Professional Documents
Culture Documents
Huawei's Position Paper On Cyber Security: November 2019
Huawei's Position Paper On Cyber Security: November 2019
on Cyber Security
November 2019
Contents
Contents
I. Executive Summary 03
II. Introduction 07
1. Huawei's white papers on cyber security 07
2. Purpose of this position paper 09
III. ICT Offers Enormous Potential for Global
Development 11
IV. Rational Approach to Risk Management 15
1. Cyber security involves many elements 16
2. Supplier country of origin is not an element for security risk 18
3. Rational, objective, and evidence-based assessment of cyber
security risks 20
V. Systematic Governance of Cyber Security 22
1. Unified cyber security standards 22
2. Independent cyber security verification 25
VI. Huawei Delivers Trustworthy and High-Quality
Products 28
1. Huawei's Global Cyber Security and User Privacy Protection
Committee (GSPC) led by Deputy Chair of the Board 28
2. Embedding cyber security elements into end-to-end processes 31
3. Huawei's Cyber Security 2.0 33
4. Launching transformation programs to drive innovation on
security technology 35
01
Contents
02
Executive Summary
I. Executive Summary
03
Executive Summary
04
Executive Summary
1
Nicholas Negroponte (May 9, 2019), "Don't ban Huawei. Do this instead",
https://www.fastcompany.com/90344450/dont-ban-huawei-do-this-instead
05
Executive Summary
06
Introduction
II. Introduction
2
Huawei's first cyber security white paper – Cyber Security Perspectives: 21st century
https://www.huawei.com/en/about-huawei/cyber-security/whitepaper/white-paper-2012
3
Huawei's second cyber security white paper – Cyber Security Perspectives: Making cyber
security a part of a company's DNA – A set of integrated processes, policies and standards,
https://www.huawei.com/en/about-huawei/cyber-security/whitepaper/hw_310548
07
Introduction
4
Huawei's third cyber security white paper – Cyber Security Perspectives: 100 requirements
https://www.huawei.com/en/about-huawei/cyber-security/whitepaper/hw_401493
5
Huawei's fourth cyber security white paper – The Global Cyber Security Challenge: It is time
https://www.huawei.com/en/about-huawei/cyber-security/whitepaper/huawei-cyber-security-wh
ite-paper-2016
08
Introduction
09
Introduction
10
ICT Offers Enormous Potential for Global Development
6
Global Connectivity Index, Huawei, https://www.huawei.com/minisite/gci/en/
11
ICT Offers Enormous Potential for Global Development
12
ICT Offers Enormous Potential for Global Development
7
New GSMA Study: "5G to Account for 15% of Global Mobile Industry by 2025 as 5G Network
https://www.gsma.com/newsroom/press-release/new-gsma-study-5g-to-account-for-15-of-glob
al-mobile-industry-by-2025/
13
ICT Offers Enormous Potential for Global Development
14
Rational Approach to Risk Management
15
Rational Approach to Risk Management
8
Centre for Cybersecurity, https://www.weforum.org/centre-for-cybersecurity
16
Rational Approach to Risk Management
nce
Go v e
hno ion
logy
Governa
Intern e
Global
t
Co
a
rnanc
m
rru
nfor
es
Bl
Tec
et
ptio
e
Be
on
oc
nc
h
kc
Dr
na
Sc avio
n
G gile
ha
er
ie ur ing
ov
in
int
A
nc a
es l Pr om
y
Sp 3D c on
ac lE y
e ita ciet
Ru Dig d So
Fed ssia Cybercrime Technology and a n l
era n iona
tion the Law rnat
Inte rity
u
Unite Sec
d Sta Systemic
tes
isks
Risk and New Norms of Global R
United Resilience Collaboration
Kingdom Cybersecurity Civic
Participation
otive Cyber War Critical
Autom Infrastructure Innova
tion
r Protection
me
o nsu tyle Ban
ail , C ife s Mar king an
Ret and L Security of Things Cyber Privacy kets dC
o ds ice ap ital
G o on Nu
c t r cle
Ele t
se t
ar
Se
As en In
te cur
ity
d m rn
an ge et
ion l
ce na
lut ia
of
Av T
an Ma
vo str
Th
an
r
iat ou
ing
Re Indu
su
y
d
om
Cit bani
ion ris
In s
Ur
s
Digit municatio
ies zat
ight
,T m
rth
Electricity
Com
on
and Transport
Supply Chain
ra
u
Ec
an ion
Fo
ve
an R
al
l
d
cit
IIIi
Hum
ns
17
Rational Approach to Risk Management
9
169 telecom incidents reported, extreme weather major factor. Retrieved on August 31,
2018, from
https://www.enisa.europa.eu/news/enisa-news/169-telecom-incidents-reported-extreme-weath
er-major-factor
18
Rational Approach to Risk Management
10
Ciaran Martin's CyberSec speech in Brussels,
https://www.ncsc.gov.uk/speech/ciaran-martins-cybersec-speech-brussels
19
Rational Approach to Risk Management
First, it's clear that system failure and human error constitute
the greatest risk, and should be the focus of risk evaluation.
20
Rational Approach to Risk Management
21
Systematic Governance of Cyber Security
V. Systematic Governance of
Cyber Security
1. Unified cyber security standards
11
Nicholas Negroponte (May 9, 2019), "Don't ban Huawei. Do this instead",
https://www.fastcompany.com/90344450/dont-ban-huawei-do-this-instead
22
Systematic Governance of Cyber Security
23
Systematic Governance of Cyber Security
12
Ciaran Martin at Cyber 2019, Chatham House,
https://www.ncsc.gov.uk/speech/ciaran-at-chatham-house
24
Systematic Governance of Cyber Security
13
More examples of 5G security enhancements can be found here:
https://www.3gpp.org/news-events/1975-sec_5g
25
Systematic Governance of Cyber Security
26
Systematic Governance of Cyber Security
27
Huawei Delivers Trustworthy and High-Quality Products
14
Huawei's third cyber security white paper – Cyber Security Perspectives: 100 requirements
https://www.huawei.com/mx/about-huawei/cyber-security/whitepaper/hw_401493
28
Huawei Delivers Trustworthy and High-Quality Products
29
Huawei Delivers Trustworthy and High-Quality Products
External cyber
Director of GSPO Office
security labs/
Yang Xiaoning
evaluation centers
PACD Carrier BG
Centre
US CSO
UK CSO
France CSO
India CSO
Security Competence
Procurement Cyber
Security Office
Security Office
Supply Chain Cyber
30
Huawei Delivers Trustworthy and High-Quality Products
15
Huawei's first cyber security white paper – Cyber Security Perspectives: 21st century
https://www.huawei.com/en/about-huawei/cyber-security/whitepaper/white-paper-2012
31
Huawei Delivers Trustworthy and High-Quality Products
32
Huawei Delivers Trustworthy and High-Quality Products
Other Stakeholders
objective guidelines, culture improvement
Business processes
Execute security baselines
Operating
IPD Issue to
(Idea to Market to Lead to
Resolu-
Market) Lead Cash
tion Clarification,
Laws and
Establish security baselines
product
Customer security requirements
End users
security communication
agreements, Manage for
Develop Manage
inquiries, and Client Service transparency
Strategy Capital
concerns; Relation- Delivery and mutual
to Execute Investment
verifications and ship trust, audit
audits, findings,
Manage
security incidents security
Supply Procurement Partner
solutions
Relationship
Supporting
Carriers
Carriers
Manage
Requirements Manage Manage Manage Solutions
Business
Expectations HR Finances BT&IT
Support Products
Challenges Services
Business ecosystem
Collaboration and contribution
Governments
Governments
33
Huawei Delivers Trustworthy and High-Quality Products
34
Huawei Delivers Trustworthy and High-Quality Products
35
Huawei Delivers Trustworthy and High-Quality Products
36
Huawei Delivers Trustworthy and High-Quality Products
37
Huawei Delivers Trustworthy and High-Quality Products
38
Huawei Delivers Trustworthy and High-Quality Products
Security Security
situation risk
awareness identification
HiSec
Security Security
risk ecosystem
prevention
16
5G Security White Paper:
http://www-file.huawei.com/-/media/CORPORATE/PDF/white%20paper/2019/huawei-5g-secur
ity-white-paper-4th-en.pdf
39
Huawei Delivers Trustworthy and High-Quality Products
40
Huawei Delivers Trustworthy and High-Quality Products
Application Stratum
(IV)
User Application Provider Application
SN
Transport Stratum
(I)
3GPP AN
(I) (II)
Non-3GPP AN
41
Huawei Delivers Trustworthy and High-Quality Products
42
Huawei Delivers Trustworthy and High-Quality Products
43
Huawei Delivers Trustworthy and High-Quality Products
44
Huawei Delivers Trustworthy and High-Quality Products
45
Huawei Delivers Trustworthy and High-Quality Products
17
The Facts on 5G: https://huaweihub.com.au/the-facts-on-5g/
46
Huawei Delivers Trustworthy and High-Quality Products
47
Huawei Delivers Trustworthy and High-Quality Products
48
Huawei Delivers Trustworthy and High-Quality Products
There are many different IoT use cases: low power wide area
(LPWA), connected cars, industrial IoT, wearables, etc. In an
18
Huawei IoT Security White Paper:
https://www.huawei.com/en/press-events/news/2018/10/huawei-iot-security-whitepaper-2018
49
Huawei Delivers Trustworthy and High-Quality Products
50
Huawei Delivers Trustworthy and High-Quality Products
Industrial
Weak Device Signaling Privacy Near field
Threats password control Others
hijacking storm disclosure attack
vulnerability
T
Intelligent threat situational Security
Vehicle security
awareness based on
threat library ecosystem and
big data analytics Platform
Cloud professional
security
/platform service
operation
Platform data security
CVSOC
and privacy protection M
Security
operation and
T management
Detection and isolation Wireless encrypted
Communi-
of abnormal devices transmission Data security
cation
Pipe management
/network transmis-
V2X communication sion
Signaling storm
security awareness
monitoringand prevention Automated security
(certificate/authentication)
inspection
T
Trusted Bus authentication/
authentica- FOTA encryption,
IoT access control
tion IDPS detection/analysis Device
Device authorization
security
DTLS/ Secure boot, storage,
Secure boot IoT security test
DTLS+ upgrade (OTA)
specifications
T : Security technology
M: Security operation and management
51
Huawei Delivers Trustworthy and High-Quality Products
52
Huawei Delivers Trustworthy and High-Quality Products
53
Huawei Delivers Trustworthy and High-Quality Products
54
Huawei Delivers Trustworthy and High-Quality Products
Network traffic
Client-side
Tenant data encryption Server-side protection Tenant
encryption (encryption, Data IAM
Data and integrity
(file system/data) verification, Security
verification
authentication)
19
Huawei Cloud Security White Paper:
https://intl.huaweicloud.com/content/dam/cloudbu-site/archive/hk/en-us/securecenter/security_
doc/Security_en_201709.pdf?1539874232718
55
Huawei Delivers Trustworthy and High-Quality Products
56
Huawei Delivers Trustworthy and High-Quality Products
57
Huawei Delivers Trustworthy and High-Quality Products
Appl
App sandbox
Kernel
Hardware
Secure boot
Encryption/Decryption HUK
engine
58
Huawei Delivers Trustworthy and High-Quality Products
59
Huawei Delivers Trustworthy and High-Quality Products
20
Transcript of A Coffee with Ren (June 17, 2019),
https://www.huawei.com/en/facts/voices-of-huawei/a-coffee-with-ren
60
Business Independence
61
Business Independence
62
Business Independence
63
Open and Transparent Collaboration
64
Open and Transparent Collaboration
65
Open and Transparent Collaboration
21
Mark Ryan, "Interoperability is the solution to the Huawei dilemma", May 20, 2019
https://www.birmingham.ac.uk/news/thebirminghambrief/items/2019/05/interoperability-is-the-s
olution-to-the-huawei-dilemma.aspx
66
Open and Transparent Collaboration
22
Huawei Cyber Security Evaluation Centre Oversight Board: Annual report 2018 (July 2018),
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data
/file/727415/20180717_HCSEC_Oversight_Board_Report_2018_-_FINAL.pdf
67
Open and Transparent Collaboration
improvement plans.
68
Open and Transparent Collaboration
69
Open and Transparent Collaboration
70
Huawei cyber security manifesto
Security isn't just about bits and bytes, it's about human life.
It's about being with you through good times, and bad. It's
about ensuring we don't put making money ahead of securing
the networks we build.
71
Huawei cyber security manifesto
72
Huawei cyber security manifesto
When we do more for security, you can expect more from us.
73
About Huawei
X. About Huawei
74
About Huawei
75
About Huawei
76
About Huawei
More than 4,700 students from 108 countries and regions have
studied at Huawei as part of the Seeds for the Future program,
which has just celebrated its 10th anniversary. Huawei's ICT
academy covers 557 colleges across more than 60 countries
and regions.
77
Huawei Technologies Co., Ltd.
Huawei Industrial Base, Bantian, Longgang
Shenzhen, China
Tel:+86 755 28780808
Zip code:518129
www.huawei.com