Huawei yesterday released its Cyber Security White Paper of 2016 “The Global Cyber Security Challenge — It is time for real progress in addressing supply chain risks” designed to inform ongoing efforts, excellent practices and standards on how the global ICT industry can address supply chain security challenges. The white paper discusses how to ensure security in the global supply chain, shares the excellent practices of supply chain experts and standards bodies as well as Huawei and calls for accelerated efforts to collaborate to address this common challenge.
The development of networks has helped to advance social progress. Open networks have encouraged information flow and sharing, provided more opportunities for innovations, lowered the costs of innovation, and has helped improve the world’s health, wealth and prosperity. Cyberspace has gradually become the “nervous system” through which society operates. A steady and secure global supply chain will help promote the sustainable development of the ICT industry and the use of cyberspace to transform economies and people’s lives. Supply chain risk management is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach to minimize the risk that products will be tainted by malicious actors, or that they will be counterfeit or contain counterfeit components that can be exploited for “illicit purposes.”
This white paper shares Huawei’s practice. Huawei has established a comprehensive, ISO 28000-compliant supplier management system that can identify and minimize security risks during the end-to-end process from incoming materials to customer delivery. Huawei selects and qualifies suppliers based on their systems, processes and products, choosing those that contribute to the quality and security of the products and services procured by Huawei. Huawei continuously monitors and regularly evaluates the delivery performance of suppliers and checks the integrity of the third-party components during each of the incoming material, production and delivery processes. Huawei records the performance and establishes a visualized traceability system throughout the process.
Mr. Ken Hu, Deputy Chairman of the Board and Chairman of the Global Cyber Security and User Privacy Committee of Huawei, announces in the foreword of this white paper,
“While there is still no simple answer or solution to the cyber security challenge, it is increasingly apparent that there are steps the global community can take – as well as individual organizations – to drive demonstrable progress in reducing cyber security risk, including that of collaborating so as to reach an agreement on principles, laws, standards, best practices, norms of conduct, and protocols – with recognition that trust has to be earned and continuously validated. Huawei commits itself to supporting such an endeavor.”
Shola Taylor, Secretary-General of the Commonwealth Telecommunications Organization, said:”Cyber security and data privacy is a growing challenge for all organizations and Huawei should be commended for its work in improving supply chain security. An important part of this is helping others to also minimize supply chain risks by defining the standards and working in an open and collaborative way. The Commonwealth Telecommunications Organization applauds Huawei’s efforts in this area.”
Steve Nunn, President and CEO of The Open Group, said: “Having an international standard like the Open Trusted Technology Provider Standard (O-TTPS) – recently approved by ISO as ISO/IEC 20243 – is critical to mitigating the risk of tainted and counterfeit products, particularly when coupled with the Accreditation Program underlying it. The release of this white paper by Huawei illustrates the importance of establishing and consistently following best practices to address cyber and supply chain security threats throughout a product’s lifecycle.”
Bruce McConnell, Global Vice President, EastWest Institute, said: “This practical guide zeroes in on supply chain risk as an underappreciated aspect of cybersecurity management. It provides critical advice based on deep experience and useful references to international standards and best practices.”
Andy Purdy, US Cyber Security Officer, Huawei and author the white paper said: “Supply chain risk is a key element of the over-arching cyber security risks that an organization must understand and manage in order to be successful. This is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach that minimizes risks. We must all build on the work that has been done to raise awareness of supply chain risk and what needs to be done about it, and work harder – collaboratively – to drive real progress to better address that risk.”
From 2012 to 2014, Huawei successively published 3 cyber security white papers, sharing Huawei’s perspective of cyber security, Huawei’s End to End Cyber Security Assurance System and suggestions on what to consider while considering end-to-end cyber security with technology vendors.