By Herman Kannenberg, Head of Legal Affairs and Cyber Security, Huawei South Africa – As ICT technologies evolve and enriches our lives, we’re also seeing growing challenges to cyber security and privacy protection. Cyber security and privacy protection are the inherent requirements and core capabilities in an evolving digital world. At Huawei we understand this and have made providing secure, reliable, and high-quality ICT infrastructure a top priority.
A major part of ensuring we meet that commitment is the baseline end-to-end cyber security framework we’ve developed to manage cyber security. The baseline was created following extensive research on the most common and most critical security requirements and has been implemented across all Huawei products. Doing so ensures that all our products meet a consistent set of security quality requirements and that the security quality of our products continuously improves as we update the baseline.
At present, the baseline comprises 54 requirements under 15 categories. It is developed based on a wide range of laws, regulatory requirements, and technical standards, while also conforming to Huawei’s product development practices. It ensures that all products and versions we deliver to customers meet stakeholders’ fundamental security quality requirements.
It’s also worth pointing out that the baseline is embedded within Huawei’s integrated product development (IPD) process as a fundamental requirement. In this way, the baseline is executed repeatedly rather than randomly. All roles and organisations involved in the IPD process must strictly comply with the baseline throughout the product life cycle.
Here’s how the baseline is managed and implemented in all of our business processes:
1. The Global Cyber Security and User Privacy Protection Officer (GSPO) office is responsible for developing, releasing, and continuously optimising the Baseline. It analyses laws, industry standards, industry best practices, customer requirements, industry cases and the latest developments in security technologies to identify the most critical requirements and continuously update the Baseline accordingly.
2. Each domain updates related policies, processes, and procedures to ensure consistency with the updated baseline.
3. As one of the inputs, the baseline is used by the research and development (R&D) team to develop and update technical standards, speciﬁcations, templates, and guides. We provide appropriate training and awareness education when needed, in order to standardise and guide product design and development. We regard the baseline as external requirements. Based on the baseline, external regulations and standards as well as internal and external best practices, we have developed our own speciﬁcations that the products must abide by during R&D, thereby developing product security capabilities in an efficient and standardised manner.
4. Each business department implements the baseline; reviews, makes decisions on, executes, and monitors it in the business and decision-making systems; and backtracks Baseline violations and holds related personnel accountable.
5. Before a product version is released, Huawei’s Independent Cyber Security Lab (ICSL) veriﬁes whether it meets the baseline requirements from the customers’ perspective. If it does not, the GSPO has the right to veto its release.
6. Huawei manages the identiﬁed issues from start to ﬁnish, thus cyclically improving the baseline and corresponding management mechanism.
At Huawei, we have evolved our approach to cyber security and privacy frameworks over the past few years and operate on the assumption that in this globally intertwined world, cyberspace will face constant attacks. It has become an important part of ensuring that all our products are as secure as possible through every step of the development process.
Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. With integrated solutions across four key domains – telecom networks, IT, smart devices, and cloud services – we are committed to bringing digital to every person, home and organization for a fully connected, intelligent world.
Huawei’s end-to-end portfolio of products, solutions and services are both competitive and secure. Through open collaboration with ecosystem partners, we create lasting value for our customers, working to empower people, enrich home life, and inspire innovation in organizations of all shapes and sizes.
At Huawei, innovation focuses on customer needs. We invest heavily in basic research, concentrating on technological breakthroughs that drive the world forward. We have more than 180,000 employees, and we operate in more than 170 countries and regions. Founded in 1987, Huawei is a private company fully owned by its employees.
For more information, please visit Huawei online at www.huawei.com or follow us on: