As a responsible ICT provider, we take our responsibilities to maintain the availability of our technologies seriously while protecting them from any form of damage, including cyber security. In this context, we believe that such threats will never cease. As such, we will never let up in our endeavors to design, develop, and support technology and solutions that significantly limit the possibility that our technology could be used for purposes for which it was never intended.
In 2012, we released a cyber security white paper titled Cyber Security Perspective: 21st Century Technology and Security – A Difficult Marriage. As we point out in this paper, open networks have encouraged information flow and sharing, lowered the costs of innovation, and helped improve the world’s capabilities in producing technological innovations. The development of networks has enabled people in different parts of the world, and within their own countries, to have a fair opportunity of development, to promote equal communications among different cultures, and drive the advancement of civilization. Technology is fundamentally improving the health, wealth, and prospects of humanity. However, with these enormous benefits brought about by the networked world, we are also facing increasing cyber security challenges.
Cyber security is a shared global challenge which is not limited to a particular geographical region, culture, language, or technology provider. All stakeholders, including government and industry, must collaborate to mitigate these risks and reduce the chances that technology deployment is reduced due to the fear of cyber crime. To this end, Huawei is dedicated to closely collaborating, innovating, and establishing international standards with other global organizations and governments to ensure that the integrity and security of the networked solutions and services we provide meet or exceed the needs of our customers and provide the assurance and confidence required by their own customers.
The Global Cyber Security Committee (GCSC) is the highest level cyber security management body at Huawei. John Suffolk is Huawei’s Global Cyber Security Officer. Mr. Suffolk is tasked with formulating strategies for the cyber security assurance system as well as managing and overseeing the implementation of the system. He reports directly to the CEO. In 2012, following the strategies and objectives set out in the Statement on Establishing a Global Cyber Security Assurance System, we have continuously incorporated cyber security elements into our core business processes (including R&D, supply chain, service delivery, HR management, supplier management, and so on) to roll out an end-to-end global cyber security assurance system. We have also conducted effective coordination in an open and transparent manner with external parties through multiple platforms, organizations, and channels.
In 2012, we continued to improve the security management, technical workforce, and organization building for all teams at different levels. We carried out systematic cyber security awareness education for all Huawei staff and contractors according to laws and regulations on cyber security and privacy protection. We strengthened our vulnerability management and disclosure policies and procedures to match best
practices and adapt to new business requirements. Our responsible disclosure process was adopted to coordinate with suppliers, computer emergency response team (CERT) organizations, and security researchers in resolving product vulnerabilities. We participated in and passed supply chain security management system certification, such as ISO28000. In addition, we improved supplier security system qualification and worked together with our suppliers to effectively reduce potential risks and security threats and ensure the security of products and services delivered by Huawei.
In Canada, Spain, and other countries, we continued to cooperate with third-party testing organizations to conduct independent security audits and certifications, such as Common Criteria, on Huawei products. In the United Kingdom, we have continued to enhance the capabilities of our UK Cyber Security Evaluation Centre (CSEC) to undertake independent security evaluation of Huawei products. The knowledge and expertise we learn from those tests and evaluations are used to optimize all processes, standards and policies of Huawei to continuously improve quality and security across all products in all countries. In addition, we enthusiastically shared our understanding and experience in cyber security with the industry during events such as the Budapest Conference on Cyberspace, the Worldwide Cybersecurity Summit in New Delhi, and other international cyber security forums.
We believe our holistic approach to cyber security, our open and transparent approach, and our passion for independent testing and verification is a clear indication to our customers that we will never stop in our endeavors to ensure that the greatest level of risk mitigation is applied to our products and their customers.
Statement on Establishing a Global Cyber Security Assurance System