Huawei Network Security Panel Emphasized Equipment Verification, Operation Transparency, and Global Standards
In what appeared to be a direct response to continued US suspicion of Huawei Technologies and its potential threat to US network security, the Chinese equipment vendor sponsored a seminar at the annual convention. from this year’s Competitive Carriers Association, calling for global collaboration among wireless carriers, government agencies and equipment vendors to make America’s communications networks more secure.
Huawei has been actually blacklisted by the Trump administration, which placed the company on the U.S. Commerce Department’s Entity List in May due to concerns about national security risks. The administration has also encouraged its global allies to exclude Huawei from participating in building their 5G networks, fearing the Chinese government could use the provider to attack or monitor foreign networks. Using this argument, the US government was able to convince Australia to ban the seller.
The Huawei-sponsored panel, which included Kevin Jackson, Founder and CEO of GovCloud Network, Tony Scott with Patton Boggs and Huawei Chief Security Officer Andy Purdy, highlighted the need for effective verification of equipment, chain of and transparency of operations, as well as setting global network security standards for our networks.
Huawei, which has consistently denied claims that its products pose a security risk, sees itself as having been placed in the middle of a much wider dispute over trade between the United States and China – and that in different circumstances, Huawei and the US government would participate in different discussions.
“Those conversations aren’t happening,” Purdy said. “We would have discussions with them about what the real cybersecurity risk is, what to do about it and talk about proven mechanisms to deal with the risk, like those that allow Nokia and Ericsson to do business in the United States in a fairly unlimited way. because they have government controlled risk mitigation agreements in place.
He added that Huawei was very interested in discussing with the government whether something like this could be developed for them.
Jackson put the issue in its simplest terms, saying, “We’re moving so fast, it’s hard to keep up – and that in itself is a threat.”
He went on to explain that as network infrastructure is no longer hardware-based, but increasingly becoming software-based, security threats will now also be software-based.
“As a carrier, it’s important to understand what this means for your operations,” he explained. “Historically you’ve focused on physical things, but the threat is coming from a completely different direction now.”
This, Jackson said, will lead to a change in carrier operations and a change in perspective on what a telecommunications network is. “Global standardization is essential to solving this problem, because the competition is not in the technology itself, but in the services you provide, but the main thing in all of this is the security of data and information for your customers. “, did he declare.
Standardization becomes essential because it allows visibility into an infrastructure and, in turn, enables a higher level of security. “The lack of a consistent model or rules is also a major threat to the cybersecurity of our current and future telecommunications infrastructure,” Jackson explained.
He also called on operators to develop a better understanding of “non-person” entities within their infrastructures and what data those entities are able and permitted to share with another entity.
Scott agreed, adding, “As machines begin to take on the role of humans, we need to have a more richly developed concept of who the machine is and what those machines can access and what actions those machines can take according to this access.
For the panelists, the biggest hurdle operators face when it comes to security will be cultural change. “There’s a need to change the mindset about what it takes to be an effective telecom operator,” Jackson said.
Role of the seller
Purdy highlighted the need to create better surveillance capabilities in general and greater transparency, and referenced efforts by the GSMA and 3GPP to work with carriers and equipment vendors to create standards and a certification process for next-generation telecommunications equipment.
He also stressed that equipment vendors should develop close collaboration with telecom operators to ensure vendors meet international and external operator requirements. “[Equipment vendors] have an obligation to address the risk of what [they] do and the risk of [their] supply chain and to do so in a transparent and efficient manner.
According to Purdy, having independent programs as an equipment supplier to verify that requirements are being met – requirements “anchored in international standards” where possible – and feedback from these processes can go a long way to reducing the risk of security.
Additionally, he explained the role of the provider, explaining that there are methods that can be used to ensure that providers have a very limited ability to access data they are not supposed to access or transmit. this data to anyone they’re not supposed to hand it over to. “Methods that provide both assurance and transparency are absolutely essential in the context of verification and compliance,” he added.
Role of government
“Government needs to be engaged in this great moment,” Scott said. According to him, the government must play two major roles: establishing regulatory and policy frameworks; and fostering innovation by encouraging R&D through funding.
Purdy called for better accountability from government and private sector organizations. “[They] must possess cybersecurity risks and must know their requirements. They don’t need to be experts, but they do need to use frameworks and follow guidelines.
He also believes that the US government does not place enough emphasis on the importance of competition in telecommunications equipment.
“There is a fragile situation in the world regarding the number of equipment suppliers and their ability to perform R&D,” he said. The risk of losing business to this competition is too high. He cited the Chinese government as an example to follow, explaining: “The [Chinese] The government recognizes the importance of competition and that having it in the market helps encourage lower prices, better innovation and better security and resilience features.
While all three panelists agreed that government has a crucial role to play in keeping the network secure, they all also said that some things are best left to those in industry.
“[The government’s role] shouldn’t be about picking winners and losers,” Scott said. “You see it playing out in different ways, and it’s starting to be a dangerous space.” He later added, in response to a question from the audience, that the government should look at nothing beyond objective criteria when deciding where to place funding.
Additionally, Jackson revealed that after speaking with carriers at the convention, he began to understand that carriers believe that it’s not innovation and service improvement that drive decisions, but rather government grants. “It’s not the desire or the need to innovate, but the choices they are able to make based on funding,” he said, “so government subsidies can hinder innovation in a way unexpected”.
Finally, Purdy said he doesn’t think the government should lead the way in setting auditing and transparency standards. Instead, it should be led by the private sector, to avoid the development of regulations that end up stifling competition, innovation, assurance or transparency.
Network security was a theme for much of the convention. FCC Commissioner Geoffrey Starks also addressed the issue of network security, assuring those in attendance that he was “paying careful attention” to the many national security concerns that have been raised as the world rushes to 5G. Starks concluded by highlighting the role of carriers, especially small rural carriers, saying, “We need your input.