As a leading global provider of ICT infrastructure and smart devices, China-based Huawei is acutely aware of just how important cybersecurity is for ensuring trust in the digital world. In an exclusive interview to Express Computer, Akash Mathur, Vice President & Chief Compliance Officer, Huawei India voices that cybersecurity is increasingly intertwined with political suspicions and trade barriers and falling trust between nations. In some places, there is still a misconception that country-of-origin affects the security of network equipment and technology
What are the biggest challenges to cybersecurity in the new age? What is Huawei’s approach for tackling the same?
In a fast-evolving digital landscape where products have a much shorter lifecycle, new technologies become legacy much earlier and the supply chain is diverse and globalised, the key challenge to a robust mechanism is posed by a lack of common standards, certifications, evaluation mechanism, and absence of common regulations.
The need in today’s highly globalised ICT supply chain, is for to be addressed jointly at a global level. An all-industry, full-society approach to collaboration is essential to enhancing systematic cybersecurity governance for everyone. As a leading global provider of ICT infrastructure and smart devices, Huawei is acutely aware of just how important cybersecurity is for ensuring trust in the digital world. Huawei encourages all stakeholders in the digital ecosystem to evaluate risks in a rational, objective, and evidence-based way.
For Huawei, security and privacy are our highest priority and overarches everything. We strictly adhere to all local laws and regulations in each of the country that we operate in, including India. Huawei has subjected itself to the strictest reviews, including third party certifications of Huawei’s hardware, software and our solutions for two years in India, plus screening by regulators and customers. Huawei remains open to address concerns about its openness, transparency, and independence as well as engage in continuous dialogue.
As a leading ICT player, Huawei contributes its learning with industry and stakeholder and share our recommendations with global industry standardisation bodies. It is in the interest of openness and transparency that Huawei opened its world’s largest Cybersecurity and Privacy Protection Transparency Center in Dongguan recently.
Huawei has seven such centres around the world with the aim of enabling stakeholders, including customers, regulatory authorities, standards organisations, partners, and suppliers, to make full use of this platform to carry out in-depth exchanges, communication and cooperation to jointly improve the security capabilities of the entire industry. These centres are an indication of Huawei’s willingness to provide governments, customers, and partners around the world with stronger commitments in cybersecurity and better support for cooperation.
Do you see any progress in cybersecurity guidelines across the world? Where do you think the industry is still lacking?
With the rise of cyberattacks on a worldwide scale, all industries are taking cybersecurity more seriously. New laws, regulations, and standards are passed on a regular basis in the public sector. Over 180 cybersecurity legislation have been enacted in 151 countries in the last two years alone. This is a remarkable achievement. India too has introduced the NCCS which focuses on ensuring cybersecurity robustness in the Indian telecom domain.
Globally, industry organisations such as the GSMA and the 3GPP have been working closely with industry stakeholders to promote the NESAS Security Assurance Specifications and independent certifications in the telecoms sector. These baselines have received widespread industry approval, and we believe they will play a vital role in the creation and certification of secure networks. However, there is still more to be done.
Cybersecurity is a complex, ever-changing problem that necessitates strong collaboration and information sharing. When it comes to governance, technical capabilities, certification, and collaboration, the industry currently lacks a standard-based, coordinated strategy.
Today, cybersecurity is increasingly intertwined with political suspicions and trade barriers and falling trust between nations. In some places, there is still a misconception that country-of-origin affects the security of network equipment and technology. This is simply not true. It doesn’t solve the real challenges, and it prevents us from forming a unified approach.
Why do you think a unified approach is needed to ensure cybersecurity? Please elaborate on the recent initiatives you have taken to bring the industry together.
Cybersecurity is a technical issue. As such, Huawei’s position on cybersecurity is very clear: we need a more systematic and generally accepted framework to identify cybersecurity risks and collectively manage these risks. Cybersecurity needs governments, standards organisations, and technology vendors to work together and set shared goals to build a comprehensive understanding of cybersecurity challenges and build trust. Trust should be built upon facts. Facts must be verifiable, and verification must be based on common standards. We believe this is an effective model for building trust in security in the future digital era.
Huawei’s recently launched Global Cybersecurity and Privacy Protection Transparency Center aims to provide a platform for industry players to share cyber governance expertise and collaborate on technical solutions. The centre promotes collaboration and joint innovation while also assisting with security testing and certification. Regulators, independent third-party testing organisations, standards groups, and Huawei customers, partners, and suppliers are all welcomed to collaborate and create a safer cyber environment.
To further share its learning from its own stringent and extensive cybersecurity practices, in a first, Huawei unveiled its Product Security Baseline, sharing its security baseline methodology with the entire industry, and not limiting to just core suppliers. The Baseline, together with Huawei’s other governance measures, helps to ensure that the company’s products are of high quality and secure. Cybersecurity management needs shared knowledge, and the release of the Product Security Baselines will help improve industry best practices to strengthen cybersecurity as a community. These steps are part of the company’s larger efforts to collaborate with customers, suppliers, standards bodies, and other stakeholders to improve cybersecurity across the industries.
With increasing threats of cyberattacks and speedy digital transformation, how are you safeguarding the enterprises?
ICT is transforming industries and governments around the world, making them digital and intelligent. Huawei has always believed that security should never be a reason to stop innovation and overcoming the challenges of security is part of technological advance and social progress.
Cybersecurity is not a problem for any single country or company. Cooperation between all parties is vital if we are to effectively secure cyberspace. Ultimately, it is important for every stakeholder to work together. It is essential to have objective and fair rules as well as certification systems to help stakeholders in the ICT industry to carry out constructive cooperation and continue to drive fair competition and continuous innovation. The government and industry alike – must realise that developing effective global solutions for the entire industry demands more openness, more candid engagement, and honest communication.
Huawei calls on the entire ICT industry to invest more resources in creating comprehensive security and quality systems for communications networks, and reliable standards against which to assess them. We believe that the industry should develop globally accepted, industry-led, voluntary security standards, along with best practices, security assurance solutions, and compliance assessment systems. This will help establish a fair and consistent environment where all parties can respond to the challenges of together.
Effective security against cyberattacks can only be built through constant innovation because evolving challenges can only be addressed with a new conception of security and new security techniques. Innovation trumps any firewall, and it is imperative we invest in researching cutting-edge security technology and use technology to meet the challenges of technology.