Working together for a secure cyberspace

As digitalization connects the world, cybersecurity is becoming more important than ever before. In the news, we’ve seen an increase in cyberattacks aimed at critical infrastructure such as energy, healthcare, and transportation. 

These attacks have affected the lives of millions of people around the world. According to one estimate, damages from cybercrime might reach US$6 trillion in 2021.

Meanwhile, as a result of the pandemic, people are spending more time online. And I’m sure that many people will continue to work remotely, even after the pandemic. This makes it all the more important that we do everything possible to ensure a healthy and secure cyber space.

In the public sector, new laws, regulations, and standards are being introduced on a regular basis.

In the past two years alone, 151 countries have passed more than 180 cybersecurity laws. This is incredible progress. In the telecoms sector, industry organizations like GSMA and 3GPP have been working closely with industry stakeholders to promote NESAS Security Assurance Specifications and independent certifications.

These baselines have seen wide acceptance in the industry, and we’re confident that they will play an important role in the development and verification of secure networks.

However, we still have a lot of work to do. Cybersecurity is a complex, evolving challenge that requires close collaboration and information-sharing. We still lack a standards-based, coordinated approach across the industry, especially when it comes to governance, technical capabilities, certification, and collaboration.

In some places, there’s still a misconception that country-of-origin affects the security of network equipment and technology. This is simply not true. It doesn’t solve the real challenges our industry faces, and it prevents us from forming a unified approach.

There’s still a misconception that country-of-origin affects the security of network equipment and technology. This is simply not true.

At Huawei, cybersecurity is our top priority. We take this responsibility seriously, because we owe it to our customers – and their customers – to make sure that the equipment they’re using is healthy and secure.

We’re proud of what we have achieved. For the past 30 years, we have served more than 3 billion people around the world. We support the stable operations of more than 1,500 carrier networks in over 170 countries and regions.

And we have maintained a solid track record in cybersecurity this whole time.

This is the result of continuous long-term investment in cybersecurity management practices and technology for more than 20 years. We currently have more than 3,000 cybersecurity R&D personnel, with 5% of our R&D spend focused exclusively on boosting the security of our products.

Of course, our cybersecurity assurance systems weren’t developed in a vacuum. They’re the result of regular engagement, joint research, and joint innovation with our customers, partners, industry groups, regulators and standards organizations around the world.

That’s what Cyber Security Transparency Center is all about. We opened it in Dongguan, China, in June 2021. 

Two years before, we had opened a similar center in Brussels. Both Centers adhere to Huawei’s ABC principle for security: “Assume nothing. Believe nobody. Check everything.”

The idea is that both trust and distrust should be based on facts – not feelings, not speculation, and not baseless rumor. We believe that facts must be verifiable, and that verification must be based on standards. With this as our guiding principle, we’ve set up six cyber security and transparency centers over the past 10 years in Europe, the Middle East, and North America.

The center in Dongguan will have three main functions:

• Demonstrate solutions and share experience
• Facilitate communication and joint innovation
• Provide a platform for security testing and verification

Our most advanced center yet, it’s designed to gather and serve stakeholders from around the world. It has the best tools, testing environments, and experts available for our partners, customers and industry peers. They can come to understand and test our products; and together, we can collaborate more closely on security standards, verification, and innovation.

Looking to the future, I believe we must do three things. 

First, we must build capabilities together. Cyber security threats are complex, diverse, and evolving, and no single organization has what it takes to tackle them all. From governance, to standards and technology, to verification, we need to work together, combine strengths, and build our collective capabilities.

Second, we must share value, such as Huawei’s Product Security Baseline (see related article). The more knowledge and best practices we share, the more effectively we can strengthen cybersecurity as a community.

Third, we must form tighter coalitions. That means governments, standards bodies, and technology providers need to work closer together to develop a unified understanding of cybersecurity challenges. This must be an international effort.

The bottom line is that cybersecurity risk is a shared responsibility, and we need to treat it that way. We need to set shared goals, align responsibilities, and work together to build a trustworthy digital environment that meets the challenges of today and tomorrow.

Ken Hu is Rotating Chairman of Huawei Technologies, Ltd.