Joint Collaboration for a More Secure Cyberspace with Product-Security Baseline

by Syarbeni, Cybersecurity and Privacy Protection Officer (CSPO) of Huawei Indonesia

There is a joke that cybersecurity is like asteroid protection. Everyone thinks it’s a waste of resources – until an attack actually happens.

In this hyperconverged era, one cannot be too careful. Even when you think your organization is safe enough at any given time, a minor crack is all it takes for a threat actor to gain access to your keys. What’s more, a pandemic that has shifted countless activities online is a gold mine for threat actors. And as organizations adopt even more sophisticated technologies, so have attackers.

These are the main reasons why cybersecurity should remain top priority and stand in equal footing with other business functions, revealed Syarbeni, Cybersecurity and Privacy Protection Officer, Huawei Indonesia. As a global ICT solutions provider, Huawei has remained committed to cybersecurity since day one. Our interview with Syarbeni will dive deep into his insights on ongoing cybersecurity issues in Indonesia, Huawei’s approach, and how everyone has a role to play in safeguarding our nation against threat actors.

Why does Huawei actively participate in promoting cybersecurity standards across the ecosystem through various programs, including the support for CyberHub Fest in collaboration with BSSN & ACCI?

While we are deepening digitalization across the world, cybersecurity is becoming more important than ever before. Meanwhile, as a result of the pandemic, people are spending more time online than ever before. This is the new normal. And it is more critical than ever to ensure a healthy and secure cyber space where nowadays cybersecurity and privacy protection have become one of the major social issues that matters to every person, home, organization and nation.

Huawei has strongly supported the organization of CyberHub Fest for two consecutive years. Our support to CyberHub Fest is part of our commitment, established for over 22 years in Indonesia, to actively contribute to the development of the Indonesian ICT ecosystem and create a healthier and more secure cyberspace.

What role can Huawei play in improving cybersecurity? Why did Huawei release the Product Security Baseline?

Improving product security is key to mitigating risks of cybersecurity incidents that occur frequently worldwide.

Embedding security management into the product development process and making cybersecurity a basic product capability are the fundamental approach to resolving cybersecurity issues.

Developing and implementing a Baseline of common product security requirements ensures that all products meet the same fundamental requirements in terms of the security quality, and the security quality continuously improves as the Baseline is updated.

Huawei's end-to-end cybersecurity framework integrates the Baseline into the product development process as a fundamental security requirement. The Baseline and various quality assurance activities are strictly implemented in order to ensure product security quality and prevent security incidents.

Practices show that the Baseline applies not only to Huawei products but also to its entire supply chain. Our security practices over the past 10 years also demonstrate that the Baseline is an effective way to manage the quality of product security. The Baseline has ensured a stellar security record of Huawei products on customer networks.

By releasing the Product Security Baseline, Huawei expects to communicate and discuss the Baseline with all stakeholders — including operators, enterprises, upstream and downstream supply chain partners, and government regulators — on details of security management, engineering and technical specifications, and testing and verification solutions. This way, we can continuously improve end-to-end cybersecurity in the supply chain.

What is the main content of the Huawei Product Security Baseline?

Huawei has developed the result-based, universal, applicable-to-all, and continuously optimized Baseline, which is effective, implementable, and verifiable, and continuously improves the security of Huawei products.

Huawei has developed the Baseline based on common and critical security requirements identified through its study of applicable laws and regulations as well as its deep understanding of legal and regulatory requirements, customers' business requirements, industry best practices, known issues, and more. The Baseline consists of 54 requirements under 15 categories and 112 entries for implementation guidance and interpretation.


What kind of cooperation do you think is needed to really successfully jointly safeguard the cyberspace in today’s digital age?

I'd like to take this opportunity to share three quick thoughts.

The first is that we need to build capabilities together. Cybersecurity threats are complex, diverse, and evolving. No organization can tackle them all. From governance, standards and technology, to verification, we need to work together, combine strengths, and build our collective capabilities.

We also need to share knowledge, like the Huawei Product Security Baselines, OIC-CERT Security Framework, and the 5G Cybersecurity Knowledge Base led by GSMA. The more knowledge and best practices we share, the more effectively we can strengthen cybersecurity as a community.

And finally, we need to form tighter coalitions. That means governments, standards bodies, and technology providers need to work closer together to develop a unified understanding of cybersecurity challenges. This must be an international effort.

We need to set shared goals, align responsibilities, and work together to build a trustworthy digital environment that meets the challenges of today and tomorrow.


How does Huawei work together with different stakeholders, including states, to establish trust and to enhance cybersecurity in the future?

At Huawei, cybersecurity is our top priority. We share this responsibility with our customers to make sure that the equipment they're using is safe and secure.

Of course, our cybersecurity assurance systems were not developed in a vacuum. They are also results of regular engagement, joint research, and joint innovation with our customers, partners, regulators, and standards organizations around the world.

Cybersecurity is a complex, evolving challenge that requires close collaboration and information sharing. We still lack a standards-based, coordinated approach across the industry, especially when it comes to governance, technical capabilities, certification, and collaboration.

Moreover, in some places unfortunately there is still a misconception that country-of-origin affects the security of network equipment and technology. This is simply not true. It doesn't solve the real challenges, and it prevents us from forming a unified approach.

To cope with such pain-points, we need to build collective capabilities and combine our strengths – starting from governance, standards and technology, all the way to verification. We also need together to effectively strengthen our cybersecurity and privacy protection through knowledge sharing of best practices and forming tighter coalitions.

All in all, for security, we believe about the ABC principle at Huawei: "Assume nothing. Believe nobody. Check everything."

As we believe that trust is the foundation for a healthy digital environment. Therefore, both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumors. We believe that facts must be verifiable; and verification must be based on standards.


Comments