Hidden security costs: Should Huawei and ZTE be singled out?

Tell the world!

the R&D building of Huawei Technology in Shenz...
the R&D building of Huawei Technology in Shenzhen, China. (Photo credit: Wikipedia)

We all
like the price of Chinese goods but now it seems there might be a hidden cost. 

 After
a year-long study the U.S. House Select Committee on Intelligence has warned Americans not to do business with Huawei or  state owned ZTE. When asked by CBS 60 Minutes, if he would do business with Huawei Mike Rogers replied, “If
I were an American today, and I tell this to you as the Chairman of the House Permanent
Select Committee on Intelligence
, and you were looking at Huawei I would find
another vendor. If you care about your intellectual property, if you care about
your consumer’s privacy and you care about the national security of the United
States of America
.” 

Huawei’s
security issues were also in the news as recently as this past July at DEFCON 2012. Computerworld covers the discussion and lists the main concerns as: there
was no specific contact for security issues, no security advisory updates and there
was no update on bugs found and fixed. The researchers couldn’t comment on any
issues with the “big
boxes” like the Huawei NE series routers because they couldn’t
obtain them. The article ended with a hope that Huawei would follow the lead of American companies like Microsoft, Cisco and Apple that had listened to consumer
demand and improved their security. 

These
are significant concerns being expressed that need to be taken
seriously especially when it comes to infrastructure. While we can’t
prevent cyber-espionage, are we giving them the keys to the vault by bringing
them into our data centres? There shouldn’t be any question of trust or security.

With
these concerns in mind the Canadian government is building out and replacing
their data systems that were “contaminated beyond repair” by massive Chinesecyber-attacks in 2010. Among the list of companies that is being considered for
this multi-billion dollar project is Huawei.  

While
the equipment may not have malware or vulnerabilities built into it now, it does have this
potential through updates and patches.While the Chinese
government may have no role in either of these companies now, they may in the
future.

We all like the price
of Chiese goods. What we might not like is the potential security costs.

What do you think? Should Huawei and ZTE
be singled out? Should the government source only domestic equipment?  Have they crossed the line by going public
with this? Is this a case of the
government meddling in corporate affairs or do you think the issues that were
reported at DEFCON and by the committee provide enough justification?

Enhanced by Zemanta

Tell the world!

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*