Over the past two years, Huawei has been regularly upgrading our cybersecurity methods.
By Herman Kannenberg, Huawei South Africa Chief Security Officer
Cyberspace will be constantly under threat, and our enhancements of our security and privacy interventions are aimed at meeting the current and future challenges facing our customers.
Throughout 2019, these concerns guided the way we drove process transformation, solutions, security engineering capabilities, security technologies and standards, independent verification, supply chain, and personnel management. This has enabled us to proactively enhance our end-to-end cybersecurity assurance capabilities.
Transforming software engineering capability
We invested heavily in transforming our software engineering capability to ensure secure, trustworthy, high-quality products. We simplified our products and solutions, implemented the latest thinking on security architecture and development, and we are progressively upgrading all appropriate products and solutions to reflect this.
We have systematically built and deployed resilient architecture design methods, and have launched the distributed automatic binary vulnerability mining platform. Moreover, we have improved our security-design tools, code security scanning cloud, security test cloud, and fuzz test cloud.
These initiatives greatly enhanced our security engineering capabilities, enabling us to help our customers safely digitize their businesses and create value for their customers.
We have fully supported the independent verification of Huawei cybersecurity by stakeholders. In addition, we have assured and verified our cybersecurity management systems, products, services, and personnel through quality monitoring, internal and external auditing, and standards certification.
We now meet stakeholders’ cybersecurity requirements across all of our business processes – R&D, sales, service, supply, etc – helping us to enhance external confidence in Huawei’s overall cybersecurity approach.
Securing supply chains
Huawei’s comprehensive supply-chain security management system is ISO 28000-certified, enabling us to identify and control security risks throughout the supply chain life cycle.
We produced 28 types of top material security specifications and security sourcing test standards, along with 11 sets of industry-leading standards for the certification of our suppliers’ cybersecurity systems. Our suppliers must pass a rigorous security sourcing test and obtain system certification before they are accepted.
In 2019, we assessed, tracked, and managed the risks of more than 3 800 suppliers worldwide. We signed data-processing agreements (DPAs) with more than 3 000 suppliers and continue to run due diligence to ensure compliance with privacy obligations.
We released the supply availability security baseline and implemented it in all of our 145 newly developed products. Furthermore, we developed an in-transit exception dashboard to provide real-time warnings about exceptions such as abnormal stay and route deviation.
We restructured the product delivery tracing system, allowing us to trace software information within one hour and trace hardware information (from incoming materials to delivery to customers) within one day to facilitate the fast and transparent resolution of issues and to eliminate risks.
All of these steps have been geared to ensuring the information security of our customers. Ultimately, enhanced cybersecurity will be crucial to organisational sustainability in the future.