Bad Guys Can Implant Malicious Functionality From Anywhere, Says Huawei Security Chief

You can talk about Huawei but we've got to make sure our communication networks are safe. The bad guys can implant malicious functionality in hardware and software from anywhere in the world. Potentia...
Bad Guys Can Implant Malicious Functionality From Anywhere, Says Huawei Security Chief
Written by Rich Ord

“Hopefully, we as a nation can have a clear-eyed focus on what really matters,” says Andy Purdy, the Chief Security Officer of Huawei Technologies USA. “As a senior Qualcomm executive said the other day, you can talk about Huawei but we’ve got to make sure our communication networks are safe. The bad guys can implant malicious functionality in hardware and software from anywhere in the world. The US has to recognize that Senator Blackburn said something that was very important. Potential national security threats to communications are very real.”

Andy Purdy, Chief Security Officer of Huawei Technologies USA, discusses security concerns that the US has with Huawei and they really should be focused on communication security threats that can come from anywhere. Purdy was interviewed on CNBC:

Bad Guys Can Implant Malicious Functionality From Anywhere

Senator Marsha Blackburn is appropriately focusing on the national security implications of our communication networks. Hopefully, we as a nation can have a clear-eyed focus on what really matters. As a senior Qualcomm executive said the other day, you can talk about Huawei but we’ve got to make sure our communication networks are safe. The bad guys can implant malicious functionality in hardware and software from anywhere in the world. As Mr. Sorkin said yesterday, the Senators comments were the first person who’s ever said what she said. In fact, when you hear about the classified briefing that our customers were given, the classified briefings that the United Kingdom and Germany were given, the US government gave no allegations that Huawei has committed any such conduct that the Senator talked about.

I certainly think when that when the Prime Minister of the UK and the Chancellor of Germany came out and said that they’d been briefed by the US and there were no allegations of significant cybersecurity wrongdoing against Huawei (and that this supports that there is no evidence of wrongdoing by Huawei). They said that they intended to use risk mitigation. This is the same kind of risk mitigation that the US government has that allows Ericsson and Nokia to do business in the United States despite their deep ties to China.

Potential National Security Threats To Communications Are Very Real

Absolutely, (Huawei does not implant or embed anything and its networks that would pose a national security risk to the United States). More importantly, the US has to recognize that Senator Blackburn said something that was very important. Potential national security threats to communications are very real. What she talked about was a report in a Bloomberg story not involving Huawei some months back that the bad guys can implant a small amount of code. That’s why we have to make sure that we have tested the products of all vendors to international standards so that there’s trust through verification. But right now tens of thousands of American jobs are at risk now that Huawei is in the crosshairs of these trade talks.

There are companies in China that are government-owned. There are publicly traded companies in China that are majority government-owned. There are companies that are private. Huawei’s the largest privately owned company in China. We have about 80 or 90 thousand shareholders in China who vote to elect the governing board. Clearly, our founder Mr. Ren, who has less than two percent, he controls the company just as some of the founders and owners of other companies control with a minority interest. But we are completely privately owned. Again, we’ve got a look at the national security and the economic impact. Tens of thousands of jobs of those who supply Huawei, $11 million last year, and 40 to 50 thousand US jobs could go away if those companies can’t sell to Huawei. There’s no national security threat there.

Our outside legal experts have said and that the Chinese government has confirmed that there is no such law that has that effect (of allowing Chinese government spying). The fact is the US government does not believe the law has any relevance whatsoever. The US government believes that China is not a rule of law nation so that the government will do whatever they want. That’s why there need to be programs like the risk mitigation programs overseen by the US government that allow Ericsson and Nokia to do business in the United States without limitation. We’re not talking about without limitation for Huawei. We’re talking about trying to continue to support our 40 rural tier-3 wireless and wireline customers serving rural America and the thousands of jobs there that are at risk.

Nation-States Can Virtually Implant Hidden Functionality

Absolutely, (the supply chain) should be a worry. That’s why when you look at the operations of Nokia, for example, in China, with the joint venture with Shanghai Bell, which is owned by the China government, the deep research and development manufacturing and assembly that takes place by Nokia, despite that they’re allowed to do business in the United States without limitation. This is because it’s a government monitored collection of agencies that monitor and test the products. At this point, the US government won’t even talk with us about those kinds of risk mitigation mechanisms that had been proven to be satisfactory to the US government despite those deep ties with China.

What I’m saying is there are proven risk mitigation mechanisms, hardcore mechanisms, that are done. We do it in the UK, we do it in in Germany. In Brussels, we have a center where government and companies can come in and evaluate our products. Nokia and Ericsson products are evaluated very closely in the US. We’re just suggesting that our products and all other products need to be tested because there are five or six nation-states that can virtually implant hidden functionality in products. We as a nation can’t just be worried about Huawei, we’ve got to be worried about all the equipment. We believe those mechanisms are in place and we just want to talk with the government. We’d like to be able to show them that we can do that.

Bad Guys Can Implan Malicious Functionality From Anywhere, Says Huawei Security Chief Andy Purdy

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us