Huawei security chief: We can help keep U.S. safe from 'Net threats

ORLANDO, Fla. -- The chief security officer of Huawei, the Chinese company recently flagged by Congress as a national security threat, says the network equipment maker could actually help the United States defend itself against malicious Internet traffic.

BACKGROUND: U.S. House Intelligence report blasts Huawei, ZTE as national-security threats

HUAWEI: Separating fact from fiction

Andy Purdy, Huawei Technologies' CSO, spoke here today on a Cloud Security Alliance Congress panel of security experts from the U.S. government and industry that raised warnings about Chinese espionage across the Internet.

In representing the sole China-based company on the panel, Purdy said there are ongoing discussions between the U.S. and China on supply-chain safety, and private companies should be part of it. There should be "openness, transparency and freedom," he said.

"Part of the planning of the U.S. hopefully is collaboration with the private sector and part of the strategy should be planning how to block malicious traffic," said Purdy, adding ISPs could do that. He said: "It's disgraceful the government isn't doing anything to address the Internet underground."

Purdy pointed out that Huawei agreed with the U.S. administration about possible risks to the global supply chain. He noted that Huawei, with $32 billion in revenues, makes less than $2 billion in the U.S., but a third of its components come from the U.S., meaning thousands of U.S. jobs are supported.

Nevertheless, China has been stealing vast amounts of U.S. corporate intellectual property by breaking into networks, said Scott Borg, director and chief economist for the U.S. Cyber Consequences Unit, described as a research organization set up by the U.S. government specifically to look at the nature of cyberattacks and supply-chain safety issues.

"We're also finding malicious firmware in products from China," Borg said. "China and Chinese companies aren't playing by the same rules we are."

Borg said that research indicates that China, as a country rapidly climbing out of poverty into wealth, has done that largely by "copying the developed countries," and if someone doesn't hand you the basic technology to do this, you steal it. "Stealing is part of the national economic development model for China," he said. China has basically held its people hostage, encouraging them in this, in order to raise the standard of living, he continued.

However, Borg said other companies are tired of getting hacked and "taking it on the chin." He suggested there's now increasing interest in fighting back, and this would mean carrying out counter-strikes in some way.

Marcus Sachs, vice president for cybersecurity at Verizon, also on the panel, said the idea of hiring private armed guards to defend you is well-established in the physical world, and thus raises the question, "Why not do that in cyberspace?" But he pointed out that the armed guards in the physical world face limited distances in which to act, while in cyberspace you're across the planet within milliseconds. He said the idea of counter-strikes of any sort will come to deep consideration of policy issues.

John Streufert, director of the National Cybersecurity Division at the Department of Homeland Security, said offensive cybersecurity is the responsibility of the military in the U.S., and he said if citizens see specific threat problems they should report them.

But during a session later in the day, Streufert also described a long-planned DHS program called Continuous Monitoring. Coming soon will be a contract solicitation for managed security services called Continuous Diagnostics and Mitigation, including cloud-based services, to protect civilian federal agencies' data from stealthy attacks.

The Continuous Monitoring concept calls for a layer of sensors and scanners to check hardware and software used by the federal government for vulnerabilities.

A project expected to take the federal government a few years to complete, it would include a security dashboard view managed by Continuous Monitoring service providers that would likely be shared at the agency department level. Streufert called it a "cyberscope" for the federal agencies.

Streufert said the goal is to get the agencies away from the hugely expensive paper-based vulnerability reports they generate today that are seen as inefficient and untimely. The program could extend as well to state and local government agencies, he said, for an estimated total of up to 25 million seats.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Tags: Huawei Technologies, security, ZTE, Wide Area Network, intel, internet, cloud computing

Hackers try to blackmail plastic surgeon after stealing 500,000 patient records

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-2404

Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-2404

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.