Feeds

Huawei denies spying, calls for global security standards

'We're not the ones throwing malware around'

The Power of One eBook: Top reasons to choose HP BladeSystem

Even as execs of the Chinese telecom giant Huawei prepare to testify before Congress over concerns that the company's networking equipment may pose a security threat to US infrastructure, the company issued a public statement claiming that it has never participated in cyber espionage or any other illegal act, and that it would never do so.

That claim comes in a new report written by John Suffolk – a former UK government CIO who now serves as Huawei's global cyber security officer – with the rather tongue-tying title of "Cyber Security Perspectives: 21st century technology and security – a difficult marriage."

Huawei, like its Chinese competitor ZTE, has been under investigation by the House of Representatives Permanent Select Committee on Intelligence for nearly a year, after multiple US government and military officials raised concerns about both companies' ties to the Chinese government.

In the report, which Suffolk describes as "an open and frank perspective" on Huawei's views regarding cyber security and its impacts, the company asserts that the negative attention it has received is unfair and that espionage would be against its business interests:

For our survival, we have never damaged any nation or had the intent to steal any national intelligence, enterprise secrets or breach personal privacy and we will never support or tolerate such activities, nor will we support any entity from any country who may wish us to undertake an activity that would be deemed illegal in any country.

That's a line Huawei will no doubt repeat when it appears before the House Intelligence Committee in hearings that are expected to commence as early as this week. But critics in the US and elsewhere maintain that "Chinese actors" are among the most active perpetrators of cyber espionage, and that Huawei's equipment could be rigged to make such attacks easier.

That's just politics, Suffolk says.

In his paper he describes Huawei as "a global organisation doing business in over 140 countries." Furthermore, he questions whether, in the era of the global supply chain, it is valid or even helpful to label a company's products as "foreign developed":

Alcatel-Lucent has one third of its global manufacturing done by Shanghai Bell; Ericsson's joint-venture Nanjing Ericsson Panda Communications Co. has become the largest supply centre of Ericsson in the world; at the end of 2011, Nokia Siemens Networks had 10 manufacturing facilities worldwide: 5 in China (Beijing, Shanghai, Tianjin, Hanghzou and Suzhou), and 2 in India – is what they do "foreign developed"?

Suffolk goes on to criticize the lack of laws, norms, standards, and protocols with regard to cyber security, and says the current environment allows nearly anyone to use malware and other internet-based attacks with impunity.

"If we accept this route, then we must stop complaining and accept the consequences of the cyber race to the bottom of the pit and the return of the Wild West," he writes.

In an apparent jab against the US and its allies, which have all but admitted using state-sponsored malware in recent attacks on Iran and other targets, Suffolk warns that the lack of international law governing cyber security may soon have severe consequences.

"If governments are indeed involved in the acquisition of zero-day exploits or are developing or 'weaponising' attack software, such as Flame and Stuxnet," Suffolk writes, "the phrase 'what we sow we reap' springs to mind."

Suffolk says the correct approach would be for governments and companies to collaborate on international standards of data protection on a global basis. In the current regulatory environment, he says, Huawei and other companies must comply with different standards for each jurisdiction, which can be prohibitively difficult.

As to the issue of cyber espionage, Suffolk points out that no amount of international regulation or actions by vendors are likely to prevent governments from conducting intelligence activities over the internet, now that it has become central to so much of daily life.

"It is important to keep in mind that throughout history, spying and espionage have continually played a role in diplomacy, for better or for worse," Suffolk writes.

How much weight such arguments will carry in Congress is questionable, however, and for Huawei the stakes are high. In a statement issued last November, House Intelligence Committee chair Mike Rogers cautioned American businesses not to buy more Huawei kit "until we can fully determine their motives." ®

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.