Industry Thought Leadership

Transparency as a Building Block for Cyber Resilience

July, 2021
Charles Yang

Huawei Middle East

The various national transformation programs of Middle East countries certainly have one thing in common—they envision diversified, post-oil economies empowered by digitalization. The advanced technology that underpins the Fourth Industrial revolution is key to realizing this socio-economic progress. Analysts predict that spending on digital transformation in the wider META region is set to accelerate post-pandemic, increasing from 25% of total IT spending in 2020 to 37% in 2024.

However, technology needs to be built on a solid cybersecurity foundation. The risks posed by the security gaps that plague some of the hardware and software solutions in use today are all too clear. In one report by Cybersecurity Ventures, global cybercrime is predicted to inflict damages totaling a staggering $6 trillion annually by 2021. With increasing cyberattacks, all industries are taking cybersecurity more seriously. In the public sector, new laws, regulations, and standards are being introduced on a regular basis. In the past two years alone, more than 180 cybersecurity laws have been passed in 151 countries.

This is incredible progress. Yet to secure our digital future from these threats, we will require new levels of collaboration and transparency.

There is an increasing desire from many stakeholders in the region to work together to build this heightened level of collaboration. For example, national cybersecurity strategies drawn up by governments now incorporate contributions from security experts in the private sector, technology companies, and academia, in addition to policymakers. As just one example, Huawei has been invited to sit on numerous national and regional panels, action groups, and think tanks to jointly contribute to various cybersecurity initiatives. We are eager to support and encourage such initiatives.

This level of collaboration relies on transparency. Enterprises and governments must believe in the integrity of the technologies that they are deploying.

We at Huawei are committed to building this openness and transparency, as demonstrated most recently in our expanding network of global Cyber Security and Privacy Protection Transparency Centres. On June 9, Huawei opened the largest of such transparency centers in Dongguan, China, which joins a network of similar facilities in the UAE, the UK, Canada, Germany, Italy, and Belgium.

The Transparency Centre provides a platform for industry stakeholders to face the challenges of tomorrow and provide a platform for industry stakeholders to share expertise in cyber governance and work on technical solutions together. The center is designed to demonstrate solutions and share experience, facilitate communication and joint innovation, and support security testing and verification. Stakeholders across the ICT value chain—regulators, independent third-party testing organizations, standards organizations, as well as Huawei customers, partners, and suppliers—are encouraged to carry out in-depth exchanges to improve the entire industry's security capabilities.

Of course, these cybersecurity assurance systems are not developed in a vacuum. They're the result of regular engagement and joint research and innovation with our customers, partners, regulators, and standards organizations around the world. That's what this Cyber Security Transparency Centre is all about.

It is through such ventures that we realize governments and industry organizations must work together on unified cybersecurity standards to build transparency across society. These standards should be technology-neutral and apply equally to all companies and networks. In the telecoms sector, for example, industry organizations like GSMA and 3GPP have been working closely with industry stakeholders to promote NESAS Security Assurance Specifications and independent certifications. These baselines have seen wide acceptance, and we're confident that they will play an important role in the development and verification of secure networks.

Despite these achievements, we still have a lot of work to do. Cybersecurity is a complex, evolving challenge. In some cases, we still lack a standards-based, coordinated approach across the industry, especially when it comes to governance, technical capabilities, certification, and collaboration.

After setting standards in place, we believe the next step is to establish an independent verification mechanism to enforce these standards. The results of such procedures should then be made public so that organizations can make better purchasing decisions based on their security requirements. In parallel, feedback from third parties and security experts will benefit everyone. They can point out gaps and areas of improvement, allowing technology companies to strengthen their hardware and software products.

We need to build these capabilities together. No organization can tackle them all. From governance standards to verification, we need to combine strengths and build our collective capabilities. This includes knowledge-sharing projects like the Security Baselines we released by the time of opening our global Cyber Security and Privacy Protection Transparency Centre, and the 5G Cyber Security Knowledge Base led by the GSMA. The more knowledge and best practices we share, the more effectively we can strengthen cybersecurity as a community.

Ultimately, this will be realized by forming tighter coalitions. That means governments, standards bodies, and technology providers working to develop a unified understanding of cybersecurity challenges. This must be an international effort. With these shared goals and aligned responsibilities, we can build a trustworthy digital environment that meets the challenges of today and tomorrow.