The Value of Cyber Security Testing — Inside and Out
What do aircraft, spacecraft, terrestrial vehicles, and the best new products and upgrades have in common? None succeed without extensive, rigorous testing.
Why do strategies, plans, and policies for everything from disaster recovery to cyber security fail more often than anyone wants? Too often, it’s because they don’t get regularly updated or tested often enough.
If the world is to be connected securely, the basics of effective, pervasive cyber security are as simple as “ABC” — assume nothing, believe no one, and confirm everything. Undeniably, the best way to confirm everything is rigorous testing throughout the creation, development, deployment, and operation of every tool and process in every network and connected system, from installation to retirement.
For maximum credibility, that testing must extend beyond the developers of the solution to be tested. Solutions should be available for testing by any who request it, separately and in concert with those from multiple vendors. This “outside” testing can only strengthen and improve both “inside” testing results and the quality of the solutions.
Huawei is one of the most scrutinized companies in the world. Despite such near-constant attention, Huawei enjoys the trust of companies and governments in more than 170 countries. Since the company began over 30 years ago, Huawei equipment has never caused a serious cyber security incident. This is in large part due to Huawei’s commitment to extensive, rigorous testing — inside and out.
Huawei’s Independent Cybersecurity Laboratory (ICSL) is operated separately from Huawei research and development (R&D). ICSL is empowered to halt the flow of any products that fail to meet testing requirements. Since 2014, ICSL has been certified compliant with ISO 17025, the international standard for testing and calibration laboratory operations and management.
The Oversight Board of the Huawei Cyber Security Evaluation Centre (HCSEC), created by the United Kingdom (UK) government in 2010, constantly evaluates Huawei’s software. Cyber security experts from another UK agency, the Government Communications Headquarters (GCHQ), have worked closely with Huawei for almost a decade. Input from these and other experts led Huawei to commit US$2 billion over a five-year period to increase the security standards of its equipment and improve its software engineering abilities and practices.
This investment includes expanding options for “outside” testing and evaluation. As part of that effort, Huawei has opened a Cyber Security Transparency Centre in Brussels.
The Centre offers government agencies, technical experts, industry associations, and standards organizations an open environment for collaborating and communicating about digital security developments. Huawei also operates testing facilities in Canada, Germany, and the UK. Each of these facilities allows independent experts to assess Huawei equipment and software.
Huawei believes cyber threats know no home country and respect no borders. Effective cyber security must therefore be based on well-defined, well-developed standards and practices that are enforced equally among all vendors and their offerings. The only way to ensure sustainable success in these efforts is a combination of rigorous internal testing with credible, independent testing and evaluation by external stakeholders.
Such an approach reflects the reality that security is a responsibility shared by all network builders, operators, and users. This shared approach, combined with rigorous internal and external testing, also enables all industry participants to focus less on politics and more on delivering the benefits and security we all want and need.
A Date for Your Diary
On April 7, Huawei will host a webinar entitled “5G Security — A Shared Responsibility.”
Featured speakers will be Andy Purdy, Chief Security Officer (CSO) for Huawei Technologies USA, and Paul Scanlan, Chief Technology Officer (CTO) for Huawei Technologies. Click the above link for more information and to register for this online event.
Note: this content originally appeared at the Huawei blog site.
