back to article Huawei to America: You're not taking cyber-security seriously until you let China vouch for us

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors – including Huawei – can be trusted around the world. A post from Huawei's CSO for the USA, Andy Purdy, rates President Biden's sweeping May 2021 Executive Order on Improving the Nation's Cybersecurity as "the bare …

  1. Chris G Silver badge

    The US sees China as a major threat to it's apparent technical snd economic dominance of the world, it wants and hopes that sanctions and no trade rules will hold China back.

    However, they seem to have only just realisrd there is a stable door and that it has a bolt on it.

    1. Khaptain

      "The US knows China is the major threat to it's flaky technical and economic dominance of the world"..

      "It is hopelessly praying that sanctions and no trade rules will hold China back."

      "However, the crumbling stable door fell of a long time ago as no-one took care of the bolt.."

      1. Steve K Silver badge

        Wasn't it the horse that bolted?

        Wasn't it the horse that bolted?

        1. elsergiovolador Silver badge

          Re: Wasn't it the horse that bolted?

          If the doors and bolt were Chinese, likely the horse bolted with leaving the bolt intact...

    2. NoneSuch Silver badge
      Mushroom

      Animal Farm

      Everything stated in this article applies to Cisco and other western vendors as much as Huawei. Nation states should keep their cotton picking mitts off our networking gear, encryption, privacy and security. No back doors, no modification of hardware and certainly no government inclusion in development "for our protection."

      It's like sheep watching razor wire being erected around them and doing nothing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Animal Farm

        "It's like sheep watching razor wire being erected around them and doing nothing."

        Taking another path would involve a massive gambol.

        1. Anonymous Coward
          Anonymous Coward

          Re: Animal Farm

          Very good. Upvote for the subtlety!

    3. msobkow Silver badge

      The Americans lost dominance already. All THEIR companies do is buy up the companies that come up with new ideas, outsource the development and manufacturing, and skim the profits. They contribute NOTHING to the world any more, because it is more "cost effective" to ship all the work overseas.

      They MADE China the dominant player it is when their industries PAID to build factories in China to do their manufacturing for them...

  2. Pascal Monett Silver badge

    "once the USA [..] knew the rules"

    The US only has one rule : USA first and everyone else is fair game.

    Share information more openly ? The US will readily agree - to recieve shared information. Giving it out ? No so much.

    Trust China to vouch for Huawei ? Okay, not even I would trust that one, but hey, why should the US do so ? It knows very well what the NSA can do and there's no reason China shouldn't be doing the same.

    Contrary to the US Government - which can't seem to get a grip on its super spy agency, China's government will have no trouble keeping its spy agency on a tight leash - which will tighten even more if there is something China's rulers don't like.

    1. Yes Me Silver badge
      Thumb Down

      Re: "once the USA [..] knew the rules"

      That's exactly right. Fair competition rules only apply to the USA when they act in the USA's favour. On this point, Obama, tRump and Biden seem to agree. In fact I remember asking a Beijing friend what he thought about Obama's election and he said "no difference" (compared to George W. Bush, that is). From a Chinese viewpoint, he was right.

  3. bridgebuilder
    Mushroom

    Evolutionary dead-end

    As the saying goes, a cyber attacker only has to be successful once whereas people trying to defend against attacks have to be successful every time. As more and more countries become dependent on their IT infrastructure just to function as countries, more and more countries become vulnerable to Keystone-like events (and worse). Consequently, the appetite for mutual non-cyberaggression pacts will increase (with pacts covering both active attacks and passive attacks in the sense of letting ransomware gangs use the own territory as an operating base).

    The hard part is to figure out who to negotiate with ... it won't be enough to assemble the big powers round the table in a recap of 80s nuclear disarmament talks

    Icon because the overall geostrategic situation is surprisingly similar.

  4. SundogUK Silver badge

    Do not trust China. China is asshole.

    1. Anonymous Coward
      Anonymous Coward

      @SundogUK

      I am sure people on this forum are ever so grateful for your deeply insightful comment. Deeply insightful for a 9 year old that is.

      1. Claverhouse Silver badge

        Insert Variable

        It's pretty much in line with US Congressional thinking, if you can substitute at will any other country on Earth.

  5. elsergiovolador Silver badge

    Same old

    It's like a Soviet Union company saying that you are only safe if apparatchiks vouch for you.

  6. Packet

    Love the headline - it reads like something out of the onion.

    China cannot be trusted, period.

    1. Potemkine! Silver badge

      China cannot be trusted, period

      Who can be?

      1. Packet

        It's all relative and depends where you live and whose values you're allied with.

        Now it's not 0 or 100 when it comes to trust either.

        Trust someone less, trust someone more. You'd trust your wife, but maybe not your ex.

        But you know all this already, comrade...

  7. msobkow Silver badge

    I read that as "You're not taking crime seriously until you let the Hell's Angels vouch for us." *LOL*

  8. mevets

    Trust No One.

    Deploy with service to service authentication and security; then you don't even need to trust your network card.

  9. DJ
    Mushroom

    China's first on my list

    When I need toothpaste with Melamine, disintegrating drywall, toxic pet food, or baby formula that kills babies.

    None finer!

  10. thames Silver badge

    I read it a bit different from El Reg.

    I read the original blog post and take what he said as meaning something completely different from what el Reg's author does. Here's the quote again:

    It would be a major step forward if governments and global companies would subject themselves to auditable testing and verification processes for critical components and legal processes in the countries with whom mutual trust agreements are signed.

    To me one part of that says that companies producing critical components should be able to be audited by any country that both makes user of their kit and has signed the treaty, and they should be legally accountable in those countries as well. In other words, all telecoms and IT kit should be audited by all countries who want to take part in this process.

    The other part of it was stated in a less clear manner, and needs to be understood in the context of the entire blog post. He seems to be saying that governments should make good security practices in private companies in critical industries legally mandatory rather than just suggesting them as a good idea. In addition, governments should share information about security problems so that they get fixed rather than quietly taking advantage of them to spy on each other.

    What I take this all as meaning is that Huawei don't have a problem with countries putting their kit under a microscope looking for security issues. However, they want all other companies subject to the same rules rather than some countries using "national security" selectively as a tool of national industrial policy.

  11. Paul Crawford Silver badge

    Verify?

    While the idea of trusting another nation to say "our vendors are safe" is laughable, there is a point that there should be proper open audits of the vendor's code and practices rather like what Huawei was doing in the UK.

    Yes, that shows their processes to be piss-poor and no need for back doors when you can see through many walls, but we have no idea if other vendors are actually better. After all we see endless security advisories for big-name kit, so if we step away from, say, Huawei do we actually know (or have reasonable belief) that another one really is better?

    1. martinusher Silver badge

      Re: Verify?

      The initial pass throughs of Huawei's code would have uncovered all sorts of faults and deficiencies. We'd then all sit back and have a good laugh at their expense -- at least, those of us who don't know anything about software QA. More sanguine types would realize that the kinds of shortcomings found in Huawei's kit are likely to be endemic through the industry and that once uncovered and fixed Huawei's kit is likely to be a lot more sure than Brand 'C'.

      Huawei's #1 sin -- apart from being a Chinese company, of course -- is that its effectively a co-op, It doesn't have to feed the finance industry maw so it can devote as much or as little resources to a task as it feels necessary. This gives it a bit of an edge when it comes to dealing with QA issues since they're not going to cause a dip in profitability and so a share price dip that would cause problems with investors and C suite remuneration packages.

  12. Anonymous Coward
    Anonymous Coward

    It's politically naive

    because the goal for USA is to contain China and slow down its development, has nothing to do with real cyber security at all.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022