Huawei to America: You're not taking cyber-security seriously until you let China vouch for us

Slams Biden's Executive Order on improving infosec, calls for multilateral trust framework

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors – including Huawei – can be trusted around the world.

A post from Huawei's CSO for the USA, Andy Purdy, rates President Biden's sweeping May 2021 Executive Order on Improving the Nation's Cybersecurity as "the bare minimum that companies should be doing".

Purdy, a former White House adviser on cyber security, makes some decent points – especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.

"For companies that don't do business with the government, they're simply guidelines," Purdy wrote. The CSO therefore called for the USA's Securities and Exchange Commission to force businesses to adopt sound security frameworks like that offered by the National Institute of Standards and Technology.

Purdy also called for robust public/private partnerships "on a global scale".

Which means – surprise! – chatting to China.

"The US and other countries must work together more closely and share information more openly than they do now," Purdy stated. "Governments and companies must also leverage the decades-long effort to develop norms of cyber conduct.

"This is an opportunity for the US to work collaboratively – not only with its G7 and the G20 partners, but with China and Russia and other countries – to build a more rules-based order for cyberspace that has requirements steeped in standards and best practices, transparency and conformance mechanisms, and meaningful accountability."

Fine words, but also words it's hard to imagine sparking action.

The USA and China already have a mutual non-hacking pact but each nation regularly names the other as a source of hostile electronic attack. US President Biden has accused Russia of doing far too little to curb the activity of ransomware gangs operating from its soil.

While Purdy mentioned the UN's Group of Governmental Experts on Advancing Responsible State Behaviour in the Context of International Security as an effort that could stop nation-state cyber-skirmishes if only big nations signed up, major powers aren't exactly enthusiastic participants in its development. They have also avoided engaging with similar entities like the Global Commission on the Stability of Cyberspace.

Why is Purdy tilting at diplomatic cyber-windmills? The following extract from his piece may explain why:

It would be a major step forward if governments and global companies would subject themselves to auditable testing and verification processes for critical components and legal processes in the countries with whom mutual trust agreements are signed.

To The Register's mind, that's Huawei arguing that if the USA and China had better infosec agreements, China would vouch for Huawei and the USA could therefore shop with confidence.

Which sounds great in theory, but also naïve – we know the USA targeted Cisco and Juniper devices to improve its intelligence prospects. And once the USA, or any other nation, knew the rules, they'd also know how to step around them. ®

Similar topics

Narrower topics

Other stories you might like

  • Twitter founder Dorsey beats hasty retweet from the board
    We'll see you around the Block

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading
  • Amazon investors nuke proposed ethics overhaul and say yes to $212m CEO pay
    Workplace safety, labor organizing, sustainability and, um, wage 'fairness' all struck down in vote

    Amazon CEO Andy Jassy's first shareholder meeting was a rousing success for Amazon leadership and Jassy's bank account. But for activist investors intent on making Amazon more open and transparent, it was nothing short of a disaster.

    While actual voting results haven't been released yet, Amazon general counsel David Zapolsky told Reuters that stock owners voted down fifteen shareholder resolutions addressing topics including workplace safety, labor organizing, sustainability, and pay fairness. Amazon's board recommended voting no on all of the proposals.

    Jassy and the board scored additional victories in the form of shareholder approval for board appointments, executive compensation and a 20-for-1 stock split. Jassy's executive compensation package, which is tied to Amazon stock price and mostly delivered as stock awards over a multi-year period, was $212 million in 2021. 

    Continue reading

Biting the hand that feeds IT © 1998–2022