Professional Documents
Culture Documents
First
set
of
questions
to
Huawei
from
DM
:
17
May
2020
I
am
writing
an
article
for
the
Daily
Maverick
online
news
website
about
the
findings
of
the
Huawei
Cyber
Security
Evaluation
Centre
in
Britain.
Last
year,
the
HCSEC
oversight
board
reported
that
HCSEC
had
detected
“significant
technical
issues”
in
Huawei’s
“unique
software
engineering
and
cyber
security
processes”.
The
report
said
the
issues
brought
“significantly
increased
risk”
to
the
UK’s
cellular
networks.
It
also
stated
that
the
HCSEC
oversight
board
had
“not
yet
seen
anything
to
give
it
confidence
in
Huawei’s
capacity”
to
implement
its
own
plans
to
fix
“underlying
defects”.
The
report
also
said
that,
in
certain
cases,
Huawei
developers
“may
be
actively
working
to
hide
bad
coding
practice”.
I
also
understand
that
Huawei
has
allocated
US$2
billion
over
a
five-‐year
period
to
fix
the
problems
which
are
a
result
of
underlying,
company-‐wide
development
processes.
However,
the
National
Cyber
Security
Centre
in
the
UK
has
said
that
they
have
yet
to
see
any
concrete
transformation
plans.
The
United
Kingdom
has
given
Huawei
a
35%
share
in
the
non-‐core
parts
of
its
5G
networks.
However,
the
National
Cyber
Security
Centre
has
said
they
cannot
mitigate
the
risks
to
UK
national
security
brought
by
Huawei
equipment
used
in
core
networks
(be
it
2G,
3G,
4G,
or
5G),
and
that
this
is
why
they
do
not
use
Huawei
equipment
in
the
network
core.
Huawei
has
opened
security
evaluation
centres
in
Germany
and
Brussels,
and
offered
to
open
a
security
evaluation
centre
in
Poland
last
year,
following
the
arrest
by
Polish
authorities
of
a
Huawei
employee
on
espionage
charges,
and
increased
pressure
on
Huawei
to
prove
its
trusworthiness.
Huawei
has
not
faced
this
kind
of
pressure
in
South
Africa.
My
questions
are
as
follows:
1.
Has
Huawei
made
any
progress
with
its
transformation
plan?
Could
you
possibly
provide
some
detail
about
the
progress
you’ve
made?
2.
In
the
light
of
the
fact
that
South
Africa
does
not
have
an
equivalent
to
the
UK’s
HCSEC,
and
given
that
Huawei
equipment
is
used
in
core
and
non-‐
core
sections
of
South
Africa’s
mobile
networks,
can
Huawei
assure
the
South
African
public
that
the
country’s
networks,
and
cyberspace
in
general,
are
not
put
at
increased
risk
because
of
Huawei
equipment?
3.
Does
Huawei
plan
on
establishing
an
evaluation
centre
similar
to
the
UK’s
HCSEC
in
South
Africa,
or
perhaps
for
the
Southern
African
region?
If
so,
is
it
possible
to
provide
any
detail,
such
as
when
it
will
be
opened,
or
how
it
will
be
funded?
Please
provide
any
further
details
that
you
feel
are
important.
Huawei
response
:
21
May
2020
We
have
received
your
media
inquiry
and
would
like
to
express
the
following:
The
report
you
refer
to
was
published
more
than
a
year
ago
in
March
2019
by
the
UK’s
Huawei
Cyber
Security
Evaluation
Centre
(HCSEC)
established
by
the
Prime
Minister
in
2010.
Thus
you
are
asking
Huawei
to
comment
on
old
information
published
14
months
ago
and
which
has
since
been
surpassed.
Critically
you
have
failed
to
acknowledge
the
decision
taken
by
the
British
Government
in
January
2020
to
allow
Huawei
to
participate
in
the
country’s
5G
roll-‐out.
(Please
refer
to
the
attached
media
release
issued
January
27th
of
this
year)
This
decision
is
a
clear
indication
of
the
cooperation
between
Huawei
and
the
British
authorities
which
have
the
toughest
oversight
requirements
in
our
industry.
It
also
illustrates
that
the
HCSEC
report
on
which
you
base
your
questions
has
been
superseded
by
recent
developments.
For
the
sake
of
your
Editor
we
have
copied
the
full
report
here,
along
with
our
response
at
the
time:
https://assets.publishing.service.gov.uk/government/uploads/system/uplo
ads/attachment_data/file/790270/HCSEC_OversightBoardReport-‐
2019.pdf
Huawei
media
release
March
19th,
2019:
https://huawei.eu/press-‐release/statement-‐huawei-‐huawei-‐cyber-‐
security-‐evaluation-‐centre-‐hcsec-‐oversight-‐board-‐annual
Huawei
awaits
the
next
HCSEC
report
for
2019/20,
and
will
not
be
making
any
commentary
at
this
point,
over
and
above
what
we
have
already
stated
publicly.
Furthermore,
professionals
in
the
telecommunications
sector
are
aware
of
Huawei’s
position
in
relation
to
the
2019
HCSEC
report
and
the
developments
to
include
our
company
in
the
5G
rollout
programme
in
the
United
Kingdom.
We
therefore
prefer
not
to
engage
on
speculative
or
outdated
matters.
With
regards
to
our
work
with
locally
based
telecommunications
companies
Huawei
remains
committed
to
building
and
improving
networks
for
the
benefit
of
the
people
of
this
country.
Huawei’s
equipment
meets
the
requirements
and
laws
of
South
Africa
and
it’s
regulatory
agencies.
We
have
a
proven
track
record
in
cyber
security
and
we
are
a
trustworthy
supplier
to
our
South
African
partners.
Globally
Huawei’s
technologies
have
introduced
cost
effective,
rapid
advances
in
telecommunications
networks
across
the
world.
Huawei
should
not
be
discriminated
against,
based
on
its
country
of
origin,
nor
be
maligned
in
the
media
on
the
basis
of
suspicion
without
evidence.
We
view
such
reporting
as
unethical
and
discriminatory.
Although
we
trust
that
it
will
not
be
necessary
to
enforce
them,
all
our
rights
herein
as
well
as
that
of
all
other
Huawei
Group
companies
remain
strictly
reserved.
DM's
response
to
Huawei's
first
reply
(abridged
version)
:
24
May
2020
On
28
January
2020,
NCSC
published
an
article
titled
“NCSC
guidance
for
the
risk
management
of
high
risk
vendors
in
telecommunications
networks.”
The
article
to
which
I
am
referring
is
here:
https://www.ncsc.gov.uk/guidance/ncsc-‐advice-‐on-‐the-‐use-‐of-‐
equipment-‐from-‐high-‐risk-‐vendors-‐in-‐uk-‐telecoms-‐networks
In
it,
the
NCSC
provides
a
“non-‐exhaustive
list
of
criteria
which
NCSC
applies
when
identifying
vendors
as
HRVs
(High
Risk
Vendors)
”.
One
of
the
criteria
is
“The
past
behaviour
and
practices
of
and
practices
the
vendor”.
HCSEC
oversight
board
reports
detail
Huawei’s
past
behaviour
and
practices.
I
would
like
to
point
out
to
you
the
statements
made
on
February
13,
2019,
by
Huawei’s
rotating
chairman
Eric
Xu
when
he
held
a
press
conference
with
six
UK
media
outlets.
The
press
release
I
am
referring
to
is
here:
https://www.huawei.com/za/facts/voices-‐of-‐huawei/interview-‐with-‐
xu-‐zhijun
Mr
Xu
makes
the
following
statements:
“Enhancing
software
engineering
capabilities:
‘We
realized
that
this
is
definitely
not
just
about
addressing
the
concerns
of
the
UK;
it
carries
a
lot
of
weight
and
to
a
certain
degree
is
the
foundation
to
Huawei's
future
development...
It's
not
just
about
addressing
the
requirements
coming
from
NCSC;
this
is
something
that
Huawei
must
be
doing
for
our
long-‐term
development...
We
think
of
this
as
the
cornerstone
that
enables
Huawei
to
realize
our
long-‐term
aspiration.’"
“US$2
billion
fund:
‘This
US$2
billion
budget
is
just
an
initial
fund...
I
hope
through
our
efforts
in
the
next
three
to
five
years,
we
can
truly
build
products
that
would
be
trusted
by
governments
and
by
customers,
so
as
to
support
and
sustain
Huawei's
long-‐term
development.’"
Mr
Xu
is
acknowledging
that
the
findings
of
the
2019
HCSEC
oversight
board
report
relate
to
long-‐term
issues.
Additionally,
Mr
Xu
indicated
that
the
allocation
of
US$
2billion
would
be
spent
over
a
five
year
period,
with
that
being
only
an
‘initial’
amount.
This
suggests
that
the
transformation
programme
may
even
last
longer
than
three
to
five
years
If,
however,
Huawei
has
cancelled
its
transformation
plan,
I
would
very
much
appreciate
it
if
you
can
confirm
that
fact
for
me
as
soon
as
possible.
IN
LIGHT
OF
THE
ABOVE,
I
WOULD
LIKE
TO
REITERATE
MY
QUESTIONS,
AND
ASK
YOU
A
FEW
ADDITIONAL
QUESTIONS:
1.
Has
Huawei
cancelled
its
US$2
billion
transformation
plan?
If
so,
could
you
kindly
provide
reasons.
2.
If
Huawei
has
not
cancelled
its
transformation
plan,
has
the
company
made
any
progress
with
said
plan?
Could
you
possibly
provide
some
detail
about
the
progress
you’ve
made?
If
you
have
not
made
progress,
could
you
provide
reasons
why?
3.
In
the
light
of
the
fact
that
South
Africa
does
not
have
an
equivalent
to
the
UK’s
HCSEC,
and
given
that
Huawei
equipment
is
used
in
core
and
non-‐
core
sections
of
South
Africa’s
mobile
networks,
can
Huawei
assure
the
South
African
public
that
the
country’s
networks
that
use
Huawei,
and
its
cyberspace
in
general,
are
not
put
at
increased
risk
because
of
Huawei
equipment?
4.
Does
Huawei
plan
on
establishing
an
evaluation
centre
similar
to
the
UK’s
HCSEC
in
South
Africa,
or
perhaps
for
the
Southern
African
region,
or
any
other
African
country?
If
so,
is
it
possible
to
provide
any
detail,
such
as
when
it
will
be
opened,
or
how
it
will
be
funded?
5.
Why
has
Huawei
paid
for
the
establishment
of
three
security
evaluation/transparency
centres
(all
located
Europe
and
the
UK)
but
has
not
done
so
for
South
Africa,
or
Africa
as
a
whole
for
that
matter?
Why
does
Europe
appear
to
get
preferential
treatment
over
Africa
when
it
comes
to
cyber
security?
6.
What
are
your
comments
about
the
UK’s
decision
to
phase
Huawei
out
of
UK
telco
networks
by
2023?
Please
feel
free
to
add
any
additional
information
that
you
deem
to
be
of
interest.
Huawei's
second
reply
to
DM:
26
May
2020
We
have
noted
the
additional
questions
you
have
provided,
as
they
relate
to
the
United
Kingdom
and
the
HCSEC.
Our
previous
reply
also
refers.
Huawei
has
been
working
tirelessly
with
the
British
Government
to
address
concerns
through
the
HCSEC.
Our
$2billion
transformation
plan
has
not
been
cancelled.
This
is
a
five
year
long
programme
and
has
already
yielded
positive
results
and
we
are
confident
this
will
continue
allowing
us
to
also
better
serve
other
markets
from
the
progress
made.
Huawei
places
cybersecurity
above
our
business
interests.
It
is
important
to
note
that,
cybersecurity
has
never
been
the
sole
responsibility
of
a
country
or
an
enterprise.
Only
through
the
joint
efforts
of
the
entire
industry
ecosystem
and
society
as
a
whole
working
together,
will
we
systematically
solve
cybersecurity
challenges.
We
reject
your
assertion
that
Europe
gets
preferential
treatment
over
Africa
when
it
comes
to
cyber
security.
In
every
country
that
we
operate
in,
we
remain
a
committed
and
trustworthy
partner
to
the
telecommunications
industry
and
abide
fully
by
the
laws
and
regulations
required
by
the
Government,
including
South
Africa.
We
continue
to
enjoy
an
open
and
progressive
relationship
with
all
our
South
African
partners.