back to article US 'dropped the ball' on security by going it alone claims Huawei US CSO

Andy Purdy, CSO for Huawei USA, believes the US needs to be more active in the development of global security standards rather than being aloof. "The US has fundamentally dropped the ball when it comes to participation in global security standards," Purdy told The Register. "We need really strong standards and the US should be …

  1. A random security guy Bronze badge

    Oh, shut up.

    Covering up for your parent company by throwing stones is not a good idea.

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh, shut up.

      Not being willing to listen to others is about the greatest failing you can have if you're really working in security.

      "Purdy argues that trust doesn't need to be assumed. "Something I've really emphasized is the trust-no-one approach," he said. "[We should be] working on developing a zero-trust architecture and zero-trust principles so it's not just about the perimeter.""

      This is absolutely, 100% correct. Trust should never be implied, it should be a consequence of hard facts. Any company that asks its users to trust it instead of providing the data to base that trust on does not deserve trust. Ditto for governments, actually.

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh, shut up.

        Absolutely agree! I welcome Huawei to show the way by open sourcing their stack. No? Thought so.

        1. Anonymous Coward
          Anonymous Coward

          Re: Oh, shut up.

          Like MS, Apple, and just about every other company out there?

          Anyway, Huawei did open their source to the UK government, more than many of the others did.

          1. bazza Silver badge

            Re: Oh, shut up.

            And according to reports, what they found was a whole load of won't fix security vulnerabilities. Huawei crowing about security is a pretty feeble thing.

        2. Anonymous Coward
          Anonymous Coward

          Re: Oh, shut up.

          The hard blackmail of the US to keep their own industries relevant in the 5G space despite Huawei being years ahead was exposed as such the moment Huawei offered review access to its engineering .. and the US did not.

          So, who should It trust here? The peopel who badmouth others but are unwilling to demonstrate they're trustworthy themselves and who hardly punishes its world's most advanced intercept organisations when they engage in little side projects, or the company that is politically bullied but does the right thing and had actually its code confirmed to be clean by little insignifant outfits such as GCHQ?

          The US had to put quite a few concessions on the table (as "bribes" is such an ugly word) and probably a great deal of blackmail they gathered to convince Europe to play along, which to me implies that 5G will be compromised from the get go and you better organise your own encryption higher up the stack to maintain some degree of confidentiality.

      2. Anonymous Coward
        Anonymous Coward

        Re: Oh, shut up.

        Be fair, the guy is working for the Chinese. So he has to peddle the Chinese Gospel, it's not like working for a Western company. His mouth is not his own. Let him have his retirement pension without getting personal just because we can.

        1. gandalfcn Silver badge

          Re: Oh, shut up.

          That was pure goldy.

        2. Yes Me Silver badge
          Facepalm

          Re: Oh, shut up.

          But the thing is, dear A. Coward, what he says is literally true. Of course, you won't find anybody from a US-owned company willing to say so on the record.

          The tRump era policies that Biden seems to have swallowed hook, line and sinker are a tactical triumph for America's high-tech lobbyists but a strategic disaster for the US. The have given China a gold-plated motivation to become the world's leading high-tech developer, with its own supply chain, and they have the brains to do it.

          1. Anonymous Coward
            Anonymous Coward

            Re: Oh, shut up.

            @Yes Me The Dark Forest is only as true as you want it to be, and then only as far as your power extends. Darwinian evolution has proven a balance of cooperation and conflict to be optimal, and you ignore either at your peril.

            Whether the messenger brings falsehoods or not, and whether we decide to shoot them regardless, are not the same issue and should not be consfused.

      3. Stuart Castle Silver badge

        Re: Oh, shut up.

        It is absolutely correct that you cannot trust anyone implicitly. That applies whether dealing with Huawei, Cisco, Ericsson, Nokia or any company.

        While I don't trust Huawei, I feel that bearing in mind the seeming lax attitude to security displayed by the Trump admininstration generally, this apparent tough stance on a Chinese company was all designed so Trump would appear to be tough. I suspect he didn't even care which company he was tough on. I think he did want to appear particularly tough on the Chinese though, hence the other tariffs,

        I have to admit, I do trust Huawei less than I do the other companies. The Chinese government do not have a good record when it comes to things like privacy, or human rights.

  2. Anonymous Coward
    Anonymous Coward

    Maybe backdoor less?

    The USA shouldn't be involved in any way in security because all it does is backdoor stuff.

    Look at Certs, any certification authority can issue a fake cert for any site. Who designed that? An f-ing crackhead? But, you say the fake cert would be spotted..... and along come CDN networks who can individually target fake certs that will never get spotted, effectively backdooring any security they offered.

    All they ever do is backdoor security. If there's a security standard that comes out with government involvement the government's contribution was a backdoor.

    Yesterday, Zinc Network popped up again, (UK Foreign office's fake NGO) Adam and his crappy "here we found 350 fake Chinese propaganda accounts, using (insert implausible data mining/language analysis explanation incapable of searching low level noise like that) and 'exposed' how China is obsessed with propaganda, mostly against Steven Bannon. Honest China is totally anti-Bannon so you should listen to whatever racist crap Bannon spews...here look at all these cartoons we, er they drew about Bannon, the guys a legend, you should worship him because China totally did this". Sure Adam, sure they did, and sure they are obsessed with Steve Bannon as much you are, and sure you *didn't* just put up 350 fake accounts from other fake FCO NGOs, then find them again. I ToTALLy BeLIEVe that.

    Do I trust a government that runs propaganda operations attacking encryption and the privacy right with funded fake NGOs to protect security and privacy? Propaganda aimed and read almost exclusively by its own people? *DOMESTIC* propaganda? Domestic propaganda driving domestic laws to undermine security and spy on their own country? F**K NO!

    Those certs you backdoored, they also certify software downloads, and the source of the software, so you've backdoored every piece of kit with your f**ing backdoors. All *your* hi-tech all compromized, by *you*. Undermined by *you*.

    Well done, now to make things secure, every piece of US kit should be ripped out, and every US CDN have its contract cancelled, because you f**kers and you're backdoors.

    /rant

    Zero trust security. The privacy right in a nutshell.

    1. gandalfcn Silver badge

      Re: Maybe backdoor less?

      You know it is blasphemy to criticise the land of the free and say anything good about the evil CCP to all the Trump/GOP and flag waving loonies.

      1. Anonymous Coward
        Anonymous Coward

        Re: Maybe backdoor less?

        I'm pissed off at this, as you can tell.

        Shanghai stock exchange, I'm seeing fake injected DNS packets, blocked CSS files, a routing via Kansas, yet the entry point in China Telecom routes via Hong Kong and is twice as fast. Not the exception, a lot of their financial sites are getting this crap. Fake crap to give the impression of failure and disuade inward investment.

        CDN networks that are simply government fronts. Certs that should never exist, ever, out in the wild.

        It's economic warfare, and I'm pretty sure USA didn't declare war against China yet Huawei are just one of the attacks going on.

        I see the propaganda from yesterday, go digging into it, and find a rent-a-desk network of UK government funded NGOs run by ex diplomats and security guys. Last I looked, the privacy right is written into the UK constitution, and they attack it, with taxpayer funding. Attacking UK rights.

        Fake NGO1: "sending kids back to war zones is unpopular.... lets turn it into meme to hide what we're doing...."

        Fake NGO2: "how about 'people smuggling', *smuggling* is *bad*, and we focus it on the mythical baddies and away from the victims we're victimizing..."

        Fake NGO1: "that's good but can we get a terrorism or drug reference in there to help with the demonization...."

        Fake NGO2: "I know how about 'human trafficking'... it removes the 'people' part so Brits no longer indentify with them as people, and it sounds like *drug*-trafficking for the demonization".

        Fake NGO1: "Brillitant! Now we're no longer sending people back to be killed in war zones, we're tackling 'HUMAN TRAFFICKING'!"

        Fake NGO2: "NGO1, can I ask a question.... we're doing political propaganda with taxpayer money, while pretending to be concerned about the subjects we're pushing.... are we the baddies? Are we the baddies NGO1? Are we? Are we the baddies?"

        Fake NGO1: "No, I ask Goebbels our ethicist and he says its totally fine, as long as we don't tell anyone what we're doing and hide it behind a bunch of front companies and rent-a-desk mailing addresses".

        1. Rich 2 Silver badge

          Re: Maybe backdoor less?

          “Last I looked, the privacy right is written into the UK constitution”

          Sorry to nit pick but the UK doesn’t have a written constitution. So I’m not sure where you actually looked

      2. Snake Silver badge

        Re: blasphemy

        No, it's hypocritical to criticise the "land of the free" when your own government was very readily doing the exact same thing

        https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016

        https://qz.com/617582/the-uk-government-has-been-hacking-for-years-and-now-its-legal/

        It was only found unlawful...last week

        https://www.computerweekly.com/news/252504608/Investigatory-Powers-Tribunal-finds-UK-spy-agencies-unlawfully-collected-personal-data?amp=1

        So glass houses much??

        1. gandalfcn Silver badge

          Re: blasphemy

          Pray tell what is my government? Where do I live? I am also fully aware of what the UK does, and other countries. Also, in the context of the USA doing something, your whataboutism is not a good idea.

          "US 'dropped the ball' on security by going it alone claims Huawei US CSO"

    2. veti Silver badge

      Re: Maybe backdoor less?

      The whole Internet is one massive backdoor. That's how it was designed - by academics, not governments - and all attempts to secure it are like trying to make water run uphill, except that no-one is prepared to pay for the pumps.

      As to Zinc Network, it's a weird but perfectly legit organisation. And I can't find any trace, either on Google News or Zinc's own website, of the story you reference. If the goal is to influence people, you'd think they'd want to publicise it - at least a bit?

      1. Anonymous Coward
        Anonymous Coward

        Re: Maybe backdoor less?

        Is Zinc Networks related to the Centre for Information Resilience? The BBC published

        https://www.bbc.co.uk/news/world-asia-china-58062630

        yesterday (5th of August) about a network of 350 accounts publishing anti-Steve Bannon cartoons (among other more important things). I've no idea who the CIR are, or who they are funded by.

        1. gandalfcn Silver badge

          Re: Maybe backdoor less?

          RUTLAND, Adam Robert and BURLEY, Ross. "Ross Burley is the is co-founder of the Centre for Information Resilience, a non-profit social enterprise that identifies, counters and exposes influence operations."

      2. Lil Endian
        Joke

        No Pumps Necessary

        I've seen a... documentary that reveals water can indeed run up hill. Well, a priest in a wheelchair can, anyhoo.

        The site of this particular fantastic anomaly is called The Magic Road. There must be others!

        https://fatherted.fandom.com/wiki/The_Magic_Road

      3. Anonymous Coward
        Anonymous Coward

        Re: Maybe backdoor less?

        >>Zinc Network, it's a weird but perfectly legit organization

        Hmmm.. hadn't heard of this group before this.

        Interesting, According to this "wikispooks" link https://wikispooks.com/wiki/Zinc_Network

        Zinc is associated with The Institute for Statecraft (I am especially impressed by their abandoned mill in Fife)

        https://wikispooks.com/wiki/Institute_for_Statecraft

        The period of Hearst's "yellow journalism" seems so quaint when compared to the times we are living in.

        1. Anonymous Coward
          Anonymous Coward

          Re: Maybe backdoor less?

          State funded domestic propaganda, some cells even been caught pushing anti-Labour politics, (see wikipedia link below). Funded core contractors that in turn fund cells of "independent'" NGOs doing tory marketing from hidden rest-a-desk operation.

          They're not "NON" governmental, they are just contractors. It doesn't matter what lies they put on their cell's webpage, that is not their contract, if their contract is to "echo and amplify" whatever message or lie the government is pushing, their paid for doing *that*, not for 'discovering truth' or "saving victims" or whatever purpose they claim.

          Notice this one is timed to coordinate with the Israeli propaganda piece?

          A rent-a-desk propaganda operation in coordination with a foreign power to deceive Brits, paid for by British taxpayers.

          https://en.wikipedia.org/wiki/Institute_for_Statecraft

          "In December 2018, the Sunday Mail reported that The Integrity Initiative's Twitter account had been used to attack then Leader of the Opposition Jeremy Corbyn, the Labour Party and Seumas Milne, the director of communications for Corbyn. ..... In response to Labour Party complaints about this use of government funds in a parliamentary question on 12 December 2018, the minister stated that government funding "does [not] fund the management of the Integrity Initiative’s social media account", to which Shadow Foreign Secretary Emily Thornberry responded that the Integrity Initiative project proposal included "social media activity".[12][13]...."

          "On 13 December 2018, the Scottish charity regulator OSCR confirmed it had opened an inquiry into the Institute for Statecraft.[23]...."

          "In April 2019, Christopher Donnelly apologised, noting that Scottish charity law does not allow them to make party political comment: "We put out something like 26,000 tweets ... About 400 made reference to some political party or politician...."

          "The Labour party also called for an investigation of the Integrity Initiative and its links to the British government.[25]"

          "In August 2019 the OSCR provided the findings of its investigation to the Institute for Statecraft. These were that the charity was not meeting the requirements of a charity in Scotland because its purpose was not entirely charitable, the Integrity Initiative did not provide a "public benefit in furtherance of the charity’s purposes" and the benefits that the Institute provided to its trustees were not clearly incidental to its operation. The trustees of the Institute then took appropriate steps to comply with their requirements including terminating the charity's involvement with the Integrity Initiative. As a result, the OSCR announced in November 2019 that it would not take formal actions against the Institute and would continue to monitor its activities.[26][27][28] "

  3. Pascal Monett Silver badge

    "They all show the vulnerability of everything"

    Yes.

    Well, especially since the NSA was stupid enough to get itself hacked and have all its precious zero-days pilfered.

    Ever since then, things have gotten a lot worse.

    Thanks NSA, you really outdid yourself on that one.

  4. Lil Endian
    Pint

    Where there's a will, there's Huawei

    +1 Thomas!

  5. six_tymes

    awww how cute, the ceo misses his back doors, so he is now pointing fingers. what a turd.

  6. xyz123

    We know the US dropped the ball, because we remotely activated the camera on the Huawei one, one government employee stupidly brought into the whitehouse.

    We saw the ball drop in 1080p@60fps, and were able to report back to our CCP masters within less than 10minutes on the height the ball bounced.

    Signed - Huawei CEO.

  7. Anonymous Coward
    Anonymous Coward

    "I don't think the US realizes it, but I think the US made a colossal mistake in imposing the export controls to basically drive China to accelerate the chance when they'll create an alternative to what the semiconductors in the US can do".

    Of course that risk exists, and to some extent will be realized. And to some extend, those export controls underline the inability or unwillingness of the US to tackle the issue of import controls - the US dependency on CCP's manufacturing arm. The theater of We-Chat and Tik-Tok executive actions was loud but shallow.

    Rather than the CCP developing an entirely new semiconductor powerhouse from the ground up, making TSMC a fully domestic company under the control of the CCP is by far the expedient strategy. If that's not fully possible, tear the baby in half, bringing the entire playing field down to the CCP's level.

    Given that horizon, there is little chance for spook cooperation.

  8. Alpharious

    The US does not want security standards, they want back doors. All the five eyes countries want back doors. The issue now is that governments are sloppy, and now dangerous people are aware of the backdoors.

  9. Anonymous Coward
    Anonymous Coward

    CCP Trolls Now Own The Reg

    Wow. Reading these comments and disproportionate downvotes it’s clear CCP backed propagandists now own The Reg comments section.

    Sad demise for a once proud site.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021