Eric Xu, one of three rotating chairmen at Huawei, has said the company is "naked" before the British security services with whom it shares its most intimate secrets: its source code.
"HCSEC has access to Huawei's source code, so they can easily tell whether those source codes are written in a way that's readable, easy to modify, and whether the code base is robust. We are like 'naked' in front of CSEC," he told media in Shenzhen, China.
Q. What's a good thing to put outside a building of spies? A: A banner saying 'here we are!'READ MORE
The Huawei Cyber Security Evaluation Centre (HCSEC) in Oxfordshire is owned by the Chinese giant but run by a mix of Huawei employees and technical bods from the National Cyber Security Centre, GCHQ's public-facing wing. It was established in 2010 to mitigate the perceived risks of integrating Huawei's networking gear into the UK's critical national infrastructure, reviewing the hardware and software tech before installation.
"The fact that we delivered the source code to the UK CSEC and the extensive testing that CSEC has done verified that there is no backdoor in Huawei's equipment," said Xu. He added that GCHQ's National Cyber Security Centre "has not found any backdoor in Huawei's equipment".
"The concerns some countries have right now around backdoors have long been addressed in the UK."
Xu described in detail how Huawei had happily agreed to increasing demands for security – natural, he said, as the threat environment evolved. Ultimately, he'd persuaded his board to refactor the code entirely.
"CSEC is saying, all right, your code base is not beautiful. You know, this is a code base that has been there for 30 years. And this is the characteristic of the communications industry. It's like Windows software as well. The legacy code base keeps building up, and they are saying Huawei needs to improve our code readability and modifiability as well as the process of producing code, so that we deliver high quality and trustworthiness on both the outcome and the process."
He described the US-led demonisation of the company as political. On a visit last week, US Secretary of State Mike Pompeo turned up the heat, warning former Eastern Bloc countries not to install Huawei equipment.
"Mr Pompeo's remarks are just yet another indication that the US government is undertaking a well-coordinated geopolitical campaign against Huawei. It's essentially using a national machine against a small company, as small as a sesame seed," said Xu, reiterating comments made last month.
The $2bn overhaul of processes was confirmed by Huawei founder "Mr Ren" in a recent letter to employees and parliament here, and is expected to take three to five years. ®
Sponsored: Ransomware has gone nuclear