Huawei cyber security chief John Suffolk: It’s not our culture to be aggressive
John Suffolk, global cyber security and privacy officer at China-based telecoms equipment supplier Huawei, tells Huawei Analyst Summit growth is the best answer to US criticism
John Suffolk, global cyber security and privacy officer at China-based telecoms equipment supplier Huawei, told attendees at the company’s analyst summit in Shenzhen that the company has a “keep calm and carry on” attitude in the face of criticism from US and UK government circles.
The company was criticised in the most recent UK NCSC annual Oversight Board report for having too much buggy code in its products. Suffolk said the supplier is investing $2bn in a programme to declutter its code, reducing the vulnerabilities it has in its own, as well as open source and third party code it deploys in its telecoms products.
“We stand naked every year before the UK government security people who snigger at what we are doing, and make recommendations in a report. They said this time we needed to improve the software engineering in some of our old products, and put our design thinking into our new ones. And we are spending $2bn on that, and presenting or high level plan to the government in June.”
Meanwhile, the US government is on the warpath against the company for allegedly being too close to the Chinese government.
Does Suffolk – formerly the UK government’s CIO – feel a perceived lack of good governance over Huawei’s code is being weaponised against the company because it’s Chinese, with the vulnerabilities in its code base used as cover for a political attack?
“That’s not our starting point,” he said. “Our founder is Chinese. That’s not his fault, that’s nature. We’re proud to be a Chinese company, but in some quarters, that means the spotlight will always be on us.
“You can shroud wave and wring your hands, but that doesn’t help. Our starting point is ‘what is right for the customer?’ If you believe cleaning up the code is right for the customer, then the customer will buy more products from you,” said Suffolk, adding that Huawei’s growth was the best answer to US government, and others’, criticism. “People say ‘why aren’t you more aggressive?’ It’s not our culture.”
Pressure from the US
Asked what he thinks the UK government should do in the face of US pressure to exclude or restrict the use of Huawei equipment by the state or British-based telecoms companies like BT and Vodafone, he said: “My personal belief is the UK should team up with its European partners to come up with a standard, whether the UK is in the EU [European Union] or not.
“They should treat all suppliers the same so that, in essence, it benefits from the best technology in a risk-managed way. That’s what I’d advise the government. Get your policies right. Think what is in the best interest of UK citizens and enterprises overall, and maximise innovation. Then, maybe, we can avoid future WannaCry [virus attacks], and reduce identity theft and fraud in the country.”
Peter Zhou, chief marketing officer of wireless at Huawei, struck a similar note of defiance when speaking to a group of UK journalists on the eve of its analyst event in Shenzhen.
Zhou, a PhD alumnus of the University of Edinburgh, said UK universities would do well to focus on the opportunities represented by 5G rather than fret too much about using Huawei technology, adding that the UK, Germany, Korea and China are better positioned to prosper in a 5G world than is the United States.
Zhou expected collaboration between Huawei and UK universities to intensify, with or without Brexit. The University of Cambridge, Southampton University, Surrey, Reading and Queens University Belfast are among institutions that have close, collaborative relations with the firm.
There has been no discussion in senior management circles at Huawei to shifting the weight of engagement from UK universities to other European countries, such as Germany or the Netherlands.
Nor does he see 5G technology so different in security terms from 3G or 4G: “It is important to neither demonise 5G nor mystify it,” he said.
Shifting engagement
As for US policy makers, Zhou said there is a certain ignorance of technology trends that makes talking to them akin to “talking to children”.
“Blocking Huawei will not make the US a leader in 5G,” he said, adding that as for the UK: “The open-mindedness and open outlook of the British will be more and more important as it starts to leave the European Union – that was its strength in the past”.
Read more about the Huawei affair
April 2019:
- Troubles continue for Huawei as new bans and government reports put security into question, but the company is attempting to fight back against the criticism.
- If the UK government decides to impose tighter restrictions, or an outright ban on the use of Huawei in national 5G networks, the country faces severe consequences, according to a report.
- Huawei has become one of the world’s largest technology companies by revenue, suggesting the accusations over its ties to the Chinese government are failing to have much impact.
March 2019:
- Huawei has made no material progress on addressing the issues identified last year by the NCSC, according to the latest highly critical report from its HCSEC Oversight Board.
- The chair of the Science and Technology Committee has criticised the government’s vague response to concerns about Huawei’s activities in the UK.
- Vodafone’s CTO and general counsel have defended their use of Huawei equipment in their mobile network and challenged its detractors to show them evidence of wrongdoing.
- Huawei has filed a lawsuit accusing Washington of violating the US Constitution by banning it from government contracts.
- US secretary of state Mike Pompeo has reinforced his attacks on Huawei as the firm apparently prepares to sue the US government over its federal-level ban.
February 2019:
- US secretary of state Mike Pompeo has said America may scale back or cut military and diplomatic ties with countries that use Huawei equipment in national 5G networks.
- NCSC CEO uses cyber security conference in Brussels to set out his agency’s position on Brexit, 5G security, Huawei, market incentives and international cooperation on active cyber defence.
- A think tank report has branded the UK government naïve at best, irresponsible at worst, over its use of Chinese networking equipment in critical national infrastructure.
- Huawei CEO Ren Zhengfei has taken a more combative stance in the ongoing row over the firm’s alleged links to the Chinese intelligence services.
- The UK’s National Cyber Security Centre suggests Huawei will be allowed to form core elements of the country’s 5G mobile network infrastructure after all.
- Huawei’s Ryan Ding tells the British government that the company has never, and will never, use its technology to assist the Chinese intelligence services.
- Malaysia has become the latest country to look into the security concerns surrounding Huawei, which has been accused by mostly western powers of conducting corporate espionage.
January 2019:
- Vodafone’s UK CEO has said the operator will “pause” its use of Huawei hardware for the foreseeable future.
- The chair of the cross-bench Science and Technology Committee has written to Huawei seeking answers over its activities in the UK.
- Huawei’s rotating chairman Guo Ping outlines the firm’s priorities to optimise its product portfolio, empower employees and build a more resilient business structure.
December 2018:
- While the number of countries with Huawei bans in place grows and more issue warnings, a German investigation found no evidence of spying to support the fear.
- The Chinese government has called for the release of Huawei chief financial officer Meng Wanzhou, who was detained in Canada at the weekend.
- BT will remove Huawei’s networking equipment from the core of EE’s 4G mobile network.
