As many of you will know when I left the UK Government as the Government CIO I joined Huawei. Some saw it as a mildly controversial move but those of you who know me knew that this is exactly the kind of company I would join. A company that is shaking up the world in terms of technology, a company committed to science, engineering and R&D, but fundamentally a company whose passion is for its customers and their customers to make the world a better place through the use of technology.
I have just completed my first year at Huawei and the boss was grilling me to see if I was a good hire and check whether I had actually done any work. However, when Mr Ren talks he has a hugely strategic long term view of the world, of Huawei, and the challenges and opportunities that we all face. With his permission I thought I would share some of his views from the meeting.
I have reprinted some of his thoughts in italics below;
When your technology already supports in some shape or form 3 billion citizens and you are used by the vast majority of the world's largest and most sophisticated telecommunications companies across 140 countries you have a real duty to keep the lights on and the data moving regardless of the situation.
Mr Ren raised three core points. His first point was:
"The ultimate social responsibility of network equipment vendors is to maintain the stable operation of networks in any circumstances."
"We are engaged in providing information networks to society. The global network needs to be stable at all times. In service to society, the whole industry must focus their energy on ensuring a stable and secure network in any circumstances. This is the ultimate social responsibility of all network equipment vendors, and this is what we have been doing all these years. In times of disaster such as armed conflict, earthquake, tsunami, plague, and nuclear contamination, we have maintained the security of networks by challenging ourselves."
Nice words and I guess many would say the same thing but it is only when you know what it takes to achieve this can you really appreciate the commitment to the phrase "… a company whose passion is for its customers…":
"In the 2008 Wenchuan earthquake, communications services in the quake-stricken area broke down completely. Our Chairwoman of the Board immediately established a work team and chartered four airplanes to Chengdu….
…To provide emergency communications and facilitate coordination, the rescue forces used helicopters to transport our base station to the mountain top in the quake-stricken area; the base station was set up to form a temporary communications network together with antennas and satellites…
…Our employees deploying the base station on the mountain top had to work in the rain and sleep on the wet ground at night. In the mornings, they went down the mountain to fetch diesel oil for the generators. The arduous hike took 4 to 5 hours back and forth…"
Mr Ren provides other examples of ensuring we deliver our commitments to our customers in the most extreme of situations, In Indonesia, in the Libyan conflict, to the terrible earthquake, tsunami and nuclear issues in Japan. It is a feature of a special person where their core value is one of supporting others in the good times and the very very bad rather than focussing on money, personal gain and competitive advantage.
Now why do I tell you this? Well cyber security is a challenge to providing information networks to society. There is not much point in doing a great job in a natural (or unnatural) times, if you do not have the same passion for solving problems that can cause your customers technology to fail, i.e. the cyber challenge which we all face.
His second core point concerned the loss, or theft of data of all kinds and he was quite emphatic in his view that:
"Information leakage is first a legal and social issue to the international community; then it is a technical issue, which requires concerted efforts of society and the entire industry"
We frequently talk and plan for the ever increasing growth in data from all devices to all other devices. Mr Ren is quite clear that it is not possible to develop an absolutely impenetrable security assurance system that can keep information flowing securely just as it is impossible to guarantee that water remains in the banks of the Mississippi or the Amazon rivers, especially as information technology is advancing more rapidly than the technology industries capabilities in cyber security.
His final point which he made very clear was his commitment to ensuring that we continue to enhance our policies, procedures and approaches to cyber security within Huawei and within the industry overall:
"We are determined to make internal adjustments to ensure that our equipment is the most secure, transparent, high-quality equipment in the world"
As we all know if it isn't important to the big boss in a company then it will not be important to anyone else. As you can see from his notes, which reinforces his cyber security policy, which you can find here, he is quite clear on what we must do. We must:
- Make sure that whatever technology we develop is transparent so people can inspect what is passing through the system in terms of potential cyber security risks;
- Crucially lead the strategic thought processes encouraging telecommunications vendors to think of their customers first by ensuring that our hardware is interchangeable as much as possible. This means a customer can mix and match hardware with vendor software, not only giving capital investment protection, but once again reducing the risk of potential vulnerabilities being included somewhere in the technology stack. Let us just stop and think about this statement – interchangeable hardware! Giving customers choice and protecting capital investment! All too often we see vendors trying to stop competition under the false banner of cyber security, and yet here we can see the commitment from Mr Ren to openness, competition and transparency – I know who I would buy from.
- Layer the operating system, vendor specifics and any support and management functions so each of these components can be simplified, standardised and ensuring customers have both total control and choice;
- Focus on ongoing awareness, education and training on all things security related and within this emphasise the change of any behaviours and beliefs as much as any technical understanding;
- Promote independent transparent external verification of our products. Really ensuring that we use the talents eyes and hands of experts from around the world to ensure they audit, inspect, test, poke and prod our technology to reduce the likelihood of anything untoward from being included;
- And finally being very clear whose neck is on the block – who is accountable for making this happen.
I have spent much of my life in the transformation business, and I have the scars to show transformations starting but not completing due to not having the right commitment from the most senior person in the business.
The commitment from our founder Mr Ren, is clear, we will do what it takes to drive the cyber security agenda forward, set the highest standards in the industry, focus on the protection of our customer's assets and their balance sheet and be held to the highest independent inspection. We hope that those who wish to close markets, stop competition and innovation under the false banner of national security will take the strategic customer focused lead of Mr Ren and pour their energies into creating a free market with substantial competition and innovation so all citizens can benefit.