TIA promises to end the Huawei security debate, once and for all

Is Huawei’s equipment secure or not? Right now, the answer to that question depends largely on who you ask.

But the Telecommunications Industry Association (TIA) trade group hopes to provide a definitive, unbiased answer, one backed up with details and specifics – and one that everyone can agree on. To do so, the association is building a global standard and benchmarking tool that can measure the risks present in each vendor’s supply chain in real-time, with the goal of testing third-party certifications starting in the middle of 2021.

“I’m not interested in blackballing a particular company,” explained Ken Koffman, TIA’s CTO and the executive leading the security effort.

Instead, Koffman explained that TIA’s goal is to determine whether a given vendor’s equipment can be trusted. He said TIA’s effort will center on a process-based system, meaning it won’t certify specific products but instead focus on a company and its entire product-delivery process, ranging from where it obtains its components to how it assembles and sells finished products. And the decision on whether that process is secure would be made by trained third-party inspectors, similar to the United Nations’ International Atomic Energy Agency (IAEA) inspectors charged with overseeing nuclear facilities stretching from Iran to Japan.

“Based on history, Huawei would not be able to conform to these [security] standards,” Koffman added, explaining that TIA’s security program would determine whether a company was receiving government funding or sharing information with outside parties.

But if Huawei changes those practices, “then I’m happy to have them.”

Added Koffman: “Our interest is to say, ‘This is how you can be trusted.'”

Standards experience
Koffman argued that he and TIA are uniquely positioned to address the security issue. For more than two decades Koffman worked with the QuEST Forum, which developed the TL-9000 quality-management system for telecommunications products. That effort essentially measures the quality and interoperability of telecom equipment for network operators. TIA merged with the QuEST Forum in 2017.

Koffman said some of TIA’s members last year began to ask the association to apply its focus to the supply chain security issue. “Wouldn’t it be nice if we had a single standard that comprised or oversaw all aspects of security?” TIA’s members asked, according to Koffman. He added that the association is working to create a holistic process that would cover hardware, software and components – an increasingly important task given the global nature of the industry’s supply chain and the wide range of devices and applications connecting to all areas of the network, from the core to the edge.

To read the complete article, visit Light Reading.