5G kit maker Huawei opened a Cyber Security Transparency center in Brussels yesterday as the Chinese tech giant continues to try to neutralize suspicion in Western markets that its networking gear could be used for espionage by the Chinese state.
Huawei announced its plan to open a European transparency center last year but giving a speech at an opening ceremony for the center yesterday the company’s rotating CEO, Ken Hu, said: “Looking at the events from the past few months, it’s clear that this facility is now more critical than ever.”
Huawei said the center, which will demonstrate the company’s security solutions in areas including 5G, IoT and cloud, aims to provide a platform to enhance communication and “joint innovation” with all stakeholders, as well as providing a “technical verification and evaluation platform for our
“Huawei will work with industry partners to explore and promote the development of security standards and verification mechanisms, to facilitate technological innovation in cyber security across the industry,” it said in a press release.
“To build a trustworthy environment, we need to work together,” Hu also said in his speech. “Both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumour.
“We believe that facts must be verifiable, and verification must be based on standards. So, to start, we need to work together on unified standards. Based on a common set of standards, technical verification and legal verification can lay the foundation for building trust. This must be a collaborative effort, because no single vendor, government, or telco operator can do it alone.”
The company made a similar plea at Mobile World Congress last week when its rotating chairman, Guo Ping, used a keynote speech to claim its kit is secure and will never contain backdoors. He also pressed the telco industry to work together on creating standards and structures to enable trust.
“Government and the mobile operators should work together to agree what this assurance testing and certification rating for Europe will be,” he urged. “Let experts decide whether networks are safe or not.”
Also speaking at MWC last week the EC’s digital commissioner, Mariya Gabriel, suggested the executive is prepared to take steps to prevent security concerns at the EU Member State level from fragmenting 5G rollouts across the Single Market.
She told delegates at the flagship industry conference that Europe must have “a common approach to this challenge” and “we need to bring it on the table soon”.
Though she did not suggest exactly how the Commission might act.
A spokesman for the Commission confirmed that EC VP Andrus Ansip and Huawei’s Hu met in person yesterday to discuss issues around cybersecurity, 5G and the Digital Single Market — adding that the meeting was held at the request of Hu.
“The Vice-President emphasised that the EU is an open rules based market to all players who fulfil EU rules,” the spokesman told us. “Specific concerns by European citizens should be addressed. We have rules in place which address security issues. We have EU procurement rules in place, and we have the investment screening proposal to protect European interests.”
“The VP also mentioned the need for reciprocity in respective market openness,” he added, further noting: “The College of the European Commission will hold today an orientation debate on China where this issue will come back.”
In a tweet following the meeting Ansip also said: “Agreed that understanding local security concerns, being open and transparent, and cooperating with countries and regulators would be preconditions for increasing trust in the context of 5G security.”
Reuters reports Hu saying the pair had discussed the possibility of setting up a cybersecurity standard along the lines of Europe’s updated privacy framework, the General Data Protection Regulation (GDPR).
Although the Commission did not respond when we asked it to confirm that discussion point.
GDPR was multiple years in the making and before European institutions had agreed on a final text that could come into force. So if the Commission is keen to act “soon” — per Gabriel’s comments on 5G security — to fashion supportive guardrails for next-gen network rollouts a full blown regulation seems an unlikely template.
More likely GDPR is being used by Huawei as a byword for creating consensus around rules that work across an ecosystem of many players by providing standards that different businesses can latch on in an effort to keep moving.
Hu referenced GDPR directly in his speech yesterday, lauding it as “a shining example” of Europe’s “strong experience in driving unified standards and regulation” — so the company is clearly well-versed in how to flatter hosts.
“It sets clear standards, defines responsibilities for all parties, and applies equally to all companies operating in Europe,” he went on. “As a result, GDPR has become the golden standard for privacy protection around the world. We believe that European regulators can also lead the way on similar mechanisms for cyber security.”
Hu ended his speech with a further industry-wide plea, saying: “We also commit to working more closely with all stakeholders in Europe to build a system of trust based on objective facts and verification. This is the cornerstone of a secure digital environment for all.”
Huawei’s appetite to do business in Europe is not in doubt, though.
The question is whether Europe’s telcos and governments can be convinced to swallow any doubts they might have about spying risks and commit to working with the Chinese kit giant as they roll out a new generation of critical infrastructure.