Through the digitalisation of various industries like transport, retail and utilities, fast-evolving new technologies are significantly changing our lives, creating more convenience and business opportunities for our society. However, these new technologies may also bring unprecedented challenges and risks like cyber crime and cyber attacks, creating the need for a secure and trustworthy intelligent world.
Since product security is the foundation for such a commitment, security baselines will be an effective method for managing product security quality as these baselines can be applied for a vendor’s products and the supply chain partners supporting the vendor. Hence, we will like to share best practices on how to work with external partners and the ecosystem of security assurance.
Trust the right security standard
With various industries starting on the path of digitalisation, using security standards will allow the various stakeholders to trust that the system or network has been set up based on a common set of security requirements that can be verified. Today, these standards like ISO and IEC are supported globally by leading government authorities, global telecom operators, key technical vendors, industry associations and security researchers.
See: CSA takes steps to further develop cybersecurity talents in Singapore
Huawei advocates and promotes the establishment of cyber security standards that are globally recognised and agreed upon. Huawei has also been actively participating with industry standards organisations to promote the establishment of new standards.
Product security baseline as key priority
Huawei has established an end-to-end cyber security assurance system, covering not only technologies, software or hardware, but also the whole organisation including every person and every process within Huawei.
As part of Huawei’s product development process, cyber security is our fundamental priority before we ship products out to our customers. Product security is incorporated into the design and development of our products and plays an important role in their life cycles. By developing and implementing security requirements to form a common baseline for our products, we can ensure that all products will meet the same set of requirements in terms of security quality, and we will continuously update the security baseline so that the security quality will also improve.
On product security baselining, we take reference from applicable global laws and regulations, combining customers’ business requirements with our internal governance requirements to analyse and then establish the baseline. We focus on 12 key domains including strategy/governance, standards/procedures, laws and regulations, human resource management, R&D, test and verification, supply chain, service delivery, and so on.
To boost transparency and collaboration, our product security baseline consists of 54 requirements under 15 categories, which are publicly available on our website. All Huawei products have to pass independent verification before launch. A product that violate these baseline specifications will have its market launch suspended until the critical issues are eliminated, and the product team’s performance will be graded as a critical failure within the security maturity assessment.
Of course, this baseline does not represent all cyber security requirements for the given network solutions or business scenarios. However, we believe that steadily improving the baseline will be more effective in ensuring an end-to-end supply chain security, rather than setting maximum security requirements.
At the same time, we aim to provide a platform for the industry stakeholders to share their expertise in cyber governance and work on technical solutions together. Our Global Cyber Security and Privacy Protection Transparency Centre is also open to regulators, independent third-party testing organisations and standards organisations, to spur collaboration and to facilitate cyber security as a priority for all.
A call for public-private collaboration
Recently, we have witnessed more calls for public-private partnerships to enhance and strengthen cyber security. Over the past years, we have seen more than 150 countries releasing over 180 security and privacy laws and legislations. Private sectors are also investing and contributing towards innovations for security.
Trustworthiness has become a key value for businesses as they continue to invest in ICT, expecting verifiable quality in both processes and results. With our research centres in Singapore and other cities, we will continuously improve on product quality and resilience through trustworthy R&D to ensure that our customers will receive high-quality products, while our employees will continue to value product security and earn customers’ trust.
As more enterprises undergo digitisation, risk exposure to cyber threats such as ransomware and supply chain attacks may also increase. Hence, organisations must be well-equipped with the necessary tools and knowledge to mitigate such cyber threats. Building a safe cyberspace during the digital economy era will require closer collaboration among all players and stakeholders in the ecosystem.
Sink your teeth into in-depth insights from our expert contributors, and dive into financial and economic trends, Click here for our Views Section
On the other hand, consumers will need to understand the concept of shared goals and aligned responsibilities, and they can raise their security awareness on protecting their own data and privacy via learning courses or webinars.
From adopting international standards and product security baseline to wider collaboration, everyone, including governments, standards organisations and technology providers, need to work together to develop a unified understanding of cyber security challenges. This must be an international effort with shared goals, aligned responsibilities, and collaboration to build a trustworthy digital environment that meets the challenges of today and tomorrow.
Dennis Chan is country cybersecurity & privacy officer (CSPO) at Huawei International
Photo by Adi Goldstein on Unsplash
