Before joining Huawei, Suffolk's last job was CIO of the U.K. government. Prior to that, he has also been an advisor to the World Bank High-Level Experts group, director general of the UK criminal justice transformation program, and managing director of financial services firm Britannia Building Society.
Now he will report to Huawei CEO Ren Zhengfei and spearhead the vendor's new cyber security assurance strategy, which will be implemented across all of the vendor's departments, including research and development, supply chain, marketing and sales, project delivery and technical services.
Suffolk, whose office will be located at Huawei's headquarters in Shenzhen, China, will also be responsible for communicating the new strategy to customers, partners, employees and other stakeholders.
The appointment follows the opening of Huawei's Cyber Security Evaluation Center in the U.K. at the end of last year. The facility is designed to test Huawei's own equipment and show operators and government officials how it can withstand cyber security threats. (See Huawei Opens UK Security Evaluation Center.)
Why this matters
Huawei is on a mission to allay security fears that some governments still have about the company -- the latest example of such concerns cropped up in Taiwan just last month. (See More Security Woes for Huawei.)
The Chinese vendor wants to change its image from security threat to cyber security expert and even services provider. To that end, it has taken unprecedented steps to be more open and transparent. Hiring a high-profile IT exec such as John Suffolk is the company's latest move in this security assurance offensive.
For more
There are those that will see the irony in Huawei's cyber security push as the company has a colorful and controversial history on this front.
- Huawei's Open Letter to the US
- Huawei, ZTE Spook Sprint?
- US Gets Worried About Huawei
- No Way Huawei?
- Huawei's Latest US Offensive
- Huawei, AT&T, and the NSA
- Huawei Addresses Security Fears
- No Respite for Chinese Vendors
— Michelle Donegan, European Editor, Light Reading Mobile
Without disrespect, as a business man, Bill had his own business objectives to achieve and that’s understandable.
For Nortel (and its old BNR), there were million lines of Protel code running on the DMS (once the most popular switches in the World), however, nobody would have had any incentives to do malicious things, or anything unethical.
For Huawei, it’s not quite the same. Is Huawei a public company like what Nortel once was?
My view is, either it’s very naïve or very ignorant of anyone, or any company would claim that they could inspect all the code, or all the HW’s components in any communication equipments.
The truth is, during the HW, SW or patching upgrade; if wanted to, any intended malicious functions can be slipped in quite easily. Would any management with the right mind, really want to shut down a live network, just for the live code inspection, or for the hardware inspection?
On the other hand, even with the very legitimate code in the systems. A simple twist in the code’s variables, that’s enough to do the job. Even for a very well trained coder, it’s almost next to impossible for detecting any of those “legal” variables and parameters.
Okay, let’s for get about all those back-door stuff and just looking at the system security from another angle. How about CALEA (system’s voice, data and video images interception functionality), which are required by law in most countries?
Yes, all the communication equipment vendors have expert teams in this field; mainly for supporting the Law Enforcement Agency with data interception and collection. Who can say those CALEA experts won’t help themselves illegally with the intercepted data for whatever purposes, like a for a particular foreign power's interests?
The country’s security and safety must come first and I think Sprint had made a right decision. Any personal gain or business gain from a potential threat is not ethical and not worth it. I’d like to borrow a line from JFK, “Ask not what your country can do for you - ask what you can do for your country.”