As many of you will know when I left the UK Government as the Government CIO I joined Huawei. Some saw it as a mildly controversial move but those of you who know me knew that this is exactly the kind of company I would join. A company that is shaking up the world in terms of technology, a company committed to science, engineering and R&D, but fundamentally a company whose passion is for its customers and their customers to make the world a better place through the use of technology.
I have just completed my first year at Huawei and the boss was grilling me to see if I was a good hire and check whether I had actually done any work. However, when Mr Ren talks he has a hugely strategic long term view of the world, of Huawei, and the challenges and opportunities that we all face. With his permission I thought I would share some of his views from the meeting.
I have reprinted some of his thoughts in italics below;
When your technology already supports in some shape or form 3 billion citizens and you are used by the vast majority of the world's largest and most sophisticated telecommunications companies across 140 countries you have a real duty to keep the lights on and the data moving regardless of the situation.
Mr Ren raised three core points. His first point was:
"The ultimate social responsibility of network equipment vendors is to maintain the stable operation of networks in any circumstances."
"We are engaged in providing information networks to society. The global network needs to be stable at all times. In service to society, the whole industry must focus their energy on ensuring a stable and secure network in any circumstances. This is the ultimate social responsibility of all network equipment vendors, and this is what we have been doing all these years. In times of disaster such as armed conflict, earthquake, tsunami, plague, and nuclear contamination, we have maintained the security of networks by challenging ourselves."
Nice words and I guess many would say the same thing but it is only when you know what it takes to achieve this can you really appreciate the commitment to the phrase "… a company whose passion is for its customers…":
"In the 2008 Wenchuan earthquake, communications services in the quake-stricken area broke down completely. Our Chairwoman of the Board immediately established a work team and chartered four airplanes to Chengdu….
…To provide emergency communications and facilitate coordination, the rescue forces used helicopters to transport our base station to the mountain top in the quake-stricken area; the base station was set up to form a temporary communications network together with antennas and satellites…
…Our employees deploying the base station on the mountain top had to work in the rain and sleep on the wet ground at night. In the mornings, they went down the mountain to fetch diesel oil for the generators. The arduous hike took 4 to 5 hours back and forth…"
Mr Ren provides other examples of ensuring we deliver our commitments to our customers in the most extreme of situations, In Indonesia, in the Libyan conflict, to the terrible earthquake, tsunami and nuclear issues in Japan. It is a feature of a special person where their core value is one of supporting others in the good times and the very very bad rather than focussing on money, personal gain and competitive advantage.
Now why do I tell you this? Well cyber security is a challenge to providing information networks to society. There is not much point in doing a great job in a natural (or unnatural) times, if you do not have the same passion for solving problems that can cause your customers technology to fail, i.e. the cyber challenge which we all face.
His second core point concerned the loss, or theft of data of all kinds and he was quite emphatic in his view that:
"Information leakage is first a legal and social issue to the international community; then it is a technical issue, which requires concerted efforts of society and the entire industry"
We frequently talk and plan for the ever increasing growth in data from all devices to all other devices. Mr Ren is quite clear that it is not possible to develop an absolutely impenetrable security assurance system that can keep information flowing securely just as it is impossible to guarantee that water remains in the banks of the Mississippi or the Amazon rivers, especially as information technology is advancing more rapidly than the technology industries capabilities in cyber security.
His final point which he made very clear was his commitment to ensuring that we continue to enhance our policies, procedures and approaches to cyber security within Huawei and within the industry overall:
"We are determined to make internal adjustments to ensure that our equipment is the most secure, transparent, high-quality equipment in the world"
As we all know if it isn't important to the big boss in a company then it will not be important to anyone else. As you can see from his notes, which reinforces his cyber security policy, which you can find here, he is quite clear on what we must do. We must:
- Make sure that whatever technology we develop is transparent so people can inspect what is passing through the system in terms of potential cyber security risks;
- Crucially lead the strategic thought processes encouraging telecommunications vendors to think of their customers first by ensuring that our hardware is interchangeable as much as possible. This means a customer can mix and match hardware with vendor software, not only giving capital investment protection, but once again reducing the risk of potential vulnerabilities being included somewhere in the technology stack. Let us just stop and think about this statement – interchangeable hardware! Giving customers choice and protecting capital investment! All too often we see vendors trying to stop competition under the false banner of cyber security, and yet here we can see the commitment from Mr Ren to openness, competition and transparency – I know who I would buy from.
- Layer the operating system, vendor specifics and any support and management functions so each of these components can be simplified, standardised and ensuring customers have both total control and choice;
- Focus on ongoing awareness, education and training on all things security related and within this emphasise the change of any behaviours and beliefs as much as any technical understanding;
- Promote independent transparent external verification of our products. Really ensuring that we use the talents eyes and hands of experts from around the world to ensure they audit, inspect, test, poke and prod our technology to reduce the likelihood of anything untoward from being included;
- And finally being very clear whose neck is on the block – who is accountable for making this happen.
I have spent much of my life in the transformation business, and I have the scars to show transformations starting but not completing due to not having the right commitment from the most senior person in the business.
The commitment from our founder Mr Ren, is clear, we will do what it takes to drive the cyber security agenda forward, set the highest standards in the industry, focus on the protection of our customer's assets and their balance sheet and be held to the highest independent inspection. We hope that those who wish to close markets, stop competition and innovation under the false banner of national security will take the strategic customer focused lead of Mr Ren and pour their energies into creating a free market with substantial competition and innovation so all citizens can benefit.
I am a bit surprised that Mr. Ren’s background has been met with suspicion in certain countries like the United States. The US, of all places, has been a home to entrepreneurial IT success stories. Inspiring stories like Michael Dell’s PC shop-based out of his dormitory, or Bill Gate’s decision to start Microsoft with Paul Allen while in college are well known in American tech-culture. I wonder if Mr. Ren’s humble beginnings with Huawei just need more details (and hopefully more appreciation). Mr. Suffolk is absolutely right to state that a private company is under no such requirement to release operational details. I would be willing to bet that most of the American politicians who have criticized Huawei and perhaps its foundation would look far less credible though, if Huawei’s establishment details were also publicly discussed, such as Huawei’s other founding investors in addition to Mr. Ren in the late 1980’s. I think certain politicians will sadly continue to cast aspersions if such issues are not discussed openly whether lawfully required or not.
Posted by: Slilly | 06/02/2013 at 06:27 PM
Thank you for your comments. I was part of the team that hosted the Congressional study in our Headquarters in Shenzhen, as well as meeting the Committee in Hong Kong and one of the authors of answers to the many questions we were asked, and I have to say that our approach was as professional as I have seen throughout my business and Government career - I am sorry you have a different view.
Two thirds of our business comes from outside of China and I think many of the Citizens and Governments in the 140 countries in which we operate in may take exception to you suggesting they are 3rd world. I would say that whilst they might not have the GDP of say the USA, in their own way many countries are using technology in very advanced ways.
We pride ourselves on our transparency - after all who gets reviewed, audited and inspected as much as Huawei? - we are a private company who are under no legal obligation to publish information yet because we are a leader in transparency we have had our accounts audited by a world-class audit firm, KPMG for 8 years, we publish our accounts and a full range of other information.
I note your point on “association" with the Chinese Government, yet there has never been any report that has identified any evidence of association with the Chinese Government other than that required under law for purposes of company formation and taxes etc - just like any company in the world. From my perspective I can honestly say that I have never had any of my cyber security work reviewed, modified, influenced by anyone other than colleagues in Huawei and our customers.
Finally we fully support your point about third-party validation of our products – this is what we do, it was such a shame that the Committee did not agree with you or I on validation. If you are American perhaps you could lobby your Congressmen to introduce a bill that ALL technology should be subject to independent review. After all other Governments carry the same risk of using equipment not produced in their country. It is right for non-American companies and Governments to question what might lurk in American technology just as it is right for the American Government to question what might lurk in non-American technology. As I put in my recent White Paper one doesn’t need to look too hard for links between say the American Security Agencies and American technology companies, nor for conspiracy theories about known flaws being left open so that a Government can exploit them. This is why we favour and demonstrate openness, transparency and collaboration and do not wish to see cyber security being used as a protectionist measure – I hope you favour this approach as well.
Once again thank you for your comment.
Posted by: John Suffolk | 27/12/2012 at 02:14 PM
I do agree with the primes of keeping network stable and secure. However, looking at the United State Congressional study on Huawei, I don't think Huawei is living what it is preaching. I found Huawei very defensive and not transparent. There were a lots of questions Huawei could have answered to come clean but they chose politics over integrity. I keep hearing Huawei is serving over 3 billion people, but the majority of this are the 3rd world country nation who have less interest in security more than they do just for technology. If Huawei want be market leader, there should be more full transparency, les association with Chinese government, and their product security and integrity should be confirmed by 3rd party.
Posted by: Wiyiyit | 26/12/2012 at 07:50 PM