Aloysius Cheang, Chief Security Officer (CSO), Huawei UAE, tells Anita Joseph in an exclusive interview how Huawei is helping to shape the security landscape of the country and of the region.
Looking ahead to 2021, how is Huawei helping to accelerate the UAE’s digital transformation journey through its cybersecurity expertise?
As a leading global provider of ICT infrastructure and smart devices, Huawei plays an active role in the digital transformation of industries to bring digital to every person, home, and organization. While digital transformation initiatives accelerate across the world, we feel we have a clear responsibility to ensure that cybersecurity and privacy protection remain a top priority. We have thus implemented and maintained a comprehensive, end-to-end cybersecurity assurance system.
In my view, there are three pillars of cybersecurity today: people, processes, and technology. Huawei already has the technology in place. We are now focused more than ever on building the people and processes to match up to the technology.
Many Gulf countries including the UAE are trendsetters for new technological standards. As was seen at the recent GITEX Technology Week 2020, nations like the UAE have been frontrunners in transitioning to a connected, intelligent era. In keeping with this pace, Huawei is committed to training around 10,000 professionals in the UAE alone in the next three years, helping them to be future-ready. Today we are doing this across the Middle East and around the world.
That’s not all. Building and fully implementing an end-to-end global cybersecurity assurance and privacy protection system is one of Huawei’s most crucial strategies for the country and for the region. We are referencing industry best practices to build a system that is sustainable, reliable, and compliant with applicable laws and international best practices and standards in cybersecurity and data privacy protection. This system covers everything from policies, organisational structures, processes, and management to technologies and standard practice. Huawei transparently collaborates with governments, customers, and partners to tackle cybersecurity and privacy challenges and meet our customers’ demands, while nurturing a vibrant ecosystem that will uplift the entire profession and promotes innovation.
Obviously, security is a major concern now. What is Huawei’s cybersecurity strategy and how is it helping to build an end-to-end cybersecurity assurance and privacy protection system?
Cybersecurity is a key enabler for Huawei’s business overall. Huawei’s top-down cybersecurity governance structure supports the success of its business in the Middle East and around the world. The Global Cyber Security and User Privacy Protection Committee (GSPC) is Huawei’s highest cybersecurity management body. Within that, the Global Cyber Security and User Privacy Protection Officer (GSPO) is an important member of the GSPC, and reports directly to the CEO of Huawei. The GSPC is in charge of developing Huawei’s security strategy and plans, manages, and oversees how departments such as R&D, supply chain, marketing, sales, and so on, structure their security teams and ensure security in their business activities.
The system covers all departments, geographies, and processes. The GSPO also facilitates effective communication between Huawei and its stakeholders, including governments, customers, partners, and employees.
Over the past two years, in particular, we have reviewed our approach to security and privacy, analysed the directions in which new technologies are heading, and the current and future challenges facing our customers. As a consequence, we have enhanced our cyber security and privacy frameworks. These frameworks guide the way in which we drive process transformation, solutions, security engineering capabilities, security technologies and standards, independent verification, our supply chain, and personnel management. This has enabled us to proactively enhance our end-to-end cybersecurity assurance capabilities and build resiliency.
The security of connected devices has always been a source of concern, regardless of the device manufacturer. How does Huawei ensure the security of its devices?
Our new OS that will power all of our future devices is called Harmony, and it has already been tested for the highest level of security. This is the core operating system that controls all our hand-held devices. Some of our newest tablets already have this operating system.
As part of our end-to-end cybersecurity strategy, all our products including devices are developed and built with security-by-design and privacy-by-design. We have also adopted a zero-trust approach in building security in all our hand-held devices incrementally.
So first, we ensured that Harmony OS is secure. As such, the Harmony OS has been tested rigorously by independent 3rd party testing labs. It has obtained an industry security certification called Common Criteria to the level of EAL5, indicating that Harmony OS has been developed leveraging a high level of independently assured security in a planned development through a rigorous development approach. Subsequently, we also ensured that all the other security controls that are in place, such as facial recognition and biometrics, are all effectively implemented. Furthermore, we make sure that enables all our communications and transactions to be encrypted and fully secure for any ecommerce activities—part of the new norm driven by necessity during the pandemic.
Another area that we have innovated in is mobile apps. Dynamic and static privacy data access compliance detection technologies will detect exceptions in mobile applications, such as permission abuse, malicious behaviour, and pirated applications. This not only ensures that the AppGallery complies with Android Green Alliance 2.0, but also provides for a clean and sustainable application software ecosystem.
In fact, all our ICT products have full-stack security technologies incorporated into them, whether they are consumer of enterprise products. Some of these technologies include host intrusion detection, sandboxing functionality, container security, CPU side-channel attack detection, web application security, and intelligent risk control. We have also deployed memory code integrity measurement on 5G base stations, ensuring runtime code security. Furthermore, we have enhanced kernel integrity protection on mobile phones, and applied key security technologies such as the real-time detection of kernel attacks and AI-based detection of unknown threats to improve mobile phone security. Towards that end, equipment powering our 5G core and RAN are among those first to be certified under NESAS, a new third–party certification program jointly driven by 3GPP and GSMA that aims to provide an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry.
At the end of the day, building and fully implementing an end-to-end cybersecurity assurance and privacy protection system is one of Huawei’s most crucial priorities. It has helped us to both expand and diversify within the UAE and across the Middle East, and is a foundation that is trusted by governments, enterprises, and consumers alike.