ISJ Exclusive: The key to 5G security

Nan Jianfeng, Director of Cyber Security Affairs, Huawei calls for the security industry to work together to defeat growing threats.

As the world around us becomes increasingly connected with smarter technologies incorporated into everything from our homes to city streets, cybersecurity becomes even more important. When connectivity is a necessity in our daily lives, we have to know we are safe from any potential threats. Cybersecurity is a global challenge that we all share and that is the responsibility of everyone within the connected ecosystem of the intelligent era. To protect against cybersecurity threats, industries and regulators need to come together to develop unified standards and verification mechanisms. These should apply to all equipment providers, telecom carriers and other players within the information and communications technology (ICT) ecosystem.

We believe that, as a products and solutions provider working with companies across the world, it is our responsibility to uphold security by staying on the forefront of technology innovation and working closely with the wider ICT ecosystem. We believe that a secure network is not only a shared obligation amongst ICT industry players, but a basic right of all connected users worldwide. To that end, our industry must adhere to global standards for network security and make sure the standards work in the public interest. We must also establish an open, transparent and visible security assurance framework to facilitate smooth and secure communications among people.

Preparing for the future

At Huawei, we are taking the initiative to transform our software engineering capabilities so that we can provide our customers with more secure and trustworthy products. Our aim is to help customers more deftly adapt to future needs, while protecting their connectivity today.

Moreover, the ICT industry involves very complicated software and hardware systems, in which vulnerabilities are difficult to avoid. Huawei has established a product security incident response team, or the PSIRT Team, which is a specialised global team responsible for collecting, troubleshooting, resolving and disclosing product vulnerabilities according to ISO/IEC 29147 and ISO/IEC 30111 standards.

Collaboration on cybersecurity is even more important in the context of 5G development. The region’s economic value will no doubt be bolstered by the roll-out of 5G broadband, enabling more people, things and devices to be connected than ever before. 5G will facilitate the kind of real-time data sharing and analysis and will generate unprecedented productivity in government, society, enterprises and even on an individual level. It actually builds on and extends 4G in terms of security architecture and expands more advanced security features.

Mitigating risk

To that end, Huawei is willing to work with all governments, customers and partners to jointly implement effective risk mitigation mechanisms for the digital age. Meanwhile, Huawei has been proactively involved in the telecom cybersecurity standardisation activities led by ITU-T, 3GPP, and IETF, among others, has joined security organisations and partnered with mainstream security companies to ensure the security of its customers’ operations and promote the healthy development of digital industries.

Huawei products have also passed multiple independent third-party certifications. In total, we have been granted 270 cybersecurity certificates. Included amongst these are 46 Common Criteria (CC) certificates, as well as 16 US Federal Information Processing Standards (FIPS) certificates.

For the past three decades, Huawei has operated in more than 170 countries and regions, serving over three billion people around the world. Our products and solutions are widely used by 211 leading Fortune 500 enterprises. We are privileged to help them to achieve digital transformation without major cybersecurity issues or faults. Our equipment has never caused a large-scale network breakdown and we have never experienced any serious cybersecurity breach. Huawei has never done anything to jeopardise the security of our customers’ networks or devices and thus no evidence of such actions exists.

In that spirit, we have established effective cybersecurity collaboration and communication mechanisms with the governments of many countries, including the UK, Canada, Germany and others. We also opened a Cyber Security Transparency Centre in Brussels in March 2019. This new centre will become a platform for our communication and collaboration with governments, customers and industry partners in Europe. At the centre, our customers can better understand the security of Huawei products and solutions by testing and verifying the security of our products based on agreed standards.

Moreover, we firmly believe that any future security principles should be based on verifiable facts and an objective approach, rather than ideology or a vendor’s country of origin. We believe the cybersecurity issue is a technical one at its core, which needs to be addressed through technical means.

We want to empower our partners and customers here in the Middle East to make the most of the new opportunities created by 5G and constantly evolving technology, enabling them to forge the path towards creating an intelligent world.

www.huawei.com

This article was published in the March 2020 edition of International Security Journal. To pick up your FREE digital copy, please click here