Digital trust is built on standards and verifiable facts
Huawei opened its Cyber Security Transparency Center in Brussels on March 5, 2019, with over 200 representatives from regulatory bodies, telecom carriers, enterprises, and the media attending the event. Representatives from the European Union, the GSMA, and the World Economic Forum spoke at the opening ceremony.
In his opening remarks, Ken Hu, Huawei's Deputy Chairman said, “Trust in cyber security is one of the major challenges that we face as a global community. Trust needs to be based on facts. Facts must be verifiable, and verification must be based on common standards. We believe that this is an effective model for building trust in the digital era."
The following is a full script transcript of his opening remarks:
Good morning, ladies and gentlemen. Thank you for joining us today.
I am very pleased to be back in Brussels.
This city is leading the efforts to address major challenges from global warming to education, from economic development to changes in the workplace – the policymakers here in Brussels are looking for solutions to challenges that we all share. This includes cyber security.
Last year at the European Business Summit, I announced our plans to open this Cyber Security Transparency Center here in Brussels. Looking at the events from the past few months, it's clear that this facility is now more critical than ever.
Cyber security challenges
We are getting into a digital world very fast, and we all agree that trust is the foundation for a healthy digital environment. But as technology evolves, it's more difficult to build that trust.
Right now, we see four main challenges to building trust.
First, fast developing digital technology has brought many new security challenges. For example, traditional telco networks have evolved from closed networks to internet-based networks. More and more digital content and services are migrating to cloud data centers.
As more devices go online, and our smartphones become more powerful, networks have much greater attack surfaces than ever before.
Second, as a global community, we lack a common and unified understanding of cyber security. Governments, business communities all talk about the importance of cyber security.
However, the fact is that both the public and private sectors lack a basic common understanding of this issue. As a result, different stakeholders have different expectations, and there is no alignment of responsibilities.
Third, as a whole, the industry lacks a unified set of technical standards for security, as well as systems for verification. This is complicated by globalization of the value chain. Digital products include components from many different countries, with many different standards, or no standards at all.
There is an urgent need to invest in security standards and verification systems at the national level, as well as professional resources and skills.
The fourth challenge is governance. In some countries, cyber security management lacks legislative support, and cyber security enforcement is not mature.
These are all real challenges, and we fully understand the cyber security concerns that people have in an increasingly digital world. Cyber security is a challenge we all share. To address these challenges, I believe that mutual understanding is the starting point.
To build a trustworthy environment, we need to work together.
Laying the foundation for trust with unified standards and verification
At Huawei, we have the ABC principle for security: "Assume nothing. Believe nobody. Check everything."
Both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumour. We believe that facts must be verifiable, and verification must be based on standards.
So, to start, we need to work together on unified standards. Based on a common set of standards, technical verification and legal verification can lay the foundation for building trust.
This must be a collaborative effort, because no single vendor, government, or telco operator can do it alone.
Second, we need to work together to clarify and align our responsibilities. This includes all stakeholders: regulators, standards organizations, telcos, and technology providers.
For technology providers like Huawei, our responsibility is to fully comply with standards. But that is not enough. Security must be embraced as a greater social responsibility.
That means embedding trust in all end-to-end processes, and enhancing security through innovation and corporate culture.
For telco carriers, their responsibility is to ensure the cyber resilience of their own networks. Following industry standards, telco carriers need to build robust processes to identify cyber security risks. They need to develop risk mitigation plans, and protect customer data.
Finally, government and standards bodies need to work with all stakeholders on standards development. This is our shared responsibility. These efforts should focus on a holistic approach, including security standards, security verification mechanisms, and enforcement.
Europe has strong experience in driving unified standards and regulation. GDPR is a shining example of this. It sets clear standards, defines responsibilities for all parties, and applies equally to all companies operating in Europe.
As a result, GDPR has become the golden standard for privacy protection around the world. We believe that European regulators can also lead the way on similar mechanisms for cyber security.
Right now, for example, the GSMA is making great progress with their NESAS security assurance scheme. We believe that all stakeholders should get behind this framework. Ultimately, the standards we adopt must be verifiable for all technology providers and all carriers.
An open, digital, and prosperous Europe requires secure and trustworthy digital environment that meets the challenges of today and tomorrow. To lay the foundation for a trustworthy digital environment, both now and in the future, transparency, integrity, and accountability are essential.
Huawei's Cyber Security Transparency Center
Today, we are opening the Huawei Cyber Security Transparency Center to help build that environment.
This center will provide a platform to enhance communication and joint innovation with all stakeholders. It will also provide a technical verification and evaluation platform for our customers.
Huawei strongly advocates independent and neutral third-party certification. Our Cyber Security Transparency Center will support that.
It will also give us a dedicated platform for constructive discussion, sharing best practices, and jointly addressing risks and challenges with our customers and partners.
We welcome all regulators, standards organizations, and Huawei customers to use this platform to collaborate more closely on security standards, verification, and secure innovation.
Together, we can improve security across the entire value chain and help build mutual, verifiable trust.
Security or nothing
Over the past 30 years, Huawei has served more than three billion people around the world. We support the stable operations of more than 1,500 carrier networks in over 170 countries and regions. In this time, we have maintained a solid track record in cyber security.
At Huawei, our promise is "Security or nothing." We take this responsibility very seriously. Cyber security is our top priority across product design, development, and lifecycle management, and it is embedded in all business processes.
Looking to the future, we want to do more. We will keep investing in our cyber security and technical capabilities. This center is an important milestone in that commitment.
We also commit to working more closely with all stakeholders in Europe to build a system of trust based on objective facts and verification. This is the cornerstone of a secure digital environment for all.
As a city, and as an institution, Brussels reminds us of what collective effort and a clear vision can achieve. As people, as organisations, as companies, I strongly believe that we are always more effective when we work together.