Sometimes You Have to Pick Your Partners Carefully- Huawei

October 5 addendum - "60 Minutes" to have story on Huawei on October 6
 http://www.bizjournals.com/dallas/blog/2012/10/huawei-on-60-minutes-sunday-night.html

Interesting August 27 article (and video) by CNET, “Inside Huawei, and the Chinese tech giant that’s rattling nerves in DC”.  Huawei is a $32 billion technology company, with 140,000 employees worldwide  (including Silicon Valley in California) and the holder of over 50,000 patents.  A US congressional committee has been having ongoing discussions with the organization because of their fears that the company may be a national security threat.

According to the article, “Congressmen Mike Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.) said they were investigating "the threat posed to our critical infrastructure and counter-intelligence posture by companies with potential ties to the Chinese government.”  Some of this does come across as posturing in an election year.  In because this in involved with the  area of national security, the internet, hacking activities,  corporate and government “monitoring” of other nations by governments, there’s a cause for some concern.

Why Huawei?  The House Intelligence Committee has been vague, according to the article.  They said that they  “have received claims with varying degrees of credibility about cyberattacks internationally that may have been enabled by Huawei technology.”  This may be a bit of a stretch.  Nonetheless, the US government is specific with high tech companies about technologies that can’t be sold to specific countries, such as Syria.  

In March, the Australian government blocked Huawei from bidding on any contracts for the country's A$38 billion (roughly US$39 billion) National Broadband Network.

Symantec had ended a four-year-old joint venture with Huawei earlier in the year because of fears that the relationship could prevent it from getting information from the US about cyberthreats. Neither article discusses whether other US or global antivirus vendors such as Mcafee, Avg Technologies, Kaspersky, Sophos,  or Trend Micro, have a relationship with Huawei. Some immediate questions?  Are there areas that aren't cyber security sensitive that these companies could partner with Huawei on? What's the  tradeoff between immediate  business justification, public relations hits and  potential long term business?  It's that perception versus reality thing.

Slight correction - AVG Technologies could be in a quiet mode with respect to Huawei.  From a Thursday morning Google search using  Huawei and AVG Technologies:

AVG Partners with Huawei

blogs.avg.com/view-from-the-top/avg-partners-huawei/

1 day ago - AVG security solutions are now provided to millions of Huawei customers globally, starting in ... And now, through our new alliance with Huawei, a leading global ...

This is probably AVG Technologies' Mobilation antivirus product for the  Android OS. There also seems to be a promotion going on (can't tell exactly where) for home users owning a Huawei smart phone.

In January, the Pentagon transferred an information-sharing pilot program, called the Joint Cybersecurity Services Pilot, to the Department of Homeland Security.  Originally, the program was intended to share classified National Security Agency intelligence with military contractors.  The government was expected    to extend the program beyond those companies to antivirus companies, like Symantec, and network providers.  According to a March article in the New York Times, Symantec became “worried that its ties to Huawei would be a disadvantage when it came to being the recipient of classified threat information”. 

In 2011, Huawei released their   "Statement on Establishing a Global Cyber Security Assurance System".  Huawei held four meetings in 2011 to decide on   the company’s overall cyber security strategy.  Huawei stated that they are “Willing to work with all governments, customers and partners through various channels to jointly cope with cyber security threats and challenges from cyber security.”

   

In the enterprise, Huawei has an extensive portfolio of products in networking, IT infrastructure, and security.  On the consumer side, products include mobile phones, tablets, broadband, and modems.

http://news.cnet.com/8301-1035_3-57484472-94/inside-huawei-the-chinese-tech-giant-thats-rattling-nerves-in-dc/   

http://www.nytimes.com/2012/03/27/technology/symantec-dissolves-alliance-with-huawei-of-china.html?_r=1

 

Cyber Security Smackdown – Organized Crime vs. Agile Start-ups - VLAB

Great panel discussion put on by VLAB (MIT/Stanford Venture Lab) on November 15. The topic: Cyber Security Smackdown – Organized Crime vs. Agile Start-up. Part of the event description - Most organizations are unaware they have been hacked until it is too late. Just as the Mafia at the turn of 20th century changed the law enforcement landscape, black hat hacking has become a profitable, illegitimate business that harms individuals, companies, and national security. McAfee estimates that global cyber crime cost corporations and individuals over $1 trillion annually.

Some sound bites that came out of the discussion:

• IPv4 versus IPv6 – With respect to the “volume” of IP addresses that can theoretically be connected to the internet: Think of a golf ball versus the size of the sun.
• There are two kinds of companies when it comes to their preparedness for being hacked. Those who have been compromised and those that are still unaware of how vulnerable they are.
• Wells Fargo thought that one of the apps they had created for customers was just sitting out there until they hired one of the panelist’s companies. They then found that the app had been downloaded several million times. Kind of surprising that “someone” in the IT group didn’t realize this.
• Antivirus companies have been failing in protecting their customers. The solution(s) for protecting companies will not come from developers these companies.

Interestingly enough, Trend Micro Executive Eva Chen had a Q&A with CRN (www.crn.com) in March 2004. Chen stated in response to a question about security management, “The other thing we are thinking about is outbreak prevention. We always say we are in the antivirus business. But I was so frustrated that I called our CEO, Steve Chang, and said we've been lying to our customers for 10 years. We call ourselves antivirus, but we have never prevented a virus from hitting our customers'" http://www.crn.com/news/channel-programs/18841262/crn-interview-eva-chen-trend-micro.htm.
http://kensek.blogspot.com/2011/07/security-executives-say-every-security.html

• Companies need to look at any agreements they have with companies such as Microsoft, Amazon, etc. regarding security. In general, these sites have a statement regarding keeping your company protected: they aren't responsible for security lapses. But, they can hold your company responsible if they suffer damages because of the relationship.
• Question from the audience – “How can a company with a low budget stay protected?” Answer, “Try to maintain a very low profile.”
• Social engineering or gaining an entrée through an internal employee is how many cyber criminals get into a company.
• More than a few developers are good guys during the day and bad guys at night (colloquial restatement.

What does this mean with respect to security? Don't slash that budget. Look to some of the smaller companies. Read your agreements with the larger companies you are doing business with and may be relying on for protection.

Panelists for the discussion:

Jeffery Carr - Carr is the author of "Inside Cyber Warfare: Mapping the Cyber Underworld" (O'Reilly Media 2009). He is also the founder and CEO of Taia Global, Inc., a boutique security-consulting firm for Global 2000 companies.

Mike Eynon - Eynon is the Co-Founder, President of Silver Tail Systems, has substantial experience in building fraud detection and prevention tools for some of the highest traffic, and fraud targeted websites on the internet. Before co-founding Silver Tail Systems, Mike managed payment risk at PayPal, as well as fraud policy at eBay. www.silvertailsystems.com

Ali Golshan - Golshan is the Co-founder & Chief Architect at Cyphort. Golshan has over 12 years of experience in Security, Virtualization, and Data Mining using Probabilistic Pattern Matching. http://cyphort.com/ . Currently in stealth mode.

Marc Goodman -Marc Goodman is the Founder and Chairman of the Future Crimes Institute. Additional information is available at www.marcgoodman.net.

Jacques Benkoski - Benkoski joined US Venture Partners in 2005. Before joining USVP, Benkoski was President and CEO of Monterey Design Systems from 1999. Synopsys (SNPS) acquired the company in 2004.

About VLAB www.vlab.org

The MIT/Stanford Venture Lab (VLAB) is the San Francisco Bay Area chapter of the MIT Enterprise Forum, a non-profit organization dedicated to promoting the growth and success of high-tech entrepreneurial ventures by connecting ideas, technology and people.