Scott：Hi john, why is security important, and why did Huawei create this white paper?
John：Well, I think the first thing to say about security and technologies it’s a bit like a marriage It's a long-term relationship you go through your strengths you go through your difficult times, but in essence, both parties have to work together to make it a success. One of our issues is Huawei, we’re one of the world's leading global technology companies, we already serve a 1/3 of the planet’s population is that, we have the duty to our customers and their customers to make sure that whatever technology we produce it’s the safest and most secure in the world.
Scott：Is this paper a response to some of the issues that huawei has faced in the United States and Australia?
John：Well, we work in 140 countries so I wouldn't pick pick on any particular countries like America or any other country, the reality is cyber security knows no bounds; it isn’t limited by geographical boundaries, so the issue first is about saying “how do we take the very best in the world. How do we take the best standards, the best practices in that into all of our products and services regardless of the country that we’re dealing with.
Scott：What are the biggest myth about security that u think people should understand?
John：Well, I think the challenge of technology overall is that people see technology and they think it’s this big scary thing, but when I look at the basics of technology and I I was a former uk government cif for 5 years, the many basic thing can do about technology that can take away much of the threat so I think one of the myths of technology and security is all things West are good, and all things East are bad. All things north is X and all things south is Y. And I think we need to begin to realize that when we look at the global world that we have created where technology is intertwined that in essence one of the myths is that one person’s product is more safe and secure than the others, the reality is if it has technology in there, it’s almost certain to have come from a global supply chain, and because of that we must take the security risks seriously.
Scott：The paper talks about analog thinking in a digital world, what does that mean?
John：Well the realize is, you know, when we operate in 140 uh countries we look at the law in 140 countries and what we find, not just in technology, but generally throughout life is that the law tends to follow the advancement of technology. And if you’re saying that your products are legal and compliant to the laws in each land it implies that you know the laws in each land but some countries don’t have laws, they have standards, and even if they have a standard it doesn’t mean they execute that standard. So the issue first is about saying law has to catch up with the advancement of technology, because in essence the world has gone digital, and the law (in many instances) is still analog.
Scott：Huawei is doing some really interesting work in the area of independent security testing and standards. Please say a few words about that.
John：We’re Huawei, we’re very passionate about using a concept called “many eyes and many hands” our view is when you take the knowledge the skills the values and beliefs from people from around the world, they take a different approach to security to maybe we do at Huawei. But the bottom line is it doesn’t matter what Huawei thinks of the security of its products, what matters is whether our customers whether they be operators or enterprises or governments, what they think of the security, so what we do is, we say, “hey, here’s an independent test center, please come and test it to your heart’s content, please put it through the most rigorous processes that you want to put it through not Huawei wants to put it through” And we think we’re pretty unique in providing our source code and independent testing of our products and services, for the benefit of our customers.
Scott：Finally, what’s next? What does the future hold for Huawei in the security area and what are the calls to action coming out of the white paper?
John：Well, two things I think, the first thing is from what we’re doing next is, ‘you’re work on cyber security never stops’, because the threat never stops and there’s research which says you know, 12 seconds, every second you know a day 12 new threats come on, so the reality is you have to continuously reinvent and re-improve and enhance your policies and your procedures. And don’t forget, this is not just about technology; it’s not just about bits and bytes, it’s about people, laws, regulations, values, culture. So that’s point one. The second thing for us really is in terms of the call to action is I think, ... (being in government for 8 years), I think governments needs to comes together to say, “what is it that we’re going to do, collectively as governments, to drive up the quality and standards of all technology from a security perspective”. And that’s about the basics of standards and definitions, it’s about even understanding what do we mean by “cyber security”? So that’s point one. Secondly, I think I think we need some some honesty in terms of ‘what is the cost of cyber security’ ‘cause one of my passions is that technology has fundamentally helped the social well-being of mankind. And if we over-legislate, if we over-worry about cyber security, we may not use technology where we can add great value to citizens around the world. So really being honest in terms of ‘what is the threat’ verses ‘what is the investment we have to make to do that threat’ would be two very big step-forwards.