On March the 5th, 2019, Huawei opened a Cyber Security Transparency Center in Brussels as part of its 2 billion USD Cybersecurity project, to a great fanfare and large amount of interest “with over 200 representatives from regulators, telecom carriers, enterprises, and the media attending the event” (Huawei Press Release, 2019).
Though not directly claimed in press publications, this project along with the centre itself appear to be part of Huawei’s attempt to convince the public governmental and private business entities whom are potentially its 5G network technology customers that it would not compromise the cybersecurity of its products.
The question of 5G of course has become a big part of the reasons as to the increased scrutiny and legal pressures which Huawei has been finding itself under from the US. The reasons for this are multitudinous but primarily reasons given by US officials have centred on China and by extension Huawei’s potential for bugging or otherwise embedding sabotage/monitoring cybersecurity vulnerabilities in its equipment. With 5G NR likely becoming a major backbone of all public/private critical infrastructure it is understandable that it’s becoming a central topic of national protection conversations.
The official purpose for the cybersecurity transparency centre was given by Huawei as being:
First, the Centre will showcase Huawei’s end-to-end cyber security practices, from strategies and supply chain to R&D and products and solutions. This will allow visitors to experience cyber security with Huawei’s products and solutions, in areas including 5G, IoT, and cloud.
Second, the Centre will facilitate communication between Huawei and key stakeholders on cyber security strategies and end-to-end cyber security and privacy protection practices. Huawei will work with industry partners to explore and promote the development of security standards and verification mechanisms, to facilitate technological innovation in cyber security across the industry.
Third, the Centre will provide a product security testing and verification platform and related services to Huawei customers.
This reinforces, at the very least, Huawei’s dedication to be seen as a cyber-security conscious firm.
Thus in order to show its existing cybersecurity achievements, and Huawei’s potential improvements during its multi-billion dollar drive to cybersecurity improvement, the company has formed this unprecedentedly transparent cybersecurity centre to communicate its achievements in cybersecurity and its willingness to invest and prove its credibility in continuing these practices.
The location tells us a lot too, especially as this isn’t the only cybersecurity related project being thought about/carried out by Huawei in the EU, with Huawei having offer a cybersecurity testing facility to be built in Poland earlier this year. The importance of Brussels as the location is that it is the beating regulatory heart of the European Union. Brussels is a major city in terms of various business in the European Union, but compared to Frankfurt, Paris, Dublin, Madrid, Milan it is inferior in terms of its concentration of business and business headquarters. What it does have is the political appointees of both government and business across Europe- the target audiences of this new venture by Huawei as one can see in the second point concerning communication between “Huawei and key stakeholders.”
What else does this tell us, well that Huawei is actually quite set on strengthening its cybersecurity credentials, the opening up of this centre will also mean that Huawei’s cybersecurity processes, applications and capabilities will be open to public scrutiny – which could be considered nominally competitively detrimental because it means that Huawei’s competitors will be free to look at and benefit from innovations or advances in the fields of cybersecurity and privacy which Huawei will have developed and implemented and thus be displayed in the centre. Especially so because of the location of the centre- Brussels, Europe. The European Union, through its enactment of the General Data Protection Standard (GDPR), has proven that it is the international political and economic region where the highest standards of privacy, cybersecurity and data-protection standards are applied. The EU is globally speaking the most rigorous regulatory region in terms of many of these standards and thus by showing that Huawei can meet the high standards of EU regulators will have credibility in this area in its dealings with other regions.
At the end of the day, one has to consider- even if Huawei really did have a competitive advantage over western rivals in terms of the capabilities and effectiveness of its cybersecurity and privacy processes, would anybody in the West be they European or American really believe them? The provenance of Huawei as a Chinese company, and the status of China’s undemocratic and illiberal government combined with Article 17 amongst other legal concerns of Chinese spying or sabotage backdoors in Chinese-developed and made electronics would have disqualified Huawei from gaining a cybersecurity-based competitive advantage no matter how good their technical processes are. At least thus with this cybersecurity transparency centre, Huawei will get the political and business-oriented outreach ’embassy’ in the EU in whose purpose is to reassure that for now at least Huawei isn’t as compromised as some would argue and could indeed be relied upon to provide the parts needed to build 5G infrastructure.
Marin Ivezic
For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.
He held multiple interim CISO and technology leadership roles in Global 2000 companies.
