“No one can say with certainty that their products are definitely safe” Lu Chuanying

This oversight group has annually released a report of its activities, including rigorous tests done on the company’s hardware and software. Its latest report, published in March 2019, said “further significant technical issues have been identified in Huawei’s engineering processes”, which could lead to new risks in

the country’s telecoms networks. “The oversight board continues to be able to provide only limited assurance that the longterm security risks can be managed in the Huawei equipment currently deployed in Britain,” the report said. The board added, however, that it “does not believe the defects identified are a result of Chinese state interference”, indicating they covered basic engineering competence and cybersecurity hygiene.

At the cybersecurity centres, testing is done out of the public view by technical experts, including those from carriers and regulators, to check on Huawei’s software engineering and cybersecurity competence. Britain’s

National Cyber Security Centre, the authority for information assurance, also visits Huawei’s offices in Shenzhen and Shanghai to discuss technical issues.

Walter Haas, chief technology officer at Huawei Germany, said the company’s track record showed it had not lost any client because of cybersecurity issues. He said telecoms carriers thoroughly tested and verified

equipment for one to two years before committing to a supplier.

“They’re not giving us market share because we’re nice … or cheap,” Haas said in an interview at Huawei’s offices in the western city of Dusseldorf. “Do you really believe that network operators, in this very competitive environment, will put [middling] technology into their network for an investment cycle of eight to 10 years because it’s cheap?”

Huawei is adamant that its products, including smartphones under its consumer business, are safe and has insisted Washington prove its accusations about spying.

Security vulnerabilities are inevitable, largely because software code is written by humans who will make mistakes, according to Lu Chuanying, secretary general of the Cyberspace International Governance Research Centre at the Shanghai Institute for International Studies. “Therein lies the issue – are these issues and security flaws subjective or objective?” Lu said. “Here lies the biggest dilemma, because no matter which supplier, whether Huawei or others, no one can say with certainty that their products are definitely safe.” Since there is no universal standard to measure the security of telecoms equipment, that makes it difficult for companies to absolutely guarantee the security of their products. As such, weaknesses are interpreted differently by various parties.

“It’s like this – if my friend is holding a knife, I might think he’s planning to chop up some vegetables,”

Lu said. “But if it were my enemy holding a knife, I might assume he’s planning to stab me.”

Source of documents：South China Morning Post，April 13th