Symantec Still Selling Huawei Equipment - to the Dept of Defense

A November 17, 2011 article in Channelnomics states that "Symantec may have ended its experiment as a hardware manufacturer by selling its stake in its joint venture with Huawei Technologies, but Big Yellow remains committed to developing appliance-based backup solutions and will continue to contract with Huawei and Huawei Symantec as a hardware supplier (emphasis added). In a letter to partners, North America channel chief Randy Cochran says the contract manufacturing relationship between Symantec and Huawei will remain unaffected, as will Symantec’s commitment to marketing and developing appliance-based solutions."

So one of the world's largest security companies continues to partner with the very Chinese company that most of Symantec's customers are buying their systems to protect against. That displays a level of hypocrisy that I have no tolerance for.

Even worse, as General James Cartwright and others in the U.S. government rail against China, the Department of Defense, Boeing, Lockheed Martin and CSC are all buying Huawei Symantec hardware according to one Huawei Symantec channel partner that I spoke with privately. If Rep. Rogers makes good on his promise to hold hearings on Huawei and ZTE, I hope that he investigates who in the U.S. government and the Defense Industrial Base are buying Huawei Symantec products, which are all made by Huawei in China.

Add to Cart View detail

Rep. Mike Rogers Needs To Re-Think His China Tactics

According to NPR, Rep. Mike Rogers thinks that a piece of legislation is going to help stem the tide of IP theft on the part of foreign states like China. Rep. Rogers deserves credit for recognizing the problem and trying to do something about it, however the solution that he's considering - "naming and shaming" - not only won't work but completely misses the real problem.

The heart of the matter is not that foreign states are stealing U.S. intellectual property. Espionage is the 3rd oldest profession and our reliance upon cyber-space-time has made it easier than ever for agents around the world to not only take what they want but make it look like others are the culprits. The solution doesn't lie in deterrence because deterrence is a laughable concept among sophisticated attackers. While its natural to want to stop the "bad guys" from stealing what is yours, it's also naive to believe that you can do it. You can't stop bad guys from coming in, but you can stop your data from leaving. That's the key to ending China and Russia's relatively free access to U.S. technological secrets.

Don't threaten them. Don't pretend that you can deter them. Don't imagine that you even know which one of them is doing the attacking at any given time. Instead, Rep. Rogers should write legislation that requires U.S. companies to inventory their critical data so that they know where on their network it resides, then implement a set of security controls that monitors the behavior of authorized users and locks that data down when certain norms are violated. The hard truth of the matter is that most companies today don't have a clue about where on their network their critical data resides because they've bought into the old school security model of trying to stop attacks at the perimeter of their network. Until that changes, Rep. Rogers and others like him will just waste more taxpayer money and perpetuate the illusion that the problem is somewhere "out there" and can be stopped with U.S. muscle. 

Add to Cart View detail