobile Editor, 4/21/2014
Like Us on Facebook
Twitter Feed