Tuesday, September 4, 2012

Huawei's Cavernous Cyber Security Credibility Gap

Approximately one month before Huawei officials (along with ZTE officials) are supposed to testify before the House Permanent Select Committee on Intelligence (October 2012), the company's Global Cyber Security Officer and SVP John Suffolk released a white paper entitled "Cyber Security Perspectives: 21st Century Technology and Security - a Difficult Marriage".

I've been monitoring Huawei for several years and have given dozens of briefings on the security risks associated with the company, its management and its products. I've had several Huawei employees contact me privately about issues within the company and I've spoken to at least one of their senior executives last year about my concerns. I just finished reading Mr. Suffolk's white paper, which Andy Purdy, former Director of DHS National Cyber Security Division and now Huawei's Chief Security Officer, helped write. While it covered all of the usual bases regarding Huawei's commitment to security (I'm not going to recap these - read the paper if you must know), it addressed none of the issues that underscore the opinion of myself and others that Huawei is a security threat, such as:
  • Madam Sun Yafang's past employment with China's Ministry of State Security and how she helped the young company secure loans form the Chinese government.
  • Claims that Huawei benefited from Nortel's IP in 2004 including duplicating its instruction manuals.
  • Claims that Huawei stole source code from Cisco and its settlement of those claims in 2004.
  • Lack of full disclosure regarding Huawei's obligations to the Chinese government as a national champion firm and a provider of services and products to the State including the Peoples Liberation Army. 
  • Lack of full disclosure regarding how many of its executives are members of the powerful Chinese Communist Party (CCP) and therefore bound to comply with directives from the CCP. After all, the CCP plays a dominant role in China's economy.
If Huawei's white paper is an example of how Huawei intends to address the concerns of the House Intelligence Committee, it's not nearly enough - even with Andy Purdy's help.

UPDATE (06SEP12): According to Reuters, Huawei is negotiating terms for its testimony before the House Intelligence committee. The fact that they have to "negotiate terms" says a lot to me about how valid the scope and validity of the concerns that I mentioned above are, not to mention the ones that Huawei doesn't want to have discovered.

2 comments:

  1. thanks for sharing...this great info on Huawei!

    barbed wire

    ReplyDelete
  2. Pretty section of content. I just stumbled upon your site and in accession capital to assert that I acquire in fact enjoyed account your blog posts. Anyway I will be subscribing to your feeds and even I achievement you access consistently rapidly.
    Security Glass

    ReplyDelete