in

Huawei reveals 'cybersecurity framework' with launch of China transparency centre

Huawei Technologies has kicked into PR overdrive, pledging its commitment to cybersecurity with the opening of its latest transparency centre in Dongguan, China. It also releases the “security baseline framework” that the Chinese tech vendor says is adopted for its products, outlining requirements for implementation and compliance of legal and regulatory requirements.

The new Dongguang facility is amongst seven transparency centres Huawei operates worldwide, including in Belgium, Germany, Canada, and the UK, where its first was launched in 2010. These sites have hosted 700 customer exchange over the past decade. 

According to Huawei, the centres offer a platform on which its products and software can be tested and security verified by customers and governments. The facilities provide technical documents, testing tools and environments, as well as technical support. 

When asked, Huawei told ZDNet that customers and governments also would be able to view the source codes of its security framework. The spokesperson said independent third-party testing organisations would be able to perform “fair, objective, and independent security tests and verifications” based on “industry-recognised” cybersecurity standards and best practices.

“[The centre] allows outsiders to remotely access Huawei’s source code, our ‘crown jewels’,” he noted. 

Along with the launch, Huawei unveiled the security baseline framework that it said was integrated into its product development process and developed to address legal and regulatory requirements. The framework comprised 54 requirements spanning 15 categories for product implementation, such as backdoor prevention, access channel control, encryption, application security, and secure compilation. 

The vendor added that this was the first time its security baseline was made available to the industry. 

Huawei also urged the need for a “unified approach” to cybersecurity, pointing to industry bodies such as GSMA and 3GPP that had pushed the adoption of standards such as NESAS (Network Equipment Security Assurance Scheme) and independent certifications. “At present, the industry still lacks a standards-based, coordinated approach, especially when it comes to governance, technical capabilities, certification, and collaboration,” the Chinese vendor said. 

NESAS is a voluntary initiative introduced to provide a security enhancement programme that focused on mobile network infrastructure equipment. It encompasses equipment designed to facilitate functions defined by 3GPP (3rd Generation Partnership Project), and deployed by mobile network operators on their networks. Specifically, it comprises security assessments of vendor development and product lifecycle processes as well as security evaluations of network products. The programme has been adopted by a handful of vendors, namely, Nokia, Ericsson, and ZTE.

“These baselines have seen wide acceptance in the industry and will play an important role in the development and verification of secure networks,” Huawei said, adding that its 5G and LTE equipments had passed NESAS evaluation. 

Through its transparency centres, the vendor said it had conducted more than 200,000 training courses covering cybersecurity and privacy process development as well as verification and testing. Last year, it also carried out risk assessment and monitored more than 4,000 suppliers of various cybsersecurity services. 

It said the emergence of 5G networks and services also would increase security risks, further underscoring the need for collective efforts to combat such threats.

Huawei said: “Industry digitalisation and new technologies like 5G and AI (artificial intelligence) have made cyberspace more complex, compounded by the fact that people have been spending a greater portion of their lives online throughout the COVID-19 pandemic. These trends have led to a rise in new cybersecurity risks.”

It noted that digitalisation also blurred the physical boundaries of traditional networks, leading to more network threats as well as the consequences of vulnerabilities and attacks that were more serious. 

Huawei’s rotating chairman Ken Hu said: “Cybersecurity risk is a shared responsibility. Governments, standards organisations, and technology providers need to work closer together to develop a unified understanding of cybersecurity challenges. This must be an international effort.”

The Chinese vendor said its research and development (R&D) spending on cybersecurity and privacy components accounted for 5% of its overall R&D budget, and its global headcount included more than 3,000 cybersecurity R&D professionals.

Huawei last week launched HarmonyOS 2 across 100 of its devices in China, including smartphones, smart watches, and tablets, further driving its aim to have the mobile OS installed on more than 300 million devices.  It said in April that it would continue to diversify its product focus as it looked to buffer a decline in its smartphone sales, which were impacted by ongoing US export sanctions that blocked access to Google’s Android ecosystem. 

With HarmonyOS still unavailable outside of China, though, it remains to be seen if the mobile OS will be adopted as widely internationally as its distribution across multiple consumer device categories may further trigger security and privacy concerns.

RELATED COVERAGE


Source: Information Technologies - zdnet.com

Nokia, Qualcomm, and UScellular hit 750Mbps over 11kms with mmWave 5G

PuzzleMaker attacks exploit Windows zero-day, Chrome vulnerabilities