Sign In Register
5G
The Edge
Open RAN
Private Networks
Cloud Native/NFV
Security
AI/Automation
Cable/Video
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
6G
Regions
Asia Africa Europe India Middle East
Industry Show News
Mobile World Congress Big 5G Event
Events
Optical Networking Digital SymposiumEdge Computing Digital SymposiumNext-Gen Broadband APAC: 5G, 10G & Beyond
Events Archives
Service Provider Security Strategies for the EnterpriseOpen RAN EcosystemNGON & DCI World Digital Symposium
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Market Leader Programs
Internet for the Future
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
Security Platforms/Tools

Huawei Appoints Cyber Security Guru

News Analysis Michelle Donegan 8/1/2011
Comment (12)
Huawei Technologies Co. Ltd. hired prominent IT executive John Suffolk to be its new Global Cyber Security Officer, the Chinese vendor announced on Monday. (See Huawei Appoints Cyber Security Exec.)

Before joining Huawei, Suffolk's last job was CIO of the U.K. government. Prior to that, he has also been an advisor to the World Bank High-Level Experts group, director general of the UK criminal justice transformation program, and managing director of financial services firm Britannia Building Society.

Now he will report to Huawei CEO Ren Zhengfei and spearhead the vendor's new cyber security assurance strategy, which will be implemented across all of the vendor's departments, including research and development, supply chain, marketing and sales, project delivery and technical services.

Suffolk, whose office will be located at Huawei's headquarters in Shenzhen, China, will also be responsible for communicating the new strategy to customers, partners, employees and other stakeholders.

The appointment follows the opening of Huawei's Cyber Security Evaluation Center in the U.K. at the end of last year. The facility is designed to test Huawei's own equipment and show operators and government officials how it can withstand cyber security threats. (See Huawei Opens UK Security Evaluation Center.)

Why this matters
Huawei is on a mission to allay security fears that some governments still have about the company -- the latest example of such concerns cropped up in Taiwan just last month. (See More Security Woes for Huawei.)

The Chinese vendor wants to change its image from security threat to cyber security expert and even services provider. To that end, it has taken unprecedented steps to be more open and transparent. Hiring a high-profile IT exec such as John Suffolk is the company's latest move in this security assurance offensive.

For more
There are those that will see the irony in Huawei's cyber security push as the company has a colorful and controversial history on this front.



— Michelle Donegan, European Editor, Light Reading Mobile

Related Stories
COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
eliteman 12/5/2012 | 4:56:31 PM
re: Huawei Appoints Cyber Security Guru

Hi,


The US is blocking Huawei from entering the market not because of security risks, but to safeguard the profit margins of Alcatel-Lucent, Cisco and alike.


See what happened in Europe to Ericsson and NSN when Huawei came to market. Profit margins dropped from >30% to <20%. As a result the European vendors are suffering and one of them will cease to exist in the next few years.


US Senators are very active bringing up the security risk, but in reality they are protecting their voters from losing their jobs when the Cisco or Lucent office in their state will have to scale down because of lost marketshare.

<div style="margin-top: 3px;">@Telecomguy0704: Have you every worked for a Chinese company? No? Then I&nbsp;understand your comment about Huawei's Elite men.... and it makes me smile.</div>
<div style="margin-top: 3px;">I'm one of the "Huawei Elite Men", so I know better.... it's fascinating reading though...</div>
Reply | Post Message | MESSAGES LIST | START A BOARD
Telecomguy0704 12/5/2012 | 4:57:07 PM
re: Huawei Appoints Cyber Security Guru

Without disrespect, as a business man, Bill had his own business objectives to achieve and that&rsquo;s understandable.
For Nortel (and its old BNR), there were million lines of Protel code running on the DMS (once the most popular switches in the World), however, nobody would have had any incentives to do malicious things, or anything unethical.
For Huawei, it&rsquo;s not quite the same. Is Huawei a public company like what Nortel once was?


My view is, either it&rsquo;s very na&iuml;ve or very ignorant of anyone, or any company would claim that they could inspect all the code, or all the HW&rsquo;s components in any communication equipments.


The truth is, during the HW, SW or patching upgrade; if wanted to, any intended malicious functions can be slipped in quite easily. Would any management with the right mind, really want to shut down a live network, just for the live code inspection, or for the hardware inspection?

On the other hand, even with the very legitimate code in the systems. A simple twist in the code&rsquo;s variables, that&rsquo;s enough to do the job. Even for a very well trained coder, it&rsquo;s almost next to impossible for detecting any of those &ldquo;legal&rdquo; variables and parameters.


Okay, let&rsquo;s for get about all those back-door stuff and just looking at the system security from another angle. How about CALEA (system&rsquo;s voice, data and video images interception functionality), which are required by law in most countries?


Yes, all the communication equipment vendors have expert teams in this field; mainly for supporting the Law Enforcement Agency with data interception and collection. Who can say those CALEA experts won&rsquo;t help themselves illegally with the intercepted data for whatever purposes, like a for a particular foreign power's interests?

The country&rsquo;s security and safety must come first and I think Sprint had made a right decision. Any personal gain or business gain from a potential threat is not ethical and not worth it. I&rsquo;d like to borrow a line from JFK, &ldquo;Ask not what your country can do for you - ask what you can do for your country.&rdquo;
Reply | Post Message | MESSAGES LIST | START A BOARD
pdonegan67 12/5/2012 | 4:57:18 PM
re: Huawei Appoints Cyber Security Guru

&nbsp;



Thanks Telecomguy. The CNN article that you provided a link to is among the most balanced I&rsquo;ve seen on the subject so far. &nbsp;

Three quotes in the article touch on three different aspects of the conundrum for U.S policy-makers.

&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The critical importance of the spooks. The guy from the Center for Strategic and International Studies (CSIS) in Washington, D.C is quoted as saying. "The national security community in the U.S. is united in its opposition to Huawei."&nbsp;This guy is obviously a whole lot better placed to gauge that than me. But it certainly rings true. And it remains a key issue.

&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Nevertheless some platinum-plated movers and shakers in U.S security circles believe the exclusion of Huawei is misguided. There&rsquo;s an interesting comment in the CNN article from former vice chairman of the Joint Chiefs of Staff, Admiral Bill Owens. Bill was also my old boss when he was CEO of Nortel. His consulting outfit, Amerilink Telecom, was engaged by Huawei last year in an effort to support an ultimately unsuccessful bid to win a major wireless contract with Sprint. Bill&rsquo;s reflection in the CNN article is that &ldquo;It was a serious mistake for America not to [have had Sprint award Huawei the business]," And again he says: "they're opening all their source code to Sprint, to the U.S. government, to everyone. At Nortel, I never would have opened the source code to anyone, especially not the U.S. government. This is so compellingly wrong in the way this has happened." To repeat, Bill is a former vice chairman of the Joint Chiefs of Staff. He commanded the 6<sup>th</sup> fleet during the first Iraq War of 1990-1991. Oh - and he was a Rhodes Scholar at Oxford University, reputedly scoring higher exam marks than Bill Clinton.

&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A rich mix of both reliable and unreliable information. The unnamed source in the article who says of Level 3&rsquo;s purchase of Huawei equipment that "It's base stations, core switching equipment -- the kind of stuff that really ought to keep people up at night". Since when did Level 3 ever buy base stations? There may be grounds for policy makers to be kept up at night. But if &nbsp;there are then hyperbole-rich and fact-poor &ldquo;evidence&rdquo; like this is much more likely to make policy makers fall asleep at the wheel.

Good to see that some parts of the media are starting to cover this issue more comprehensively.&nbsp;



&nbsp;


&nbsp;

Reply | Post Message | MESSAGES LIST | START A BOARD
Telecomguy0704 12/5/2012 | 4:57:20 PM
re: Huawei Appoints Cyber Security Guru

The way China works is, buying the Elite from each country (with lots of money) then, let them do all the work, performing their most charming influences for China Communist Party (CCP) and its Army (PLA)&rsquo;s benefits and interests.



Currently, China is threatening the US and other smaller nations in the South China Sea with its bullying and rather weird behaviors. Just look at this way, when China first bought the Ukraine&rsquo;s old aircraft carrier years ago, China&rsquo;s &ldquo;friendly business&rdquo; front men said it was for the floating Casino purposes. Now, suddenly, we heard on the news, under the CCP and PLA&rsquo;s influences, this ship has become China&rsquo;s Navy Arm Force&rsquo;s (PLAN) first aircraft carrier (to be used for controlling all the International ship lanes of South East Asia Sea). &nbsp;What make us think that Huawei, ZTE and other &ldquo;private&rdquo; companies from China could escape from the strong influence of the CCP and its Army&rsquo;s strong arm tactics? Should the US&rsquo; critical lines of network communication to be controlled and influenced by an unstable foreign power, like the CCP?&nbsp;&nbsp;&nbsp;

Please read the articles below, especially the comments from various readers for a fair view of the High Tech community.



What makes China telecom Huawei so&nbsp;scary?

http://tech.fortune.cnn.com/2011/07/28/what-makes-china-telecom-huawei-so-scary/&nbsp;

China vs. U.S.: The cyber Cold War is raging

http://money.cnn.com/2011/07/28/technology/government_hackers/index.htm

Reply | Post Message | MESSAGES LIST | START A BOARD
pdonegan67 12/5/2012 | 4:57:34 PM
re: Huawei Appoints Cyber Security Guru

Security tensions of some kind between China and the U.S are inevitable for years, perhaps decades, to come.


You raise a bunch of other important issues. All of which serve to underline that the interplay between network security and national security is a multi-faceted question- one that goes beyond a narrow focus on the fear of embedded malware in a vendor's network infrastructure. Maybe we can agree on that.
Reply | Post Message | MESSAGES LIST | START A BOARD
krishanguru143 12/5/2012 | 4:57:34 PM
re: Huawei Appoints Cyber Security Guru

&nbsp;

Care to explain why the government&nbsp;doesn&rsquo;t trust them?&nbsp; That doesn&rsquo;t mean the gear cannot be used, but the government is very suspicious of them.&nbsp; What about them planning on producing wireless gear at a factory in south India?&nbsp; Coincidence or them trying to make nice with the government by supplying jobs?

&nbsp;

So, being security conscious is being myopic?&nbsp; How about looking the other way and when it turns out to be true, then what?&nbsp; It is a little hard to undo the damage at that point no?&nbsp; Maybe we should look at other vendors.&nbsp; Cisco produces products in China but yet their security products are made in Mexico.&nbsp; Care to explain that?&nbsp; So you don&rsquo;t think that many companies, governments, etc. wouldn&rsquo;t want products made in China that are for security?&nbsp; How about the flood of counterfeit products from China?&nbsp; Customs seized a lot of gear that was fake, but they would work just fine in Cisco routers.&nbsp; They were being sold as authentic Cisco gear and chances are, the manufacturer was producing extra equipment and selling it themselves.&nbsp; What would keep them from using custom microcode/firmware in the products?

&nbsp;



As for Huawei being a front runner.&nbsp; Not hard to do when you steal the IP from others.&nbsp; How many companies have accused Huawei of that and how many times have they paid out?

&nbsp;

http://www.lightreading.com/messages.asp?piddl_msgthreadid=32784&amp;piddl_msgid=72861

&nbsp;

http://www.lightreading.com/document.asp?doc_id=31253

&nbsp;

How about Moto suing Huawei of IP theft?





&nbsp;

Reply | Post Message | MESSAGES LIST | START A BOARD
pdonegan67 12/5/2012 | 4:57:34 PM
re: Huawei Appoints Cyber Security Guru

Not sure I agree where India is concerned. Huawei has secured a very substantial share of India's 3G roll-out, for example.


More broadly where these issues are concerned, in my view the media focus on the risk of&nbsp;malicious embedded software is of course a key national security question but&nbsp;the focus has been, and continues to be, myopic.


If there are reasonable grounds for suspicion there it's a risk, of course. But that is too narrow a definition of national security. Economic competitiveness is a fundamental platform of national security. And economic competiveness is compromised by denying telecom carriers access to the very best in technology innovation. In carrier networks, Huawei is now a front-rank player these days. Excluding them is not without risk from a competitivness stand-point and hence from a national security perspective as well.


The media debate needs to move on to a wider set of risk mitigation trade-offs. I&nbsp;wouldn't&nbsp;want to pay Mr Suffolk the indignity of speculating on when he's going to retire but my money's on this change in outlook transpiring before that date.
Reply | Post Message | MESSAGES LIST | START A BOARD
krishanguru143 12/5/2012 | 4:57:36 PM
re: Huawei Appoints Cyber Security Guru



We already have open trade with China; of course they don&rsquo;t do the opposite though and very tightly control their currency.&nbsp; I also cannot see the NSA ever viewing China as not a threat.&nbsp; Sure the NSA cannot tell a carrier that they cannot buy Huawei gear, but they can make sure they don&rsquo;t get government contracts either.&nbsp; U.S. Cellular looked at Huawei gear, but Senators made sure they made their position well known and that any type of subsidy would be off the table to them.&nbsp; Chances are of another carrier trying the Huawei route are pretty slim.&nbsp; Even India doesn&rsquo;t trust them.

&nbsp;

It will be more than a longtime, John Suffolk will be long retired by then.




Reply | Post Message | MESSAGES LIST | START A BOARD
pdonegan67 12/5/2012 | 4:57:38 PM
re: Huawei Appoints Cyber Security Guru

Governments of all kinds&nbsp;have&nbsp;many different&nbsp;of ways of carrying out cyber attacks on telecom networks available to them. Persuading a national champion vendor to collaborate in planting rogue&nbsp;software in their own equipment is just one of them.


Studying the flaws in another vendor's equipment and then bribing a highly placed employee in an operator a stupendous amount of money to exploit those vulnerabilities&nbsp;might be&nbsp;another.


Government policies of all kind change and evolve over over time, whether due to entirely domestic factors or due to changes in relationships and terms of trade with other countries.


Granted it may take a long time, but over time&nbsp;I'm not convinced this will be any different.


&nbsp;
Reply | Post Message | MESSAGES LIST | START A BOARD
krishanguru143 12/5/2012 | 4:57:38 PM
re: Huawei Appoints Cyber Security Guru



No matter what they do and how secure they show they are, if the governments are going to block deals, does it really matter?&nbsp; It is hard to use how secure their equipment is and use it as an advantage will their gear is automatically excluded from being looked at.&nbsp; How many carriers do you think have just overlooked Huawei because they know they won&rsquo;t be able to buy from them?&nbsp; In many cases, the top three or top five are looked at.&nbsp; If you are with a company that looks at the top three and you know that Huawei will be excluded at the end, why let them take a spot to begin with?





&nbsp;




They are going to have to go much further than what they have to ease the fears of the governments.




Reply | Post Message | MESSAGES LIST | START A BOARD
pdonegan67 12/5/2012 | 4:57:39 PM
re: Huawei Appoints Cyber Security Guru



Short of Colin Powell taking the job, from a PR point of view such a High Profile British 'Insider" is about as good as Huawei could have got with this appointment.

Meantime, where mobile network security is concerned, Huawei and NSN respectively remain head and shoulders above the other major end to end network infrastructure vendors in terms of thought leadership and communicating a coherent end to end security strategy.

Distrust of Huawei certainly remains deep-rooted in many corners of a lot of operators, government departments, Parliaments and Senates throughout the world. But as security becomes something over which vendors are compelled to compete on more and more, as it surely will, how long before the uniquely intense security grilling that Huawei is being subjected to by some governments starts to morph from a competitive weakness into a competitive advantage?

&nbsp;

&nbsp;




Reply | Post Message | MESSAGES LIST | START A BOARD
Michelle Donegan 12/5/2012 | 4:57:39 PM
re: Huawei Appoints Cyber Security Guru

UK prime minister David Cameron has given his blessing to Suffolk's appointment, so he'll take up his post on October 1.


Suffolk said he's "thrilled and privileged" to join Huawei on his blog:


http://www.johnsuffolk.typepad.com/


&nbsp;


&nbsp;


&nbsp;
Reply | Post Message | MESSAGES LIST | START A BOARD
EDUCATIONAL RESOURCES
sponsor supplied content
Cybersecurity: Priorities & Proposals for Small ISPs
Arbor & Cisco: Stopping DDoS Attacks
Threat-Centric Security Solutions for Service Providers
Cisco ASR 9000 vDDoS Protection Solution
Cisco ASR 9000 Integrated DDoS Mitigation with Arbor Networks Peakflow TMS
Cisco ASR 9000 vDDoS Protection Solution
Frost & Sullivan: The Expanding Role of Service Providers in DDoS Mitigation
Cisco ASR 9000 vDDoS Protection Solution Overview
Educational Resources Archive
FEATURED VIDEO
UPCOMING LIVE EVENTS
Optical Networking Digital Symposium
February 16-18, 2021, Digital Symposium
Edge Computing Digital Symposium
February 23, 2021, Digital Symposium
Next-Gen Broadband APAC: 5G, 10G & Beyond
March 4-2, 2021, Digital Symposium
All Upcoming Live Events
UPCOMING WEBINARS
January 21, 2021 Harnessing the 5G Consumer Potential
January 21, 2021 SCTE•ISBE Live Learning Webinar™ Series: Sizing Up the New Cable Tech Landscape
January 26, 2021 The Outlook for Open and Disaggregated Packet and Optical Networks
January 26, 2021 How to Harness 5G’s Edge Computing Power
January 27, 2021 The Critical Role of Timing and Synchronization in 5G TDD Deployments
January 28, 2021 Going from average to “Wow” - How cable MSOs can flip the script on customer satisfaction
February 3, 2021 How to Enable 5G and Private Networks to Drive Industry 4.0
February 4, 2021 Cable's Fiber Outlook – DAA and CIN Strategies
February 16, 2021 Optical Networks Symposium - Day 1
February 17, 2021 Building High-Performance 5G Networks With vRAN
February 18, 2021 SCTE•ISBE Live Learning Webinar™ Series: Making the Most of DOCSIS OFDMA
February 23, 2021 Edge Computing Digital Symposium
March 18, 2021 SCTE•ISBE Live Learning Webinar™ Series: What's New with DAA & Flexible MAC
April 15, 2021 SCTE•ISBE Live Learning Webinar™ Series: Winning with Wireless: Embracing 5G & Wi-Fi 6/6E
May 20, 2021 SCTE•ISBE Live Learning Webinar™ Series: Fighting Fiber with More Fiber
June 17, 2021 SCTE•ISBE Live Learning Webinar™ Series: Putting Next-Gen PON to Work
July 15, 2021 SCTE•ISBE Live Learning Webinar™ Series: 10G or Bust: HFC & the Future Access Network
August 19, 2021 SCTE•ISBE Live Learning Webinar™ Series: Tapping Into the Cloud
September 16, 2021 SCTE•ISBE Live Learning Webinar™ Series: Engineering the DOCSIS 4.0 Network (FDX and ESD)
October 21, 2021 SCTE•ISBE Live Learning Webinar™ Series: Lowering the Latency
November 18, 2021 SCTE•ISBE Live Learning Webinar™ Series: How to Test the Next-Gen Cable Network
December 16, 2021 SCTE•ISBE Live Learning Webinar™ Series: Virtualizing the Cable Access Network
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
5G and the Sustainable Future: A Look to 2025 By Harri Holma, Nokia Bell Labs Fellow and Peter Merz, Head of Standardization and Research, Nokia Bell Labs
Global LTE Yearly Review 2020: Still in Its Prime By Tian Zhongyi, Chief Editor, China ICT Media
5G-Rich Messaging Is a Potent Upgrade From A2P SMS for Business Messaging By Pamela Clark-Dickson, for ZTE
Embrace 5G to Upgrade Voice and IoT to a New Phase of Development By Zhao Lexuan, People's Posts & Telecommunications Press, China
China Mobile Sichuan Verified Indoor 5G Distributed Massive MIMO in China – First in a Railway Station By Huawei
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
Making sense of the latency alphabet soup By Matt Schmitt, Principal Architect, CableLabs
CommScope CTO: Here are the trends I'm watching in 2021 By Morgan Kurk, EVP, CTO and Segment Leader, Broadband Networks, CommScope
All Guest Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE