Feeds

Huawei denies spying, calls for global security standards

'We're not the ones throwing malware around'

Protecting against web application threats using SSL

Even as execs of the Chinese telecom giant Huawei prepare to testify before Congress over concerns that the company's networking equipment may pose a security threat to US infrastructure, the company issued a public statement claiming that it has never participated in cyber espionage or any other illegal act, and that it would never do so.

That claim comes in a new report written by John Suffolk – a former UK government CIO who now serves as Huawei's global cyber security officer – with the rather tongue-tying title of "Cyber Security Perspectives: 21st century technology and security – a difficult marriage."

Huawei, like its Chinese competitor ZTE, has been under investigation by the House of Representatives Permanent Select Committee on Intelligence for nearly a year, after multiple US government and military officials raised concerns about both companies' ties to the Chinese government.

In the report, which Suffolk describes as "an open and frank perspective" on Huawei's views regarding cyber security and its impacts, the company asserts that the negative attention it has received is unfair and that espionage would be against its business interests:

For our survival, we have never damaged any nation or had the intent to steal any national intelligence, enterprise secrets or breach personal privacy and we will never support or tolerate such activities, nor will we support any entity from any country who may wish us to undertake an activity that would be deemed illegal in any country.

That's a line Huawei will no doubt repeat when it appears before the House Intelligence Committee in hearings that are expected to commence as early as this week. But critics in the US and elsewhere maintain that "Chinese actors" are among the most active perpetrators of cyber espionage, and that Huawei's equipment could be rigged to make such attacks easier.

That's just politics, Suffolk says.

In his paper he describes Huawei as "a global organisation doing business in over 140 countries." Furthermore, he questions whether, in the era of the global supply chain, it is valid or even helpful to label a company's products as "foreign developed":

Alcatel-Lucent has one third of its global manufacturing done by Shanghai Bell; Ericsson's joint-venture Nanjing Ericsson Panda Communications Co. has become the largest supply centre of Ericsson in the world; at the end of 2011, Nokia Siemens Networks had 10 manufacturing facilities worldwide: 5 in China (Beijing, Shanghai, Tianjin, Hanghzou and Suzhou), and 2 in India – is what they do "foreign developed"?

Suffolk goes on to criticize the lack of laws, norms, standards, and protocols with regard to cyber security, and says the current environment allows nearly anyone to use malware and other internet-based attacks with impunity.

"If we accept this route, then we must stop complaining and accept the consequences of the cyber race to the bottom of the pit and the return of the Wild West," he writes.

In an apparent jab against the US and its allies, which have all but admitted using state-sponsored malware in recent attacks on Iran and other targets, Suffolk warns that the lack of international law governing cyber security may soon have severe consequences.

"If governments are indeed involved in the acquisition of zero-day exploits or are developing or 'weaponising' attack software, such as Flame and Stuxnet," Suffolk writes, "the phrase 'what we sow we reap' springs to mind."

Suffolk says the correct approach would be for governments and companies to collaborate on international standards of data protection on a global basis. In the current regulatory environment, he says, Huawei and other companies must comply with different standards for each jurisdiction, which can be prohibitively difficult.

As to the issue of cyber espionage, Suffolk points out that no amount of international regulation or actions by vendors are likely to prevent governments from conducting intelligence activities over the internet, now that it has become central to so much of daily life.

"It is important to keep in mind that throughout history, spying and espionage have continually played a role in diplomacy, for better or for worse," Suffolk writes.

How much weight such arguments will carry in Congress is questionable, however, and for Huawei the stakes are high. In a statement issued last November, House Intelligence Committee chair Mike Rogers cautioned American businesses not to buy more Huawei kit "until we can fully determine their motives." ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.