On February 13, 2019, Xu Zhijun, the chairman of Huawei’s rotation, accepted interviews with six British media, frankly and directly communicated with the British media, and talked about many hot topics of interest to the media. The main points and actual records are as follows:
Talking about the improvement of software engineering ability: This is not a simple matter. It is valuable for Huawei’s future development and future establishment of credibility.
(Software engineering capability improvement) is not only to meet the requirements of the NCSC, but also the actions and measures that Huawei must take in the future. This is crucial for Huawei to achieve its ambitious vision.
Talk about 5G: 5G is not an atomic bomb, it does not harm people. 5G is to benefit all the people and bring value to the people to enjoy a better digital experience.
Talk about 2 billion US dollars: 2 billion US dollars is just the start-up capital. I hope that through three or five years of hard work, we can truly create products that trust governments and trust customers. In this case, Huawei will have a better development in the future.
Talking about network security: Technology is technology after all, it must rely on scientists and engineers to do it. Scientists and engineers still tend to build a common global standard, and everyone will do this well.
Talking about the future: As long as there is a future, it is the greatest victory. Employees are all shareholders. Everyone can understand that it is feasible to have lower profits now, but no future will not work.
Talking about Huawei in the UK: Huawei has been working with the British government and the British industry to maintain a model of Sino-British cooperation.
- PC Pro reporter: How does Huawei separate different R&D activities? How do Huawei balance the basics of wireless communication and the development of features that are oriented toward customer needs?
Xu Zhijun : Huawei has built a research and development investment management system that is similar to the industry and different. The entire R&D process and management system is called IPD. It was introduced and built by IBM in 1998.
The entire process and management system includes both future-oriented investments (mainly research and innovation), customer development-oriented product development investments, and engineering capabilities and technology investments in how products are made.
These three aspects of investment are separated in the annual investment budget, and their respective teams make decisions within their respective investment scopes.
The decision-making body that develops investment budgets based on customer demand-oriented characteristics is called IRB, IPMT, and the future research and innovation technology decision-making body is called ITMT. They decide what to do, what to do, and when to make it.
2, PC Pro reporter: How long is the review cycle?
Xu Zhijun : It is not based on monthly or quarterly review, but on a certain time and stage of each product development process.
Future-oriented research and innovation, including the patent-generating investment decision-making body called ITMT. The historical research and innovation budget accounts for 10% of the total R&D budget.
These years, the gradual increase is close to 20%, and the future hopes to reach 30%. We have a dedicated team, budget, and decision-making mechanism to face the future, which will generate a large number of patents.
There are also a large number of teams and corresponding decision-making mechanisms to develop products to meet customer needs.
For example, 5G was directly researched by ITMT in 2009. At that time, we announced in the UK to invest 600 million US dollars for 5G research.
The 5G research has not completely ended today, but based on the research results, the development of 5G products was launched three years ago, which was decided by IRB and IPMT.
3, Computer World reporter: Is there a time point for inspiration in the history of 5G? Say this is a strategic thing to be a core strategy.
For example, you mentioned that in 2009, this technology did not exist at the time, but it is predicted that it will become an important technology or market opportunity in the next few years?
Xu Zhijun : Not as great as you said. The mobile communication industry is regular, and there must be 3G, 4G, and 5G after 2G. After 5G, it is considered to be 6G. When the 4G product comes out, it is definitely going to study 5G from a research perspective.
5G is not a technology, but a concept, meaning “generation.” 4G has been researched, and it is going to look for the next generation of technology. 5G is a collection of these suitable technologies.
In 2019, the research of 5G was basically over, and the research team was thinking about how the future wireless technology developed.
What technologies will 6G have? I want to do research and creation. I think that around 2028-2030, 6G will be as lively as 5G. This is the law of our industry. If you don’t do 5G, there is no future in this industry.
Every time the technology upgrades, there will be some companies that can’t keep up, and some companies will do better.
- Daily Telegraph reporter: What is your response to US Secretary of State Pompeo’s mention of the role of Chinese technology companies in 5G? Does Germany, France say that it will not follow the US attitude to exclude Chinese companies, does it mean that China has won this debate?
Xu Zhijun : I can’t comment if I win. I saw Pompeo’s speech in Hungary and also saw his speech in Poland. Of course, I saw the Chinese version.
I believe that Mr. Pompeo’s remarks further indicate that this is an organized and planned geopolitical action initiated by the US government against Huawei.
It is a country machine that targets a weak company like us, even sesame.
Huawei has a history of 30 years and serves more than 170 countries with a population of 3 billion. How are we going? Our customers, partners, and the 3 billion people we serve should have a clear understanding.
We have been thinking, everyone is asking, have they always been against Huawei for cybersecurity considerations or other motivations? Are they really considering the cybersecurity, privacy protection or other attempts of people in other countries?
Some people say that they are looking for chips for Sino-US trade negotiations. Others say that because of the large-scale use of Huawei’s equipment in these countries, it is difficult for US agencies to obtain information about these countries, or it is inconvenient to monitor relevant institutions and leaders in these countries. It is.
More than 7 billion people around the world are still wise, and everyone should be able to see all kinds of possibilities.
- Financial Times reporter: As you mentioned in an interview with the German media, I feel that part of the cyber security is a political issue and part of it is an ideology issue.
If you think that cybersecurity is a political issue, the US government has its own political purpose.
What is the final result of the past five years and ten years? Do you think there will be two separate network worlds and two separate technical systems? On the one hand, China, on the other hand, the United States.
I can’t represent the Financial Times, but I personally agree with you (there should be a uniform standard), but it may not be technically feasible.
Xu Zhijun : Network security was originally a technical issue and a professional issue. All scientists and engineers all over the world are working hard to solve this problem.
Huawei is also working with governments and industry to promote the development of relevant standards and to measure the safety of products based on standards.
Recently, the source of 5G and network security has come together. I think everyone is clear. Originally 5G equipment providers are mainly Nokia, Ericsson, Huawei, Samsung, ZTE, and no US companies.
Central Europe has been striving to create a global standard for 5G or future mobile communications, increasing the return on investment of the entire industry chain and reducing the cost of the entire industry chain.
After the joint efforts of the industry, 5G has finally had a unified standard in the world, and everyone is doing products according to this standard. But now some politicians are cybersecurity, 5G politicized, and ideological, and I think this is not sustainable.
After all, technology is technology. It must be done by scientists and engineers. Scientists and engineers still tend to build a common global standard. Let’s do this standard together.
Of course, different countries have the right to decide which vendors to deploy their networks based on their own considerations.
This is also a normal thing in history. Huawei 4G has not entered all countries. Huawei’s 5G does not expect to enter all countries. It can only focus on services and is willing to choose our country and operators.
For example, Guangzhou Mobile, the city next to Shenzhen, did not choose our 4G equipment, which is normal. The Australian market is not as big as Guangzhou Mobile, and New Zealand is not as good as my hometown Yiyang.
Huawei does not provide products for Guangzhou Mobile, and it does not matter in a few countries. We are unable to serve all countries and all our customers, and our energy is limited. It is also impossible to monopolize the global market.
There is no opportunity in the markets around Shenzhen, which is normal for our industry. Concentrate on service and be willing to choose Huawei’s customers and countries, we will do it better.
- New politician reporter: There are some discussions now that the United States will issue an executive order prohibiting the use of Huawei equipment in the United States and how much impact it will have on Huawei’s 5G deployment. After all, the United States is a superpower. If this is true, how worried about Huawei’s results?
Xu Zhijun : First of all, Huawei’s equipment basically does not exist in the United States. Historically, our 4G has served the people in remote areas of the United States, helping operators to provide mobile communication services to the American people in rural remote areas.
(The news you mentioned) I also saw it in the media, but the results did not have much impact on us. Originally, we did not exist in the United States, nor did we expect the future to exist.
- Media Association Reporter: At the end of last year, the heads of the British Sixth Division, including the British Defense Minister, all hinted that they were worried about Huawei’s equipment safety.
Recently, they saw the British Prince Foundation interrupted the acceptance of Huawei’s donation. How much frustration and disappointment does Huawei have for these events?
Xu Zhijun : First of all, the British government has been worried about the safety of Huawei equipment, so Huawei and the British government jointly established a HCSEC to carry out security cooperation.
Through open cooperation to solve the British government’s concerns about the use of Huawei equipment for network security in the UK.
This morning I just saw an article written by Robert Hannigan, the former head of the British GCHQ published on the FT.
This article explains all your questions and you can take a look. In order to protect the entire UK network security and serve the British people, GCHQ has adopted a series of mechanisms for effective management and supervision.
I also agree with his subtitle, which should be based on a clear understanding of potential threats (Technical judgments should be made on a clear-eyed view of the potential threat) rather than simply politicizing it. I think he replied better than me.
The British Prince Foundation no longer accepts the issue of Huawei donations, and there is no frustration for Huawei.
We are giving the greatest respect to donations based on the foundation’s ability to help young people make outstanding achievements, and have nothing to do with politics.
We are also very sorry that their decision was based on Huawei’s one-sided, unfounded information and did not communicate with us.
To take a step back, not accepting and accepting has no effect on Huawei, but I still pay tribute to the Foundation’s contribution to helping young people and continue to help young people in the future!
- Computer World Reporter: There is a very interesting discovery. In history, Huawei and the two of the “five-eyed countries”—the relations between Canada and the United Kingdom are all very good.
I would like to ask Huawei about the relationship with the intelligence agencies of the five-eye country.
how is it? I suspect that since the intelligence agencies have the ability to monitor fiber-optic communications, they should be able to monitor the communications in the communications box. How much does Huawei cooperate with the intelligence agencies in the five-eye state?
Xu Zhijun : I don’t know about Huawei’s cooperation with intelligence agencies, but Huawei is clear about the cooperation with GCHQ in the UK.
Our cooperation with the UK is a constructive cooperation, not a simple YES or NO, but based on the topics of concern to find technical and supervisory solutions, so that cooperation can be carried out.
Huawei’s cooperation with the UK government and the UK industry has always been a model for Sino-British cooperation. In the past, exchanges between the Chinese and British governments and private exchanges have always regarded Huawei’s investment, development, and cooperation with the British government as an example.
Under the different values and cultural backgrounds, China and the West can still create a constructive and friendly way of cooperation, which makes Huawei also eager to invest and develop continuously in the UK. It also allows UK operators to use Huawei’s technology, products and solutions to serve the British people.
The cooperation between the two values and cultural backgrounds is either YES or NO. It is difficult to sit down and constructively find solutions, solve their own concerns and promote cooperation.
One of the reasons why we work well with the UK is the openness and free trade spirit of the UK. The UK advocates using rules and regulations to solve problems rather than simply YES or NO. This is also the key to the UK’s emergence as a free and open country.
- PC Pro Reporter: My question is closely related to the word “fusion”. I saw Huawei’s enterprise business this morning and it is the service platform of
Everyone is mentioning, doing network monitoring, all the network traffic here is here, facing the challenge.
In addition, there are carrier networks, ATMs, and other standards. The government now has the same requirements as the corporate network, but the tools it uses are very different.
Is it possible for 5G data traffic to follow the corporate network standards for information distribution when doing transmission? In this case, is it possible to solve the current security concerns? Many people now worry that the front end is a single box.
All things are transmitted on the carrier network. Does the enterprise business development and Huawei’s layout help solve Huawei’s network security challenges in the network infrastructure?
Xu Zhijun : If all cybersecurity challenges are technical issues, then essentially they can be solved through technology and supervision. Everyone knows that cybersecurity is now a common challenge for the world.
Therefore, 5G pays special attention to safety-related issues in the process of selecting technologies and standards. The technology used by 5G and the built standards are more secure than 2G, 3G, and 4G. You can find 3GPP experts and GSMA experts to understand the verification.
Moreover, the key information of 5G transmission can be encrypted by 256 bits, which means that it can be decrypted by a quantum computer that has not yet come out.
- PC Pro Reporter: What you are talking about is wireless communication based on air interface. Now I am worried about the infrastructure level.
Xu Zhijun : 5G is the mobile phone to the base station, and the base station is the network. Huawei only provides base station equipment in the UK network. The network above the base station is not directly related to Huawei.
Robert’s article also specifically said that Huawei’s “core” part of the network did not enter.
The base station has nothing to do with Huawei. It is a device from other vendors.
- Financial Times reporter: The explanation just explained is that Huawei only provides base stations in the United Kingdom. The process from the user’s port to the base station is encrypted. After the base station is decrypted, the data is decrypted into the IP network.
Xu Zhijun : Decryption is a matter for operators or the government. Encryption is also a matter for operators or governments.
Financial Times: Encryption through your device?
Xu Zhijun : We can’t master the key. Isn’t it possible to master the global key? Each country has its own key.
- Financial Times reporter: Regarding the NCSC 2018 report last year, the main problem is about third-party components in Huawei software.
Some people s
- ay that this problem is due to Huawei’s corporate culture. Huawei is more willing to obtain parts from different sources than European companies. .
To be more extreme, the US indictment mentions Huawei’s example of encouraging employees to get other company technology.
This is an extreme example. How do you use the planned $2 billion to develop solutions to third-party components? What do you think are the problems with third-party components? Is the company culture or what is the reason? How to solve this problem in this time period?
Xu Zhijun : First of all, your understanding is wrong. The third-party software you mentioned is mainly the operating system of American Wind River Company called “VxWorks”.
We originally thought that the operating system of the US company was most trusted by the British government. Later, it was found that it was not Such.
Any product, whether hardware or software, will be developed based on an operating system, just as all software vendors are based on windows and Linux development.
Our base station software is also developed based on an operating system. The Huawei base station running on the UK uses VxWorks. Of course, there are some third-party software and open source software.
The report mentions that there are improvements in the management of all third-party software, rather than the use of (third-party software), if (if) can not be used, it is necessary to rely on each company to make all the software, each All have to be a windows, each family has to do a Linux, each family has to do a similar database Oracle, this is impossible.
We later found Wind River, and they told us that the software and the versions that Huawei is using are being used on a large scale in all walks of life in the UK, and even in industries that are more sensitive than the telecommunications industry.
Huawei uses other companies’ operating systems, databases, and open source software in the software development process. These are not related to Huawei culture.
This is an inevitable choice for all companies that make products, because (a company) cannot do everything.
Now everyone has a question. Why does it take three to five years for Huawei’s software engineering capabilities to improve? Why invest another $2 billion in additional investment?
It takes a long time to explain this problem. I don’t know if you are willing to listen.
Huawei first established HCSEC in cooperation with the British government, mainly because the British government is worried about Huawei’s products having a back door.
We sent the source code to HCSEC to let the British DV-certified British citizens see the source code to prove that there is no back door, and the result is no back door. This is the original purpose.
The whole world knows that Huawei dares to put the source code in the UK’s HCSEC, so that British DV-certified British citizens can see the source code, which proves that we have no back door.
Robert also said in the article that GCHQ is also clear, so the backdoor issue that other countries are worried about is actually solved in the UK. In the process of deciding to bring the source code to the UK, the backdoor problem was solved.
After solving this problem, HCSEC should take a look at Huawei’s ability to prevent attacks, penetration, and various threats.
We have done eight years of work to enhance the anti-attack and anti-penetration capabilities of Huawei products.
After eight years of hard work, it can be said that Huawei products in this industry are the strongest in this respect, and we are not talking about it.
It is a US company, Cigital’s conclusion through evaluation and investigation.
Cigital is a professional US company that evaluates the mature capabilities of software security engineering. Since 2013, we have evaluated the safety management of our products every year.
There are 12 evaluation projects, and 9 of them have reached the highest level in the industry. The other three The item is also above the industry average.
However, everyone is well aware that the environment of security threats is changing, the technology of attack penetration continues to advance, and the level of hacker capabilities is getting higher and higher.
Strong security alone, anti-attack, anti-infiltration ability is very strong, it is like a coconut, the shell is very hard. What happens if the shell breaks? Can’t be like a coconut with a pile of water.
Therefore, our common concern has shifted from the outside to the inside. How does it involve resilience, whether the development process is high quality or not? From the perspective of the results to the process perspective, the results are better and the process is better.
HCSEC can see Huawei’s source code, (code) is not readable, is easy to modify, easy to build know, like a person is naked there.
The problem with CESC now is that your code is not beautiful enough. The code is Huawei’s 30 years of communication industry, 30 years of code accumulated like windows, Huawei’s code should be improved in terms of not beautiful, easy to read, easy to modify, but also to improve the process.
Not only is the result high quality, credible, but the process is also credible to prove credibility. This focuses on the entire software production process, which we call software engineering and practice, and uses future-oriented standards to correspond to all the code for the past 30 years.
The security risks, software technologies, and programming skills used in the past are different from the current ones, and certainly more different from future requirements. Refactor and rewrite all the code in the past 30 years. This investment is huge, and it has an impact on Huawei’s current product progress to meet customer demand.
In this matter, we have had a serious conflict with NCSC for quite some time. (Huawei) is only willing to meet the requirements for new code, and is not willing to refactor the history code.
Almost all the executives have collided, but in the process of collision, it is not a simple matter to continuously deepen understanding, refactoring, and good process quality. It is the future development of Huawei and the future. Building credibility is valuable.
The future world is a cloud, intelligent, software-defining world. The key lies in software. Software must be trusted by relevant government agencies and customers.
Trust requires both credible results and credible processes, both in terms of quality of results and quality of processes. This is crucial for Huawei to achieve its ambitious vision.
So I personally went to the NCSC twice and communicated with them and found that they could no longer collide with each other.
This is not only to meet the requirements of the NCSC, but also the actions and measures that Huawei must take in the future, so I convinced. Relevant leaders, in the decision of the board of directors to make changes in software engineering capabilities.
- Financial Times reporter: When is it about?
Xu Zhijun : At the end of last year. After the fierce debate of the board of directors, the decision-making should begin to thoroughly reform the software engineering capabilities, the goal is to create a credible product.
It takes three to five years for change to revolutionize the entire software production process based on our future-oriented standards and requirements, while refactoring all the code in history with future standards.
In order to meet customer needs and restructure, there must be new investment, and there is an additional investment of 2 billion US dollars.
This 2 billion US dollars is mainly used for the reconstruction of historical code and the cost of related changes such as all engineer training.
Unfortunately, I became the person responsible for change, making me add a lot of work in the next five years. During this time, I spent a lot of time doing change-related things.
The $2 billion is just a start-up fund. It is certainly not enough. I hope that through three or five years of hard work, we can truly create products that will be trusted by governments and trusted by customers. In this case, Huawei will have a better development in the future.
To this end, our founder’s first letter of the new year sent a letter to all employees – “to comprehensively enhance software engineering capabilities and practices, to create credible high-quality products.”
What is process quality? Give a simple example. Everyone may think that Chinese food is delicious, but few people should have seen it in the kitchen.
What kind of action, what process, and what the chef used to stir the dish out, many people don’t know.
Now I have to go into the kitchen and set up a set of procedures, standards, and codes of conduct for the chef to cook.
If the chef does not follow this movement, then the dishes made may be difficult to eat, and the correction will become delicious.
This is the transformation of our software capabilities, to achieve high quality and credibility of the entire software production process, as well as the production of the code.
This is challenging, but it is also something we have to do. So why should it take three to five years, why 2 billion dollars is just the start-up capital.
In fact, we still don’t know how much money we have to invest in the future.
Of course, Huawei has an advantage. We are not a listed company. It is okay to earn less money now. As long as there is a future, it is the greatest victory. Employees are all shareholders.
Everyone can understand that it is feasible to have lower profits now, but no future will not work.
- New politician reporter: Can you estimate the cost of refactoring the entire code?
Xu Zhijun : We are doing high-end design and have not yet estimated it. Estimated to tell you, I hope to finish the high-end plan at the end of March.
I want to emphasize that the problems just mentioned are not unique to Huawei, but are owned by companies throughout the industry.
(Different companies) may be different in different areas, but none of them is perfect. And this is still a dynamic situation.
(if) Any company sends the code to the UK to let the citizens with the DV certificate in the UK see it, and they will also find many problems.
- Daily Telegraph reporter: I just mentioned the cost of change. I want to ask about the reconstruction of these codes in the whole process of change. What role does HCSEC play in verification supervision? What is the timeline?
Xu Zhijun : All refactored code will be viewed by HCSEC as long as it is used on the UK. The result is good or bad NCSC is known. What we are talking about now is just expectation. In the end, we must rely on the results to verify how it is doing.
Huawei’s purpose in establishing HCSEC in the UK is to find the problem, that is, it hopes that it can find problems and promote our progress.
Not just to find the back door, (because) the back door (the root) does not exist. In 2018, Huawei invested 6 million euros for HHCSEC to find problems for Huawei. This is of value. From my point of view, this is also a promotion and a verification for all R&D teams.
16, Computer World Reporter: The origin of the Internet is also from the military, including the United States. From a technical point of view, it seems to be getting closer to politics. Do you think this is a problem? If so, how to solve it?
Xu Zhijun : Technology has always been combined with politics. What is politics? If you want to politicize it, you will not be politicized if you want it to be politicized. How can this kind of thing be solved?
Human beings have gone through this journey, and there are many people who have wisdom in various countries. The advancement of technology is for the benefit of mankind, especially 5G.
5G is not an atomic bomb, it does not harm people. 5G is for the benefit of all ordinary people and brings value to the people to enjoy a better digital experience.
Regarding privacy protection, the EU has already introduced GDPR. Now that the UK has not left the EU, it is abiding. After Brexit (believe), Britain will also have its own standards.
As long as it is done according to this standard, it can protect the British people and the European people. Privacy.
Any enterprise that violates GDPR is subject to heavy penalties. We appreciate the GDPR standard because it is open and transparent, and it is treated equally. Everyone must abide by it. If it is not observed, it will be punished.
From a technical and professional point of view, cybersecurity can set standards. Once standards are available, they are open, transparent, and non-discriminatory. Everyone abides by this standard. If they fail to comply with this standard, they will be punished.
But if you look at it from an ideology and politics, it is based on doubts and assumptions that you can or don’t. Then (as I say you now): You will kill after all. Before you go to see God, one day you may go killin