Huawei focuses Cyber Security White Paper on global supply chain

Huawei came in for praise by the Commonwealth Telecommunications Organisation (CTO) for the June 2016 release of Huawei’s Cyber Security White Paper, focusing on the ICT Industry’s global supply chain security.

The paper, ‘The Global Cyber Security Challenge — It is time for real progress in addressing supply chain risks’, can be downloaded here.

In recognizing that no country or company was immune to cyber security threats, Secretary-General of the Commonwealth Telecommunications Organization, Shola Taylor, said: “Cyber security and data privacy is a growing challenge for all organizations and Huawei should be commended for its work in improving supply chain security. An important part of this is helping others to also minimize supply chain risks by defining the standards and working in an open and collaborative way. The Commonwealth Telecommunications Organization applauds Huawei’s efforts in this area.”

Huawei’s Cyber Security White Paper of 2016 discusses how to ensure security in the global supply chain; shares the best practice of global supply chain experts, standards bodies and Huawei; and calls for accelerated efforts to collaborate to address this common challenge.

Huawei Supply Chain Graphic
Huawei Supply Chain Graphic

A steady and secure global supply chain will help promote the sustainable development of the ICT industry and the use of cyberspace to transform economies and people’s lives. Supply chain risk management is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach to minimize the risk that products will be tainted by malicious actors, or that they will be counterfeit or contain counterfeit components that can be exploited for “illicit purposes.”

This white paper shares Huawei’s practice. The company has established a comprehensive, ISO 28000-compliant supplier management system that can identify and minimize security risks during the end-to-end process from incoming materials to customer delivery.

Mr. Ken Hu, Deputy Chairman of the Board and Chairman of the Global Cyber Security and User Privacy Committee of Huawei, announced in the foreword of this white paper:

“While there is still no simple answer or solution to the cyber security challenge, it is increasingly apparent that there are steps the global community can take – as well as individual organizations – to drive demonstrable progress in reducing cyber security risk, including that of collaborating so as to reach an agreement on principles, laws, standards, best practices, norms of conduct, and protocols – with recognition that trust has to be earned and continuously validated. Huawei commits itself to supporting such an endeavor.”

Andy Purdy, Huawei’s US Cyber Security Officer and author of the white paper said: “Supply chain risk is a key element of the over-arching cyber security risks that an organization must understand and manage in order to be successful. This is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach that minimizes risks. We must all build on the work that has been done to raise awareness of supply chain risk and what needs to be done about it, and work harder – collaboratively – to drive real progress to better address that risk.”

From 2012 to 2014, Huawei successively published 3 cyber security white papers, sharing Huawei’s perspective of cyber security, Huawei’s End to End Cyber Security Assurance System and suggestions on what to consider while discussing end-to-end cyber security with technology vendors.