In a world where cybercrime and electronic espionage are commonplace in the news, one can understand why the
largest telecom hardware and software supplier in the world would not want to be on the wrong side of the discussion -- a side where Huawei Technologies Co. Ltd. often finds itself and where it has issued a new document
some see as an effort to help it reach the other side.
Huawei is a Chinese multinational company that sells its products and services in more than 140 countries, to the majority of the world’s largest telecom firms. It was founded by a former member of the Chinese military, which is where Huawei’s
cybersecurity image problem starts.
Government agencies in both
have raised questions about Huawei’s ties to the Chinese military and have blocked the company from bidding on government funded projects due to national security concerns, assertions that Huawei disputes as unfounded.
Recently, perhaps in an effort to combat knocks on its cybersecurity image, Huawei has
published a whitepaper specifically on the topic of national security.
The 22-page document starts out by outlining the very volatile world of cyberthreats and detailing all the ways in which networks and data are at risk for costly breaches:
The cost of this data leakage, at its kindest or industrial espionage at its most aggressive, is claimed to run into the billions, although actually getting an accurate assessment of losses appears impossible.
Next up, Huawei takes aim at the global supply chain and challenges the idea of what a “foreign developed” product is, pointing out that many of the world’s other large telecommunications equipment companies, such as Cisco, Alcatel-Lucent, and Ericsson, manufacture many of their products in China, and that this is no different from Huawei's position as a Chinese company.
R&D Center at Huawei Global Headquarters in Shenzhen. Photo: Huawei.
This inference neglects to address Huawei’s ties to the Chinese military, ties that the other named companies don’t have.
Huawei’s whitepaper points out the vast differences in the many legal systems that international companies are held accountable to, and it makes a call for a more global standard for cybersecurity:
Huawei would welcome a coordinated international approach to principles of data protection and cyber security. We believe that such an approach would foster better overall standards of data protection on a global basis, rather than having vendors, service providers and corporations struggle to apply inconsistent standards and approaches across various countries.
Though the idea might sound like a noble one, its complexity could make it impossible to implement. But it’s a talking point for Huawei.
The last half of the whitepaper describes the R&D and manufacturing process at Huawei and touts the diversity of Huawei’s supply chain (70 percent of components are sourced outside of China, with the majority from the US).
The final note and overall theme of the whitepaper is that Huawei is issuing a call for government and industry cooperation to move forward and fight together to improve cybersecurity globally. Huawei affirms itself as a supporter of such efforts:
Collaboration on cyber security should not be limited by geographical, political or competitive differences…
In this context governments must take the lead to establish united and integrated governance to drive forward comprehensive and collaborative approaches to cyber security – Huawei commits itself to supporting such an endeavor.
It is unlikely that this whitepaper alone will break down many barriers to entry for Huawei in the US and other nations. A spokesman for Huawei denies that the company even meant to do that. Here is his email to Internet Evolution today in response to a question about whether Huawei issued the document to help its image problems:
The simple answer to your question is no. Huawei is a global information communications technology leader. The integrity of our operations and the quality and security of our solutions are world proven across almost 150 markets by over 500 operators, including national service providers throughout Europe, Africa, the Middle East, Asia and the Americas. With that leadership comes responsibility. In the face of mounting cyber-incidents, Huawei issued the White Paper as an important step to improve industry awareness of our global efforts to ensure a secure and better cyber future for all of us and to present our view on actions companies and governments need to carry out to manage global cyber security challenges. Our industry is borderless and utterly interdependent, which means common benefits, but also common vulnerabilities. As a global industry leader Huawei is making itself available to all stakeholders as a resource on best practices and future industry-wide and global standards and disciplines to better secure our networks.
At the end of the day, actions speak louder than words, and if Huawei backs up the contents of this whitepaper with collaborative actions, it might find itself on the right side of the cybersecurity discussion.
— Dana Blouin is a network engineer and technologist doing graduate work in information and communication technology at the University of Wisconsin.