Constant cybersecurity upgrades keep customers secure

TODAY, the world is more digitally connected than ever before. Criminals take advantage of this online transformation to target weaknesses in online systems, networks and infrastructure.

There is a massive economic and social impact on governments, businesses and individuals worldwide, you name it, while new types of cybercrimes are emerging all the time.

In the course, cybercriminals are increasingly agile and organized – exploiting new technologies, tailoring their attacks and cooperating in new ways to siphon money and information, they are totally not desired to visit. If you might not know, cybercrimes know no national borders.

Criminals, victims and technical infrastructure span multiple jurisdictions, bringing many challenges to investigations and prosecutions that is why close collaboration between public and private partners is therefore essential-no wonder Huawei is stepping in and acutely aware of just how important cyber security is for ensuring trust in the digital world we all share.

To counter fight cybercrime, over the past two years, Huawei has been regularly upgrading its cybersecurity methods and at the same time encourages all stakeholders in the digital ecosystem to evaluate risks in a rational, objective, and evidence-based way.

But, what does this mean in the cybersecurity realm? In response, Huawei Tanzania Director of Network and Maintenance, Mr Luan Ganggang said: “If stakeholders focus attention on irrelevant factors like vendors’ country of origin, it will only delay the resolution of security issues, yet this is a collective campaign.

If our approach to risk is based in emotion or bias, then our outcomes will be uncontrollable and we will be unable to achieve our security goals.”

He was of the opinion that cyber security involves many elements and stakeholders, adding that an all-industry, full-society approach to collaboration is essential to enhancing systematic cyber security governance for everyone.

Here, governments and industry organizations should work together on unified cyber security standards, which should also be technology-neutral and apply equally to all companies, otherwise, cyberspace will be constantly under threat, and enhancements of security and privacy interventions aimed at meeting the current and future challenges facing customers will not be addressed.

For instance, throughout 2019, these concerns guided the way Huawei drove process transformation, solutions, security engineering capabilities, security technologies and standards, independent verification, supply chain, and personnel management.

This has enabled it to proactively enhance its end-to-end cybersecurity assurance capabilities. Transforming software engineering capability.

A case study in his mind was how Huawei invested heavily in transforming its software engineering capability to ensure secure, trustworthy, high-quality products. In the course, it simplified its products and solutions, implemented the latest thinking on security architecture and development, and again progressively upgrading all appropriate products and solutions to reflect this.

He added: “We have systematically built and deployed resilient architecture design methods, and have launched the distributed automatic binary vulnerability mining platform. Moreover, we have improved our securitydesign tools, code security scanning cloud, security test cloud, and fuzz test cloud.

These initiatives greatly enhanced our security engineering capabilities, enabling us to help our customers safely digitize their businesses and create value for their customers.”

Boosting verification We have fully supported the independent verification of Huawei cybersecurity by stakeholders.

In addition, we have assured and verified our cybersecurity management systems, products, services, and personnel through quality monitoring, internal and external auditing, and standards certification. We now meet stakeholders’ cybersecurity requirements across all of our business processes – R&D, sales, service, supply, etc – helping us to enhance external confidence in Huawei’s overall cybersecurity approach.

Securing supply chains Huawei’s comprehensive supply-chain security management system is ISO 28000-certified, enabling us to identify and control security risks throughout the supply chain life cycle. We produced 28 types of top material security specifications and security sourcing our suppliers’ cybersecurity systems.

Our suppliers must pass a rigorous security sourcing test and obtain system certification before they are accepted.

In 2019, we assessed, tracked, and managed the risks of more than 3 800 suppliers worldwide. We signed data-processing agreements (DPAs) with more than 3 000 suppliers and continue to run due diligence to ensure compliance with privacy obligations.

We released the supply availability security baseline and implemented it in all of our 145 newly developed products.

Furthermore, we developed an in-transit exception dashboard to provide real-time warnings about exceptions such as abnormal stay and route deviation.

We restructured the product delivery tracing system, allowing us to trace software information within one hour and trace hardware information (from incoming materials to delivery to customers) within one day to facilitate the fast and transparent resolution of issues and to eliminate risks.

All of these steps have been geared to ensuring the information security of our customers. Ultimately, enhanced cybersecurity will be crucial to organisational sustainability in the future.

The writer is Huawei Tanzania Director of Network and Maintenance, Mr Luan Ganggang.