US officials ask for delay to Huawei ban on competition grounds – report

Deputy Director of the Office of Management and Budget Russell Vought has requested the ban on Huawei technologies be delayed by two years, sounding very similar to Huawei’s own argument.

In a letter to the White House, Vought is arguing the ban should be delayed in certain areas to ensure national security considerations and objectives can be suitably met in the new procurement landscape. Vought is currently on the clock, as rules signed into law last year are to be officially introduced in 2020. These laws would place a ban on any government funds being used to purchase Huawei products, services or components.

The issue which is currently being faced is in the procurement functions. Vought is suggesting the ban has been rushed in and would significantly reduce the number of vendors available for government agencies to work with. Interestingly enough, this is remarkably similar to the argument Huawei has been using to counter the ban. Of course, this reference would certainly not be made by the White House.

Plenty of arguments have been put forward by the under-fire Chinese firm, most recently there has been a challenge to the constitutional legitimacy of the rules, though the competition claim is one which was made back in October 2018.

At the time, Huawei suggested that banning its technologies and services in the US could hand control of the global 5G economy over to China. In a filing to the FCC, Huawei suggested the price and speed of infrastructure deployment would be impacted as competition would be reduced. This is quite a reasonable point to make as this segment of the telecom’s world is incredibly short on tier-one suppliers, or at least those which can match the quality of equipment provided and the support services which follow.

The letter from Vought is not making the exact same point, but the principle is very similar. Too many contractors rely on Huawei in their own supply chain, therefore banning Huawei would prevent any government agencies from working with these vendors. This would decrease competition for valuable contracts, potentially pushing up the price while lowering the quality of service offered.

Although the US has made its stance against China and Huawei very clear, the White House has shown on numerous occasions it is willing to be flexible with its own principles if it suits its own agenda. President Donald Trump attempted to reverse the ban on ZTE last year, once it had achieved its aims, only to face opposition in the House.

It would appear the national security argument can once again be ignored if there is too much pain is experienced by federal agencies. There seems to be little concern of the impact to private industry, see the complaints from rural telcos or those organizations where Huawei is an important customer, with these companies little more than pawns ready for sacrifice.

Perhaps we should be surprised at the consistency of hypocrisy coming out of the White House, but such are the lowly levels standards are currently being set, we are not.

Pompeo reiterates intelligence threat over Huawei

US Secretary of State Mike Pompeo is on another European road trip just to make sure those rational and pragmatic Europeans understand the threats from the US.

Speaking at a press conference with German Foreign Minister Heiko Maas, Pompeo underlined the US stance with the thickest of marker pens and reiterated the US threats with serious authority.

“We also had part of conversations about other elements of China,” said Pompeo. “We’ve been pretty clear about how we view the risk connected to Huawei and 5G infrastructure. The internet of the future must have Western values embedded in it.”

Pompeo’s first mission is to address the Chinese threat, of which Huawei is considered a major cog, but that is not taking up all of his time.

“We have a second mission which is to educate our friends about these risks as well,” said Pompeo. “We talk to them plainly and openly. They’ll make their own decisions, Germany is thinking about it, but we will speak to them openly about the risk we see and how we think they can be mitigated. In the case of Huawei, our concern it that it is not possible to mitigate those [risks] anywhere inside of a 5G network.”

Pompeo clearly feels his European counterparts do not comprehend the severity of the Huawei threat, and he has taken it upon himself to lead the crusade in educating the world on the risk.

And if the world doesn’t understand, access to US intelligence will be withdrawn.

One of the issues which might cause further friction is the inability for the US Government to distinguish between core and non-core elements of the network. This is what Europe is basing its decisions on, allowing Huawei to operate in the ‘dumb’ parts of the network but not the core. For the US, this is not good enough, and never will be.

We expect a lot more huffing and puffing from the White House propaganda machine and the fear-mongering puppets of Trump over the next couple of weeks, though it will be interesting to see whether the US follows up on threats to reduce visibility of its intelligence data.

Huawei claims its US ban is unconstitutional

Huawei has continued its counter-assault against the US, suggesting the 2019 National Defense Authorization Act (NDAA) contradicted the country’s constitution.

Signed into law in August 2018, the NDAA effectively banned Huawei and ZTE from any meaningful work in the US. The language was suitably nuanced to ensure this wasn’t a total ban, but the conditions made it difficult for Huawei to contribute any components, products or services to government or state-funded projects. Due to the intricacies of network investments, almost all major projects could be deemed state-funded by one means or another.

While Huawei has not taken this action from the US Government sitting quietly, this latest move challenges the legal foundations of the legislation, suggesting such actions from the White House and Congress are unconstitutional.

“As explained in the motion, the Constitution generally limits Congress to enacting laws and requires that application of those laws be left to the Executive and the courts,” said Glen Nager, the lead external counsel for Huawei and Partner at Jones Day.

“Congress may not selectively punish specific persons; Congress may not selectively deprive specific persons of property or liberty; and Congress may not itself exercise executive or judicial powers. But section 889 violates all of these constitutional rules.”

According to the filing, section 889 of the NDAA violates the Bill of Attainder, Due Process, and Vesting Clauses of the US Constitution. Huawei and its lawyers will argue the law should not be allowed to target specific companies and/or persons, while US politicians specifically targeted the firm during the legislative debate process, blatantly proclaiming an objective was to ‘banish’ Huawei from the country.

The Bill of Attainer clause suggests no bill can be passed into law which singles out an individual or group for punishment without a trial. As the US has passed this law without any formal legal proceedings against Huawei, it would appear there is a good case here.

Huawei’s lawyers also claim section 889 violates due process and the separation of powers, in that it is selective legislation targeting Huawei specifically. The filing also argues deprives Huawei of protected property and liberty interests without affording it constitutionally necessary due process. And finally, Congress has assumed the fact-finding and law application functions of the executive and the courts, ignoring the separation of power clause.

Should the courts be in agreement with Huawei’s position, it would appear politicians were in too much of a rush to make a move against China and its telco flagbearer. Another interesting consequence might be the burden of proof.

To date, little, if any, evidence has been offered to back up US propaganda against Huawei, though if the filing proves the NDAA is unconstitutional, the US Government might be forced to table any evidence it has. If the choice is between this law dwindling into non-existence or tabling evidence of collusion, the nuanced conflict between the US and China might be about to become much more substantiated.

ZTE moves to prove its own security credentials

Taking a page from the Huawei playbook, ZTE is opening its own European cybersecurity lab to demonstrate its own security credentials and appeal to customers.

Although Huawei is taking a battering on the US side of the Atlantic, European nations have stubbornly stood by the side of reason and reasonable behaviour, asking for evidence before signing an execution order. One of the reasons for this will be the apparent transparency to security through its cybersecurity centres in the UK and Belgium, and it seems ZTE is following suit.

“The security lab is an open and cooperative platform for the industry,” said Zhong Hong, ZTE Chief Security Officer.

“ZTE plans to gradually achieve the cybersecurity goals through three steps: first, meeting the requirements of cybersecurity laws, regulations and industry standards as well as certification schemes; second, conducting an open dialogue to enhance transparency and establishing cooperation with customers as well as regulatory agencies; and third, sustaining the open cooperation mechanism to contribute to cybersecurity standardization.”

Opening in Rome, the cybersecurity lab will enable telcos to contribute ideas to improve the security credentials of ZTE products, while customers will also be able to conduct audits of all products and services in the labs. This approach is seemingly working for Huawei, and ZTE is recognising the opportunity to get in on the action as 5G ramps up across the continent.

For ZTE this is a perfectly sensible move to mitigate against future risks. As Huawei is largely a proxy for Chinese aggression, it would be reasonable to assume any action taken against Huawei would be replicated against ZTE. Anything which can be done to get into the good graces of potential European customers should be seen as a priority.

Although it is for selfish reasons, the cybersecurity centre also adds more credibility to the standardisation approach which seems to be forming across the European continent. The more vendors who agree to the higher barriers to entry, the closer the continent comes to standardising security credentials. This approach to risk mitigation, an acceptance that 100% secure is an impossible objective, manages threats while also preserving competition.

Until there is concrete proof of collusion with the Chinese government for nefarious aims, this is the most sensible approach, taking the argument out of the political arena.

Chinese spying law, no idea what you mean – Huawei Chairman

Huawei Chairman Liang Hua is the latest to enter the fray to defend the principles and reputation of the telco vendor, this time questioning the legitimacy of accusations.

Speaking during a roundtable session in the wings of Huawei’s latest London event, Hua gave a measured representation of the firm. Once again, Hua put forward the idea of assessing technology and security on merit and evidence instead of political rhetoric, but the Huawei boss also questioned the legitimacy of accusations levelled at the vendor.

“When we are operating globally we are committed to be compliant with regulations in that country,” said Hua.

This is one of the statements which Huawei executives have used consistently through the saga. Huawei is a global organization with customers in more than 130 countries. It operates in utter compliance with local laws and regulations, otherwise it would undermine customer confidence and validity of the firm in that market. Anything aside from compliance would destroy its own business and doom the firm to failure.

This statement is all well and good, though many will still wonder with caution. There is after all a Chinese law which forces companies to adhere to the demands of the government.

Or is there? Hua is adamant there isn’t.

“Chinese officials on many occasions have stated there are no laws which require enterprises to collect information for the government,” said Hua. “So far, we haven’t received any requests of this kind from any department.”

The denial goes all the way to the top as well. Back in March, Premier Li Keqiang firmly denied the government would, or has, forced Chinese companies to assist it in intelligence gathering activities.

“This is not how China behaves,” said Keqiang. “We did not do that and will not do that in the future.”

Technically, Hua is correct in denying the law exists explicitly. There are no such laws written to suggest Huawei, or any other Chinese firm for that matter, would have to relay information to the Chinese government or insert backdoors into software. It isn’t in concrete language.

However, there is a law which requires Chinese firms to ‘co-operate’ with state departments for ‘intelligence activities’. The way in which it is written is suitably vague enough to ensure wiggle room on both sides. In theory, the government could compel Huawei to assist, however, there are also safeguards built in to prevent ‘abuse’.

Under Chinese law, government departments are banned from forcing a company from acting against ‘legitimate’ or ‘legal’ interests. Technically, if it is bad for business or illegal in the country of operations, Huawei can refuse the request from the government.

There might be some who still don’t believe this position, questioning the nuance of language. However, Hua has endorsed recent statement from founder Ren Zhengfei, where the media-shy former executive promised to shut down the company if he or any employee was forced to act as a puppet of the Chinese state.

Whether anyone actually believes this statement is down to personal opinion, but always remember, shutting down Huawei would cause as many problems as it solves. Huawei is renowned for its post-sale customer service, and any vendor would have to prove its customer support credentials for the lifecycle of products it sells. If the company just shut down, all of Huawei’s customers would be on their own, attempting to maintain products in the wild when they do not have the personnel to do so.

Opinions on how deeply embedded Huawei is in the Chinese government’s pocket vary quite wildly, though it is always worth remembering the facts instead of being swept away in the political rhetoric. There is a law which compels Chinese companies into acting on behalf of the government, but there are also clauses which mean the company can refuse to do so if said actions would mean breaking the law in that market.

Huawei is a company which is in a sticky position right now. Of course, there are still markets where the firm will make billions, but there are others where the risk of limited operations or being completely shut out is present. The question is what approach will these precarious markets take?

“Cybersecurity is indeed an important element,” said Hua. “We are happy to see the cyber security issue raised and we believe it is a technical issue at the core.

“The UK government has established a good mechanism to identify and mitigate risks.”

This is the approach Huawei has been pleading with governments around the world to take. Speaking in Shenzhen last month, cybersecurity boss John Suffolk told an audience of journalists Huawei had passed every security and resilience test which had been presented to the firm.

“Being a Chinese company means the spotlight will always be on you in some places, that is not our fault but something we will deal with,” said Suffolk.

Huawei is attempting to move the conversation back to technology. If it remains in the realms of politics, it will lose. Such is the political power of the US, eventually trade partners will crack. But this also leaves the UK in a very sticky position. It is reliant on the ‘special relationship’ which is so frequently brought up, but the silk road is lucrative.

Unveiled at the same London event, an Oxford Economics report suggested Huawei has a £1.7 billion impact on the UK economy. This is through direct employment and tax, indirect employment through its supply chain and also induced impact from the money spent by those employed directly and indirectly. Critically, Huawei also inspires a notable amount of R&D in the UK.

While the £1.7 billion contribution to the national economy is only 0.01% of total GDP, the £112 million R&D expenditure in the UK during 2018 accounted for 0.3% of the total in the UK. Huawei is punching above its weight from a monetary contribution, and the 35 partnerships with UK universities is also a factor to consider. Increasing R&D investments across the country is a key ambition of the UK government, therefore it will want to tread carefully around Huawei.

Another factor to consider is the direct investment made by Huawei in the UK. It currently employs 1600 employees in the UK, each contributing 3X more to the economy (tax, output, expenditure etc.) than the average UK employee. Most importantly however, this is an industry with further room for growth, which doesn’t displace any UK business.

The more successful Huawei is, the more success is brought into the UK economy and society, should current investment trends continue. However, Huawei’s direct competitors are Swedish and Finnish. These companies do have operations in the UK, though the displacement effect will be felt more in the Nordics than here.

Although the final decision from the UK’s supply chain review is due to be released in the next couple of weeks, you can see why the investigation has taken so long. There are plenty of moving parts to consider and, while it should not be considered a silver bullet, Huawei’s presence and investment in the UK means a lot to the economy and society.

UK questions Huawei security credibility

The oversight board responsible for mitigating the risk associated with Huawei products has released a new report which questions whether using equipment from the vendor is the best idea.

The Huawei Cyber Security Evaluation Centre (HCSEC) has released its annual audit which effectively gives a temperature reading on the appropriateness of Huawei kit for UK infrastructure. In the past it has brought up issues with the equipment, though Huawei has always been pretty sharp and compliant when addressing any concerns.

However, the HCSEC is now stating Huawei has not addressing underlying issues which were raised during the last report, and therefore Huawei’s role in the future communications infrastructure of the UK should be questioned. It has stopped short of calling for a ban on the equipment, but unless Huawei addresses the concerns very quickly, the recommendations will become a lot sterner.

“At present, the Oversight Board has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects,” the report states.

“The Board will require sustained evidence of better software engineering and cyber security quality verified by HCSEC and NCSC.”

Last years reports brought forward several software issues, though it was brought firmly to Huawei’s attention. This years’ report demonstrates frustration from the HCSEC in that the previously highlighted issues have not been addressed, suggesting Huawei might not be able to fix larger scale issues which might arise in the future. This is the first time HCSEC has questioned whether Huawei is fit for purpose.

For Huawei, this is a wake-up call. Europe has been quite understanding and tolerant of Huawei over the last couple of months, especially considering the lobby effort from the US, though it won’t take too much to sway the balance of opinion.

This report also comes at a critical time where Huawei will need to be on its best behaviour. With the European Commission outlining new security mechanisms to mitigate risk in the 5G era, each member state will have to perform at extensive security audit. If the UK is raising the red-flag of Huawei software, and 27 other countries forensically examining all potential security threats, any minor cracks will certainly be found.

Over the next couple of months, all the European Union member states will be submitting reports identifying any risks associated with communications infrastructure. These reports could lead to the ban of products, services and suppliers. This report from the HCSEC is not the best start for Huawei.

Kaspersky Labs unveils another supply-chain threat

While the security vendor has not revealed all the details just yet, a new cybersecurity incident demonstrates how dangerous it can be to focus too acutely on a single threat in the ecosystem.

This is the trend we’ve been seeing in recent months. The rhetoric is so narrowly directed towards China and alleged puppets of the Chinese Government, few are able to talk about anything else when security is raised as a topic. With this incident, Kaspersky Labs has demonstrated threats are everywhere and nefarious actors are completely impartial when it comes to exploiting vulnerabilities.

“A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels,” Kaspersky said in a blog entry.

The trojanized utility was signed with a legitimate certificate and was hosted on the official ASUS server dedicated to updates, with Kaspersky estimating one million users could be affected by the malware. The attack is similar to the CClearner incident, a remarkably sophisticated attack.

Here, Chinese speaking actors infiltrated Piriform’s compilation environment, the company responsible for developing CCleaner, software used for cleaning potentially unwanted files and invalid Windows Registry entries. This seemed to be an example of a company believing itself too unimportant to be a target, but because its software is used by other companies it was a useful way to gain entry.

The malware was distributed to just over two million users, though at this stage it only analysed the activities of the users. The first script was only used to identify 40 users who were relevant for the second-stage of the attack. The second stage was a similar targeting activity, whittling the target pool down to four, all of whom worked for high profile tech companies and IT suppliers. Those four were delivered tailored build of the ShadowPad malware, creating a backdoor to certain employees of high-profile companies.

In the ASUS example, the company has been informed and the vulnerability corrected. Details of this attack are very thin on the ground, though it has been verified by other security experts, Kaspersky Labs is waiting for the next big cybersecurity conference to unveil the full paper.

This does validate the European approach to dealing with the threat of espionage in the 5G era. A culture of impartial suspicion is the most logical and reasoned approach to risk management.

While some have been quick to ban Huawei and other Chinese vendors from infrastructure deployment, it does not solve the problem. It is a way to appease the masses, giving politicians a chance to point at the bans and promise safety.

Of course, the governments who have banned Huawei will still be on the look out for nefarious actors, but the bans simply create a false sense of security for those who are not suitably educated in the dangers of the digital economy. Effectively, the majority of society.

In the ASUS and CCleaner incidents, hackers attacked innocent organizations which many people would never consider a risk. The aim was to penetrate the supply chain somewhere suspicion wouldn’t be aroused, allowing the threat to climb through the virtual maze and find the desired target.

“Supply chain risk is one of the biggest challenges in cyber today. Tech companies issuing remote patching and remote updates to customers are increasingly targeted because of their broad, trusted relationships with their customers,” said Jake Olcott, VP Government Affairs at BitSight. “Companies must conduct more rigorous diligence and continuously monitor these critical vendors in order to get a better handle on this risk.”

The approach to security across Europe seems to be taking into account these risks. Yes, China remains under scrutiny, but by escalating the concept of risk throughout the ecosystem, threats are being mitigated everywhere. It is very easy to blame a single company or country, but it is not the most sensible approach to take.

Supply chains in the digital ecosystem are incredibly complex, bringing in different vendors from all walks of life. Some of these will be from Asian countries and some will be SMEs in South Dakota, but the strength of their own security procedures will be incredibly varied also. It only takes one weak link to compromise the entry chain.

US mulls bill for minimum IoT security requirements

A cross-party delegation of US politicians have introduced a bill which will aim to create minimum security standards for any IoT devices used by government agencies and departments.

Led by Democratic Congresswoman Robin Kelly and Republican Congressman Will Hurd, the bill has gained notable support already. While this is a perfectly logical step forward to ensure the integrity and resilience of government systems, the fact the politicians seem to be taking an impartial approach, not targeting a single company or country, is much more encouraging.

“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure,” said Kelly. “Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices. It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”

“Internet of Things devices will improve and enhance nearly every aspect of our society, economy and our day-to-day lives,” said Hurd “This is ground-breaking work and IoT devices must be built with security in mind, not as an afterthought. This bipartisan legislation will make Internet of Things devices more secure and help prevent future attacks on critical technology infrastructure.”

When discussing digital security, a mention of Huawei or China is never far away, but this seems to be an effort to mitigate risk on a much grander scale. Yes, the US does have ideological enemies it should be wary of, but it is critical politicians realise there are risks everywhere throughout the digital ecosystem.

It is easy to point the finger at China and the Chinese government when discussing cybersecurity threats, though this is lazy and dangerous. Having too much of a narrow focus on one area only increases the risk of exposure elsewhere. Such are the complexities of today’s supply chain, with companies and components spanning different geographies and sizes, the risk of vulnerability is everywhere. It is also very important to realise cybercriminals can be anywhere; when there is an opportunity to make money, some will not care who they are targeting. Domestic cybercriminals can be just as much of a threat as international ones.

This impartial approach, applying security standards to IOT devices regardless of origin, is a much more sensible approach to ensure the integrity of networks and safeguard sensitive data.

Of course, this is not necessarily a new idea. Many security experts around the world have been calling for a standardised approach to IOT security, suggesting certification processes with minimum standards. Such a concept has already been shown to work with other products, such as batteries, therefore establishing a baseline for security should not be considered a particularly revolutionary idea.

What is also worth noting is that while this is a good idea and will improve protections, it is by no-means a given the bill will pass into a law. A similar bill was launched in 2017, though it was quashed.

UK Government says company boards still don’t get cyber-security

The UK Government has released its 2019 ‘Cyber Governance Health Check’ which claims only 16% of executives have an understanding of cyber-security threats.

It might sound like the beat of an old drum, but eventually management teams will get the idea. Each week new reports emerge suggesting security is an under-appreciated and under-funded aspect of the digital economy, and this week the Government is throwing its own arguments forward. This report measured the attitudes of the FTSE-350 companies across the UK.

“The UK is home to world leading businesses, but the threat of cyber-attacks is never far away,” said UK Digital Minister Margot James. “We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber-attack.”

While the report suggests 96% of businesses have a cyber-security strategy in place, this might prove to be somewhat of a misleading statistic, offering misplaced comfort. The presence of a strategy is irrelevant when the funds are not being appropriately allocated to put the plan into action. If only 16% of the purse-string holders understand the threat, appropriate investments are not going to be made, therefore the problem will persist.

“This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made,” said James. “Cyber-security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.”

Awareness of cyber-security threats are increasing, 72% of respondents to the survey acknowledge the risk of cyber threats is high, and while this is an improvement on the 52% in the 2018 report, this number is still too low.

This is the position many businesses are in. Security is a recognised threat, but with many board members under pressure to produce profitability, funds are being directed to areas which will add to the bottom line. Security is not one of these areas, though the emergence of GDPR and changing consumer attitudes should help this.

Firstly, GDPR was introduced last year, though the first punishments are beginning to be handed out. As soon as board members start to see the hefty GDPR stick swinging, punishing those who are not deemed sufficiently prepared for a cyber-security breach, attitudes will change. The fines can be eye-wateringly high, and if you want to make an executive listen to you, hit them in the wallet.

Secondly, consumers are becoming more security-conscious. With breaches becoming more widely reported in the press and scandals drawing attention to data privacy demands, consumers (and enterprise customers for that matter) are becoming more aware of what should be considered adequate. Security will soon become a factor in the purchasing decision-making process, and companies will have to prove their credentials.

The tides are slowly turning, and soon enough the digital economy might be equipped to deal with the threat of the dark web. That said, with the astronomical pace of progress, you have to wonder whether the challenge is starting to become too big for the chasing peloton.

“Cyber-security is a mainstream business risk, and board members need to understand it in the same way they understand financial or health and safety risks,” said Ciaran Martin, CEO of the National Cyber Security Centre.

Orange builds out security credentials with SecureData acquisition

Orange has announced the acquisition of SecureData, building out the increasingly extensive cybersecurity operations at the telco.

The Orange Cyberdefense Division is another one of Orange’s ventures into the world of differentiation. Like banking and smart home services, this is not a segment which is necessarily core for the telco, but with a close enough link to connectivity it’s a low risk approach to diversification. With annual sales approaching €300 million, over 1,300 employees and a presence in 160 markets, it is also fast becoming more than just an ‘other bet’.

In SecureData, Orange has bought itself more of a presence in the UK, the largest Western European market for managed security services. SecureData’s existing Security Operations Centre (SOC) in Maidstone will add to the existing 9 Cyber SOC’s and 4 CERT’s around the world. The footprint is steadily increasing, gradually making the Orange security business more appealing to both national and international customers.

“SecureData, just like Orange Cyberdefense, has successfully made the transition toward Managed Security Services, and shares the same passion for Cyber,” said Hugues Foulon, Executive Director of Strategy and Cybersecurity activities at Orange.

“Cybersecurity has become a critical element for both large and small companies as they evolve in an increasing digital-reliant world. We are convinced that the combined expertise of Orange Cyberdefense and SecureData will provide a powerful resource for our customers in ensuring the protection of their valuable data.”

While Orange has not necessarily been spraying the cash everywhere, it has steadily been building its cybersecurity credentials. Aside from this purchase, Atheos and Lexsi are two other examples, with the services now being extended to 160 different countries.

These two acquisitions do date back a few years, though in cybersecurity Orange has once again proved it can think ahead of the game. This is a segment which is only starting to get the attention it rightly, and responsibly, deserves but it has been an ambition for Orange for years.

A recent survey from Tripwire claims 60% of respondents were more concerned about IoT security in 2019 compared to the previous year. IoT is a blossoming segment, an opportunity many companies will want to take advantage of for both new revenues and operational efficiency, but few know how to keep themselves secure. The perimeter of the network is about to vastly expand, but right now it is nothing more than a risk. Security needs to radically rise up the agenda.

Like getting ahead of the fibre trends across Europe, Orange looks like it onto a winner with a focus on cybersecurity. With tighter regulations on data protection and privacy, combined with increased public backlash with recent breaches and leaks, as well as new business models, security is becoming more of a priority for companies. The low-risk, long-thinking approach from Orange definitely looks to be paying off.