A UK Government report has highlighted Huawei’s openness, transparency and responsiveness in its approach to cyber security.
The Huawei Cyber Security Evaluation Centre (CSEC) Oversight Board oversees the operations of Huawei’s CSEC in the UK on behalf of the UK Government’s National Cyber Security Centre (NCSC).
Huawei established the CSEC in 2010 to provide transparent collaboration with the UK Government and the telecommunications operators around cyber security. It is a model viewed as best practice on cyber security involving the public sector and private enterprise.
The Oversight Board aims to more effectively manage potential security risks and help Huawei make continuous improvements to its cyber security capabilities.
In its 2017-18 annual report released today, the Oversight Board said CSEC improved its capabilities over the past year and continues to provide “unique, world-class cyber security expertise”.
The Oversight Board also confirmed the technical assurance and quality of CSEC to be totally appropriate for Huawei’s work in the UK.
“It is evident that HCSEC continues to provide unique, world-class cyber security expertise and technical assurance of sufficient scope and quality as to be appropriate for the current stage in the assurance framework around Huawei in the UK.”
The report also concluded that the CSEC is managed and has full independence from Huawei HQ.
“Ernst & Young Audit Report provides important, external reassurance that the arrangements for HCSEC’s operational independence from Huawei Headquarters is operating robustly and effectively, and in a manner consistent with the 2010 arrangements between the Government and the company.”
The report highlighted technical areas Huawei needed to address, stating that Huawei needed to improve specific aspects of its current engineering and code compilation processes. The NCSC report noted that deficiencies in“engineering processes” had “exposed new risks” requiring “long-term challenges in mitigation and management”.
Huawei is disappointed to learn of this process shortfall, but also welcomes the opportunity to address the concerns and ensure our products continue to deliver safe and secure infrastructure across the UK and around the world. CSEC was established specifically for this purpose, to help continually improve our products and procedures.
Huawei Global Head of Cyber Security John Suffolk said: “Over the past three years, the OB has publicly released reports that provide Huawei with suggestions for improvement. We are grateful for this feedback. As with previous years, Huawei will work with our partners to develop the necessary risk management and mitigation mechanisms to deliver practical improvement to our CSEC infrastructure.”
“We will not waver in our commitment to cyber security. Working closely with our operator customers and partners, we will continue to innovate openly, enhance our approach, and address cyber security challenges together. We all want the same thing: secure and reliable networks.”
Mr Suffolk cited the report’s findings indicating Huawei had demonstrated openness, transparency and responsiveness in its approach to cyber security as vindication of its proactive engagement with UK agencies and officials.
Huawei welcomes the report as a positive affirmation of the mechanism and model for cyber security management in the UK.
Huawei believes the constructive approach between it and the UK Government is a best practice approach that the whole industry should look at, especially with the development and implementation of new technologies like 5G, Cloud and IoT.