Huawei’s ABC principle in cybersecurity
Over the past 30 years, Huawei has served more than three billion people around the world. We support the stable operations of more than 1 500 carrier networks in over 170 countries and regions. In this time, we have always maintained a solid track record in cyber security.
Cyber security is a global issue. No single government or company can tackle this challenge alone.
ICT products are the result of a global supply chain. A single piece of equipment typically includes components sourced from all over the world. To deal with threats effectively, all vendors should be subject to the same, strict, international, common, globally-recognised standards, processes, and industry best practices. A holistic and comprehensive approach is needed in which everyone takes their fair share of responsibility.
Collaboration with European partners to create a safer online environment is at the heart of our strategy.
Our approach to cyber security is that everything needs to be built in rather than bolted on, and so we build security into every single aspect of our company, from strategy, governance and standards, to processes, manufacturing, third-party management, delivery, human resources and audit, as well as demanding the strictest compliance from our global supply chain.
Looking to the future, we want to do more. We will keep investing substantially in our cyber security and technical capabilities.
The Huawei Cyber Security Transparency Centre in Brussels is an important milestone in this commitment. It offers government agencies, technical experts, industry associations and standards organisations a platform where they can communicate and collaborate to balance out security and development in the digital era.
The centre has three major functions:
1. It showcases Huawei’s end-to-end cyber security practices, from strategies and supply chain to R&D and products and solutions. This allows visitors to experience cyber security in areas including 5G, IoT and Cloud.
2. The centre facilitates communication between Huawei and key stakeholders on cyber security strategies and end-to- end cyber security and privacy protection practices.
3. It provides a product security testing and verification platform, and related services, for Huawei customers.
Right now, there are four main challenges to building trust:
Fast-developingdigitaltechnologyhasbroughtnewsecurity challenges. As more digital content and services are migrating to cloud data centres and more devices go online, networks have greater attack surfaces than ever before.
The global community lacks a common and unified understanding of cyber security. Both the public and private sectors lack a basic common understanding of this issue. As a result, different stakeholders have different expectations, and there is no alignment of responsibilities.
The European Union should work towards a standards and evaluation scheme for 5G security. This should cover NESAS (Network Equipment Security Assurance Scheme) standards and the 3GPP-developed SCAS (SeCurity Assurance Specifications).
Governance is key. In some countries, cyber security risk management may not be based on concrete, transparent, non-discriminatory and proportionate criteria, which are not applied coherently across the EU.
Cyber security is a challenge we all share. To address these challenges, mutual understanding is the starting point. To build a trustworthy environment, we need to work together.
At Huawei, we apply a zero-trust principle for cyber security, ABC: A – Assume nothing. B – Believe nobody. C – Check everything.
Trust needs to be based on facts. Facts must be verifiable, and verification must be based on common standards. Huawei believes that this is an important model for building trust in the digital era.