Cyber Security

As cloud, digitalization, and software-defined everything become more prevalent, the world will become data-centric and intelligent in the future. This new world will bring both challenges and opportunities. We understand that the ICT industry is undergoing rapid technological transformation, with technologies becoming increasingly complex and networks more open.

Against this backdrop, we are aware of the increasing interest and concerns of companies, regulators, and the general public regarding cyber security, which we take very seriously. Users want to get online anytime and anywhere, and efficiently access data. To meet these requirements, product trustworthiness and network resilience have become more important than ever. Compared with new functions and features, customers will focus on the trustworthiness of products and solutions, along with network resilience and cyber security.

Huawei's Cyber Security Framework

Cyber security must be built upon trustworthiness, basic product quality, basic security engineering capabilities, and resilient products and solutions. That is the very foundation of all security activities.

To meet customer requirements in this more complex world, we will initially invest US$2 billion over the next five years to implement a company-wide transformation program. With this program, we aim to optimize our software engineering capabilities, as this is the foundation upon which we will build secure, trustworthy, and high-quality products. The program will entail reassessing the quality of our code, strengthening our grasp on and capabilities in the core elements of secure and resilient architecture design, and, wherever possible, simplifying every element of our products and solutions.

In 2018, to address the increasingly complex cyber security environment, we used a dynamic response approach to develop an overview of product planning and development. This was based on the assumption that cyberspace is insecure and cyber-attacks are constant. We also released our new Cyber Security Framework.

In 2018, we applied our new Cyber Security Framework through people management, security engineering capabilities, security technologies and standards, security certifications, and supply chain management. Some highlights of this year are listed below.

In staff management, we focused on improving employees' security awareness and capabilities:

We embedded cyber security into our R&D processes and continued to improve our software engineering capabilities. Over the past several years, we have put an end-to-end security design platform in place, as well as a code security scanning cloud, a security test automation and FUZZ test cloud, and a vulnerability response platform. 2018 in particular saw multiple enhancements in our basic security quality:

In security technologies and standards, we continued research on technology and architecture to improve the trustworthiness of our products and network resilience:

We actively participated in the industry's mainstream security certification. Our major products received 11 international mainstream security certifications, including:

In 2014, Huawei's Independent Cyber Security Lab (ICSL) gained ISO/IEC 17025 accreditation for the first time. In 2018, this accreditation was reconfirmed.

Huawei also proactively works with GSMA on 5G security testing and evaluations based on the Network Equipment Security Assurance Scheme (NESAS).

In supply chain management, we manage the cyber security and privacy protection of our suppliers around the world. In 2018, we took significant steps towards that end:

Related Content