How Huawei is engaging in the UAE’s cybersecurity efforts

Huawei, the Chinese telecoms giant, is a key provider of telecoms and cloud infrastructure throughout the world. Huawei has also long been suspected of allowing the Chinese government to use its equipment to spy on foreign governments and companies, which Huawei has always denied. As a result, it faces bans and sanctions in much of the West, to the point that Huawei’s earnings plummeted in 2021, forcing a change in business strategy that seeks new markets where such fears are harder to realise and a doubling-down in markets like the Middle East and Southeast Asia that have not shared the concerns over potential spying.

In much of the world, Huawei has tried to combat the spying allegations, and it has engaged in various cybersecurity initiatives to counteract the allegations. In the Middle East, Huawei has signed a memorandum of understanding with the United Arab Emirates to support the UAE’s Cybersecurity Council. Aloysius Cheang, CSO at Huawei UAE, spoke to CIO Middle East about these efforts.

CIO Middle East: What practices can the telecoms sector adopt to build trust and transparency in enhancing security?

Huawei

Cheang: To build trust and transparency, we need to develop an open and collaborative ecosystem. Cybersecurity is not the responsibility of any single individual or company or nation but a shared responsibility that requires a team effort to come together to address it. As such, Mohamed al-Kuwaiti, the head of cybersecurity for the UAE government, has called for public-private partnerships to jointly help build the UAE into a globally trusted digital hub. And Huawei is the first to respond to this call.

Furthermore, we need to engage the ecosystem by supporting [telecoms industry] organizations such as GSMA, 3GPP, and OIC-CERT in their standardisation activities so as to maintain an open, transparent, and collaborative way to build trust in our ecosystem. In particular, the OIC-CERT has presented the OIC-CERT 5G Security Framework, which was developed to help Organisation of the Islamic Cooperation member states safeguard their journey to 5G.

This is especially important because OIC member states need to have their own standards and guidelines to build regional multilateral norms, which are essential to ensure continuity, availability, and resilience to ensure priority and cyberspace sovereignty for Islamic nation-states in this increasingly fragmented world.

Together with GSMA NESAS, 3GPP SCAS, and the GSMA Cybersecurity Knowledge Base, these efforts are what is necessary to build trust and transparency in enhancing cybersecurity.

CIO Middle East: Could you tell us a little bit about your experience with the region’s cybersecurity landscape?

Cheang: I have been in cybersecurity for more than 20 years, I’ve been working in the government, in telecoms companies, as well in consulting. I’ve been also based across the world, in different cities and regions for a long period of time.

Cybersecurity is actually an art but it’s also a science. It’s an art because you need to have an art form in how you understand the alignment with business, how are you able to talk in terms of business, and how you communicate with the executive management or the board level so that they understand what you’re talking about. At the same time, it’s also a science in the sense that you have to give very specific instructions on how we make sure that we address and fulfil the cybersecurity requirements that customers are looking for, and make sure that we translate it in a way that is as accurate as possible.

Also, you have to evangelize cybersecurity. If you believe in it strongly, you really have to treat cybersecurity as your hobby. That’s why I always say that cybersecurity is really for the enthusiasts and nothing less than that.

CIO Middle East: How is Huawei helping to accelerate the UAE’s digital transformation journey through its cybersecurity expertise?

Cheang: We have an MoU agreement between the UAE’s Cybersecurity Council and Huawei to look at how we collaborate strategically to address and build cybersecurity capabilities in the UAE. Other partnerships that we’re looking at include collaboration with third parties around specific policy matters, such as those proposed by [the UAE government] last year. How do we respond to the call to support various national projects like golden visas for coders, for instance?

Moreover, we constantly ask ourselves how we can all work together for cybersecurity. That’s the question I have for everybody. Huawei is committed to making sure that we will support whatever cybersecurity project the UAE has, and we will be pushing and promoting those initiatives wherever we can.

CIO Middle East: Huawei has allocated US$750 million to cybersecurity, and 1,500 company employees work full time in this field. What areas have the company invested its funds in? Will the company continue to invest in this line? What are your expectations?

Cheang: For example, I and my role are already an investment that the company has brought in to beef up senior-level cybersecurity resources, ones that help to lead the company’s cybersecurity initiative globally. Last year, we also announced the opening of our largest Global Cyber Security and Privacy Protection Transparency Center in Dongguan, China. We have also invested in projects like the Product Security Baseline, the culmination of over a decade of experience in product security management, incorporating a broad range of external regulations, technical standards, and regulatory requirements.

Meanwhile, investment has also been made in the background in improving the cybersecurity processes in R&D, for example, and in our supply chain management.

CIO Middle East: From your perspective, how will the cybersecurity scene in the region transform in the postpandemic world?

Cheang: Robust cybersecurity will be the status quo in the future. It is something that is going to be normalized after the pandemic. In the past, it may have been an option for some companies. But in the future, it is no longer an option.