By HERMAN KANNENBERG
When it comes to cybersecurity, Huawei goes beyond enhancing software engineering capabilities and cyber resilience to build secure, trustworthy, and quality products and solutions.
We have also embraced technological innovation to help customers handle security risks and have adopted measures in the following domains to ensure the end-to-end cyber security for our customers:
Secure and trustworthy service operations
The global pandemic caused an explosion in network traffic, and therefore a rise in customer requirements for site construction.
Using digital means, we improved personnel qualification management, as well as access, operations, and data security control capabilities.
We also raised security awareness among delivery and service personnel using various themed activities, such as our monthly Network Safety Day.
Furthermore, we set up both local and remote delivery centers to help carriers quickly and securely build networks, thereby supporting their business activities and reducing the impact of the pandemic.
Security awareness among all employees supporting professional capability improvement
We held a Cybersecurity and Privacy Protection Awareness Month, delivering the presidents’ messages, expert lectures, a knowledge quiz, an open day at the Cybersecurity Transparency Center, technology contest, verification conference, and other themed activities to strengthen our corporate culture around cyber security.
All these initiatives support our key objective to continually raise the overall levels of awareness among employees.
Additionally, we encouraged employees to participate in external professional certification programmes and provided professional training to improve their professional capabilities.
To date, more than 760 employees have obtained industry recognized certifications such as Certified Information Systems Security Professional (CISSP) and International Association of Privacy Professionals (IAPP).
Furthermore, we planned and developed relevant courses, releasing 204 courses on our online Cybersecurity & Privacy Protection Knowledge Center to date.
These courses cover topics such as insights into cybersecurity and privacy protection, process development, and verification and testing, with a total of more than 200 000 individual enrollments.
Increased investment in third-party independent verification
We continued our cooperation with industry-recognized certification bodies and third-party labs to test the cyber security and privacy protection capabilities of Huawei products, solutions, and services against industry standards and best practices. The highlights from these efforts include:
• In 2020, we obtained more than 70 certifications related to cyber security and privacy protection. For example, our 5G and LTE base stations were the first in the industry to pass the Network Equipment Security Assurance Scheme (NESAS) assessment; 5G base stations obtained the CC EAL4+ certification; routers obtained the CSPN certification from the French National Cybersecurity Agency (ANSSI); iTrustee obtained the CC certification also from ANSSI; firewall and campus switch products passed the Payment Card Industry Data Security Standard (PCI DSS) assessment; HUAWEI Mate 40 Series smartphones obtained the digital rights management (DRM) copyright certification and Germany’s ePrivacy certification; HUAWEI CLOUD received more than 10 certifications, including Cloud Security Alliance Security, Trust and Assurance Registry (CSA STAR), ISO 27001, ISO 27701, PCI DSS, and Trusted Information Security Assessment Exchange (TISAX).
• In May 2020, ERNW, an independent IT security service provider in Germany, conducted a technical review of the source code of Huawei’s unified distributed gateway (UDG) on 5G core networks. Its report notes that “the overall source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process for UDG”.
• Our bug bounty programme in HUAWEI CLOUD, Huawei Mobile Services, mobile phones, and other domains has been a continued success. Through this programme, we encourage white hat hackers to discover vulnerabilities in Huawei products so that we can work with security experts in the industry to build a responsible, transparent, collaborative, and secure vulnerability ecosystem.
Respecting and protecting user privacy
Huawei is committed to complying with privacy protection laws and regulations around the world. We have built a management system for end-to-end privacy protection with strong supporting technical capabilities.
We have also developed robust privacy protection processes and a host of IT tools and platforms, helping us improve compliance effectiveness and management maturity and allowing us to demonstrate our privacy compliance processes and results in a more transparent and clear manner.
Furthermore, we continue to invest in and optimize our efforts to assure data subjects’ rights, including the prompt and effective handling of more than 20 000 data subject requests to date.
We continue to conduct internal and external audits in different countries and business domains to ensure the effective implementation of our personal privacy protection policies. – Zambezi News
Herman Kannenberg is Head of Legal Affairs and Cyber Security at Huawei South Africa.