Can Supply Chain Security be a Real Thing?

| Matt Wyckhouse
Matt Wyckhouse

Cybersecurity firm Finite State issued a recent report concluding that telecommunications equipment made by Chinese firm Huawei present a higher percentage of security vulnerabilities than equipment produced by other firms.

A story in The Wall Street Journal citied numerous sources inside the Administration who pointed to the report as further evidence that the company’s firmware can’t be trusted.   

Finite State says it analyzed more than one and a half million files that were embedded in close to 10,000 firmware images that support hundreds of Huawei products and found that more than half of the images contained at least one security vulnerability.

In a statement posted to their website, Huawei said the Finite State report doesn’t tell the whole story. 

The Cipher Brief spoke with Finite State CEO and co-founder Matt Wyckhouse about the report and why he thinks supply chain security when it comes to 5G is within reach.  The conversation has been slightly edited for length and clarity.

This is Cipher Brief Level I Member Only content. It can be accessed via login or by signing up to become a Cipher Brief Member.  Joining this high-level, security-focused community is only $10/month (for an annual $120/yr membership). What a great and inexpensive way to Feed Your Need to Know….

 

 

The Author is Matt Wyckhouse

Matt has 15 years of experience leading and developing advanced software products with a principal focus on capabilities supporting offensive and defensive cyber operations. Prior to starting Finite State, Matt spent most of his career at Battelle, the world’s largest private R&D company. Matt was the technical founder of Battelle’s Cyber Innovations Business Unit and served as its CTO for five years. In that role, Matt oversaw dozens of simultaneous intelligence and security... Read More

Learn more about The Cipher Brief's Network here.