US DoD And Huawei Officials Cross Swords At Cybersecurity Panel

  • The US Department of Defence official, Katie Arrington insisted that it had good reason to remove Huawei products from government use.

  • Huawei USA Chief Security Officer Andy Purdy however said the government was following a policy of "rip and replace."

  • The panel on stage were discussing supply chain security.


Things were tense at the RSA Conference in San Francisco on Wednesday, when a Huawei executive and US Department of Defense official got into a heated argument on stage. Katie Arrington, an official in charge of acquisition at the Defense Department, insisted that lawmakers and President Donald Trump had good reason to remove Huawei products from government use. Huawei USA Chief Security Officer Andy Purdy said the decision was the wrong approach.


Purdy said the government was tearing useful technology from the hands of government workers serving US citizens by following a policy of "rip and replace." He also said that the government can observe the manufacturing process more closely to build trust.


Arrington countered that removing Huawei technology from government use was the only option, "because the risk is so high." The US can't consider conveying control of sensitive information to another country, Arrington said, "end of story, period."


The panel on stage was discussing supply chain security, or the process of making sure security flaws don't get introduces into tech during the manufacturing process. There are countless ways bugs can wind up in your tech since phones, computers and other devices are made in overseas factories, overseen by complex contractors. The question of whether the bugs were put there on purpose, and by whom, can lead to an international relations crisis.


READ MORE: US turns up heat on Huawei with 23-count indictments


Moderating the panel was Craig Spiezle, a consultant at Agelight Advisory Group who focuses on increasing trust in tech and addressing ethics. Tech policy experts Bruce Schneier of the Harvard Kennedy School and Kathryn Waldron of the R Street Institute think tank was also on the stage.


Schneier said, until recently, the US government didn't mind that devices were insecure because its spy agencies were the best at using those vulnerabilities to gain intelligence. As other countries came to match the United States' ability to spy, the government has become more concerned with patching up flaws. That's going to decrease everyone's ability to spy, he said.



“Security will come at the expense of surveillance."

- Bruce Schneier, Tech Policy Expert, Harvard Kennedy School


Waldron said that Chinese tech companies are closely tied to the Chinese government and the US government's decision to ban Huawei tech has cemented that idea and the association can't be undone at this point.


"All countries are engaged in spying. I don't think that's a surprise to anyone."

- Kathryn Waldron, R Street Institute

The US has its history if putting vulnerable communication devices out into the world.  A recent report from the Washington Post detailed how the CIA secretly ran a cryptography company, selling machines with backdoors to governments around the world under the auspices of Crypto AG.


READ MORE: US charges Huawei with stealing trade secrets

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va

Related News

Cloud Security

IBM Broadens its Cloud Security Services and Compliance Center

IBM | September 08, 2023

IBM has announced the expansion of its Cloud Security and Compliance Center to help enterprises protect data and mitigate risk across their hybrid, multi-cloud environments and workloads. With the addition of the latest solutions, IBM's solution suite now goes beyond compliance posture management and workload protection. It now includes application-level security capabilities. IBM Cloud Security and Compliance Center suite offers benefits, including intelligent automation technology, expanded compliance, and visibility into third- and fourth-party risk posture, among others. IBM, a global technology innovator at the forefront of automation, AI, and hybrid cloud solutions, has unveiled the expansion of the IBM Cloud Security and Compliance Center. This suite offers a range of updated cloud security and compliance solutions carefully designed to aid enterprises in mitigating risk and safeguarding data within their hybrid, multi-cloud environments and workloads. As organizations grapple with emerging threats along the supply chain and navigate evolving global regulations, this solution suite stands as a pillar of support for their resilience, performance, security, and compliance requirements, all while aiding in the reduction of operational costs. IBM's newly introduced Cloud Security and Compliance Center Data Security Broker solution offers a transparent data encryption layer. It utilizes format-preserving encryption and anonymization technology to safeguard sensitive data used in business applications and AI workloads. Rohit Badlaney, General Manager at IBM Cloud Product and Industry Platform, said, The expansion of the IBM Cloud Security and Compliance Center displays our continued focus on industry-specific capabilities that assist in addressing real world business challenges for our clients. For ex., clients have the ability to employ the IBM Cloud Framework for Financial Services, which can enable them to address evolving rules, laws and regulations surrounding cloud risk. The new capabilities demonstrate our commitment to supporting clients on their hybrid cloud modernization journeys, designed for security, privacy, compliance, and trust at the forefront of our product roadmap. [Source – Cision PR Newswire] IBM Cloud has a long history of working with client companies in financial services and other highly regulated sectors, especially when it comes to assisting them to drive innovation while securing their sensitive data, added Badlaney. In combination with the IBM Cloud Security and Compliance Center Data Security Broker, the upgraded suite of the IBM Cloud Security and Compliance Center will introduce a number of new features. These additions are intended to aid clients, especially those operating in regulated industries, in meeting security, compliance, and data residency requirements specific to their industry. Key features due to the expansion of IBM Cloud Security and Compliance Center: Intelligent automation technology Expanded compliance Enhanced Cloud Security Posture Management (CSPM) Optimized Cloud Workload Protection Platform (CWPP) Improved Cloud Infrastructure Entitlements Management (CIEM) Enhanced visibility into third- and fourth-party risk posture Frank Dickson, VP of Security and Trust at IDC, said, As more companies adopt a hybrid, multi-cloud approach to managing applications of all sorts across PaaS, SaaS, IaaS and on-premises, centrally automated and managed technologies that can execute security and compliance capabilities at scale are required. The IBM Security and Compliance Center addresses this requirement for holistic protection – which is especially crucial for organizations in highly regulated sectors that manage sensitive data, such as financial services – regardless of the application within which the data may live. [Source – Cision PR Newswire]

Read More

Cloud Security

Google Cloud Next 2023 Embraces Generative AI for Safer Digital Future

Google | September 18, 2023

Google reveals its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. Alphabet and Google CEO Sundar Pichai's keynote emphasizes Google's AI-first approach and the transformative impact of AI across industries. Google introduces innovative security updates and trends, highlighting its commitment to enhancing cybersecurity capabilities. Google Cloud extends Duet AI to three key products in preview mode, empowering security teams to address complex cybersecurity challenges more efficiently. Google unveiled its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. This significant revelation follows the broader accessibility of generative AI, made possible earlier this year by technologies like ChatGPT. Google's strategic endeavor aims to harness the potential of AI to combat cybersecurity challenges. Additionally, the event featured a keynote address by Alphabet and Google CEO Sundar Pichai, who underscored the transformative influence of AI across sectors and emphasized Google's extensive history of adopting an AI-first approach. During the conference, Google seized the opportunity to introduce innovative security updates and trends, signifying its commitment to enhancing cybersecurity capabilities for its customers. These developments come at a time when the integration of AI technologies in addressing cybersecurity concerns has gained substantial attention and recognition. Alphabet and Google CEO Sundar Pichai, a prominent figure in the technology industry, initiated the conference, reiterating the profound influence of AI across various sectors, industries, and business functions. His emphasis on Google's decade-long dedication to an AI-first approach solidified the company's leadership position in this transformative era. Furthermore, Google unveiled significant developments in the conference, including expanding Vertex AI with over 100 foundation models and introducing enhancements like PaLM 2, supercomputing capabilities, and the fifth-gen Tensor Processing Units. However, their commitment to democratizing AI was highlighted, demonstrated through customer stories and live demos. Google Cloud's developer advocate, Priyanka Vergadia, showcased Duet AI, an intelligent chatbot assistant that streamlines developers' tasks, saving time and enhancing security. Duet AI automates deployments, configures applications correctly, aids in debugging, and strengthens security. Its preview release marks a step towards achieving shift-left and DevSecOps goals, empowering developers to secure their code effectively and allowing security teams to scale their efforts. The research conducted by ESG and ISSA highlights the challenges faced by cybersecurity professionals. A significant majority (63%) have found their roles increasingly complex over the past two years. A closer look reveals that the surge in complexity (81%), rising workloads, and growing cyberthreats (59%), as well as understaffing issues (46%), are the primary factors contributing to this challenge. In response to these evolving demands, Google Cloud has taken a proactive step by extending the application of Duet AI to three key products, now available in preview mode. These applications empower security teams with Mandiant Threat Intelligence for threat analysis, Google Chronicle for accelerated SecOps processes, and Google Security Command Center for risk mitigation. A live demonstration showcased how Duet AI streamlines security analysts' workflows, making threat detection and response more efficient and enhancing overall security posture management. Google Cloud announced Mandiant Hunt for Chronicle Security Ops in preview, boosting threat hunting with expert Mandiant insights. Agentless vulnerability scanning (powered by Tenable) in preview detects OS, software, and network vulnerabilities on Google Compute Engine VMs. Custom posture findings and threat detectors are now available in the Security Command Center. Cloud Firewall Plus, in preview, enhances firewall service with advanced threat protection (Palo Alto Networks). These updates, utilizing Duet AI in preview, demonstrate Google Cloud's dedication to cybersecurity innovation, with specific availability details to come. The conference also highlighted partner offerings in the ever-evolving cloud security landscape.

Read More

Cloud Security

Fortinet New SASE Offerings Improve Cloud Protection for Microbranches

Fortinet | September 05, 2023

Fortinet, the worldwide cybersecurity leader driving the integration of networking and security, has announced new enhancements to its market-leading single-vendor Secure Access Service Edge (SASE) offering. FortiSASE already shields the hybrid workforce using a unified agent and includes SD-WAN integration for the branch. This solidifies FortiSASE's position as the market's most comprehensive offering. The list of Fortinet extended SASE solutions: SASE for Microbranches and IoT/OT Devices: FortiSASE now offers expanded integrations within the Fortinet wireless local-area network (WLAN) suite to aid organizations in securing microbranches and associated devices. FortiAP wireless access points intelligently offload traffic from microbranches to a SASE point of presence (POP) for scalable security inspection of all devices, including IoT and OT devices. This integration also implies that the Fortinet WLAN portfolio can be managed by the same straightforward, cloud-based management console customers already use for FortiSASE. Enhanced Data Loss Prevention Service: As a component of its cloud-delivered security services, FortiSASE includes the FortiGuard-powered Data Loss Prevention (DLP) service to safeguard sensitive data across the entire hybrid environment. This service now consists of a broader range of file types, data identifiers, and Software-as-a-Service (SaaS) applications, along with sophisticated data matching techniques to prevent accidental data breaches. By constant DLP enhancement, Fortinet provides organizations with a detailed understanding of their cloud applications and the tools needed to defend against new threats effectively. End-to-end Digital Experience Monitoring: For comprehensive network and SaaS application monitoring, Fortinet's Digital Experience Monitoring (DEM) solution integrates with FortiSASE to offer insights across users, Fortinet global SASE POPs, and the performance of SaaS applications such as WebEx, Office365, and Dropbox. In addition, this integration enable endpoint monitoring to provide end-to-end visibility, empowering IT teams with the data they need to decrease resolution times and ensure a positive user experience. Leveraging FortiGuard AI-Powered Security Services, Fortinet's SASE provides an extensive set of features, including unified security, streamlined management, and end-to-end Data Edge Management (DEM). This is accomplished by seamlessly integrating cloud-based security components, such as a cloud access security broker, secure web gateway, and Firewall-as-a-Service, in conjunction with networking functionalities through Software-Defined Wide Area Networking (SD-WAN). In addition, the solution incorporates Universal Zero Trust Network Access (ZTNA) capabilities to ensure resilient and secure connectivity to and from the internet, privately hosted applications, and Software as a Service (SaaS) applications.

Read More