|
Comments
View Comments: threaded view | newest first | oldest first
Dave Sasson
User Rank
Supply Network Guru
Security Concerns Throttling Telecom OEMs
Dave Sasson   4/1/2011 7:45:29 AM
NO RATINGS

Hi Abey, interesting article.  It reminds me of the stories about Microsoft when the company initially was attempting to penetrate the country with their OS and how the Chinese government wanted access to the source code to add their own cryptography when used in sensitive settings.  Microsoft finally agreed and now enjoys a robust business in China. 

At his point, do you think China would jeopardize its standing as a leader in outsourced manufacturing by adding spyware to telecom equipment?   

Hardcore
User Rank
Supply Network Guru
Re: Security Concerns Throttling Telecom OEMs
Hardcore   4/4/2011 2:27:16 AM
NO RATINGS

Hi Dave,

To answer your question about them risking damaging the market., to a greater extend they do not care about the Foreign business market, specifically because China is a massive market.

My own personal experience with China telicoms companies, includes them trying to gain direct access to the Computer systems   of foregn enterprises, and they are not at all shy about it.

There is one initiative currently underway since 2008-2009 that requires ALL foreign businesses to install a 'China government' firewall inside the corporate networks, now interestingly enough this 'equipment' bridges ANY and ALL corporate firewalls, in that when installed the 'box' has access to ALL traffic from individual computers/servers, AND also the final feed out of the company, the box is specifically designed as a firewall 'bridge'.

You get a password for 'user' level access, but full admin rights are not granted to anyone other than the local Telicom company and the police/government department.

By various means i managed to get one of these boxes installed so that it did not bridge our corporate firewall but was instead  in a sandbox with dummy feeds.

I can safely say i did not like what I saw, the box is also designed so that any sort of external tampering or opening triggers a visit from the security department. 

The equipment was capable of 'packet capture' which ultimatly geve it access to ALL passwords and internet data that was not HTTPS encrypted(or even this with currently available de-cryption technology), indeed if you did not use heavy encryption between your own internal computers and internal servers INSIDE your own office then there would be a problem with security.

If they are so blatant about installing backdoors into foreign businesses operating inside of China, do you really think they will not do the same on external equipment?

Even worse such equipment gives any potential hacker a backdoor around ANY and all corporate security, they a hacker only needs to crack one of these boxes, then all the boxes are targetable.

 

HC.

Toms
User Rank
Blogger
Re: Security Concerns Throttling Telecom OEMs
Toms   4/4/2011 4:10:55 AM
NO RATINGS
1 saves

   HC, I would like to fully agree with your comment. Rather than bothering about foreign markets, they would like to do the spy work at any cost. More over, they would like to use each and every instance for spying rather than any sort of business.

Dave Sasson
User Rank
Supply Network Guru
Re: Security Concerns Throttling Telecom OEMs
Dave Sasson   4/4/2011 7:25:57 AM
NO RATINGS

Hi Hardcore, I wouldn’t have thought the meddling was so blatant.  I would have thought it was more covert and secretive.  Thanks for sharing your personal experience on this matter.

Toms
User Rank
Blogger
Re: Security Concerns Throttling Telecom OEMs
Toms   4/4/2011 3:21:27 AM
NO RATINGS
1 saves

   Dave, I don’t think like that. Microsoft or even Google they are business units, they want to do the business and earn profit. Nothing more than that and they are not bothered any other issues than business. But India and china are two neighboring countries and more over both are among the front runners of global economy. China always needs an eye on the internal happening of the neighbors and for this; they would try for all measures.

   So, obviously there are some sort of cold war and each wants to be the better than other. It’s always suspected that china is trying to spy confidential details from other countries. Telecom equipments can be one source for spying or tapping the confidential conversations, especially in military and diplomatic forefronts. So the best part for safe guarding are preferring self made equipments and deploying different security measures.

Dave Sasson
User Rank
Supply Network Guru
Re: Security Concerns Throttling Telecom OEMs
Dave Sasson   4/4/2011 7:31:31 AM
NO RATINGS

Hi Toms, based on Hardcore’s experience, it seems that foreign companies don’t get the choice to put in their own safeguards in place, but rather have to provide the Chinese government some sort of backdoor access. 

stochastic excursion
User Rank
Stock Keeper
Re: Security Concerns Throttling Telecom OEMs
stochastic excursion   4/4/2011 4:11:55 PM
NO RATINGS

Reports suggest China keeps its options open when it comes to data harvesting from networks it is interested in monitoring.  The unauthorized access into Google's networks during that company's stay in China could not explicitly be declared as government policy, and so was surreptitious.  OTOH as long as the access is official policy they are free to be heavy-handed about it.

Certain non-sensitive traffic the Indian government probably doesn't mind the Chinese snooping into.  Indeed like some countries they may even pay China for the intelligence they've collected on their own people.

Toms
User Rank
Blogger
Re: Security Concerns Throttling Telecom OEMs
Toms   4/5/2011 12:46:01 AM
NO RATINGS
1 saves

    Stochastic excursion, you are right. They may always open the option for data mining and monitoring, more over many of times government is not much bothered about such thinks because of lack of knowledge, non sensitivity and ignorance.  But when it comes to national security and military forefront, government is much concerned, especially after wiki leaks incidents. China has always an eye over the happenings and developments in neighborhood countries, especially over India due to various reasons.

Toms
User Rank
Blogger
Re: Security Concerns Throttling Telecom OEMs
Toms   4/5/2011 12:13:14 AM
NO RATINGS
1 saves

    Dave, many times vendors provides choices for security measurements. But these Chinese equipments are coming with inbuilt dynamic data collection & monitoring software, irrespective of any safe guard measurements from the user side. More over the vendors are putting some restrictions for installing user software as a part of warranty. Since most of the telecom equipments are online in 24x7, they can tap the traffic data’s at any point of time through some simple codes. As of now government have a plan to restrict or limit the use of Chinese equipments.

Hardcore
User Rank
Supply Network Guru
Re: Security Concerns Throttling Telecom OEMs
Hardcore   4/5/2011 5:56:06 PM
NO RATINGS

Hi Dave,

You are actually completely free to put in any security you want... on two conditions:

1. The 'magic' box MUST bridge the internet to your private network at a position where it can see the internal user traffic and can be accessed by the public security department.

2. You cannot add in a sandbox/protection to prevent the device from performing the function it was intended for.(see linked article)

You can get a fairly shrewed Idea from the legal analysis here:

http://www.lehmanlaw.com/resource-centre/laws-and-regulations/information-technology/provisions-on-the-technical-measures-for-the-protection-of-the-security-of-the-internet-2006.html

Read around about article 13, I have the full chinese article on another computer system, along with some pictures of the equipment and a list of 'authorized' equipment suppliers.

If it were my choice I would not allow any sort of this supplied telecom infrastructure anywhere near a counties digital backbone, especially as this level of equipment usually contains multiple FPGA's, and with the FPGA you CANNOT analyze its functionality or de-cript the programming functions. It is why the FPGA device is so often used in Military applications or places where high security protection of designs are required, even with the binary file of an FPGA you cannot de-compile it into any sort of meaningful structure to allow analysis, basically it is the original Black-box, even more of a problem , is that the FPGA device is completely re-programable over any communication medium it may implement, as such its functionality can be re-targeted at any time with very little chance of detection.

 

HC

anandvy
User Rank
Supply Network Guru
Re : Security Concerns Throttling Telecom OEMs
anandvy   4/3/2011 8:09:55 AM
NO RATINGS

Toms Jacob,

  Great article. The decision by the Indian government to impose restrictions on Chinese telecom equipments, is understandable. Both China and India are both emerging nations. Unfortunately there is little mutual trust between these two asian giants. Moreover its been rumoured Chinese agents have been hacking into India's top secret documents. So its obvious that Indian govt is not trusting chinese telecom companies.

Toms
User Rank
Blogger
Re: Re : Security Concerns Throttling Telecom OEMs
Toms   4/4/2011 4:04:55 AM
NO RATINGS
1 saves

   Anandvy, you are right. Since India and china are neighbors, obviously there should be some sort of mutual trust in diplomatic level and the same may reflect in business level also. When considering the internal market and requirements; India had to import large quantity of electronic equipments and many of the companies prefer importing from china because of low cost and accessibility. Now it’s the e-world and china is trying to add spy ware with the gadgets, for spying purposes.

    But again due to the current requirements from the internal market, government can’t ban the importing of equipments in a single day. So Government is trying to approach the goal by gradually. That means, increasing the internal production in step by step over coming days, for a complete ban of importing from china.

Mr. Roques
User Rank
Supply Network Guru
Re: Re : Security Concerns Throttling Telecom OEMs
Mr. Roques   4/16/2011 2:49:16 PM
NO RATINGS

I've read a lot of articles about how the Chinese telecom vendors are not trust-worthy but what can companies do? Huawei, ZTE and others are becoming the biggest telecom vendors, can a company afford to skip on their products and services?

pocharle
User Rank
Supply Network Guru
Re: Re : Security Concerns Throttling Telecom OEMs
pocharle   4/21/2011 7:21:53 PM
NO RATINGS

What are the main causes of the trust concerns?

Toms
User Rank
Blogger
Security Concerns Throttling Telecom OEMs
Toms   4/25/2011 3:49:50 AM
NO RATINGS
1 saves

   while considering the national security, especially after reports of global network of Chinese hackers breaking into sensitive installations worldwide, includes the military and telecom networks. It further cites recent UK reports that have raised concerns over importing a Chinese telecom major’s equipment for use in Britain’s telecom network, which may lead to espionage or a shut down during a war. Govt. hopes this will ward off the rising threat of espionage into strategic segments and more over government is also concerned about future availability of foreign chip technologies.

Mr. Roques
User Rank
Supply Network Guru
Re: Re : Security Concerns Throttling Telecom OEMs
Mr. Roques   5/28/2011 12:07:54 PM
NO RATINGS

Well, the Chinese gvmnt has a great amount of influence over those companies (ZTE, Huawei, etc) and they have been accused of using that influence to get them to release user-specific info.

The US Gvmnt is very scared of that, of course.

Srpint being "owned" by one of them might mean that the Chinese Gvmnt could do the same. And Sprint does a LOT of work for the USG.

ibeno
User Rank
Stock Keeper
Mutual benefit
ibeno   4/21/2011 7:48:46 AM
NO RATINGS

There's never been a case in the past decade of these companies of ever committing any crime.  It is interesting that Indian companies like Tata's IT group have began to partner with these Chinese companies to get contracts in other countries so there has been a growing mutual benefit.

Toms
User Rank
Blogger
Re: Mutual benefit
Toms   4/25/2011 3:57:48 AM
NO RATINGS
1 saves

   Ibeno, all such things may happens when competition becomes tighter. Normally Chinese companies are looking others with a different eye. Since both countries are technologically rivals and keen to know the internal happenings of others, this is one of the advance ways of spying. Regularly it will monitor the statics and send periodic reports to the intentor.





Twitter Feed
EBN Online Twitter Feed
EBN Dialogue / LIVE CHAT
EBN Dialogue enables you to participate in live chats with notable leaders and luminaries. Open to the entire EBN community of electronics supply chain experts, these conversations see ideas shared, comments made, and questions asked and answered in real time. Listed below are upcoming and archived chats. Stay tuned and join in!
Archived Dialogues
Live Chat 01/15: CPOs Re-Shape Their Business Roles
Increasingly chief procurement officers (CPOs) are re-shaping their organizational role to focus on creating results far beyond cost controls. A new IBM survey explores how.
Live Chat 11/12: Examining the Cyberthreat to Supply Chains
The number of cyberattacks is on the rise and hackers are targeting the supply chain. Drew Smith, founder and CEO of InfoArmor, will be on hand to discuss the reality of today's threat landscape and what to do about it.