Huawei has admitted that it may take up to a decade to convince the US that it is not a potential security risk, though the Chinese firm argues that it is held to a “higher bar” than rivals. Describing the reticence to allow Huawei hardware and software into sensitive installations as “genuine concerns”, Huawei global cybersecurity chief John Suffolk revealed a new security white paper, the second from the company, detailing exactly what policies are in place in the hope that the extra transparency will persuade partners that it’s not a trojan horse.
“Huawei’s latest white paper provides much more detail into its end-to-end cyber security approach,” the company said in a statement. Compared to the first white paper, released a year ago, this new version (which you can find at the bottom of the article) is “a more practical overview of the approach Huawei takes to the design, build and deployment of technology that involves cyber security considerations, including overarching strategy and governance structure, its day-to-day processes and standards, staff management, R&D, security verification, third-party supplier management, manufacturing, delivery and traceability.”
The possibility that Huawei – along with fellow Chinese firm ZTE – could be a risk if its networking products were used made headlines in 2012, when US lawmakers suggested that the tech “could undermine national security.” A set of suggestions for working around that risk was issued, but the easiest, it was argued, would be to simply avoid the two companies altogether.
Unsurprisingly that didn’t go down well with Huawei, especially as leaks from US government investigations apparently found no potential security risks. The company opened up its software code to investigators as evidence of the absence of any malicious intent.
However in addition to the possibility of backdoors in software, regulators also had concerns about Huawei’s receptiveness to demands for information from the Chinese government. The EU and Canada have each threatened bans or investigations as a result.
“We have never received any instructions or requests from any Government or their agencies to change our positions, policies, procedures, hardware, software or employment practices or anything else” Huawei deputy chairman Ken Hu writes in the new report, falling short of ZTE’s more challenging retort that over-cautious lawmakers would need to ban every Chinese-made device if they wanted to be 100-percent confident.
According to Suffolk, Huawei recognizes that the security ball is in its own court, and is confident that despite the greater rigors involved in the proof it must offer, it can indeed convince the US and other nations that it is not a risk.
“America has genuine concerns, and it’s Huawei’s responsibility to satisfy those genuine concerns” Suffolk told Bloomberg Businessweek. “We will continue to work with our American colleagues to satisfy their needs and concerns and we believe we can do that.”