Light Reading

Kontron Capitalizes on Security Jitters

Carolyn Mathas
News Analysis
Carolyn Mathas

Is it true that telecom equipment companies are basing their purchasing decisions on where the design and development of components and modules takes place?

According to embedded computing platform developer Kontron AG , which undertakes its design and R&D processes in Montreal, Canada, it's already happening: The company, best known for its AdvancedTCA (ATCA) range of modules, claims it's wrestling business away from (unidentified) competitors that have design and development exposure in Asia/Pacific, particularly China.

And if that's more than just a one-off, the implications could be huge for telecom systems vendors and their suppliers.

Sven Freudenfeld, Business Development, Telecom for North America at Kontron, says that, increasingly, customers initiate discussion on where engineering takes place. "As we go further into cloud computing, trust is necessary to build platforms that will be deployed in the cloud. Moving the central office to the cloud where carriers no longer have access to hardware, they're forced to rely on what they don’t control," says Freudenfeld.

"When carriers owned their network hardware, they could handle situations as they arose -- they could see and identify an actual breach," adds Freudenfeld. "Now, with discovery left to third parties, reaction time is stretched out substantially. Carriers are demanding all network platforms -- interfaces, software, firmware, hardware -- be secure."

And for some (many?), China is regarded as posing a security threat, either directly or indirectly. Huawei Technologies Co. Ltd. and ZTE Corp. (Shenzhen: 000063; Hong Kong: 0763) know all about that: They are on the 'not trusted' list in the US, preventing them from supplying telecom equipment to the federal government or US companies. The main concern is that technology developed in China might include hidden back doors that would be used to either eavesdrop or disrupt networks, though no concrete evidence has been forthcoming. (See Nearly Everyone Trusts Us – Huawei CEO, US vs Huawei/ZTE: The Verdict and China Lashes Out at 'Cold War Mentality'.)

Customer concerns are not limited to just steering clear of China, though. Systems vendors are delving deeper into basic design methodology -- how network products are developed. Freudenfeld says there's a need for greater focus on: the design and creation of platforms with security as a central element; regulatory compliance; and the ability to identify weak points in a network.

There are many such weak points, he claims, and these will become more obvious with the introduction of virtualization, for example, or machine-to-machine (M2M) implementations, as each layer and each machine becomes a potential weakness.

And virtualization is going to happen: Indeed, Kontron is embracing it. (See Kontron Integrates OpenStack.)

There's reason to believe that virtualization is a major security concern. At the 2013 RSA Conference in San Francisco, the Cloud Security Alliance identified the Notorious Nine -- the top nine cloud computing threats for 2013. Of the top three concerns, number one is data breaches. In this case, a virtual machine, for example, could use side-channel timing data to extract private cryptographic keys in use by other virtual machines on the same server. The report indicated that one single client application flaw could allow a hacker access to all of the data -- not just that one client's.

The second top concern is data loss -- the kind where data is here and, then, well, it's not. Finally, account or service traffic hijacking. Once a hacker accesses credentials, eavesdropping on transactions and activities, data manipulation, information falsification, and moving clients to illegitimate sites, are all possible.

What cloud computing has done by concentrating a wealth of assets is magnify the consequences of breaches. On one hand, it's a bastion of data sharing -- on the other, a potential nightmare.

"Regulation will be especially important with telecom equipment and delivering the cloud. While there's great potential for software-defined anything --infrastructure, radio, networks -- there’s always a security element," Freudenfeld explained. While working groups and regulatory bodies exist, more progress will be necessary over the near and long term.

The security threat perception isn't limited to China, though, especially amid the NSA headlines and the FBI’s request for Facebook and Google to enable access for US government surveillance. (See Obama Weighs In on NSA Data Collection, Euronews: Merkel's Mad as Hell at NSA and NSA Humor Tops Congressional Hubris.)

Actually implementing back doors, or deliberately compromised telecom equipment, is very rare. It's the accidental vulnerabilities that are more common. But it's not that difficult to believe that Kontron customers are indeed citing security fears for a shift in procurement processes, especially as technology developments move faster than security advances and implementations can keep up with. Technical defenses may still be inadequate or not sufficiently implemented -- and that may leave non-technical ones, such as specifying that design and development take place in a more trusted environment, as the only immediate way to begin to alleviate fears.

— Carolyn Mathas, contributing editor, special to Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
From The Founder
Light Reading's conference in November will attempt to answer all of the big questions around white box networks. No pressure...
Flash Poll
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
Telecom Innovators Video Showcase
Close-up on ConfD

10|12|15   |   10.21   |   (0) comments

Tail-f's Renée Robinson-Stromberg tells Steve Saunders about the powerful ConfD management interface.
Women in Comms Introduction Videos
Women in Comms: Highlights From Dallas

10|12|15   |   2:23   |   (1) comment

The best soundbites, quotes and words of wisdom from leading women from Intel, AT&T, Verizon and Genband at our recent WiC breakfast in Dallas.
Telecom Innovators Video Showcase
NetNumber Founder on Managing Signaling Control

10|12|15   |   6:36   |   (0) comments

NetNumber Founder and Chief Strategy Officer Doug Ranalli describes the essential complexity of real-world signaling-control and how NetNumber enables carriers to bring signaling-control "under-control". Learn why virtualization alone isn't the answer.
LRTV Documentaries
Verizon Gets Proactive on App Performance

10|12|15   |   04:50   |   (0) comments

SDN is turning traditional service models around to allow Verizon to measure and deliver performance at the application layer. As Shawn Hakl, VP of enterprise networking and managed solutions for Verizon, explains, the carrier had to develop new skill sets and change some of its internal operations, but the payoff was happier enterprise customers.
Telecom Innovators Video Showcase
Tail-f, Cisco & What the Future Holds

10|9|15   |   8:17   |   (0) comments

Steve Saunders meets with Tail-f's Director of Technology, Carl Moberg, in Stockholm to discuss becoming part of Cisco, ETSI MANO, virtualization and the need to combine science and business in order to create opportunities for service providers.
LRTV Interviews
Broadband Forum Embraces SDN & NFV

10|9|15   |   02:42   |   (1) comment

At Gigabit Europe 2015, Robin Mersh and Kevin Foster from the Broadband Forum explain how the industry body is adapting to meet the SDN, NFV and cloud needs of the access network sector.
LRTV Interviews
Top Tips for FTTH Operators

10|8|15   |   02:26   |   (0) comments

At Gigabit Europe 2015, Ventura Team co-founder Richard Jones talks about some of the key business case considerations for FTTH network operators.
LRTV Interviews
M-net Calls for FTTx Unity

10|8|15   |   03:45   |   (0) comments

At the Gigabit Europe event, Jörn Schoof from M-net, the Munich city network operator, calls for industry collaboration on fiber broadband access rollouts.
LRTV Documentaries
The Business Case Challenge for NFV

10|7|15   |   03:47   |   (0) comments

Virtual CPE is one of the early success stories for network functions virtualization, as service providers are finding flexible, programmable CPE solves a lot of logistics problems and reduces their cost. But even here, Masergy Communications faced a business case challenge, says CTO Tim Naramore.
LRTV Interviews
JT Offers Some Gigabit Lessons

10|7|15   |   4:08   |   (1) comment

Barna Kutvolgyi, managing director, Global Consumer, at JT, the incumbent operator on the island of Jersey, talks about how other service providers can learn from his company's gigabit broadband rollout experiences.
LRTV Interviews
AT&T's Chiosi on the Potential of Open Source

10|6|15   |   06:27   |   (0) comments

AT&T Distinguished Network Architect Margaret T. Chiosi talks to Light Reading's Carol Wilson about the potential for open source technology to liberate communications service providers.
LRTV Interviews
Network Security in a Gigabit World

10|6|15   |   05:52   |   (0) comments

Masergy's James Harrison talks about some of the network security and data center issues network operators need to consider as they expand their broadband services portfolios.
Upcoming Live Events
October 14-15, 2015, New Orleans Ernest N. Morial Convention Center, New Orleans, LA
November 5, 2015, Hilton Santa Clara, Santa Clara, CA
November 17, 2015, Santa Clara, California
December 1, 2015, The Westin Times Square, New York City
December 2, 2015, The Westin Times Square, New York City
All Upcoming Live Events
Network appliances have a strong value proposition in today's networks and will continue to do so in the NFV and SDN-enabled networks of tomorrow.
Hot Topics
Dell Buys EMC for $67B in Biggest Tech Deal Ever
Mari Silbey, Senior Editor, Cable/Video, 10/12/2015
M&A Speculation Swirls Around Juniper
Ray Le Maistre, Editor-in-chief, 10/6/2015
Cord Cutting? 'Fraid so.
Brett Sappington, 10/7/2015
Cisco Makes 'Martian' Connection
Mitch Wagner, West Coast Bureau Chief, Light Reading, 10/9/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
With so many new and exciting communications technologies now under development, it's easy to get caught up in the industry's escalating hype cycle. That's why the ...
Last week saw a big day in the 15-year history of Light Reading when Editor-in-Chief Ray Le Maistre and I were invited to interview the Deputy Chairman and Rotating ...
Cats with Phones
"What?! I'm on with Finisar about their stock price tanking" Click Here
Live Digital Audio

Think NFV is just about virtualization? Think again!

Network architects are learning that there's a lot more to the technology than first thought – more complexity, that is; but also, more potential benefits.

On May 29th 1 PM ET, Steve Saunders, founder and CEO of Light Reading, will be drilling into the "pains and gains" of NFV with Saar Gillai, SVP & GM, HP Communications Solutions Business at Hewlett-Packard Co. (NYSE: HPQ) (HP). He has defined a four-step NFV model describing a sequence of technology innovation. It's a must-read doc for any network architect looking to get to grips with their NFV migration strategy. Join us for the interview, and the chance to ask Saar your NFV questions directly!