Huawei: EU GDPR regulations provide a model for cyber security
- 06 March, 2019 09:30
Ken Hu (Huawei)
Huawei's launch of a new "cyber security transparency centre" in Brussels was meaningful, but more meaningful still were continual mentions of GDPR by company executives.
Under intense international pressure to prove it is not a cyber security threat and a potential tool of the Chinese government, Huawei rotating chair Ken Hu called for a "GDPR-like scheme for cyber security".
Hu told assembled journalists that the world lacked a global, common understanding of cyber security.
The telecommunications industry lacked a unified set of practical cyber security standards, he said, an issue complicated by its use of global supply chains including manufacturers and developers with different standards or "no standards at all".
"That's a fact," he said.
Hu's address came a week after the company took up the fight against its critics at Mobile World Congress in Barcelona.
There, current chair Guo Ping argued Huawei was less of a threat than US government agency the NSA, which Edward Snowden exposed as a serial hacker of telecommunications and other systems.
“If the NSA wants to modify routers or switches in order to eavesdrop, a Chinese company will be unlikely to co-operate,” Guo said in an article published in the UK's FT.
Guo argued that Huawei actually hampered US efforts to "spy on whomever it wants.”
“Huawei has not and will never plant backdoors," he said.
In Brussels yesterday, Hu said what the industry needed was a mutual understanding of security to build a trustworthy environment. Huawei was now operating on an "ABC" model for cyber security, he said.
The A stands for "assume nothing", the B for "believe nobody" and the C for "check everything".
"Both trust and distrust should be based on facts," he said. "Facts must be verifiable and verification must be based on standards."
Government and standards bodies needed to work with all stakeholders on developing such standards, he added.
The implications was that a standards-based environment, would help defuse current tensions by creating a vendor-neutral environment.
Hu said as with GDPR in the case of data privacy, EU regulators could lead the way on creating similar standards for cyber security.
The EU's new data privacy regulations had a rough start last year, being criticised from all sides for being too stringent. But sentiment on that front has reversed remarkably quickly, with many now lauding the General Data Protection Regulations as the gold standard in privacy.
As another speaker at the event, Bulgarian MEP Peter Kouroumbashev said, GDPR is now receiving more respect outside the EU than within.
Also, international media recently reported that Huawei was mounting a legal challenge against its effective ban from US carrier networks.
The reports said the company's case would argue the legal basis of the bans, the US National Defense Authorization Act, violated the US Constitution.
Rob O'Neill travelled to Europe as a guest of Huawei