x
Security Platforms/Tools

Huawei Appoints Cyber Security Guru

Huawei Technologies Co. Ltd. hired prominent IT executive John Suffolk to be its new Global Cyber Security Officer, the Chinese vendor announced on Monday. (See Huawei Appoints Cyber Security Exec.)

Before joining Huawei, Suffolk's last job was CIO of the U.K. government. Prior to that, he has also been an advisor to the World Bank High-Level Experts group, director general of the UK criminal justice transformation program, and managing director of financial services firm Britannia Building Society.

Now he will report to Huawei CEO Ren Zhengfei and spearhead the vendor's new cyber security assurance strategy, which will be implemented across all of the vendor's departments, including research and development, supply chain, marketing and sales, project delivery and technical services.

Suffolk, whose office will be located at Huawei's headquarters in Shenzhen, China, will also be responsible for communicating the new strategy to customers, partners, employees and other stakeholders.

The appointment follows the opening of Huawei's Cyber Security Evaluation Center in the U.K. at the end of last year. The facility is designed to test Huawei's own equipment and show operators and government officials how it can withstand cyber security threats. (See Huawei Opens UK Security Evaluation Center.)

Why this matters
Huawei is on a mission to allay security fears that some governments still have about the company -- the latest example of such concerns cropped up in Taiwan just last month. (See More Security Woes for Huawei.)

The Chinese vendor wants to change its image from security threat to cyber security expert and even services provider. To that end, it has taken unprecedented steps to be more open and transparent. Hiring a high-profile IT exec such as John Suffolk is the company's latest move in this security assurance offensive.

For more
There are those that will see the irony in Huawei's cyber security push as the company has a colorful and controversial history on this front.



— Michelle Donegan, European Editor, Light Reading Mobile

Page 1 / 2   >   >>
eliteman 12/5/2012 | 4:56:31 PM
re: Huawei Appoints Cyber Security Guru

Hi,


The US is blocking Huawei from entering the market not because of security risks, but to safeguard the profit margins of Alcatel-Lucent, Cisco and alike.


See what happened in Europe to Ericsson and NSN when Huawei came to market. Profit margins dropped from >30% to <20%. As a result the European vendors are suffering and one of them will cease to exist in the next few years.


US Senators are very active bringing up the security risk, but in reality they are protecting their voters from losing their jobs when the Cisco or Lucent office in their state will have to scale down because of lost marketshare.

<div style="margin-top: 3px;">@Telecomguy0704: Have you every worked for a Chinese company? No? Then I&nbsp;understand your comment about Huawei's Elite men.... and it makes me smile.</div>
<div style="margin-top: 3px;">I'm one of the "Huawei Elite Men", so I know better.... it's fascinating reading though...</div>
Telecomguy0704 12/5/2012 | 4:57:07 PM
re: Huawei Appoints Cyber Security Guru

Without disrespect, as a business man, Bill had his own business objectives to achieve and that&rsquo;s understandable.
For Nortel (and its old BNR), there were million lines of Protel code running on the DMS (once the most popular switches in the World), however, nobody would have had any incentives to do malicious things, or anything unethical.
For Huawei, it&rsquo;s not quite the same. Is Huawei a public company like what Nortel once was?


My view is, either it&rsquo;s very na&iuml;ve or very ignorant of anyone, or any company would claim that they could inspect all the code, or all the HW&rsquo;s components in any communication equipments.


The truth is, during the HW, SW or patching upgrade; if wanted to, any intended malicious functions can be slipped in quite easily. Would any management with the right mind, really want to shut down a live network, just for the live code inspection, or for the hardware inspection?

On the other hand, even with the very legitimate code in the systems. A simple twist in the code&rsquo;s variables, that&rsquo;s enough to do the job. Even for a very well trained coder, it&rsquo;s almost next to impossible for detecting any of those &ldquo;legal&rdquo; variables and parameters.


Okay, let&rsquo;s for get about all those back-door stuff and just looking at the system security from another angle. How about CALEA (system&rsquo;s voice, data and video images interception functionality), which are required by law in most countries?


Yes, all the communication equipment vendors have expert teams in this field; mainly for supporting the Law Enforcement Agency with data interception and collection. Who can say those CALEA experts won&rsquo;t help themselves illegally with the intercepted data for whatever purposes, like a for a particular foreign power's interests?

The country&rsquo;s security and safety must come first and I think Sprint had made a right decision. Any personal gain or business gain from a potential threat is not ethical and not worth it. I&rsquo;d like to borrow a line from JFK, &ldquo;Ask not what your country can do for you - ask what you can do for your country.&rdquo;

pdonegan67 12/5/2012 | 4:57:18 PM
re: Huawei Appoints Cyber Security Guru

&nbsp;



Thanks Telecomguy. The CNN article that you provided a link to is among the most balanced I&rsquo;ve seen on the subject so far. &nbsp;

Three quotes in the article touch on three different aspects of the conundrum for U.S policy-makers.

&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The critical importance of the spooks. The guy from the Center for Strategic and International Studies (CSIS) in Washington, D.C is quoted as saying. "The national security community in the U.S. is united in its opposition to Huawei."&nbsp;This guy is obviously a whole lot better placed to gauge that than me. But it certainly rings true. And it remains a key issue.

&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Nevertheless some platinum-plated movers and shakers in U.S security circles believe the exclusion of Huawei is misguided. There&rsquo;s an interesting comment in the CNN article from former vice chairman of the Joint Chiefs of Staff, Admiral Bill Owens. Bill was also my old boss when he was CEO of Nortel. His consulting outfit, Amerilink Telecom, was engaged by Huawei last year in an effort to support an ultimately unsuccessful bid to win a major wireless contract with Sprint. Bill&rsquo;s reflection in the CNN article is that &ldquo;It was a serious mistake for America not to [have had Sprint award Huawei the business]," And again he says: "they're opening all their source code to Sprint, to the U.S. government, to everyone. At Nortel, I never would have opened the source code to anyone, especially not the U.S. government. This is so compellingly wrong in the way this has happened." To repeat, Bill is a former vice chairman of the Joint Chiefs of Staff. He commanded the 6<sup>th</sup> fleet during the first Iraq War of 1990-1991. Oh - and he was a Rhodes Scholar at Oxford University, reputedly scoring higher exam marks than Bill Clinton.

&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A rich mix of both reliable and unreliable information. The unnamed source in the article who says of Level 3&rsquo;s purchase of Huawei equipment that "It's base stations, core switching equipment -- the kind of stuff that really ought to keep people up at night". Since when did Level 3 ever buy base stations? There may be grounds for policy makers to be kept up at night. But if &nbsp;there are then hyperbole-rich and fact-poor &ldquo;evidence&rdquo; like this is much more likely to make policy makers fall asleep at the wheel.

Good to see that some parts of the media are starting to cover this issue more comprehensively.&nbsp;



&nbsp;


&nbsp;

Telecomguy0704 12/5/2012 | 4:57:20 PM
re: Huawei Appoints Cyber Security Guru

The way China works is, buying the Elite from each country (with lots of money) then, let them do all the work, performing their most charming influences for China Communist Party (CCP) and its Army (PLA)&rsquo;s benefits and interests.



Currently, China is threatening the US and other smaller nations in the South China Sea with its bullying and rather weird behaviors. Just look at this way, when China first bought the Ukraine&rsquo;s old aircraft carrier years ago, China&rsquo;s &ldquo;friendly business&rdquo; front men said it was for the floating Casino purposes. Now, suddenly, we heard on the news, under the CCP and PLA&rsquo;s influences, this ship has become China&rsquo;s Navy Arm Force&rsquo;s (PLAN) first aircraft carrier (to be used for controlling all the International ship lanes of South East Asia Sea). &nbsp;What make us think that Huawei, ZTE and other &ldquo;private&rdquo; companies from China could escape from the strong influence of the CCP and its Army&rsquo;s strong arm tactics? Should the US&rsquo; critical lines of network communication to be controlled and influenced by an unstable foreign power, like the CCP?&nbsp;&nbsp;&nbsp;

Please read the articles below, especially the comments from various readers for a fair view of the High Tech community.



What makes China telecom Huawei so&nbsp;scary?

http://tech.fortune.cnn.com/2011/07/28/what-makes-china-telecom-huawei-so-scary/&nbsp;

China vs. U.S.: The cyber Cold War is raging

http://money.cnn.com/2011/07/28/technology/government_hackers/index.htm

pdonegan67 12/5/2012 | 4:57:34 PM
re: Huawei Appoints Cyber Security Guru

Security tensions of some kind between China and the U.S are inevitable for years, perhaps decades, to come.


You raise a bunch of other important issues. All of which serve to underline that the interplay between network security and national security is a multi-faceted question- one that goes beyond a narrow focus on the fear of embedded malware in a vendor's network infrastructure. Maybe we can agree on that.

krishanguru143 12/5/2012 | 4:57:34 PM
re: Huawei Appoints Cyber Security Guru

&nbsp;

Care to explain why the government&nbsp;doesn&rsquo;t trust them?&nbsp; That doesn&rsquo;t mean the gear cannot be used, but the government is very suspicious of them.&nbsp; What about them planning on producing wireless gear at a factory in south India?&nbsp; Coincidence or them trying to make nice with the government by supplying jobs?

&nbsp;

So, being security conscious is being myopic?&nbsp; How about looking the other way and when it turns out to be true, then what?&nbsp; It is a little hard to undo the damage at that point no?&nbsp; Maybe we should look at other vendors.&nbsp; Cisco produces products in China but yet their security products are made in Mexico.&nbsp; Care to explain that?&nbsp; So you don&rsquo;t think that many companies, governments, etc. wouldn&rsquo;t want products made in China that are for security?&nbsp; How about the flood of counterfeit products from China?&nbsp; Customs seized a lot of gear that was fake, but they would work just fine in Cisco routers.&nbsp; They were being sold as authentic Cisco gear and chances are, the manufacturer was producing extra equipment and selling it themselves.&nbsp; What would keep them from using custom microcode/firmware in the products?

&nbsp;



As for Huawei being a front runner.&nbsp; Not hard to do when you steal the IP from others.&nbsp; How many companies have accused Huawei of that and how many times have they paid out?

&nbsp;

http://www.lightreading.com/messages.asp?piddl_msgthreadid=32784&amp;piddl_msgid=72861

&nbsp;

http://www.lightreading.com/document.asp?doc_id=31253

&nbsp;

How about Moto suing Huawei of IP theft?





&nbsp;

pdonegan67 12/5/2012 | 4:57:34 PM
re: Huawei Appoints Cyber Security Guru

Not sure I agree where India is concerned. Huawei has secured a very substantial share of India's 3G roll-out, for example.


More broadly where these issues are concerned, in my view the media focus on the risk of&nbsp;malicious embedded software is of course a key national security question but&nbsp;the focus has been, and continues to be, myopic.


If there are reasonable grounds for suspicion there it's a risk, of course. But that is too narrow a definition of national security. Economic competitiveness is a fundamental platform of national security. And economic competiveness is compromised by denying telecom carriers access to the very best in technology innovation. In carrier networks, Huawei is now a front-rank player these days. Excluding them is not without risk from a competitivness stand-point and hence from a national security perspective as well.


The media debate needs to move on to a wider set of risk mitigation trade-offs. I&nbsp;wouldn't&nbsp;want to pay Mr Suffolk the indignity of speculating on when he's going to retire but my money's on this change in outlook transpiring before that date.

krishanguru143 12/5/2012 | 4:57:36 PM
re: Huawei Appoints Cyber Security Guru



We already have open trade with China; of course they don&rsquo;t do the opposite though and very tightly control their currency.&nbsp; I also cannot see the NSA ever viewing China as not a threat.&nbsp; Sure the NSA cannot tell a carrier that they cannot buy Huawei gear, but they can make sure they don&rsquo;t get government contracts either.&nbsp; U.S. Cellular looked at Huawei gear, but Senators made sure they made their position well known and that any type of subsidy would be off the table to them.&nbsp; Chances are of another carrier trying the Huawei route are pretty slim.&nbsp; Even India doesn&rsquo;t trust them.

&nbsp;

It will be more than a longtime, John Suffolk will be long retired by then.




pdonegan67 12/5/2012 | 4:57:38 PM
re: Huawei Appoints Cyber Security Guru

Governments of all kinds&nbsp;have&nbsp;many different&nbsp;of ways of carrying out cyber attacks on telecom networks available to them. Persuading a national champion vendor to collaborate in planting rogue&nbsp;software in their own equipment is just one of them.


Studying the flaws in another vendor's equipment and then bribing a highly placed employee in an operator a stupendous amount of money to exploit those vulnerabilities&nbsp;might be&nbsp;another.


Government policies of all kind change and evolve over over time, whether due to entirely domestic factors or due to changes in relationships and terms of trade with other countries.


Granted it may take a long time, but over time&nbsp;I'm not convinced this will be any different.


&nbsp;

krishanguru143 12/5/2012 | 4:57:38 PM
re: Huawei Appoints Cyber Security Guru



No matter what they do and how secure they show they are, if the governments are going to block deals, does it really matter?&nbsp; It is hard to use how secure their equipment is and use it as an advantage will their gear is automatically excluded from being looked at.&nbsp; How many carriers do you think have just overlooked Huawei because they know they won&rsquo;t be able to buy from them?&nbsp; In many cases, the top three or top five are looked at.&nbsp; If you are with a company that looks at the top three and you know that Huawei will be excluded at the end, why let them take a spot to begin with?





&nbsp;




They are going to have to go much further than what they have to ease the fears of the governments.




Page 1 / 2   >   >>
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE