Thursday, 24 October 2013

Huawei argues against closed network approach to security after PRISM scandal

Huawei logo
Governments and businesses must avoid making protectionist, knee-jerk reactions to cyber security following the PRISM scandal, according to Huawei.
Huawei's UK chief cyber security officer David Francis made the claim during a press briefing attended by V3, arguing recent moves from companies like Deutsche Telekom to only move data on their network through European data centres could damage the digital economy.
Referring to Deutsche Telecom, he said: "Whether it's possible is going to be interesting due to the nature of the global network. How that's going to work in practice is also going to be interesting. There was also an announcement from Brazil that they want to build their own internet.
"All of this shows there is a danger we'll take a protectionist approach. This is bad as protectionism didn't work in the 1930s and it won't work now."
Francis said in order to truly benefit from the growing global digital economy businesses and governments must instead work to be more open and collaborate when combating cyber threats.
"The networks are now totally different; they no longer respect global boundaries. Our traffic no longer necessarily stays in one region's boundary. This means it is not about threats in the UK or the European Union, it's about threats on the global network," he said.
"We need to make sure we start to embrace the implementation of the network and work together. If we have to have a global network we need global standards. We need to make sure in a global supply chain that the whole network is secured, not just our small part of it."
Francis said businesses must adopt the new open strategy sooner, rather than later if they hope to protect themselves from next-generation cyber threats.
"The landscape has changed in the last 10 years. If you go back to 2002 the people trying to exploit the industry were closet groups – small groups, script kiddies trying to do things like get into the Duke of Edinburgh's account. Things changed in 2003 when people began targeting industrial processes. Then it became a billion-dollar industry," he said.
"In 2003 we saw the industrialisation of threats, and since then the sophistication of threats has grown. Then we reached a point where the bad guys could just buy the tools they need. We've seen the threats move from curiosity to personal gain. Make no mistake this is a billion-dollar business.
"For example, when the UK government announced it was going put the benefit system online. We knew the investment protecting it would be matched or even dwarfed by the gangs trying to game it. We're in an arms race with the bad guys. We know the bad guys collaborate and sell information with each other. It's up to us to do something about this."
He added that the news is troubling as many businesses still view security as a hassle. "Today we're in a very different landscape but a lot of our thought processes are still in the 1980s. In the modern world where people are running to consumer products and apps, security is still bolted on," he said.
Francis is one of many security heads to call for technology firms to design their products with security in mind from the start. Intel president Renee James argued that high-tech companies must begin designing products with fully integrated security from the start, during a keynote speech at the McAfee 2013 trade show in Las Vegas.
Increasing data-sharing between the public and private sector has been an ongoing goal of the UK Government's Cyber Strategy. The Strategy has seen the government launch several data-sharing initiatives, including the creation of the Cyber Security Information Sharing Partnership (CISP), since it began in 2011.

No comments:

Post a Comment