Huawei’s counter-strategy is becoming clearer with a move to ingratiate itself to European regulators and operators.
Today the embattled Chinese kit vendor opened a new cyber security transparency centre in Brussels. It dragged a bunch of regulators, operators, other companies, media, the GSMA and even the World Economic Forum to the opening ceremony in a clear bid to demonstrate to the whole of Europe how clean its hands are on the matter of security.
“Trust needs to be based on facts, facts must be verifiable, and verification must be based on common standards,” said Ken Hu, Huawei’s Deputy Chairman, at the opening ceremony. “We believe that this is an effective model to build trust for the digital era.” This seems to be a clear reference to the way in which the finger of suspicion has been pointed at Huawei, which the company feels has lacked concrete evidence.
The announcement stresses the need for consensus, common standards and collaboration in tackling security challenges Huawei insists are everyone’s problem. This also seems like a clever strategic play by attempting to move the security spotlight away from Huawei alone and making it a collective issue.
But there’s no escaping the fact that the main purpose of this transparency centre is to try to prove to Europe that Huawei presents no greater security threat than any other networking vendor. Here are the three main things it’s designed to achieve, according to the press release.
- First, the Centre will showcase Huawei’s end-to-end cyber security practices, from strategies and supply chain to R&D and products and solutions. This will allow visitors to experience cyber security with Huawei’s products and solutions, in areas including 5G, IoT, and cloud.
- Second, the Centre will facilitate communication between Huawei and key stakeholders on cyber security strategies and end-to-end cyber security and privacy protection practices. Huawei will work with industry partners to explore and promote the development of security standards and verification mechanisms, to facilitate technological innovation in cyber security across the industry.
- Third, the Centre will provide a product security testing and verification platform and related services to Huawei customers.
“We fully understand cyber security concerns that people have in this digital world,” said Hu. “I believe that good solutions to solve the issue start from mutual understanding, which is the purpose we set up the transparency centre here today. We welcome all regulators, standards organizations, and customers to fully use this platform to collaborate more closely on security standards, verification mechanisms, and security technology innovation. Together, we can improve security across the entire value chain and help build trust through verification.”
Europe will be a critical front in Huawei’s counter-attack against the US. It’s opting for direct confrontation in North America, but a softer ‘hearts and minds’ approach in Europe seems correct. Huawei must be hoping that if it can divide the US allies it will be able to conquer the world, and while that may be a bit of a reach, every concession it makes to transparency puts a greater onus on the US to present solid evidence against it.
Hu wasn’t done banging on at the event and did a great big speech too. Here it is in its entirety.
Good morning, ladies and gentlemen. Thank you for joining us today.
I am very pleased to be back in Brussels.
This city is leading the efforts to address major challenges from global warming to education, from economic development to changes in the workplace – the policymakers here in Brussels are looking for solutions to challenges that we all share. This includes cyber security.
Last year at the European Business Summit, I announced our plans to open this Cyber Security Transparency Center here in Brussels. Looking at the events from the past few months, it’s clear that this facility is now more critical than ever.
Cyber security challenges
We are getting into a digital world very fast, and we all agree that trust is the foundation for a healthy digital environment. But as technology evolves, it’s more difficult to build that trust.
Right now, we see four main challenges to building trust.
First, fast developing digital technology has brought many new security challenges. For example, traditional telco networks have evolved from closed networks to internet-based networks. More and more digital content and services are migrating to cloud data centers.
As more devices go online, and our smartphones become more powerful, networks have much greater attack surfaces than ever before.
Second, as a global community, we lack a common and unified understanding of cyber security. Governments, business communities all talk about the importance of cyber security.
However, the fact is that both the public and private sectors lack a basic common understanding of this issue. As a result, different stakeholders have different expectations, and there is no alignment of responsibilities.
Third, as a whole, the industry lacks a unified set of technical standards for security, as well as systems for verification. This is complicated by globalization of the value chain. Digital products include components from many different countries, with many different standards, or no standards at all.
There is an urgent need to invest in security standards and verification systems at the national level, as well as professional resources and skills.
The fourth challenge is governance. In some countries, cyber security management lacks legislative support, and cyber security enforcement is not mature.
These are all real challenges, and we fully understand the cyber security concerns that people have in an increasingly digital world. Cyber security is a challenge we all share. To address these challenges, I believe that mutual understanding is the starting point.
To build a trustworthy environment, we need to work together.
Laying the foundation for trust with unified standards and verification
At Huawei, we have the ABC principle for security: “Assume nothing. Believe nobody. Check everything.”
Both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumour. We believe that facts must be verifiable, and verification must be based on standards.
So, to start, we need to work together on unified standards. Based on a common set of standards, technical verification and legal verification can lay the foundation for building trust.
This must be a collaborative effort, because no single vendor, government, or telco operator can do it alone.
Second, we need to work together to clarify and align our responsibilities. This includes all stakeholders: regulators, standards organizations, telcos, and technology providers.
For technology providers like Huawei, our responsibility is to fully comply with standards. But that is not enough. Security must be embraced as a greater social responsibility.
That means embedding trust in all end-to-end processes, and enhancing security through innovation and corporate culture.
For telco carriers, their responsibility is to ensure the cyber resilience of their own networks. Following industry standards, telco carriers need to build robust processes to identify cyber security risks. They need to develop risk mitigation plans, and protect customer data.
Finally, government and standards bodies need to work with all stakeholders on standards development. This is our shared responsibility. These efforts should focus on a holistic approach, including security standards, security verification mechanisms, and enforcement.
Europe has strong experience in driving unified standards and regulation. GDPR is a shining example of this. It sets clear standards, defines responsibilities for all parties, and applies equally to all companies operating in Europe.
As a result, GDPR has become the golden standard for privacy protection around the world. We believe that European regulators can also lead the way on similar mechanisms for cyber security.
Right now, for example, the GSMA is making great progress with their NESAS security assurance scheme. We believe that all stakeholders should get behind this framework. Ultimately, the standards we adopt must be verifiable for all technology providers and all carriers.
An open, digital, and prosperous Europe requires secure and trustworthy digital environment that meets the challenges of today and tomorrow. To lay the foundation for a trustworthy digital environment, both now and in the future, transparency, integrity, and accountability are essential.
Huawei’s Cyber Security Transparency Center
Today, we are opening the Huawei Cyber Security Transparency Center to help build that environment.
This center will provide a platform to enhance communication and joint innovation with all stakeholders. It will also provide a technical verification and evaluation platform for our customers.
Huawei strongly advocates independent and neutral third-party certification. Our Cyber Security Transparency Center will support that.
It will also give us a dedicated platform for constructive discussion, sharing best practices, and jointly addressing risks and challenges with our customers and partners.
We welcome all regulators, standards organizations, and Huawei customers to use this platform to collaborate more closely on security standards, verification, and secure innovation.
Together, we can improve security across the entire value chain and help build mutual, verifiable trust.
Security or nothing
Over the past 30 years, Huawei has served more than three billion people around the world. We support the stable operations of more than 1,500 carrier networks in over 170 countries and regions. In this time, we have maintained a solid track record in cyber security.
At Huawei, our promise is “Security or nothing.” We take this responsibility very seriously. Cyber security is our top priority across product design, development, and lifecycle management, and it is embedded in all business processes.
Looking to the future, we want to do more. We will keep investing in our cyber security and technical capabilities. This center is an important milestone in that commitment.
We also commit to working more closely with all stakeholders in Europe to build a system of trust based on objective facts and verification. This is the cornerstone of a secure digital environment for all.
As a city, and as an institution, Brussels reminds us of what collective effort and a clear vision can achieve. As people, as organisations, as companies, I strongly believe that we are always more effective when we work together.