• grundslide3.jpg
Forsiden Articles in English ENG-ART
No Way Huawei (Eng. vers)

*Update* Another charming Huawei story: Suggestions of race discrimination at Huawei's British Basingstoke location; It seems Chinese immigrant workers replace British ones. A 'great' signal to send -> C: more @: The Inquirer.  An update to the INQ's article suggests great sensitivity re. this issue. . .

*Update* The Daily Beast reports 11th Oct 11, that Huawei has been barred from posting a bid for a new national wireless network Stateside due to "...U.S. government national-security concerns", as stated by a Commerce Department spokesman to the Daily Beast.  Well - this is yet another indication that caution is advised when critical infrastructure projects are to be undertaken. . .

                                                                    

Looking at Huawaei's progress into Europe and consequently also Denmark, it might be relevant to take a closer look at the company's background and the controversial issues that cling to Huawei.

So far, Huawei's products have been interesting due to pricing, but this is changing as the growth and success becomes more established. There are however, many other issues which are relevant to consider, not least of which the challenges facing the company by authorities in USA, Great Britain and Europe.

The recommendation is to take all these issues into account when considering any investments in products from this company.

In the following, a few selected articles outline the controversial issues concerning the company, its attitude and progress:

12. JULI 2010 FierceWireless: Huawei hires U.S. advisers to alleviate security concerns

24. AUG. 2010 Reuters: Senators raise concern about Huawei-Sprint deal

15 SEP. 2010 FierceWireless: Huawei outlines three-pronged plan to address security concerns

08 OKT. 2010 Bloomberg: NSA allegedly warns AT&T with loss of Govt. busn. if Huawei eq. is purchased

19 Nov. 2010: RCRWireless: Huawei ensnared in another U.S. security concern 19. Nov. 2010

And, the final straw:

01. Mar. 2011: Huawei? No way 1, Marts 1, 2011, by Frank J. Gaffney, Jr. Center for Security Policy

Many other articles in this debate abound, including the Fox News stuff, but the sum of the warnings should not be overlooked. 
And then there is today's (03 AUG. 2011) report from McAfee, however, that's another story, right?
 
Corporate Security

Establishing the right corporate IT security level has become as important a business parameter today as any other element of conducting business successfully.  This elevated status of a seemingly small IT element is a new trend.  It has emerged strongly during the start of this century, and is becoming more of a fact each month.
The most successful companies have always found security, and with it, IT security as a natural element of infrastructure and management thereof.  The World however has changed. To quote Alvin Tofler:

The 21st century will be dominated by information wars
& increased economic and financial espionage "

The point here is this:  To stay competitive, your IT strategy has to contain a firm commitment to a Risk Management Strategy that clearly stipulates the level of IT Security relevant to your business requirements.


foto

How to structure the IT security strategy, the polices and then the implementation, is not unlike any other large IT project. And it should come as no surprise that this is indeed a large project. It is however digestible, if a structured approach is followed. Among the many standards mostly used are ITIL, which is recommended if the organization uses it already. Taking a simpler approach, such as British Telecom and others, may be more straight-forward. Here the IT security subject is divided into 3 areas: PEOPLE, PROCESS and TECHNOLOGY. This approach immediately breaks down the effort into manageable parts.

There are many tools available - first and foremost Microsoft have issued (Spring 2005) a comprehensive set of tools for  evaluation, classification and determination of risks. See Microsoft's WEB-pages and especially the Security Risk Management Guide (which is available for download).
Having analyzed the security implementation approaches with more than 10 larger European companies, it has become clear that the following flow works best:

  • Obtain Executive management commitment

This is NOT easy in most companies, except in the financial sector.  Taking for granted that executive management understands and/or appreciates IT security is one of the very big mistakes made by IT security consultants - the fact often is, this  understanding is not present. Selling the concept becomes the first important milestone.   Recent events in the (rising) threat profile makes it easier, but what has been shown to StealthSecure, is that a LIVE demonstration of breaches, hacking and the real consequences is what really moves faith.  Nothing works better than real life!  If your company is recovering from a big attack, even better, unfortunately. If we assume commitment (incl. resources) has been secured, Executive Mgmt. would normally partake in Steering Committee work, and this is key to the project going forward.

  • Create the IT Security Strategy for your company
In essence, strategy statements outline the scope and purpose of the company's endeavours in the area. To quote IBM: "Strategy is what a company does to sustain and grow its business value into the future" (Source: Corporate strategy for the new millennium,  Executive strategy report,  by Peter J. S. Korsten and Saul J. Berman 22. Jan 2003) This should set the motivation for an assessment and evaluation of the risk categories and elements.