Huawei Technologies, the world’s largest telecom equipment maker, has taken a series of measures to ensure the security of its products stands up to international scrutiny, a senior executive has revealed.
“All the things that were published by the United Kingdom’s Oversight Board were obviously true. They are very professional and credible. They pulled apart our software and published all the deficiencies that we had,” Paul Scanlan, Chief Technology Officer of Huawei, told Asia Times in an exclusive interview.
“What we are taking now is a very mature approach to make our software trustworthy,” Scanlan said. “What training programs and key performance indices do we need to put in place to understand that the trustworthiness in our software is intrinsic in the build-quality and the reproduction of the software system?
“The tools that we’ve got, the training programs that we’ve put together and the first couple of modules that come out from the production lines … I believe the UK government will be very happy with those,” he said after a recent visit to the company’s research and development facilities.
On March 28, the UK government’s Huawei Cyber Security Evaluation Centre Oversight Board published a fifth annual report to the country’s National Security Adviser. The Oversight Board criticized Huawei for its “poor software engineering and cybersecurity processes” that led to security and quality issues, including vulnerabilities.
No material progress has been made by Huawei to address the issues reported last year, the board said. The evidence of sustained change is especially important as “strongly worded commitments from Huawei in the past have not brought about any discernible improvements,” it added.
But Scanlan said progress has been made with the reported issues and the company will invite the Oversight Board and telecom operators to review the updates.
“We used to do code reviews but they were probably quite basic compared to how they should be done. The objective was to get the products out because the first to markets wins,” Scanlan said. “Having a better process in place is to train people, especially the new developers, in the right way to write code.
“What is the most efficient way rather than who can get the code out the fastest,” he added.
He said the company did not redo all the existing codes in every product but he personally has a lot of confidence that the code will get better, while no one will be able to put malicious code into it as the company has already renewed its tools and improved its training programs.
On March 5, the company opened its Cyber Security Transparency Center in Brussels. At the center’s opening ceremony, Ken Hu Houkun, Huawei’s Deputy Chairman, called for government agencies, technical experts, industry associations and standards organizations to jointly address the cybersecurity challenges the world faces in the digital era.
Hu said the lack of consensus on cybersecurity, technical standards, verification systems and legislative support had further exacerbated these challenges.
Scanlan said Huawei has taken an approach to be more open and trusted by allowing third parties to come and audit in a particular way. He said customers could visit its Brussels facilities and express their concerns.
“We have BTEE, 3UK and Vodafone coming to Huawei because they are the ones who take the message to the government, rather than Huawei coming out and saying it’s great,” Scanlan said, adding that he hopes the US government will talk to these companies and begin a dialogue with Huawei.
Huawei’s 5G technology is several years ahead of other players in the industry, and US software makers and component suppliers can form a better collaborative model, he said. Such collaboration would help the US export its new products and services to developing countries, where they may adopt 5G technology faster than Western countries, he said.
“Do we regulate or do we innovate?” Scanlan said. People need to be educated about the benefits and the risks, but unfortunately there hasn’t been any sensible debate about artificial intelligence, 5G, Internet of Things and cloud technologies,” he said.
Other pragmatic things about privacy and security could be that many mobile users were lured to grant app developers the right to access their information and that they used simple passwords, he added.
In early May, the US Commerce Department put Huawei and its 70 affiliates onto its Entity List on national security grounds, prohibiting the sale of US components and software to the Shenzhen-based company.
On May 20, Google reportedly halted the transfer of hardware, software and technical services to Huawei. Two days later, Google said it would continue to work with Huawei for 90 days as the US Commerce Department granted Huawei a license to buy US goods until August 19.
Some analysts said in May that Huawei would face a bigger threat from the possible Android ban than the suspension of US chip supply as the company could find substitutes from Taiwan, South Korea and Japan.
On June 17, Huawei founder and chief executive Ren Zhengfei said the company had lowered its revenue forecast for this year and next year to about US$100 billion from the original forecasts of $135 billion for 2019 and $150 billion for 2020, respectively. He also said Huawei will only develop its own operating system for smartphones if the US restricts the company’s access to Android.
“In the first quarter, Huawei had a very good quarter … but subsequently, we now have restrictions of supply, particularly with Google and Android. That now has the perception across the industry and that affects the brand,” said Scanlan. “I am expecting that the consumer and the enterprise businesses will have some challenges because of the brand and the way they take the products to the markets.”
Scanlan, who mainly takes charge of the carrier business in Huawei, said his division was less affected by the US sanctions as it was built upon an extensive engagement with telecom operators. Besides, he said Huawei had hired some consultants, largely from the US, to learn about business continuity, a concept that it had from its customer BT in 2008.
Over the past 11 years, Huawei has been doing reviews on its supply chain in its carrier business, which is now “pretty much independent” and still doing well despite the US sanctions, he said.
“Mr Ren’s principle has always been we should be in a part of the supply chain … It’s never been our intention to not procure US-based components. If Android is allowed to, we will continue to use Android – it’s a great product and a global platform. Why would we choose not to use it?” said Scanlan.
In 2012, Huawei started to develop its OS, named LiteOS, which features low-power and fast-response. Last year, the company applied this LiteOS, instead of using Google’s Wear OS, in its smartwatches. However, the company prefers not to deploy it on smartphones due to the absence of an ecosystem.
Scanlan said some years ago a telecom operator asked Huawei to make a Firefox handphone with a third-party OS, but it failed to take it to the markets as there wasn’t an ecosystem. He said Huawei had also used Window OS on handphones.
Asked if there would be an eastern ecosystem in future, Scanlan said given that there are more and more app developers in China, “it will probably happen no matter what goes on.”