- Security TWENTY
- Women in Security
Huawei has released its Cyber Security White Paper of 2016 “The Global Cyber Security Challenge — It is time for real progress in addressing supply chain risks”. The Chinese firm says that it’s designed to inform efforts, best practices and standards on how the global ICT industry can address supply chain security challenges. It also provides an insight into the specific actions Huawei is taking to secure its supply chain.
The development of networks has helped to advance social progress. Open networks have encouraged information flow and sharing, provided more opportunities for innovations, lowered the costs of innovation, and has helped improve the world’s health, wealth and prosperity. Cyberspace has gradually become the “nervous system” through which society operates. A steady and secure global supply chain will help promote the sustainable development of the ICT industry and the use of cyberspace to transform economies and people’s lives. Supply chain risk management is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach to minimize the risk that products will be tainted by malicious actors, or that they will be counterfeit or contain counterfeit components that can be exploited for “illicit purposes”.
This white paper shares Huawei’s practice. Huawei reports that it has established an ISO 28000-compliant supplier management system that can identify and minimize security risks during the end-to-end process from incoming materials to customer delivery. Huawei selects and qualifies suppliers based on their systems, processes and products, choosing those that contribute to the quality and security of the products and services procured by the firm. Huawei monitors and evaluates the delivery performance of suppliers and checks the integrity of the third-party components during each of the incoming material, production and delivery processes.
Ken Hu, Deputy Chairman of the Board and Chairman of the Global Cyber Security and User Privacy Committee of Huawei, says in the foreword of the white paper: “While there is still no simple answer or solution to the cyber security challenge, it is increasingly apparent that there are steps the global community can take – as well as individual organizations – to drive demonstrable progress in reducing cyber security risk, including that of collaborating so as to reach an agreement on principles, laws, standards, best practices, norms of conduct, and protocols – with recognition that trust has to be earned and continuously validated. Huawei commits itself to supporting such an endeavor.”
Shola Taylor, Secretary-General of the Commonwealth Telecommunications Organization, said: “Cyber security and data privacy is a growing challenge for all organizations and Huawei should be commended for its work in improving supply chain security. An important part of this is helping others to also minimize supply chain risks by defining the standards and working in an open and collaborative way. The Commonwealth Telecommunications Organization applauds Huawei’s efforts in this area.”
Steve Nunn, President and CEO of The Open Group, said: “Having an international standard like the Open Trusted Technology Provider Standard (O-TTPS) – recently approved by ISO as ISO/IEC 20243 – is critical to mitigating the risk of tainted and counterfeit products, particularly when coupled with the Accreditation Program underlying it. The release of this white paper by Huawei illustrates the importance of establishing and consistently following best practices to address cyber and supply chain security threats throughout a product’s lifecycle.”
Bruce McConnell, Global Vice President, EastWest Institute, said: “This practical guide zeroes in on supply chain risk as an underappreciated aspect of cybersecurity management. It provides critical advice based on deep experience and useful references to international standards and best practices.”
Andy Purdy, US Cyber Security Officer, Huawei and author of the paper said: “Supply chain risk is a key element of the over-arching cyber security risks that an organization must understand and manage in order to be successful. This is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach that minimizes risks. We must all build on the work that has been done to raise awareness of supply chain risk and what needs to be done about it, and work harder – collaboratively – to drive real progress to better address that risk.”
The White Paper “The Global Cyber Security Challenge — It is time for real progress in addressing supply chain risks” can be found at: http://www-file.huawei.com/~/media/CORPORATE/PDF/white%20paper/The_Global_Cyber_Security_Supply_Chain_Security_June 2016_en.pdf