To paraphrase the late rapper Biggie Smalls, it seems as if the technology world is plunging into a great unknown void, where cyber security issues, hacker invasions and device problems have become an everyday event. Apparently a major computer chip manufacturer has announced that there has been a known security problem with microprocessors they have made over the past 10 years (while one of their C-level people sold millions of dollars of stock before the announcement). So a vast majority of smartphones, laptops and desktop PCs are potentially hackable due to this manufacturing error, which has been known internally in the company for years.
As consumers and installers we inherently trust the major vendors of products to produce quality hardware and software, and we assume those devices have been thoroughly tested for potential threats.
Simply put, we are installing products that may include hardware and software flaws that can surface years later, with potentially dramatic damage to clients’ networks and their stored data. This scenario may put installing companies in legal jeopardy. I would take a close look at my contract forms and talk with a knowledgeable attorney about how to indemnify your firm from such potential cyber damages.
Huawei (pronounced “wah-way”) is a huge Chinese company which, along with other electronic products, provides low-cost and high quality cellular network components. Because of Huawei’s provenance and potential relationship with the Chinese government, the U.S. government has discouraged the use of Huawei products in U.S. cellular networks. Huawei cellular products are often priced at 70 percent less than their competitors, and seem to function quite well around the world.
According to Stephane Teral, executive research director at IHS Markit (WSJ, Jan. 9, 2018) the attempts by the U.S. government to block Huawei products are one of the key reasons for the high cost of cellular service in the U.S., which has the second highest average cost for cellular in the world.
The British, however, collaborated with Huawei to establish a laboratory that deconstructs and thoroughly tests Huawei equipment and software being deployed in their cellular networks. Huawei pays for the lab and personnel, and the Brits run the shop. So an “independent” body is charged with constantly testing Huawei products for potential security flaws.
Underwriters Laboratories (UL) has developed standards for cyber security with the latest version being the UL 290-2-3. Vendors can submit their products to UL, which will perform tests to check the devices for typical vulnerabilities. Smart contractors will check with UL to see that the IP devices they are planning to use have been tested. This is a very important step that our manufacturers need to take with their products before they are introduced to the marketplace so that installation companies can be confident that they are not placing IoT time bombs in their clients’ systems. It is critical that installation companies in our business check with their major vendors to see whether they are submitting their IP devices to UL for testing. If not, maybe it’s time to look for another manufacturer who does have their devices tested.
This process will add to manufacturers’ costs and will likely produce a slight increase in the price of individual products, but it will be a small price to pay to know that the products have been tested for cyber security. Using tested products may also provide a sales benefit as your company can champion that you are putting in UL-tested products, while DIY and non-tested products may be exploited to create massive hacker attacks that shut down millions of IoT devices, potentially endangering our customers and the public at large.
Do you like reading Dave’s column? You can read each one and access the archives for more by Dave here