Story image

Huawei cyber security white paper places onus on supply chain

21 Jun 2016

Huawei's "The Global Cyber Security Challenge" 2016 white paper was released last week, which identifies some of the security challenges facing the global supply chain.

The paper discusses how to ensure security issues and it also analyses practices adopted by supply chain experts, standards bodies across the world. The paper champions accelerated collaboration techniques to tackle the challenge, through networks and social progress.

The paper says open networks have been a catalyst for information flows, innovation opportunities and have lifted economic growth, particularly through supply chains.

The report says that there is a long, slow path from risk awareness to addressing it while increasing trust and assurance and reducing risk. It says that emerging information technology risks are not properly addressed.

Supply chains promote 'sustainable development' of the ICT industry, and Huawei says that supply chain management is more than providing on-time products and services, but also about approaching the product lifecycle with a view to minimise risk brought in by malicious actors or counterfeit components.

“While there is still no simple answer or solution to the cyber security challenge, it is increasingly apparent that there are steps the global community can take – as well as individual organisations – to drive demonstrable progress in reducing cyber security risk, including that of collaborating so as to reach an agreement on principles, laws, standards, best practices, norms of conduct, and protocols – with recognition that trust has to be earned and continuously validated. Huawei commits itself to supporting such an endeavour,” says Ken Hu, chairman of the board and chairman of the Global Cyber Security and User Privacy Committee of Huawei.

The paper goes into detail about Huawei's own supply chain security efforts, commended by figureheads such as Shola Taylor, Secretary-General of the Commonwealth Telecommunications Organisation, Bruce McConnell, global vice president of the EastWest Institute and Steve Nunn, president and CEO of The Open Group.

“Supply chain risk is a key element of the over-arching cyber security risks that an organisation must understand and manage in order to be successful. This is not just about ensuring that products and services will be there when needed, but it is also about a product lifecycle approach that minimizes risks. We must all build on the work that has been done to raise awareness of supply chain risk and what needs to be done about it, and work harder – collaboratively – to drive real progress to better address that risk," concludes Andy Purdy, white paper author and US cyber security officer, Huawei.

Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.