Huawei came in for praise by the Commonwealth Telecommunications Organisation (CTO) for the release of its Cyber Security White Paper, focusing on the ICT Industry's global supply chain security.
In recognising that no country or company was immune to cyber security threats, CTO Secretary-General Shola Taylor said: "Cyber security and data privacy is a growing challenge for all organisations and Huawei should be commended for its work in improving supply chain security. An important part of this is helping others to also minimise supply chain risks by defining the standards and working in an open and collaborative way. The Commonwealth Telecommunications Organisation applauds Huawei's efforts in this area."
Huawei's Cyber Security White Paper of 2016, entitled The Global Cyber Security Challenge, shares the best practice of global supply chain experts, standards bodies and Huawei and calls for accelerated efforts to collaborate to address this common challenge.
Cyberspace has gradually become the "nervous system" through which society operates, with open networks encouraging information flow and sharing, providing more opportunities for innovations, lowering costs of innovation, and helping improve the world's health, wealth and prosperity.
A steady and secure global supply chain will help promote the sustainable development of the ICT industry and the use of cyberspace to transform economies and people's lives. Supply chain risk management is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach to minimise the risk that products will be tainted by malicious actors, or that they will be counterfeit or contain counterfeit components that can be exploited for "illicit purposes."
This white paper shares Huawei's practice. The company has established a comprehensive, ISO 28000-compliant supplier management system that can identify and minimise security risks during the end-to-end process from incoming materials to customer delivery.
Ken Hu, deputy chairman of the board and chairman of the Global Cyber Security and User Privacy Committee of Huawei, announced in the foreword of this white paper: "While there is still no simple answer or solution to the cyber security challenge, it is increasingly apparent that there are steps the global community can take–as well as individual organisations–to drive demonstrable progress in reducing cyber security risk, including that of collaborating so as to reach an agreement on principles, laws, standards, best practices, norms of conduct, and protocols–with recognition that trust has to be earned and continuously validated. Huawei commits itself to supporting such an endeavour."
Andy Purdy, Huawei's US Cyber Security Officer and author of the white paper said: "Supply chain risk is a key element of the over-arching cyber security risks that an organisation must understand and manage in order to be successful.
"This is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach that minimises risks. We must all build on the work that has been done to raise awareness of supply chain risk and what needs to be done about it, and work harder–collaboratively–to drive real progress to better address that risk."
From 2012 to 2014, Huawei successively published three cyber security white papers, sharing Huawei's perspective of cyber security, Huawei's End to End Cyber Security Assurance System and suggestions on what to consider while discussingend-to-end cyber security with technology vendors.