Addressing the audience at the session ‘driving the development of a global trusted digital eco-system’ at GISEC 2021, Aloysius Cheang, chief security officer, Huawei reiterated His Excellency Mohamed Al-Kuwaiti , head of cybersecurity, United Arab Emirates Government’s earlier message for the need for collaboration among private, public and government entities to fight cybercrimes.
He said, “technical sharing, based on open and transparent collaboration environment,” was the way forward for improving the cybersecurity landscape in ‘small nation-states.’
He presented Huawei’s 15 cybersecurity technologies currently being employed globally in line with “achieving shared success in cybersecurity, the Huawei way: through technology innovation and bridging cybersecurity divide via open standards and technical collaboration.”
Demystifying the popular belief of Huawei being just as a Chinese company, he said that “Huawei is truly a global ICT company, no longer just a Chinese company and serving customers in 170 countries worldwide. “Huawei has invested $20 billion US dollars globally in R&D,” he said.
He also said that Huawei technologies in cybersecurity are about creating that ‘trusted digital Oasis’ referring to a vibrant digital ecosystem through an open and transparent platform for sharing.
In an exclusive interview with Telecom Review on the sidelines of GISEC 2021, Aloysius Cheang speaks about Huawei’s cybersecurity efforts.
How can organizations prioritize their cybersecurity hygiene to avoid attacks such as the Irish health service and Colonial pipeline in the US?
A coordinated effort is required to recognize the importance of cybersecurity in an organization. Executive management and board-level endorsement, as well as an organization-wide cybersecurity strategy that is integrated into the business, with a dedicated head of cybersecurity or the chief information security officer to own the cybersecurity strategy, would be the first step to prioritize cybersecurity hygiene.
Please tell us about Huawei’s innovations in cybersecurity technologies.
Cybersecurity is a key enabler for Huawei’s business overall. Huawei's top-down cybersecurity governance structure supports the success of its business in the Middle East and around the world. The Global Cyber Security and User Privacy Protection Committee (GSPC) is Huawei's highest cybersecurity management body. Within that, the Global Cyber Security and User Privacy Protection Officer (GSPO) is an important member of the GSPC, and reports directly to the CEO of Huawei. The GSPC is in charge of developing Huawei's security strategy and plans, manages, and oversees how departments such as R&D, supply chain, marketing, sales, and so on, structure their security teams and ensure security in their business activities.
The system covers all departments, geographies, and processes. In key regions and countries such as the UAE, a dedicated chief security officer (CSO) is appointed to support business on the ground as well as reporting back to the GSPO and the GSPC in the HQ. The CSO will facilitate effective communication between Huawei and its stakeholders, including governments, customers, partners, and employees.
Over the past two years, we have reviewed our approach to security and privacy, analyzed the directions in which new technologies are heading, and the current and future challenges facing our customers. As a consequence, we have enhanced our cybersecurity and privacy frameworks. These frameworks guide how we drive process transformation, solutions, security engineering capabilities, security technologies and standards, independent verification, our supply chain, and personnel management. This has enabled us to proactively enhance our end-to-end cybersecurity assurance capabilities and build resiliency.
How are sectors such as finance, health and manufacturing ramping up their cybersecurity strategies?
In light of the pandemic, we have seen increased efforts from various sectors such as finance, healthcare, and manufacturing, ramping up their cybersecurity strategies as they migrate to the cloud and embracing digital transformation as a result of the fourth industrial revolution. In the finance sector, for example, with mobile payments, cryptocurrency, and virtual currency on the rise, there is a need for cybersecurity preparedness, response, and resiliency across the sector. Whereas the manufacturing sector is tackling challenges arising from the convergence of IT and operational technology (OT). This is also the case in the healthcare industry. There is now a greater need to address the challenges of track and trace as a digital system for facilitating contact tracing efforts in response to the COVID-19 pandemic.
How can companies and government entities enable secure remote working for their staff?
As mentioned earlier, companies and government entities need to have an overarching cybersecurity strategy in place. This should include a data security policy that would include classification based on risk, as well as the prescribed protection mechanism such as encryption. Once this is in a place, a telecommuting or work from home policy should be developed, which will then drive development of corresponding ICT infrastructure to supports these policies. A Zero Trust framework with a comprehensive identity access management mechanism is key to ensure secure remote working.
High cost of cybersecurity solutions is slowing down the rapid adoption of such solutions in smaller businesses. Are there any other options in cybersecurity available for smaller enterprises?
Today, small and medium enterprises (SMEs) have more choices due to the proliferation of cloud computing where there are a plethora of cybersecurity solutions that appear as a public cloud service or application called SaaS (Software as a Service) that can be subscribed and used by these SMEs directly to address their cybersecurity concerns. This is based on usage needs and is scalable and available at a more affordable cost as compared to the traditional method of acquisition of both hardware and software needed to deliver the service.
