US DoD And Huawei Officials Cross Swords At Cybersecurity Panel

Cnet | February 26, 2020

  • The US Department of Defence official, Katie Arrington insisted that it had good reason to remove Huawei products from government use.

  • Huawei USA Chief Security Officer Andy Purdy however said the government was following a policy of "rip and replace."

  • The panel on stage were discussing supply chain security.


Things were tense at the RSA Conference in San Francisco on Wednesday, when a Huawei executive and US Department of Defense official got into a heated argument on stage. Katie Arrington, an official in charge of acquisition at the Defense Department, insisted that lawmakers and President Donald Trump had good reason to remove Huawei products from government use. Huawei USA Chief Security Officer Andy Purdy said the decision was the wrong approach.


Purdy said the government was tearing useful technology from the hands of government workers serving US citizens by following a policy of "rip and replace." He also said that the government can observe the manufacturing process more closely to build trust.


Arrington countered that removing Huawei technology from government use was the only option, "because the risk is so high." The US can't consider conveying control of sensitive information to another country, Arrington said, "end of story, period."


The panel on stage was discussing supply chain security, or the process of making sure security flaws don't get introduces into tech during the manufacturing process. There are countless ways bugs can wind up in your tech since phones, computers and other devices are made in overseas factories, overseen by complex contractors. The question of whether the bugs were put there on purpose, and by whom, can lead to an international relations crisis.


READ MORE: US turns up heat on Huawei with 23-count indictments


Moderating the panel was Craig Spiezle, a consultant at Agelight Advisory Group who focuses on increasing trust in tech and addressing ethics. Tech policy experts Bruce Schneier of the Harvard Kennedy School and Kathryn Waldron of the R Street Institute think tank was also on the stage.


Schneier said, until recently, the US government didn't mind that devices were insecure because its spy agencies were the best at using those vulnerabilities to gain intelligence. As other countries came to match the United States' ability to spy, the government has become more concerned with patching up flaws. That's going to decrease everyone's ability to spy, he said.



“Security will come at the expense of surveillance."

- Bruce Schneier, Tech Policy Expert, Harvard Kennedy School


Waldron said that Chinese tech companies are closely tied to the Chinese government and the US government's decision to ban Huawei tech has cemented that idea and the association can't be undone at this point.


"All countries are engaged in spying. I don't think that's a surprise to anyone."

- Kathryn Waldron, R Street Institute

The US has its history if putting vulnerable communication devices out into the world.  A recent report from the Washington Post detailed how the CIA secretly ran a cryptography company, selling machines with backdoors to governments around the world under the auspices of Crypto AG.


READ MORE: US charges Huawei with stealing trade secrets

Spotlight

Für Cyberkriminelle stellen Managed Service Provider (MSPs) wertvolle Ziele dar. Nach der erfolgreichen Attacke auf die Cyber Security eines einzigen MSPs können Angreifer die Daten aller Kunden dieses Unternehmens abgreifen. Wie aktuelle Nachrichten zeigen, sind diese Angriffe für Cyberkriminelle äußerst lukrativ und für MSPs e

Spotlight

Für Cyberkriminelle stellen Managed Service Provider (MSPs) wertvolle Ziele dar. Nach der erfolgreichen Attacke auf die Cyber Security eines einzigen MSPs können Angreifer die Daten aller Kunden dieses Unternehmens abgreifen. Wie aktuelle Nachrichten zeigen, sind diese Angriffe für Cyberkriminelle äußerst lukrativ und für MSPs e

Related News

DATA SECURITY, SOFTWARE SECURITY

Virtru Joins NIST NCCoE Data Security Consortium

Virtru | March 03, 2023

On March 2, 2023, Virtru, a prominent figure in data-centric security and privacy, announced its involvement in NIST's National Cybersecurity Center of Excellence (NCCoE) Data Classification Practices: Facilitating Data-Centric Security Management initiative. As part of a team of global technology leaders, Virtru will collaborate with NIST to develop recommended data classification and data-centric security practices, which will protect data while supporting business practices and transactions. The goal of this collaborative effort is to promote data-centric security on a larger scale. As systems become more mobile, dispersed and shared across different environments and stewardship, traditional network-centric security measures are increasingly ineffective at protecting information. Data-centric security aims to safeguard data at the object level by securing it directly rather than simply securing the systems and networks that store and transmit it. Organizations employing this approach can identify their data, its characteristics, and the security and privacy requirements needed to control and protect it fully. Virtru has a long-standing history of partnering with the public- and private-sector organizations to achieve data-centric security, serving the federal intelligence community, the largest financial institutions globally, and over 8,000 organizations worldwide. Virtru's technology enables organizations to enforce policy, encryption and access controls directly to data being transmitted via files, emails and SaaS applications while allowing organizations to manage their encryption keys for complete control and data sovereignty. Virtru's Chief Technology Officer, Will Ackerly, commented, "Data-centric security is central to everything we do at Virtru," He further emphasized, "Our goal is to enable the mission — that means moving data freely, but securely. Being a member of NIST's NCCoE Data Classification project is a manifestation of more than a decade of hard work. By tagging data appropriately, we can help ensure public- and private-sector organizations can trust that their data will be used and shared appropriately, just as the data creator intended. This is vital to the future of collaboration." (Source – Globe Newswire) About Virtru Virtru is a leading data security and privacy solutions provider. With end-to-end encryption for major data-sharing platforms like Microsoft and Google, it helps customers take charge of their data wherever it is shared. It empowers organizations to keep control of their data by ensuring that it is protected everywhere it is stored and shared. The company is trusted by over 8,000 customers worldwide and is dedicated to safeguarding their sensitive data according to the highest security standards. Its Trusted Data Format (TDF) is an industry standard that provides persistent data protection through encryption technology for data shared via email, collaboration tools, cloud environments, and enterprise SaaS applications.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SteelCloud and Telos Corporation Collaborate to Enhance NIST RMF Compliance

Telos Corporation | January 09, 2023

SteelCloud LLC, a leading CIS and STIG compliance automation software developer and Telos Corporation, a renowned provider of cyber, enterprise, and cloud security solutions to the world's most security-conscious organizations, recently announced entering into a partnership to assist customers in reducing the complexity of NIST Risk Management Framework (RMF) compliance. Customers gain access to all seven RMF phases via a unified, automated solution. SteelCloud's ConfigOS capabilities take care of the identify/ categorize, select, and implement components of RMF for technical assets. ConfigOS examines an asset, determining whether Security Technical Implementation Guides (STIG) apply, scanning against the STIG standards, identifying compliance indicators, and automating the remediation of findings. Meanwhile, Xacta incorporates and uses this information during the RMF's assessment and authorization processes, as well as when the monitor step is initiated once authorization to operate (ATO) is obtained. Working together, ConfigOS and Xacta drive decisions to address identification and selection problems while reporting important indicator metrics required to achieve and sustain ATO. STIG and vulnerability data from ConfigOS are integrated into Xacta and mapped to appropriate requirements as part of Assessment and Authorization (A&A), providing customers with a streamlined approach to gaining necessary permissions. Xacta's workflow automation streamlines the whole NIST RMF workflow, managing validation, analysis, documentation, and accreditation processes from start to end. About Telos Corporation Telos Corporation provides solutions for continuous security assurance of personnel, systems, and information to the world's most security-conscious enterprises, empowering and protecting them. The company offers enterprise security solutions for identity and access management, organizational messaging, secure mobility, and network management and defense. Telos Corporation serves commercial organizations, regulated sectors, and government customers all around the world. About SteelCloud SteelCloud is a company that creates STIG and CIS compliance software for government and business clients. The company's product reduces the complexity, effort, and cost of implementing federal security standards by automating policy and security repair. SteelCloud has provided enterprise-wide security policy-compliant solutions, easing setup, and ongoing security and compliance support. SteelCloud goods are simple to obtain through our GSA Schedule 70 contract.

Read More