Note: It is the policy of CyberTheory to present all views and opinions from the cybersecurity community on issues that matter, even those that may differ from mainline or popular thinking about a subject or issue. It is in this spirit that we are hosting this week’s guest blog post from Nuno Teodoro, Huawei Portugal Cyber Security and Privacy Officer.
Information is Power
Information is potentially one of the most relevant assets we can have today. But in order to be an asset, that information needs to be truthful, reliable and verifiable.
There is no doubt that information – when put out of context or manipulated away from the truth – can be used as ammunition to execute fear, uncertainty and doubt (FUD) strategies towards a target.
This is the age of information, and the age where digitalization in mass allows heavy flows of information through hundreds and thousands of media vehicles that are at our disposal.
How Did We End Up Here?
One of the largest, most transparent and lawful organizations in the world, Huawei, is constantly associated with political and government influences from its country of origin. So, how did we end up here? Truth be told (and this might come as a surprise to readers), yes, there is a communist party branch in Huawei.
There is also a communist branch in Walmart, Nokia, Samsung and any other large company operating in China. That is the law. Chinese law states that Chinese and foreign companies operating in China must set up CPC committees.
Why does Huawei have a CPC committee? To comply with the law, Huawei has set up a CPC committee. In fact, Ren Zhengfei, Huawei founder, is a member of the CPC, but this has no bearing on the business and can be easily explained through historical context. In early times, anyone in a position of responsibility needed to be a CPC member.
That said, no government or any third party holds shares in Huawei, intervenes in Huawei operations, or influences any decision-making. There is simply no CPC involvement in any operational or business decisions.
But Who Really Owns Huawei?
Huawei is an independent company, committed to supporting the secure operations of its customers’ networks and services.
Huawei is totally owned by its employees through an Employee Stock Ownership Program (ESOP) that has been in place since the beginning. No one can own a share without working at Huawei, and as of 2019 there were 104,572 shareholding employees.
Huawei founder, Ren Zhengfei, owns a 0.94% stake in the company. This is relevant to understand the common misconception that Huawei is owned by the Chinese government. Zero percent of stocks or equity is allocated to any governments, financial institutions or consortiums. This provides the independence needed not to be guided by a political direction. Rather, Huawei is guided by its customers’ requirements and worldwide laws and regulations necessary to safeguard cybersecurity and privacy to their full extent.
It is also relevant to approach the second misconception that Huawei needs to comply with any government request and that under the Chinese National Intelligence Law, Huawei has to cooperate and collaborate in intelligence work.
This is not the case, and never has been. The Chinese National Intelligence Law actually contains safeguards that discharge individuals and organizations from providing support that would contradict their legitimate rights and interests. Moreover, such law has no legitimacy outside China.
Huawei does not work with Chinese intelligence and never has. Doing so would contradict our commitment to our customers, by breaching trust, privacy and regulations that support our customer’s legitimate interests. There is also strict internal guidance to obey all laws of every country in which Huawei operates, and such compliance is continually audited and monitored by independent bodies, both external and internal.
Can Huawei Be Trusted?
Huawei operates in 170 countries and regions where about half of the Fortune 500 are using Huawei products. The majority of the top telecom operators have deployed Huawei’s equipment and Huawei smartphones are being used by hundreds of millions of consumers worldwide.
Given Huawei’s scale, size and presence, cybersecurity and data privacy is of paramount importance to Huawei. Huawei’s cybersecurity vision, strategy, product development and lifecycle, manufacturing, and procurement – all aspects of its operation – prohibit and guard against backdoors in our products.
A Clean Record
In about 30 years of operation, Huawei has never had a serious security incident. Huawei products and solutions have earned the trust of our customers and are constantly verified through customers and any independent third party customers deem necessary to bring to the table. There is undoubtedly a very strong track record in cybersecurity that leads us to believe that Huawei does not and will never present a security threat.
In fact, the commitment to security and privacy from the Huawei side is clear. As Huawei’s CEO made clear in his statement that “Huawei guarantees that its commitment to cybersecurity will never be outweighed by the consideration of commercial interests.” Security is Huawei’s highest priority and supersedes everything else.
Security by Design
In addressing the need for cybersecurity, security requirements have been built into standard processes, baselines, policies and best practices as required in today’s industry. Today, the trustworthiness of ICT products has become the top concern of customers around the world, thus making a solid software engineering capability and practice the foundation for building this trust. Moreover, there is a clear mandate to systematically enhance Huawei software engineering capabilities over the next years, building trust into products and solutions, placing cybersecurity and privacy protection at the very top of the agenda.
Facts Speak Louder Than Words
Needless to say that when it comes to security allegations, the facts should speak for themselves.
The fact is: Huawei’s cybersecurity record is clean. Over and over again independent audits have been performed thus evidencing no wrongdoing by Huawei.
The fact is: There are no backdoors deployed. Huawei has stated over and over again they have never been requested to, nor would they cooperate in any act of espionage. I believe this is also evident by the investment Huawei has put into building multiple Cybersecurity and Privacy Protection Transparency Centers to facilitate independent and third-party audits on its equipment to ensure compliance with laws and regulations. Alongside with that, I have been lucky enough to see the efforts and focus of the company in providing an end-to-end security program, complying with all cybersecurity and industry related standards ranging from 3GPP and GSMA to ISOs, and so forth.
As a global company, Huawei is dedicated to maintaining a leading role in cybersecurity to ensure that the integrity and security of the networked solutions and services provided meet or exceed the needs of the industry and provide the assurance required by all customers.