Nokia Exec Says What He Thinks

One of Nokia’s most senior technology executives has made the mistake of badmouthing Huawei, and now Nokia has hung him out to dry.

Marcus Weldon, Corporate Chief Technology Officer and President of Nokia Bell Labs told the BBC  that vulnerabilities in Huawei code meant European companies should not use the Chinese vendor’s kit. He was quoting a report on Huawei’s networking equipment from US cybersecurity experts Finite State which has conducted a study of the cybersecurity-related risks embedded within Huawei network devices done by analyzing their firmware.

But putting down rivals isn’t the kind of thing big business does, certainly not in public, and particularly not when talking to the BBC. Nokia has issued a statement saying “These comments do not reflect the official position of Nokia. Nokia is focused on the integrity of its own products and services and does not have its own assessment of any potential vulnerabilities associated with its competitors.”, cue Nokia putting its crisis management team on danger money. Particularly since Huawei has fought back with a video and tweet urging co-operation rather than denigration to fix security holes.

The caution is sensible, as I’ve previously noted, how flaky Huawei kit is, is something we, as a nation, have looked at. No-one has done a line by line analysis of Nokia’s code and if they did, they would be sure to find some things which are less than elegant.

Weldon’s decrying of Huawei makes Nokia a hostage to fortune. The truth is not all code is finely honed by genius programmers to be portable, efficient, secure and readable. Real life isn’t like that, and if your concern is making it power efficient, it’s not going to be portable or readable. If your concern is security it’s not going to be power efficient. And what management really cares about is “Is it done yet?”  Finite State won’t have the luxury the U.K. National Cyber Security Centre Oversight Board has, of access to the source code. The NCSC conclusions included the comments “The Oversight Board continues to be able to provide only limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK” and “There remains no end-to-end integrity of the products as delivered by Huawei and limited confidence on Huawei’s ability to understand the content of any given build and its ability to perform true root cause analysis of identified issues”. So some things are sloppy, particularly if you look at them through the single lens of security.

All the people who might buy network apparatus are fully aware of all the issues. They also know that Huawei is the only manufacturer which has deployed 5G at scale, and they may well think that the ability to do the job proves that however much of a kludge the code is: it works.―Forbes