Delivering on its commitment to consolidate openness, transparency, trust and collaboration in the digital world, Huawei opened its largest Global Cyber Security and Privacy Protection Transparency Centre in Dongguan, China today, with representatives from GSMA, SUSE, the British Standards Institution, and regulators from the UAE and Indonesia speaking at the opening ceremony. This is now the seventh Transparency Centre built by Huawei. Two years ago, Huawei opened a similar centre in Brussels, with others located in the UK, Canada, Germany, Italy, and the UAE.
Along with the opening of the new centre, Huawei also released its Product Cyber Security Baseline, marking the first time the company has made its product security baseline framework and management practices available to the industry as a whole. These actions are part of the company’s broader efforts to engage with customers, suppliers, standards organisations, and other stakeholders to jointly strengthen cyber security across the industry.
Huawei has developed its Product Cyber Security Baseline that is result-based, universal, continuously optimised, non-discriminatory, and mandatory after studying laws and regulations, market admission requirements from governments and customers, best practices in the industry, and live network issues, while taking into account Huawei’s own requirements.
In Huawei’s end-to-end cyber security framework, the Baseline, as a collection of basic security requirements, is embedded into Huawei’s business processes and strictly executed, so as to ensure product security compliance, prevent security crises, and minimise security incidents.
“Cyber security is more important than ever”, said Ken Hu, Huawei’s Rotating Chairman, at the opening of the Dongguan centre. “As an industry, we need to work together, share best practices, and build our collective capabilities in governance, standards, technology, and verification. We need to give both the general public and regulators a reason to trust in the security of the products and services they use on a daily basis. Together, we can strike the right balance between security and development in an increasingly digital world”.
Over the past few years, industry digitalisation and new technologies like 5G and AI have made cyberspace more complex than ever, compounded by the fact that people have been spending a greater portion of their lives online throughout the COVID-19 pandemic. These trends have led to a rise in new cyber security risks.
Huawei opened the new Global Cyber Security and Privacy Protection Transparency Centre in Dongguan to address these issues, providing a platform for industry stakeholders to share expertise in cyber governance and work on technical solutions together. The centre is designed to demonstrate solutions and share experience, facilitate communication and joint innovation, and support security testing and verification. It will be open to regulators, independent third-party testing organisations, and standards organisations, as well as Huawei customers, partners, and suppliers.
During the opening, H.E. Dr. Mohamed Hamad Al Kuwaiti, Head of Cyber Security, UAE, delivered a keynote on the importance of cyber cooperation for a resilient and vibrant digital future. “A public-private partnership will be critical to build collaboration among private, public and government entities so as to establish a globally trusted digital oasis in the UAE”, he said.
To further a unified approach to cyber security in the telecoms industry, organisations like GSMA and 3GPP have also been working with industry stakeholders to promote NESAS Security Assurance Specifications and independent certifications. These baselines have seen wide acceptance in the industry, and will play an important role in the development and verification of secure networks.
Mats Granryd, Director General of GSMA, spoke at the opening of Huawei’s new centre. “The delivery of existing and new services in the 5G era will rely heavily on the connectivity provided by mobile networks and will fundamentally depend on the underlying technology being secure and trusted”, he said. “Initiatives such as the GSMA 5G Cybersecurity Knowledge Base, designed to help stakeholders understand and mitigate network risks, and NESAS, an industry-wide security assurance framework, are designed to facilitate improvements in network equipment security levels across the sector”.
At the event, Huawei also released its Product Cyber Security Baseline, the culmination of over a decade of experience in product security management, incorporating a broad range of external regulations, technical standards, and regulatory requirements. The Baseline, together with Huawei’s other governance mechanisms, helps ensure the quality, security, and trustworthiness of the company’s products. Over the years, Huawei has built over 1,500 networks that connect more than three billion people across 170 countries and regions. None of these networks have ever experienced a major security incident.
According to Huawei, the baseline covers 15 categories, 54 requirements, and 112 specific implementation instructions and interpretations, ensuring the high-quality, security, and trustworthiness of Huawei products. It includes 4 categories of legal compliance requirements (prevention of backdoors, prevention of malware and malicious behaviors, protection of user privacy and protection of communication freedom) and 11 categories of security and functional assurance requirements (including secure coding, compilation, sensitive data protection, encryption, secure boot, integrity protection, and lifecycle management).
“This is the first time we’ve shared our security baseline framework with the entire industry, not just core suppliers”, said Sean Yang, Director of Huawei’s Global Cyber Security and Privacy Protection Office. “We want to invite all stakeholders, including customers, regulators, standards organisations, technology providers, and testing organisations, to join us in discussing and working on cyber security baselines. Together, we can continuously improve product security across the industry”.
At present, the industry still lacks a standards-based, coordinated approach, especially when it comes to governance, technical capabilities, certification, and collaboration.
“Cybersecurity risk is a shared responsibility”, concluded Ken Hu in his opening remarks. “Governments, standards organisations, and technology providers need to work closer together to develop a unified understanding of cyber security challenges. This must be an international effort. We need to set shared goals, align responsibilities, and work together to build a trustworthy digital environment that meets the challenges of today and tomorrow”.
Huawei has been committed to cooperative cybersecurity as early as 2000. There are now more than 3,000 cybersecurity R&D personnel in Huawei. Moreover, Huawei’s annual R&D investment in cyber security and privacy protection accounts for about 5% of its total R&D expenses.
Huawei’s Global Cyber Security and Privacy Protection Transparency Centre located in Dongguan Campus is the biggest cybersecurity and privacy protection centre in Huawei. It provides a platform for demonstration, verification, exchanges and knowledge sharing, and supports the regional transparency centres.
Click here to download the Huawei Product Cyber Security Baseline.