Huawei CEO tries to deflect cybersecurity spotlight onto Ericsson and Cisco

It was just a matter of time before Huawei played the whataboutism card and Founder/CEO Ren Zhengfei couldn’t resist in a recent interview.

Chatting to CNN in Shenzhen Ren said the following when referring to the US ban on Huawei gear: “They have to have evidence. Everybody in the world is talking about cyber security and they are singling out Huawei. What about Ericsson, what about Cisco, don’t they have cybersecurity issues? Why has Huawei been singled out? There’s no Huawei equipment in the US networks but has that made the US networks totally safe? If not how can they tell other countries that your networks will be safe without Huawei?”

When Huawei announced its lawsuit against the US government we figured it would have a pop at Cisco sooner or later, but Ren decided to involve Ericsson for good measure (but not Nokia). He has a bit of a point, we suppose, but there are a couple of flaws in this fallacious approach. Firstly, if he thinks any other vendors might be a security risk then he is subject to the same burden of proof he is applying to the US. Secondly, even if they are dodgy that doesn’t mean Huawei isn’t.

The main theme of this resumption of the Ren roadshow was to augment the points Huawei made when in its lawsuit. Ren stressed he would rather shut the company down than let the Chinese state muck about with it and said US tactics will result in scaring away investment in the country. He also tried playing the martyr card, insisting that what doesn’t kill Huawei will make it stronger and even suggesting this aggro represents a timely wake-upcall for complacent Huawei employees.

Ren’s media tour coincides with parallel attempts to win hearts and minds among US allies, but it looks like those are being trumped by a more direct approach from the US. A recent report from Bloomberg reveals German spooks think Huawei is just too dodgy to be allowed into the country’s 5G networks.

Apparently the German intelligence officials remain unconvinced by Ren’s vows never to collaborate with the Chinese state and are also worried about upsetting the US. “It’s above all a matter of trustworthiness and of the impact on our relationship with our allies,” a Foreign Ministry official told some parliamentary committee.

On top of that the EU has recently been publicly expressing concerns about Chinese 5G kit in general so, for the time being at least, momentum seems to have swung back in US favour. Ren’s attempt to metastasise the aggro to other networking vendors must be causing some alarm, not least because it raises the prospect of them being caught in the orbit of the law suit. If we’re on a Huawei to hell, we’re taking you with us, seems to be the message.

 

US reportedly pressures Germany over Huawei

After diplomacy failed to convince those pesky Europeans Huawei should be banned, the US has reportedly moved onto the tried and tested tactic for getting its way; being a bully.

It was never going to be long before the blunt hammer of political persuasion came out, and according to the Wall Street Journal, the White House is huffing, puffing and about to start swinging. The German Government has reportedly been told to ditch Huawei kit or it will be barred from accessing US intelligence databases.

Should the reports prove to be true, this would be the first time the US has threatened allies with direct consequences for ignoring the anti-China propaganda. That said, it should come as little surprise. The US is a political power not used to being told no, especially with the narcissistic President Trump acting as puppet master. Being nice can only get you so far, and the White House has seemingly had enough of those pesky Europeans making their own decisions.

While Huawei remains a company under scrutiny, the European nations has so far resisted any knee-jerk reactions. It has been rumoured Germany was preparing new security requirements which would protect itself and its citizens, but also allow Huawei to continue operating in the country, and last week was confirmation. The release of a draft bill, outlining the new security requirements laid out the German position; Huawei looked safe in Germany.

Germany is of course a large economy and a key trading partner of the US, though it is also a heavyweight amongst political featherweights in the European Union. In drafting these new security requirements, other countries across the bloc might follow suit, such is the influence of Berlin. Perhaps this is a situation which the dented-ego of the US would not allow, especially considering its lobby efforts have largely been ignored across the European continent.

With Europeans taking a more proportionate response to the threat of foreign actors, the US will of course not be happy. The bully of yesteryear is beating its chest, and collateral damage from the US/China trade war could be about to get much wider.

China backs Huawei for “refusing to be victimised like silent lambs”

Any remaining doubt that Huawei has become a pawn in a broader geopolitical game have been dispelled by the Chinese state’s direct involvement in its case.

At a press conference on the sidelines of the big National People’s Congress jamboree in Beijing China’s Foreign Minister Wang Yi made it clear that he has got Huawei’s back in the legal action it has taken against the US government. This appears to be the first time the Chinese state has decided to get publicly involved in the matter, although it has surely been highly active behind the scenes throughout the process.

Wang’s comments appeared to address both the lawsuit and the arrest of Huawei CFO Meng Wanzhou, who is in the process of being extradited from Canada to the US on fraud charges. The general tone of his comments is to paint the US as a bully and to praise Huawei for standing up to it. The possibility of Huawei or anyone within it actually having done anything wrong doesn’t seem to have been a consideration.

“We support the company and individual in question in seeking legal redress to protect their own interests and refusing to be victimized like silent lambs,” Wang is widely reported to have said. Meanwhile China Daily, to which we must credit the above image, reports that he said it is the duty of the Chinese government to protect the interests of Chinese businesses and citizens.

While it’s understandable that Wang feels that way it’s debatable how helpful this public intervention will be to Huawei. The fundamental charge against from a Western perspective is that it’s just too close to the Chinese state for comfort, so a protective outburst from that very same state would appear to confirm those suspicions.

Having said that it’s not like China can just take all this US provocation lying down. It might have decided to keep quiet about the US sales restrictions indefinitely if they hadn’t gone and arrested Wanzou, but now it’s personal. This marks the culmination of a counter-attack that has played out over the course of this week, about which the US has been uncharacteristically quiet.

Here’s a full translated transcript of Wang’s comments in Mandarin our research has dug up for you, which takes a slightly different slant on the ‘silence of the lambs’ quote.

Wang Yi: “We are determined to be impartial and objective, but it is plain to see that recent actions against Chinese businesses and individuals are not simply legal, but a deliberate political crackdown.  In this respect we have taken, and will continue to take, any steps necessary to protect the legitimate rights and interests of Chinese businesses and citizens, that is the absolute duty of the Chinese government.  At the same time we support the right of particular businesses and individuals to exercise their legal rights and safeguard their interests where appropriate and not be silent like lambs.”

Chinese reporter’s question: Everyone is very concerned about the case of Meng Wanzhou, which has made new progress yesterday. The Canadian court decided to postpone extradition hearing, while Huawei announced that it would sue the US government. In this matter, many public opinion believes that the United States is obviously political pressure on China’s high-tech enterprises, what do you think?

Wang Yi: “We believe justice will be served. What we want to safeguard today is not only the rights and interests of a business, but the legitimate right of a country and a nation to develop, and also the rights of all countries in the world who wish to improve their own level of scientific and technological development. We hope that all parties can abide by the rules, abandon prejudice, jointly create a level playing field for enterprises in various countries, and together provide a safe and reliable environment for people from all over the world to communicate. Thank you.”

Germany outlines its 5G security requirements

Short and to the point, did we expect anything from the German 5G security requirements other than meet our standards and you can operate in our country?

“We regularly adapt the applicable security requirements to the current security situation and the state of the art,” said Jochen Homann, President of Bundesnetzagentur. “The security requirements apply to all network operators and service providers and they are technology-neutral, covering all networks, not just individual standards such as 5G.”

What is worth noting is that while 5G and international security concerns might be the catalyst to these requirements, they will be applied across all networks and communications infrastructure moving forward, as well as all vendors.

The announcement from Bundesnetzagentur, the German regulator, will come as a blow to the aggressive geo-political ambitions of the US. It seems the anti-Huawei propaganda is running low on fuel, and such is the weight of Germany’s influence across Europe, Chinese executives might be letting out a sigh of relief.

Although the new safety requirements are only a concept for the moment, Bundesnetzagentur plans to release a draft of the rules for feedback over the next couple of weeks.

The requirements are quite broad-ranging, though there are enough clauses to ensure Germany is the master of its own fate. For example, critical components can only be used in communications infrastructure should there be certification recognized by the Federal Office for Information Security (BSI). Employees who install or manage this equipment will also have to be certified by German authorities.

There does also seem to be a move towards the UK’s approach to monitoring and managing risk. As part of the new requirements, network traffic must be regularly and continuously monitored for abnormalities, while safety-relevant network and system components must undergo regular and continuous safety checks. This is a more forensic approach to network management, which allows for companies like Huawei to operate in the country, but the risk is managed.

Another interesting aspect to be included in the new rules addresses ‘monocultures’. Although this is a term which is usually used in agriculture, Bundesnetzagentur is essentially ensuring there is depth in the supply chain. Redundancy must be built into the networks through using multiple vendors for different segments and aspects of operations.

While this might create more work for telcos, vendors and regulators, we feel this is a more proportionate response to the risk of nefarious external parties. Simply banning one company, or companies from a single country, will not work, such are the complexities of the digital ecosystem. Vulnerabilities are everywhere, and the most pragmatic approach should be to understand 100% secure will never exist. Its all about managing the risk most appropriately, and Germany seem to be taking a very sensible approach.

In the UK, the industry is eagerly awaiting the results of the Government’s supply chain review, which will potentially dictate how telcos interact with the vendor ecosystem. Rumours have emerged suggesting no single-vendor can own more than 50% of a certain area, but we hope the result is somewhat similar to the German approach here. This seems to be the attitude of Vodafone also.

Speaking at a briefing in London, Vodafone UK CTO Scott Petty highlighted the team has been working with the National Cyber Security Centre (NCSC) to identify the levels of risk associated with each segment of the network (Radio, Transmission, Core), and building a diverse supply chain to mitigate risk where appropriate.

This approach has led to Chinese companies being excluded from certain areas, though on the radio side where right has been deemed to be very low, Huawei supplies 32% of equipment. This approach allows best-in-breed kit to be considered but considering the sheer volume of cell towers around the UK, even if some equipment is compromised, the impact would be incredibly minor. Resilience has been built in through volume, data encryption and security gateways.

Interestingly enough, Germany is taking another very sensible approach to managing risk; the assumption that everyone is nefarious. All components and equipment will have to be certified, not just those products from countries which are deemed underhanded by paranoid opinion. Every vendor’s supply chain is becoming increasingly complex, suggesting vulnerabilities could appear anywhere. This impartial approach to suspicion will certainly place Germany is a sound position.

A considered approach to security

While certain countries have taken a knee-jerk reaction to security requirements, pinning the blame of an insecure digital ecosystem on one country or a very limited number of countries, Germany is taking a much more considered approach.

Having such a laser-like focus on security, scrutinising single elements of the ecosystem is incredibly dangerous. Cyber-criminals are incredibly intelligent, managing sophisticated networks through the dark web. If the risk of exposure becomes too high through a single route, another will be sought. Taking a blanked approach to security as Germany is doing minimises risk throughout the supply chain.

We suspect the Chinese government is not completely innocent in light of all the accusations, but we also believe they are not alone. Many of the fingers are being pointed in one direction, but Germany is not falling into that trap.

Security discussion needs to be bigger than Huawei – Vodafone UK CTO

Huawei is an obvious risk when you are assessing the vendor landscape, but to ensure supply chain resilience and integrity, focusing too narrowly on one company poses a bigger risk, according to Vodafone.

It might be easy to point the finger at China, but according to Vodafone UK CTO Scott Petty, this is a dangerous position to take. Despite a lack of evidence to suggest backdoors are being built into Huawei products, the world is determined to find one, but in reality, there isn’t a single company in the vendor ecosystem which can justifiably state they are 100% secure. This is the world we are living in; risk is everywhere.

“The discussion about Huawei is all managing the risk appropriately,” Petty said at a briefing in Central London.

Risk is a big topic at Vodafone UK right now, and this is clear when you look at how the vendor ecosystem is being managed.

On the radio side of the network, of the 18,000 base stations Vodafone has around the country, Huawei equipment accounts for 32% of them, Nokia 12% and Ericsson taking the remainder. Interestingly enough, Nokia equipment is being phased out in favour of Ericsson. For transmission, this is split between Juniper, Cisco and Ciena, while Cisco is responsible for the core. With this blend of vendors, and appropriate security gateways between each layer of the network, Petty feels Vodafone is managing the risk very appropriately.

And while some might suggest having this much exposure to Huawei might be a negative, Petty argues radio is such low risk it shouldn’t dictate play. You have to take into consideration the risk/benefit equation.

When assessing risk, Vodafone (working with the National Cyber Security Centre) considers two possible scenarios. Firstly, what is the risk of a nefarious actor leaching data from the network, and secondly, taking down the network. On the radio side of things, the exposure is very low.

Firstly, Vodafone has 18,000 base stations throughout the UK. Should one of these base stations be compromised, only the traffic going through that base station would be at risk. This will be a fraction of the total, devices will be handed off to other base stations as people move around, while the clear majority of internet traffic is encrypted nowadays. The likelihood of a nefarious actor trying to bleed valuable insight in this manner is low.

Secondly, even if one of these base stations is taken down by the external wrong-doer, this is only one of 18,000 base stations. To have a material impact on Vodafone’s network, hundreds or even thousands would have to be impacted simultaneously. This is not inconceivable, but highly unlikely. As Petty mentioned, its all about evaluating and minimizing risk.

This is where the discussion becomes incredibly complicated. Huawei is one of the leading names (if not the leader) in the radio segment, ignoring such a vendor is a difficult decision to make as a technologist; you always want to use best in class.

For transmission, another area Huawei would be considered a leading name, the risk has been identified as medium. You would still need a lot of compute power to crack the encryption software, but Vodafone have decided to steer clear of Chinese vendors here.

Finally, onto the core, the most important part of the network. Petty pointed to O2’s issues last year, where a suspect Ericsson node effectively killed the entire network for a day, to demonstrate the importance of this component. Cisco is the vendor here, but this leads us onto the dangers of a such a narrow focus on security.

When looking for signs of a telco vendor assisting a government for intelligence activities, there is arguably only one piece of concrete evidence to support such claims. Edward Snowden produced this evidence, proving Cisco was aiding the NSA for its own spying agenda. This is the reason we suspect the US is so convinced China is spying on the rest of the world; the US government is doing the same thing and therefore knows it is technologically possible.

We are of course not accusing Cisco of aiding the US government in this manner at this moment, but such is the sophistication and technological capabilities of those on the dark web, no company should consider themselves 100% secure. They have their own supply chains which could be vulnerable at some point. The complexities of this ecosystem mean nothing is 100% secure, therefore it comes down to risk assessment, and also the mitigation of risk through layers of security, gateways and encryption.

For Petty, the establishment of Huawei’s European cyber-security centre is a step in the right direction, though he would want the European Union to play an active role in its operations and for the net to be cast wider, considering all vendors. As mentioned before, too much of a narrow focus on one area heightens the risk in others.

However, the talk of a Huawei ban would be a disaster for everyone involved.

“We don’t think a complete Huawei ban would be a proportionate response,” said Helen Lamprell, Vodafone UK’s General Counsel & External Affairs Director.

If risk is appropriately managed and mitigated, business can continue as usual. Policy decision makers have to realise there is no such thing as 100% secure. A broad-sweeping ban on Huawei would be disastrous not only for Vodafone UK, but everyone in the connected economy.

Firstly, you have to think of the cost of removing all Huawei equipment. This would cost hundreds of millions and take a considerable amount of time. This would delay the introduction of 5G and fundamentally undermine the business case for ROI. It could set 5G back years in the UK, not only for Vodafone but the whole industry.

The supply chain review is currently working its way through the red maze of UK government, and while the certainty needs to arrive sooner rather than later, getting the review right is better than speed.

The message from Vodafone this morning was relatively clear and simple; the Huawei risk can be managed, but an outright ban would be disastrous.

Huawei launches its counter-attack by suing the US government

Another major front of Huawei’s counter-attack against the US government has been opened in the form of a lawsuit claiming the imposition unconstitutional sales restrictions.

Compared to China at least, the US has an open system of governance and judiciary and Huawei seems to have decided it’s time to test whether that system applies equally to foreign companies. This is taking the form of a challenge to the constitutionality of Section 889 of the 2019 National Defense Authorization Act (NDAA).

This is the bit of legislation, necessarily approved by the US Congress, that ‘not only bars all U.S. Government agencies from buying Huawei equipment and services, but also bars them from contracting with or awarding grants or loans to third parties who buy Huawei equipment or services, without any executive or judicial process,’ according to the complaint.

As previously reported Huawei has lawyered-up big-time for this choreographed counter-attack against the US, which includes a clear move to test the loyalty of its European allies. Its strategy for the US is to argue that its government’s actions in restricting Huawei’s activities violate the country’s own laws and even its written constitution. Essentially Huawei is publicly accusing the US of not playing fair.

“The U.S. Congress has repeatedly failed to produce any evidence to support its restrictions on Huawei products,” said Guo Ping, Huawei Rotating Chairman. “We are compelled to take this legal action as a proper and last resort. This ban not only is unlawful, but also restricts Huawei from engaging in fair competition, ultimately harming U.S. consumers. We look forward to the court’s verdict, and trust that it will benefit both Huawei and the American people.”

“Section 889 is based on numerous false, unproven, and untested propositions,” said Song Liuping, Huawei’s Chief Legal Officer. “Contrary to the statute’s premise, Huawei is not owned, controlled, or influenced by the Chinese government. Moreover, Huawei has an excellent security record and program. No contrary evidence has been offered.”

“At Huawei we are proud that we are the most open, transparent, and scrutinized company in the world,” said John Suffolk, Huawei’s Global Cyber Security & Privacy Officer. “Huawei’s approach to security by design development and deployment sets a high standards bar that few can match.”

The official announcement goes on to stress how bad it feels for US consumers starved of Huawei’s lovely kit, which seems like a bit of a reach, but is probably included to augment the ‘unfair’ narrative. The absence of Huawei will delay 5G and cost the industry more due to the lack of competition, we’re told, and if that wasn’t enough of a dig at its competitors Huawei reckons it will leave US consumers paying higher prices for inferior products. Miaow!

For some reason Huawei has decided not to counter-accuse the US of behaving in a similarly dodgy way, in a further bid to expose perceived hypocrisy. If it wanted to it could mention that some US networking vendors don’t exactly have a spotless security record themselves, or that the US has been suspected of similar nefarious acts to those it accuses China of perpetrating. Maybe that will be a more clandestine front in this escalating conflict.

At the core of Huawei’s counter-attack for some time has been a challenge to the US to substantiate its accusations. The charges against the company related to the arrest of its CFO have been detailed, but they are unrelated to this broad US restriction. The US has yet to present anything close to a ‘smoking gun’ with respect to Huawei as a national security threat and has largely relied on a general suspicion of dodginess to justify its actions.

With this move Huawei is challenging that, using the US’s own rules, which is somewhat ironic since the relatively closed and secretive nature of the Chinese state is a major contributor to US suspicions. It’s also signalling to the rest of the world that the US doesn’t play fair and casting itself as a victim, which is a strong card to play in today’s cultural climate. You can see the full press conference below, from which we’ve extracted some juicy quotes underneath, in case you don’t fancy sitting through the full 37 minutes.

 

Guo Ping

“The U.S. Government has long branded Huawei a threat. It has hacked our servers and stolen our emails and source code. Despite this, the U.S. Government has never provided any evidence supporting their accusations that Huawei poses a cyber security threat. Still, the U.S. Government is sparing no effort to smear the company and mislead the public about Huawei. Even worse, the U.S. Government is trying to block us from the 5G markets in other countries.

“[Section 889 of the NDAA] is an abuse of the U.S. lawmaking process. This section strips Huawei of its due process, violates the separation-of-power principle, breaks U.S. legal traditions, and goes against the very nature of the Constitution. Section 889 infringes upon our rights and harms U.S. consumers. In enacting the NDAA, Congress acted unconstitutionally as judge, jury and executioner.”

Song Liuping

“Section 889 is unconstitutional in its singling out of Huawei by name, blacklisting it, damaging its reputation, and denying it any way to clear its name and escape sanction. Its attack on Huawei is purposeful and punitive. When the law was being passed, Senator Tom Cotton said that Huawei deserved ‘the death penalty’ and that it should be put ‘out of business in the United States.’ And Senator Marco Rubio smeared Huawei as a ‘Trojan horse’ that ‘shouldn’t be in business in the United States in any capacity.’

“Huawei has never had a fair chance to confront or cross-examine its accusers. Nor has it been allowed an impartial adjudicator. The U.S. Congress has simply acted as law-maker, prosecutor, and jury at the same time, contrary to the American Constitution.”

John Suffolk

“The solution to cyber security will come from openness, agreed international standards certification schemes and transparency. It will not come through political posturing.”

Yang Chaobin, President of Huawei’s 5G Product Line

“After researching in 5G for over a decade, we are at least 12 to 18 months ahead of our industry peers. We have more than 2,570 essential patents, signed over 30 commercial contracts for 5G, and deployed 40,000 5G base stations, making us the No. 1 5G vendor in the world.”

Li Dafeng, Executive Member of the Supervisory Board, and Director of the ICT Infrastructure Managing Board Office.

“Currently, Huawei has over a thousand employees working across seven offices in the US. We have also invested substantially in the American telecommunications industry, including by establishing partnerships with hundreds of U.S. companies. We purchase billions of dollars’ worth of components, equipment, and software from these companies every year. The NDAA law can only impair Huawei’s long-term commitment to invest more and hire more here.”

Glen Nager, lead counsel of the action and Partner at Jones Day

“In signing the 2019 NDAA, the President of the United States objected that provisions of the NDAA raise significant separation of powers concerns and reflect congressional overreach.”

President Trump had yet to publicly comment on Huawei’s announcement at time of writing. Perhaps he was taking the time to memorize the names of everyone involved.

Huawei hopes to seduce Europe with new transparency centre

Huawei’s counter-strategy is becoming clearer with a move to ingratiate itself to European regulators and operators.

Today the embattled Chinese kit vendor opened a new cyber security transparency centre in Brussels. It dragged a bunch of regulators, operators, other companies, media, the GSMA and even the World Economic Forum to the opening ceremony in a clear bid to demonstrate to the whole of Europe how clean its hands are on the matter of security.

“Trust needs to be based on facts, facts must be verifiable, and verification must be based on common standards,” said Ken Hu, Huawei’s Deputy Chairman, at the opening ceremony. “We believe that this is an effective model to build trust for the digital era.” This seems to be a clear reference to the way in which the finger of suspicion has been pointed at Huawei, which the company feels has lacked concrete evidence.

The announcement stresses the need for consensus, common standards and collaboration in tackling security challenges Huawei insists are everyone’s problem. This also seems like a clever strategic play by attempting to move the security spotlight away from Huawei alone and making it a collective issue.

But there’s no escaping the fact that the main purpose of this transparency centre is to try to prove to Europe that Huawei presents no greater security threat than any other networking vendor. Here are the three main things it’s designed to achieve, according to the press release.

  • First, the Centre will showcase Huawei’s end-to-end cyber security practices, from strategies and supply chain to R&D and products and solutions. This will allow visitors to experience cyber security with Huawei’s products and solutions, in areas including 5G, IoT, and cloud.
  • Second, the Centre will facilitate communication between Huawei and key stakeholders on cyber security strategies and end-to-end cyber security and privacy protection practices. Huawei will work with industry partners to explore and promote the development of security standards and verification mechanisms, to facilitate technological innovation in cyber security across the industry.
  • Third, the Centre will provide a product security testing and verification platform and related services to Huawei customers.

“We fully understand cyber security concerns that people have in this digital world,” said Hu. “I believe that good solutions to solve the issue start from mutual understanding, which is the purpose we set up the transparency centre here today. We welcome all regulators, standards organizations, and customers to fully use this platform to collaborate more closely on security standards, verification mechanisms, and security technology innovation. Together, we can improve security across the entire value chain and help build trust through verification.”

Europe will be a critical front in Huawei’s counter-attack against the US. It’s opting for direct confrontation in North America, but a softer ‘hearts and minds’ approach in Europe seems correct. Huawei must be hoping that if it can divide the US allies it will be able to conquer the world, and while that may be a bit of a reach, every concession it makes to transparency puts a greater onus on the US to present solid evidence against it.

Hu wasn’t done banging on at the event and did a great big speech too. Here it is in its entirety.

Good morning, ladies and gentlemen. Thank you for joining us today.

I am very pleased to be back in Brussels.

This city is leading the efforts to address major challenges from global warming to education, from economic development to changes in the workplace – the policymakers here in Brussels are looking for solutions to challenges that we all share. This includes cyber security.

Last year at the European Business Summit, I announced our plans to open this Cyber Security Transparency Center here in Brussels. Looking at the events from the past few months, it’s clear that this facility is now more critical than ever.

Cyber security challenges

We are getting into a digital world very fast, and we all agree that trust is the foundation for a healthy digital environment. But as technology evolves, it’s more difficult to build that trust.

Right now, we see four main challenges to building trust.

First, fast developing digital technology has brought many new security challenges. For example, traditional telco networks have evolved from closed networks to internet-based networks. More and more digital content and services are migrating to cloud data centers.

As more devices go online, and our smartphones become more powerful, networks have much greater attack surfaces than ever before.

Second, as a global community, we lack a common and unified understanding of cyber security. Governments, business communities all talk about the importance of cyber security.

However, the fact is that both the public and private sectors lack a basic common understanding of this issue. As a result, different stakeholders have different expectations, and there is no alignment of responsibilities.

Third, as a whole, the industry lacks a unified set of technical standards for security, as well as systems for verification. This is complicated by globalization of the value chain. Digital products include components from many different countries, with many different standards, or no standards at all.

There is an urgent need to invest in security standards and verification systems at the national level, as well as professional resources and skills.

The fourth challenge is governance. In some countries, cyber security management lacks legislative support, and cyber security enforcement is not mature.

These are all real challenges, and we fully understand the cyber security concerns that people have in an increasingly digital world. Cyber security is a challenge we all share. To address these challenges, I believe that mutual understanding is the starting point.

To build a trustworthy environment, we need to work together.

Laying the foundation for trust with unified standards and verification

At Huawei, we have the ABC principle for security: “Assume nothing. Believe nobody. Check everything.”

Both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumour. We believe that facts must be verifiable, and verification must be based on standards.

So, to start, we need to work together on unified standards. Based on a common set of standards, technical verification and legal verification can lay the foundation for building trust.

This must be a collaborative effort, because no single vendor, government, or telco operator can do it alone.

Second, we need to work together to clarify and align our responsibilities. This includes all stakeholders: regulators, standards organizations, telcos, and technology providers.

For technology providers like Huawei, our responsibility is to fully comply with standards. But that is not enough. Security must be embraced as a greater social responsibility.

That means embedding trust in all end-to-end processes, and enhancing security through innovation and corporate culture.

For telco carriers, their responsibility is to ensure the cyber resilience of their own networks. Following industry standards, telco carriers need to build robust processes to identify cyber security risks. They need to develop risk mitigation plans, and protect customer data.

Finally, government and standards bodies need to work with all stakeholders on standards development. This is our shared responsibility. These efforts should focus on a holistic approach, including security standards, security verification mechanisms, and enforcement.

Europe has strong experience in driving unified standards and regulation. GDPR is a shining example of this. It sets clear standards, defines responsibilities for all parties, and applies equally to all companies operating in Europe.

As a result, GDPR has become the golden standard for privacy protection around the world. We believe that European regulators can also lead the way on similar mechanisms for cyber security.

Right now, for example, the GSMA is making great progress with their NESAS security assurance scheme. We believe that all stakeholders should get behind this framework. Ultimately, the standards we adopt must be verifiable for all technology providers and all carriers.

An open, digital, and prosperous Europe requires secure and trustworthy digital environment that meets the challenges of today and tomorrow. To lay the foundation for a trustworthy digital environment, both now and in the future, transparency, integrity, and accountability are essential.

Huawei’s Cyber Security Transparency Center

Today, we are opening the Huawei Cyber Security Transparency Center to help build that environment.

This center will provide a platform to enhance communication and joint innovation with all stakeholders. It will also provide a technical verification and evaluation platform for our customers.

Huawei strongly advocates independent and neutral third-party certification. Our Cyber Security Transparency Center will support that.

It will also give us a dedicated platform for constructive discussion, sharing best practices, and jointly addressing risks and challenges with our customers and partners.

We welcome all regulators, standards organizations, and Huawei customers to use this platform to collaborate more closely on security standards, verification, and secure innovation.

Together, we can improve security across the entire value chain and help build mutual, verifiable trust.

Security or nothing

Over the past 30 years, Huawei has served more than three billion people around the world. We support the stable operations of more than 1,500 carrier networks in over 170 countries and regions. In this time, we have maintained a solid track record in cyber security.

At Huawei, our promise is “Security or nothing.” We take this responsibility very seriously. Cyber security is our top priority across product design, development, and lifecycle management, and it is embedded in all business processes.

Looking to the future, we want to do more. We will keep investing in our cyber security and technical capabilities. This center is an important milestone in that commitment.

We also commit to working more closely with all stakeholders in Europe to build a system of trust based on objective facts and verification. This is the cornerstone of a secure digital environment for all.

As a city, and as an institution, Brussels reminds us of what collective effort and a clear vision can achieve. As people, as organisations, as companies, I strongly believe that we are always more effective when we work together.

Thank you.

Huawei lawyers-up in North America

Huawei’s CFO is suing Canada, while the company is also reportedly set to sue the US government.

While the US and Huawei kept their conflict muted during Mobile World Congress last week, they have wasted little time in picking up where they left off after that brief hiatus. Having said that there was widespread talk on the show floor last week that there were many representatives of the US government and other public institutions at the event, apparently canvassing for support.

Anyway, the BBC reports that last Friday Huawei’s CFO, Meng Wanzhou, filed a civil suit against Canada for breaching her civil rights when it arrested her late last year. The move coincided with the official commencement of her extradition process to the US, which wants to try her for a bunch of alleged crimes. Her case seems to rest on some perceived irregularities in the process by which she was arrested, but is probably part of a broader coordinated legal counter-attack by Huawei.

Meanwhile Huawei is also preparing to sue the US government, according to multiple reports, the first of which seems to have come from the New York Times. This suit is apparently unconnected to the latest US offensive, and concerns the much older ruling that banned US federal agencies from using Huawei products.

Once more, however, this would appear to be part of a greater legal push against the US by Huawei. In this case, by suing the US and therefore obliging it to defend itself, the cunning plan could be to bring specific allegations into the open, which Huawei could then refute. One of the biggest criticisms of the US war on Huawei has been a lack of specifics, so this seems like a plausible tactic.

At this stage it’s still really difficult to see how the war between the US and Huawei will play out. On one hand momentum seems to be against Huawei, with US allies feeling compelled to at least go through the motions of siding with it. On the other, if Huawei can publicly demonstrate that a significant proportion of the charges against it are unfounded, then maybe it can start to swing some Western public opinion its way. Either way both sides seem dug-in for a long conflict.

Dell’Oro crowns Huawei No.1 despite security concerns

Huawei might have been under some intense scrutiny over the last twelve months, but that hasn’t stopped it maintaining its number one position in telecom equipment market.

Releasing its Worldwide Telecom Equipment Market 2018 report, Dell’Oro has estimated Huawei accounts for 29% of the market, keeping itself on top of the pile. Ericsson, Nokia, ZTE, Cisco, Ciena and Samsung complete the top seven which accounts for 80% of the total. Encouragingly for all involved, the market grew by 1% year-on-year over 2018.

While the market was always expected to increase with the up-coming 5G euphoria, some investors might be a bit worried about the level of growth. These vendors have been consistently promising shareholders the arrival of 5G will compensate for the baron years, with the market declining year-on-year since 2015. 1% might growth in the market might not be the envisioned bonanza, but it is almost certain to accelerate over 2019.

Looking at the growth, Broadband Access, Optical Transport, Microwave, and Mobile RAN claimed the plaudits, while the remaining segments, Carrier IP Telephony, Wireless Packet Core, SP Router and Carrier Ethernet Switch, all declined across the period. The worldwide Mobile RAN market received particular praise.

This is a segment which proved more successful than some would have predicted. 4G networks have been given more attention across the period as demands for better experience have been growing from both a regulatory and consumer perspective, though the emergence of 5G NR continued to accelerate throughout the year. Interestingly enough, the period of rapid growth coincided with the intense scrutiny placed on Huawei, though this seems to have had little impact.

Through 2018 Huawei’s revenue share of the market continued to grow, taking it up to 29%, though Ericsson and Nokia were seemingly able to stem the flow of customers towards the door, halting year-on-year decreases across 2018. In the RAN market share rankings, Huawei is controlling the top spot, while Ericsson sits second and Nokia in third place. ZTE dropped 2% market share, though this is perhaps a sign of the business shut-down in the second quarter.

With the US government finding fewer and fewer sympathetic ears for its anti-China rhetoric in recent months, Huawei’s success has continued. Recently, Ryan Ding, CEO of Huawei’s carrier unit, claimed the firm had shipped 40,000 5G base stations to customers around the world. With many telcos considering these products as a ‘dumb’ component of the network, business may well continue as normal, unless of course any governments step in to implement national bans.

After years of trudging through stringent CAPEX, the light on the horizon does seem to be getting brighter. 1% growth is not going to compensate for the declines over the last couple of years, but it is a good indicator of the potential profits of tomorrow. Revenue growth in the embryonic days of 5G is certainly something to be pleased about.