https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Huawei’s big role in open source threatens new security backlash

Huawei’s big role in open source threatens new security backlash

  • Written by Iain Morris / Light Reading
  • 10th June 2022

Kubernetes, an open-source platform popular in the telecom industry, counts some of America’s best-known technology companies among its biggest contributors.

Google, the progenitor of the project, unsurprisingly heads a community dashboard list partly shown below (and fully available here).

But Red Hat (owned by IBM), VMware, Microsoft, Intel, and IBM itself all feature in the top ten. Scanning that list, any US politician nervous about the security implications of open source can rest assured that Kubernetes is in safe hands.

Until they stumble upon the name of the seventh-biggest contributor, that is. Huawei, a Chinese equipment vendor banned on security grounds from numerous Western markets, is identified in that spot.

Further down, in seventeenth position, our increasingly jittery public servant encounters ZTE, a kind of miniaturized Huawei backed by China’s government. Alibaba and Tencent, China’s answers to US Big Tech, make it into the top 50 as well. And several other Chinese names feature in the top 100.

Detractors have long argued that open source is risky business because it exposes organizations to code written by naughty characters. But its use in critical infrastructure looks set to grow.

The clampdown on Chinese vendors has buoyed a technology alternative called open RAN, designed to standardize the interfaces between different parts of the radio access network. This, supporters argue, would afford more specialist vendors a role.

Yet open RAN, as envisaged by Europe’s biggest operators, would also be heavily reliant on open-source code.

This much was made clear in a list of open RAN technical priorities, issued last year by Deutsche Telekom, Orange, Telefónica, TIM (Telecom Italia) and Vodafone.

Kubernetes, they said, should be the “mainstream implementation” of the cloud platform that hosts open RAN functions and applications. A follow-up document published earlier this year shows they have not changed their minds.

Western authorities are uneasy. In May, a report commissioned by EU member states about the cybersecurity implications of open RAN pointed out that “open-source software can provide attackers with a target-rich environment due to its widespread use.”

Earlier in the same report they had noted that “the possible use of open-source components could mean that the vulnerabilities are publicly known and could therefore be more easily exploited by malicious actors.”

Safety in numbers

The people who trade in open source dismiss these fears as nonsense. Code exposed to the world’s scrutiny cannot logically be less secure than proprietary software hidden from view in development stage, they argue.

The safety-in-numbers rationale assumes that criminals stand little chance of breaking in and causing damage when there are so many sentries stationed around the building.

“The advantage of an open model is that many people review the code that goes into open-source projects,” said Chris Wright, the chief technology officer of Red Hat.

“A lot of intellectual power goes into not just creating the code but also reviewing the code to make sure it meets the community’s standards for what should be produced.”

For a company like Huawei, already on the watchlist, slipping malicious code into Kubernetes would be like spiking a drink in public while forced to wear a “this barman is dodgy” T-shirt.

To read the complete article, visit Light Reading.

 

 

 

Tags: Applications Companies Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Funding Interoperability News Policy Public Safety Security Software State & Local Government System Design System Operation Tracking, Monitoring & Control Partner content

Most Recent


  • Sesame Solar leverages mobile solar, hydrogen to power efforts beyond the grid
    Michigan-based startup Sesame Solar recently launched the latest version of its easily deployable nanogrids that promise to deliver electric power indefinitely—without the need for diesel-powered generation—via complementary solar and hydrogen-fuel-cell technologies, according to company co-founder and CEO Lauren Flanagan. “What we’re announcing is the world’s first 100% renewable, mobile emergency-response nanogrid,” Flanagan said during an […]
  • Huawei’s big role in open source threatens new security backlash
    Newscan: On front lines, communications breakdowns prove costly for Ukraine
    Web Roundup Items from other news organizations On front lines, communications breakdowns prove costly for Ukraine Recording between dispatcher, firefighters gives new insight into human-smuggling tragedy Updated digital forensics database speeds criminal investigations Frontier Communications facing questions after rural Arizona 911 outage 911 center software can interpret any language used in text message CISA: Switch […]
  • China-backed APT pwns building-automation systems with ProxyLogon
    A previously unknown Chinese-speaking advanced persistent threat (APT) is exploiting the ProxyLogon Microsoft Exchange vulnerability to deploy the ShadowPad malware, researchers said — with the end goal of taking over building-automation systems (BAS) and moving deeper into networks. That’s according to researchers at Kaspersky ICS CERT, who said that the infections affected industrial control systems […]
  • Samsung fills its 2G hole in new challenge to Ericsson and Nokia
    “If you can make gigabit speeds through software on vRAN, how difficult can 2G be?” said Woojune Kim, Samsung’s global head of sales, when confronted at this year’s Mobile World Congress with the 2G hole in its product portfolio. Three months since then, “not that difficult” seems to be the answer, although the virtualized 2G […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Huawei’s big role in open source threatens new security backlash
    Newscan: National cyber director: Mandates coming to secure commercial information technology
  • Why AIs will become hackers
  • Old-fashioned trust still biggest challenge to connected autonomous vehicles
  • Australia’s chief scientist on enabling public trust in AI

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Sesame Solar leverages mobile solar, hydrogen to power efforts beyond the grid dlvr.it/ST8m3K

1st July 2022
UrgentComm

Newscan: On front lines, communications breakdowns prove costly for Ukraine dlvr.it/ST7fnC

30th June 2022
UrgentComm

China-backed APT pwns building-automation systems with ProxyLogon dlvr.it/ST6q7m

30th June 2022
UrgentComm

Samsung fills its 2G hole in new challenge to Ericsson and Nokia dlvr.it/ST6hBK

30th June 2022
UrgentComm

Militarized drone swarms coming dlvr.it/ST6dNz

30th June 2022
UrgentComm

Take American City & County’s budgeting survey dlvr.it/ST6Yxb

30th June 2022
UrgentComm

Final cases made about Airwave, ESN, before CMA issues provisional decision on Motorola Solutions dlvr.it/ST4Q6X

29th June 2022
UrgentComm

Polaris Wireless: Manlio Allegra talks 911 Z-axis tech, future IoT opportunities dlvr.it/ST1384

28th June 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X