Huawei's Cyber Security White Paper Underscores Gains, Risks in Cyber Security
Huawei recently brought a new report about the state of cyber security in the global information and communications technology (ICT) industry, and based on the title of the paper itself, its view is a bit pessimistic. The report, The Global Cyber Security Challenge—It is time for real progress in addressing supply chain risks, looks at the best practices and how the industry itself stacks up to these.
In the report, Huawei described some of its own practices, including its complete supplier management system that's fully compliant with ISO 28000. Said system can identify and reduce risks throughout the system—no system can ever truly eliminate risk altogether—and allows Huawei to both select and qualify suppliers based on several key points. Huawei also conducts routine evaluation of delivery performance and the overall integrity of any components not made in house to ensure the best in security.
The white paper addresses issues of supply chain risk, and how several groups from SAFECode and Underwriters Laboratory to various governments have taken steps to address these risks. It should be noted that SAFECode offers a complete framework to select the best means to evaluate technology providers when no applicable standard is on hand, while Underwriters Laboratory (UL) has a complete program for testing and rating various connected devices.
Huawei's Deputy Chairman of the Board, Ken Hu, who also serves as the chairman of the global cyber security and user privacy committee, noted: “While there is still no simple answer or solution to the cyber security challenge, it is increasingly apparent that there are steps the global community can take – as well as individual organizations—to drive demonstrable progress in reducing cyber security risk, including that of collaborating so as to reach an agreement on principles, laws, standards, best practices, norms of conduct, and protocols—with recognition that trust has to be earned and continuously validated. Huawei commits itself to supporting such an endeavor.”
That's a lot to take in, and it can all be boiled down successfully to just one word: vigilance. Though it's not exactly clear who said it—it's been attributed to many over the centuries—the old saying that the price of peace is eternal vigilance remains valid today. Protecting any system from outside attack requires constant vigilance. Whether it's strong passwords, frequently altered passwords, the inclusion of biometrics, the addition of encryption to perimeter defenses, or any of a hundred other plans, the monitoring and maintenance of these systems is vital to ensuring the best in security.
Huawei's white paper highlights quite a bit businesses can do in terms of shoring up security. It is certainly worth a read for cyber security professionals as an educational resource and as a guide to the types of areas where training and certifications, such as the programs offered by community host (ISC2) whose description are accessible from the community home page, which could enhance your value and further your career.
Edited by Peter Bernstein