Saturday, October 13, 2012

Why Huawei and ZTE Are Potential Red Herrings

A Red Herring can be described as a distraction or scapegoat to divert attention from bigger issues by focusing on a smaller issue.  Sometimes those who try to divert the attention to the Red Herring issue do so intentionally, sometimes it is done out of ignorance.  In any case, it generally has the same net effect of prolonging the solution.

In a recent 60 Minutes episode, Huawei was portrayed as a massive Chinese networking equipment manufacturer that was making great strides in the marketplace globally, initially in Asia and Europe, and working their way towards our shores in the USA, with some early market wins in the American Breadbasket.  The 60 Minutes story talked about how Huawei was very secretive about what they do, and because they build the communication equipment that will ostensibly be the backbone of global communications, that gives them free range to potentially put in back doors, or otherwise take control of global communications.

This was followed by a US House Intelligence Committee Report that articulates that Huawei and ZTE  (another Chinese networking equipment maker) are bonafide threats to our national security.  It pulls no punches as it lays out the gory details.

I have to say that all of this is true, in my opinion, but by no means addresses the much bigger issue at hand.  Consider, if you will, that nearly ALL communication equipment used globally today (certainly in the US) is made in China, and ALL of it can be provisioned with the same back doors.  That popular smartphone you and all your friends carry around and carry on conversations with, send emails with, submit documents through is likely made in China.  That wireless router that your laptop, tablet, desktop, phone are all communicating with, attached to that switch in your office or home network are all likely made in China.  We have literally MILLIONS and MILLIONS of communications devices where we have little to no visibility of the supply chain.  Even the "US Makers" of networking equipment have significant (and often ALL) components made and provisioned in China.

I bring this up because I have worked on projects to address some of these security issues with companies that provided components to communication equipment manufacturers.  While some manufacturers have taken some steps to address these issues (mostly ones who have been breeched and shamed), others have done nothing at all.  In at least one case I am aware of a major manufacturer only addressed a very small subset of their equipment, which was essentially their high end networking equipment, and all but ignored their lower end (and far more popular and prevalent) devices.

The American public, not knowing any better, may indeed believe that the US Government is doing us a great justice by performing this study, issuing this report, and taking some steps to address this issue.  I would have to say that this may be a good first step, and an eye opener, but we are FAR from addressing the real issue.

Let's hope we all wake up and take notice.

No comments: