Faced with criticism, Huawei relies on transparency to restore its image

Huawei has just given a boost to its public relations by promising to commit to cybersecurity, with the opening of its latest transparency center in Dongguan, China. Faced with criticism, the Shenzhen firm has also published the “security reference framework” that it claims to have adopted for its products, and which describes the requirements for implementation and compliance with legal and regulatory requirements. regulatory.

The new Dongguang site is one of seven dedicated transparency centers that Huawei operates around the world, including Belgium, Germany, Canada and the United Kingdom, where the first was launched in 2010. These sites have hosted 700 customer exchanges over the past decade. According to Huawei, these centers provide a platform on which its products and software can be tested and whose security can be verified by customers and governments. The centers provide technical documents, tools and test environments, as well as technical support.

When asked by ZDNet editorial staff, Huawei management said customers and governments will also be able to view source codes for its security framework. The spokesperson for the Chinese giant said that independent third-party testing organizations will be able to perform “fair, objective and independent security tests and audits”, based on cybersecurity standards and best practices “recognized by the industry ”.

Show the “Crown Jewels”

The new center of the Chinese group allows outsiders to remotely access Huawei’s source code, our “Crown Jewels”, adds the latter. At the same time, the Shenzhen firm unveiled its security reference framework, integrated into its product development process and developed to meet legal and regulatory requirements. This framework includes 54 covering 15 categories for product implementation, including backdoor prevention, access channel control, encryption, or application security.

The Chinese group noted that this was the first time that its safety reference system was made available to the industry. Huawei also insisted on the need for a “unified approach” to cybersecurity, noting that industry bodies like the GSMA and 3GPP had pushed for the adoption of standards, such as NESAS (Network Equipment Security Assurance Scheme), and independent certifications.

“At present, the industry still lacks a coordinated approach based on standards, in particular with regard to governance, technical capacities, certification and collaboration”, explains the management of the Chinese giant, who has been subject to a long-standing US embargo for alleged collusion with the Beijing regime.

Transparency as a highlight

NESAS is a voluntary initiative introduced to provide a security enhancement program focused on mobile network infrastructure equipment. It includes equipment designed to facilitate the functions defined by the 3GPP (3rd Generation Partnership Project) and deployed by mobile network operators on their networks. Specifically, it includes security assessments of vendor development processes and product lifecycle, as well as security assessments of network products.

The program has been adopted by a handful of vendors, namely Nokia, Ericsson, and ZTE. “These baselines have been widely accepted by the industry and will play an important role in the development and verification of secure networks,” says Huawei, adding that its 5G and LTE equipment has passed the NESAS assessment. Through its transparency centers, the provider says it has organized more than 200,000 courses and trainings covering cybersecurity and privacy process development, as well as verification and testing.

Last year, the Chinese giant also carried out a risk assessment and audited more than 4,000 providers of various cybersecurity services. Huawei adds that the emergence of 5G networks and services will also increase security risks, underscoring the need for collective efforts to combat these threats. “The digitization of industry, and new technologies like 5G and AI, have made cyberspace more complex, made worse by the fact that people have spent more of their lives online throughout the world. pandemic ”, recalls the management of the group.

Rising expenses

And to note that digitization has also blurred the physical boundaries of traditional networks, resulting in more threats to networks, as well as more serious consequences of vulnerabilities and attacks. “Cyber ​​security risk is a shared responsibility. Governments, standards bodies and technology providers need to collaborate more closely to develop a unified understanding of cybersecurity challenges. It has to be an international effort, ”notes Ken Hu, Huawei’s rotating president.

The Chinese giant’s cybersecurity and privacy research and development (R&D) spending represents 5% of its overall R&D budget, while the group’s global workforce is over 3,000. cybersecurity R&D professionals.

As a reminder, Huawei last week launched HarmonyOS 2 on 100 of its devices in China, including smartphones, smartwatches and tablets, continuing its goal of installing the mobile operating system on more than 300 million devices. In April, the company said it would continue to diversify its products to cushion the decline in its sales of smartphones, affected by US export sanctions, which have blocked access to Google’s Android ecosystem. .

As HarmonyOS is still not available outside of China, it remains to be seen whether the mobile operating system will be adopted so widely internationally, as its distribution in several categories of consumer devices could raise concerns in security and confidentiality.

Source: ZDNet.com