Huawei security chief: We can help keep U.S. safe from 'Net threats

Huawei security chief: We can help keep U.S. safe from 'Net threats

ORLANDO, Fla. -- The chief security officer of Huawei, the Chinese company recently flagged by Congress as a national security threat, says the network equipment maker could actually help the United States defend itself against malicious Internet traffic.

BACKGROUND: U.S. House Intelligence report blasts Huawei, ZTE as national-security threats

HUAWEI: Separating fact from fiction

Andy Purdy, Huawei Technologies' CSO, spoke here today on a Cloud Security Alliance Congress panel of security experts from the U.S. government and industry that raised warnings about Chinese espionage across the Internet.

In representing the sole China-based company on the panel, Purdy said there are ongoing discussions between the U.S. and China on supply-chain safety, and private companies should be part of it. There should be "openness, transparency and freedom," he said.

"Part of the planning of the U.S. hopefully is collaboration with the private sector and part of the strategy should be planning how to block malicious traffic," said Purdy, adding ISPs could do that. He said: "It's disgraceful the government isn't doing anything to address the Internet underground."

Purdy pointed out that Huawei agreed with the U.S. administration about possible risks to the global supply chain. He noted that Huawei, with $32 billion in revenues, makes less than $2 billion in the U.S., but a third of its components come from the U.S., meaning thousands of U.S. jobs are supported.

Nevertheless, China has been stealing vast amounts of U.S. corporate intellectual property by breaking into networks, said Scott Borg, director and chief economist for the U.S. Cyber Consequences Unit, described as a research organization set up by the U.S. government specifically to look at the nature of cyberattacks and supply-chain safety issues.

"We're also finding malicious firmware in products from China," Borg said. "China and Chinese companies aren't playing by the same rules we are."

Borg said that research indicates that China, as a country rapidly climbing out of poverty into wealth, has done that largely by "copying the developed countries," and if someone doesn't hand you the basic technology to do this, you steal it. "Stealing is part of the national economic development model for China," he said. China has basically held its people hostage, encouraging them in this, in order to raise the standard of living, he continued.

However, Borg said other companies are tired of getting hacked and "taking it on the chin." He suggested there's now increasing interest in fighting back, and this would mean carrying out counter-strikes in some way.

Marcus Sachs, vice president for cybersecurity at Verizon, also on the panel, said the idea of hiring private armed guards to defend you is well-established in the physical world, and thus raises the question, "Why not do that in cyberspace?" But he pointed out that the armed guards in the physical world face limited distances in which to act, while in cyberspace you're across the planet within milliseconds. He said the idea of counter-strikes of any sort will come to deep consideration of policy issues.

John Streufert, director of the National Cybersecurity Division at the Department of Homeland Security, said offensive cybersecurity is the responsibility of the military in the U.S., and he said if citizens see specific threat problems they should report them.

But during a session later in the day, Streufert also described a long-planned DHS program called Continuous Monitoring. Coming soon will be a contract solicitation for managed security services called Continuous Diagnostics and Mitigation, including cloud-based services, to protect civilian federal agencies' data from stealthy attacks.

The Continuous Monitoring concept calls for a layer of sensors and scanners to check hardware and software used by the federal government for vulnerabilities.

A project expected to take the federal government a few years to complete, it would include a security dashboard view managed by Continuous Monitoring service providers that would likely be shared at the agency department level. Streufert called it a "cyberscope" for the federal agencies.

Streufert said the goal is to get the agencies away from the hugely expensive paper-based vulnerability reports they generate today that are seen as inefficient and untimely. The program could extend as well to state and local government agencies, he said, for an estimated total of up to 25 million seats.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags Huawei TechnologiessecurityZTEcloud computinginternetintelWide Area Network



IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)

IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)

VMware recently held an Asia-Pacific and Japan party for its partners in San Francisco following two days of keynotes and sessions. Whilst mingling and enjoying drinks and finger food, the partners were joined by VMware management who also took the opportunity to let their hair down to have some fun.

IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)
IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

VMware's sponsors and partners used the opportunity at VMworld 2015 to showcase some of their technologies. At an exhibition hall, these vendors educated those that popped by their stands on these solutions and addressed some of the issues surrounding mobility, datacentres, and the Cloud. SOme of the big names there included f5, Palo Alto Networks, HP, Intel, Samsung, and Symantec.

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)
IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

VMware has kicked off VMworld 2015 in San Francisco and the first day saw keynotes from its president and CEO, Carl Eschenbach; executive vice-president and general manager, Bill Fathers; and executive vice-president and general manager of SDDC, Raghu Raghuram; amongst others. VMware also made Cloud-related announcements and demonstrated its latest technology.

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos) is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments