Huawei views building and fully implementing an end-to-end global cyber security assurance system as a key corporate strategy and considers cyber security a shared global challenge. Global collaboration among suppliers, customers, and policy and law makers is crucial to meaningfully addressing global cyber security threats. As such, all stakeholders must share knowledge and expertise, be practical and cooperative, and work collectively to reduce the unexpected risks resulting from the abuse of technology.
In 2013, Mr. John Suffolk, Huawei's Global Cyber Security Officer, authored the second edition of our cyber security white paper titled Cyber Security Perspectives: Making cyber security a part of a Company's DNA — A set of integrated process, policies and standards. The paper investigates how we can infuse cyber security into our company's DNA and promote the formulation and implementation of uniform international cyber security standards. We are more than happy to share our understanding and practices in the area of cyber security in the hope of inspiring a more open, rational, cooperative, and constructive dialogue across the public and private sectors on a wider range of issues. In doing so, we hope to realize our common cyber security objectives.
In 2013, we optimized each aspect of Huawei to address challenges with cyber security and embed cyber security requirements into our end-to-end corporate policies and processes, including strategy and governance, standards and processes, laws and regulations, personnel management, research and development, verification, third-party supplier management, manufacturing, delivery, issue response, traceability, and audits. Huawei employees have adopted improvement measures into their daily work to provide customers with more secure products, solutions, and services.
- In the past year, we continued cyber security awareness training and education for all Huawei staff, thereby encouraging an atmosphere and culture conducive to promoting cyber security awareness education and regulating employee behavior across the company.
- We have embedded cyber security requirements into our Integrated Product Development (IPD) process. Cyber security is built into everyone's daily work as well as each product and service, meaning that cyber security is everyone's job. We have also improved the approach that instructs employees to design, develop, and deliver our products with security in mind. Apart from independent verification, each step of our work can be examined, improved, and automated.
- We have greatly strengthened and improved our Cyber Security Technical Competence Center to incorporate security into design, improve product robustness, and enhance privacy protection.
- We have established a multi-layer cyber security evaluation process that allows our products to be independently tested and evaluated by different teams; that is, our Internal Cyber Security Lab, the UK Cyber Security Evaluation Centre (CSEC), customer evaluation teams, and third-party audit and evaluation teams. By doing so, we continuously provide our customers with optimum security assurance.
- We have enhanced our comprehensive supplier management system to monitor and evaluate the delivery and security performance of our qualified suppliers. We select suppliers that can contribute to the quality and security of our purchased products and services and in turn benefit our customers.
- Our manufacturing capabilities continue to improve in tandem with our security capabilities. Our standardized end-to-end manufacturing supply chain system enables us to more efficiently resolve security risks during manufacturing in a safe manner while retaining quality, thus ensuring the integrity of our hardware and software.
- We have embedded key cyber security management requirements into all our service delivery activities and stringently manage employees who have access to customer networks, thus ensuring the security of delivered products and services.
- When things do go wrong or customers and researchers identify possible security issues, we respond quickly and effectively to any vulnerability through our closely connected Product Security Incident Response Team (PSIRT) and core R&D processes. In addition, our barcode system and electronic manufacturing system enable us to forward or backward track 98% of the components used in our offerings within just a few minutes.
- As auditing plays a crucial role in ensuring what a company or department claims is true and effective, we ensure the implementation of cyber security policies, processes, and standards through our internal audit team. This allows us to provide more effective and comprehensive oversight on cyber security.
Huawei is passionate about being transparent and open. We encourage full and frequent communication with all stakeholders, including customers, industry, governments, and media. We aim to raise the understanding of cyber security, seek views and ideas for reducing security risks, and collectively improve trust in terms of cyber security.
We not only care about resolving past and present cyber security issues. We also seek to lay the foundation for future development. Sticking to our commitment, we will continuously collaborate with all stakeholders to enhance our security capabilities in design, development, deployment, and other areas. We will continue to position cyber security assurance as one of our core strategies, maintain open and transparent policies, and act responsibly in our operations to ensure a secure cyber world for tomorrow.