Light Reading

Kontron Capitalizes on Security Jitters

Carolyn Mathas
News Analysis
Carolyn Mathas
2/20/2014
50%
50%

Is it true that telecom equipment companies are basing their purchasing decisions on where the design and development of components and modules takes place?

According to embedded computing platform developer Kontron AG , which undertakes its design and R&D processes in Montreal, Canada, it's already happening: The company, best known for its AdvancedTCA (ATCA) range of modules, claims it's wrestling business away from (unidentified) competitors that have design and development exposure in Asia/Pacific, particularly China.

And if that's more than just a one-off, the implications could be huge for telecom systems vendors and their suppliers.

Sven Freudenfeld, Business Development, Telecom for North America at Kontron, says that, increasingly, customers initiate discussion on where engineering takes place. "As we go further into cloud computing, trust is necessary to build platforms that will be deployed in the cloud. Moving the central office to the cloud where carriers no longer have access to hardware, they're forced to rely on what they don’t control," says Freudenfeld.

"When carriers owned their network hardware, they could handle situations as they arose -- they could see and identify an actual breach," adds Freudenfeld. "Now, with discovery left to third parties, reaction time is stretched out substantially. Carriers are demanding all network platforms -- interfaces, software, firmware, hardware -- be secure."

And for some (many?), China is regarded as posing a security threat, either directly or indirectly. Huawei Technologies Co. Ltd. and ZTE Corp. (Shenzhen: 000063; Hong Kong: 0763) know all about that: They are on the 'not trusted' list in the US, preventing them from supplying telecom equipment to the federal government or US companies. The main concern is that technology developed in China might include hidden back doors that would be used to either eavesdrop or disrupt networks, though no concrete evidence has been forthcoming. (See Nearly Everyone Trusts Us – Huawei CEO, US vs Huawei/ZTE: The Verdict and China Lashes Out at 'Cold War Mentality'.)

Customer concerns are not limited to just steering clear of China, though. Systems vendors are delving deeper into basic design methodology -- how network products are developed. Freudenfeld says there's a need for greater focus on: the design and creation of platforms with security as a central element; regulatory compliance; and the ability to identify weak points in a network.

There are many such weak points, he claims, and these will become more obvious with the introduction of virtualization, for example, or machine-to-machine (M2M) implementations, as each layer and each machine becomes a potential weakness.

And virtualization is going to happen: Indeed, Kontron is embracing it. (See Kontron Integrates OpenStack.)

There's reason to believe that virtualization is a major security concern. At the 2013 RSA Conference in San Francisco, the Cloud Security Alliance identified the Notorious Nine -- the top nine cloud computing threats for 2013. Of the top three concerns, number one is data breaches. In this case, a virtual machine, for example, could use side-channel timing data to extract private cryptographic keys in use by other virtual machines on the same server. The report indicated that one single client application flaw could allow a hacker access to all of the data -- not just that one client's.

The second top concern is data loss -- the kind where data is here and, then, well, it's not. Finally, account or service traffic hijacking. Once a hacker accesses credentials, eavesdropping on transactions and activities, data manipulation, information falsification, and moving clients to illegitimate sites, are all possible.

What cloud computing has done by concentrating a wealth of assets is magnify the consequences of breaches. On one hand, it's a bastion of data sharing -- on the other, a potential nightmare.

"Regulation will be especially important with telecom equipment and delivering the cloud. While there's great potential for software-defined anything --infrastructure, radio, networks -- there’s always a security element," Freudenfeld explained. While working groups and regulatory bodies exist, more progress will be necessary over the near and long term.

The security threat perception isn't limited to China, though, especially amid the NSA headlines and the FBI’s request for Facebook and Google to enable access for US government surveillance. (See Obama Weighs In on NSA Data Collection, Euronews: Merkel's Mad as Hell at NSA and NSA Humor Tops Congressional Hubris.)

Actually implementing back doors, or deliberately compromised telecom equipment, is very rare. It's the accidental vulnerabilities that are more common. But it's not that difficult to believe that Kontron customers are indeed citing security fears for a shift in procurement processes, especially as technology developments move faster than security advances and implementations can keep up with. Technical defenses may still be inadequate or not sufficiently implemented -- and that may leave non-technical ones, such as specifying that design and development take place in a more trusted environment, as the only immediate way to begin to alleviate fears.

— Carolyn Mathas, contributing editor, special to Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
Light Reading sits down at CES with the head of Cisco's service provider video business, Conrad Clemson, to discuss how NFV and cloud security relate to video, the challenge of managing 4K/8K traffic, the global expansion of Netflix and virtual reality.
Flash Poll
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
LRTV Custom TV
Join Us at the Digital Operations Transformation Summit

2|4|16   |   03:52   |   (0) comments


The Digital Operations Transformation Summit on February 21, 2016 at the Crowne Plaza Barcelona Fira Centre will bring together 50 senior executives to engage in a unique debate on the opportunities and challenges presented by the transformative evolving digital landscape. RSVP now at events@lightreading.com.
LRTV Custom TV
Making the Test: ADVA Ensemble Connector vs. Open vSwitch

2|4|16   |   01:28   |   (0) comments


Light Reading, in partnership with EANTC, recently tested ADVA's Ensemble Connector, which replaces open vSwitch and offers carrier-grade capability and interoperability. The test results strengthen ADVA's credibility as a provider in the virtualization space.
LRTV Custom TV
Bridging the Gap Between PoCs & Deployment in NFV

2|4|16   |   31:50   |   (0) comments


Charlie Ashton of Wind River presents the keynote at Light Reading's 2020 Vision executive summit in Dublin.
Between the CEOs
CEO Chat With Mike Aquino

2|3|16   |   17:34   |   (0) comments


The former CEO of Overture Networks, Mike Aquino, discusses why truly open virtualization solutions provide service providers with the greatest choice.
Shades of Ray
MWC: Buckle Up for 5G & the IIoT

2|2|16   |   02:28   |   (0) comments


This year's Mobile World Congress looks set to be a 5G land grab and a chance to get down and dirty with the Industrial Internet of Things (IIoT) – but what will the 5G discussions actually be about?
LRTV Custom TV
Case Study: Building China's Next-Gen TV Networks

2|2|16   |   5:01   |   (0) comments


With over 2 billion viewers worldwide, Shenzhen Media Group is one of China's largest content producers. By partnering with Huawei and Sobey, SZMG was able to modernize media operations with the Converged News Center, a production studio that is a model for next-generation workflows.
LRTV Custom TV
Quad Channel Modulator Driver with 46 Gbaud Capability from MACOM

1|28|16   |     |   (0) comments


MACOM's MAOM-003427 is the industry's first surface-mount modulator driver with 46 Gbaud capability to support next generation 200G and 400G applications.
LRTV Custom TV
Video Infographic: Validating Cisco's NFV Infrastructure

1|26|16   |   02:24   |   (1) comment


We all know that the network of the future will be virtual, but when will virtual become a reality? This video infographic covers the four key areas in which Light Reading, in partnership with EANTC, tested Cisco's NFV infrastructure: performance, reliability, multi-service capabilities and single pane of glass management.

For the full report, see

Between the CEOs
CEO Chat With Phil McKinney, CableLabs

1|22|16   |   13:36   |   (1) comment


At CES in Las Vegas, we met with Phil McKinney, CEO of CableLabs. Phil provides an update on the rollout of DOCSIS 3.1, his views on the future of open source and how consumer interest in virtual reality could affect network traffic.
Between the CEOs
Ericsson CTO on the Changing Telecom Market

1|21|16   |   10:26   |   (0) comments


At CES 2015, CTO of Ericsson, Ulf Ewaldsson, sits down with CEO of Light Reading, Steve Saunders, to discuss the changing telecom market, the new partnership with Cisco and the future of the telecom industry.
LRTV Interviews
Ireland's Data Dream

1|21|16   |   14:31   |   (0) comments


Host In Ireland president Gary Connolly tells Light Reading's Steve Saunders about the role Ireland is playing in hosting data for the world's largest organizations.
LRTV Custom TV
Brocade Keynote: Transitioning to the New IP

1|20|16   |   27:23   |   (0) comments


At 2020 Vision in Dublin, Andrew Coward, VP of Service Provider Strategy at Brocade, presents the transition to the New IP.
Upcoming Live Events
March 10, 2016, The Cable Center, Denver, CO
April 5, 2016, The Ritz Carlton, Charlotte, NC
May 23, 2016, Austin, TX
May 24-25, 2016, Austin Convention Center, Austin, TX
All Upcoming Live Events
Infographics
Cisco's latest VNI numbers suggest the world will be using 366.8 exabytes of data on smartphones and Internet of Things devices, up from 44.2 exabytes, in 2015.
Hot Topics
Alphabet Is Serious About Google Fiber
Mari Silbey, Senior Editor, Cable/Video, 2/1/2016
Did Juniper Pay 'Peanuts' for BTI?
Mitch Wagner, West Coast Bureau Chief, Light Reading, 2/2/2016
Google's 5G Radio Ambitions Are Expanding
Dan Jones, Mobile Editor, 2/5/2016
How Data Center Outsourcing Fuels AT&T NetBond Growth
Carol Wilson, Editor-at-large, 2/3/2016
3.5GHz Startup Gets $22M for Small Cells
Dan Jones, Mobile Editor, 2/2/2016
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
The former CEO of Overture Networks, Mike Aquino, discusses why truly open virtualization solutions provide service providers with the greatest choice.
As anyone who knows me will tell you, I like to think I know a fair bit about this next-gen-comms malarkey, but there's nothing like an interview with one of the ...
Animals with Phones
Happy Groundhogs for Technology Day! Click Here
Live Digital Audio

Broadband speeds are ramping up across Europe as the continent, at its own pace, follows North America towards a gigabit society. But there are many steps to take on the road to gigabit broadband availability and a number of technology options that can meet the various requirements of Europe’s high-speed fixed broadband network operators. During this radio show we will look at some of the catalysts for broadband network investments and examine the menu of technology options on offer, including vectoring and G.fast for copper plant evolution and the various deployment possibilities for FTTH/B.