“5G不是原子弹,不伤害人,5G是造福于所有的老百姓的。”2月13日,华为轮值董事长徐直军接受了6家英国媒体的联合采访,期间,徐直军直面近期外界关切的“网络安全”问题,并驳斥西方国家的不实指控。
美国副总统彭斯与国务卿蓬佩奥本周相继造访中东欧,继续唆使盟友在使用华为设备问题上站队。徐直军13日表示,蓬佩奥先生的言论进一步表明这是美国政府对华为发起的有组织、有策划的一次地缘政治行动,是用一个国家机器针对我们这样一个弱小的,连芝麻都不如的企业。
华为有30年历史,服务于170多个国家,30亿人口。徐直军说,“我们到底怎么样?我们的客户、合作伙伴、服务的30亿人应该有清晰的认识。 ”
对于美国持续针对华为,徐直军质疑究竟是出于网络安全考虑还是有其他动机,“他们真的在考虑其他国家人民的网络安全、隐私保护还是有其他的企图? ”
他接着补充道:“也有人说由于这些国家大规模用了华为的设备使得美国相关机构获取这些国家信息时存在困难,或者监听这些国家的相关机构和领导人不方便了。”
“华为与英国政府的合作,一直是中英合作的典范”
一段时间以来,美国、澳大利亚等多个西方国家接连以所谓“国家安全”为由对华为展开“围剿”,甚至污蔑中国利用华为从事“间谍活动”。本周,华为主动出击。
华为先是在新西兰主流媒体刊登广告,为华为先进的5G技术造势,同时,华为美国子公司首席安全官对媒体表态称,华为准备好与各国政府合作,接受任何额外评估措施,如测试产品源代码。
徐直军13日以英国为例,“我对华为跟情报机构合作情况不清楚,但是华为跟英国的GCHQ(即英国情报机构‘政府通信总部’)合作我是清楚的。我们跟英国的合作是建设性的合作,不是简单的YES or NO,而是基于各自关心的课题来找到技术上和监督上的解决方案,使得合作能够开展下去。 ”
徐直军强调,华为跟英国政府以及英国产业界合作,一直是中英合作的一个典范。
徐直军介绍,华为最早跟英国政府合作成立华为网络安全评估中心(HCSEC),主要是因为英国政府担心华为产品有后门。“我们把源代码送到HCSEC,让英国有DV认证的英国公民看源代码,以此证明没有后门,看出来的结果也是没有后门。这是最初的目的。 ”
“全世界都知道华为敢于把源代码放到英国的HCSEC,让英国有DV认证的英国公民来看源代码,证明了我们没有后门。”他说:“HCSEC是可以看到华为的源代码的,(代码)是不是可读,是不是易修改、易构建都知道,好比一个人是赤裸在那里。 ”
“网络安全问题被政治化”
谈到“网络安全”问题,徐直军13日对英媒表示,网络安全本来是一个技术问题、一个专业问题。全世界所有的科学家、工程师们都在为解决这个问题而努力。
据他介绍,华为也在跟各国政府以及产业界共同推动相关标准的构建,基于标准来衡量产品是否安全。
但他称,现在部分政客把网络安全与5G政治化、意识形态化,“这是不可持续的”。
“澳大利亚市场没有广州移动大,新西兰不如我老家大”
徐直军说,不同的国家基于自己的考虑有权决定选择哪些厂商部署它的网络,这在历史上也是很正常的事情。华为4G也没有进入所有的国家,华为的5G也不期望进入所有的国家,只能聚焦于服务好愿意选择我们的国家和运营商。
他举例说,深圳旁边的城市–广州移动就没有选择我们的4G设备,这很正常。澳大利亚的市场还不如广州移动大,新西兰还不如我的老家益阳大。华为连广州移动都没有提供产品,少几个国家也无所谓。我们无法服务所有的国家、所有的客户,精力也是有限的,也不可能垄断全球市场。深圳周边的市场都没有机会,对我们产业界来说都是很正常的事情。集中精力服务好愿意选择华为的客户和国家,我们把它做得更好。
“华为的设备在美国基本不存在”
有记者当天提问:现在有一些讨论说美国会出一个行政命令,禁止华为设备在美国的使用,对华为5G部署有多大的影响?
徐直军说,首先,华为的设备在美国基本不存在。历史上我们4G服务了美国边远地区的人民,帮助运营商为农村边远地区美国人民提供了移动通信服务。(这个消息)结果如何,对我们没有多大影响,本来我们(在美国)也没有存在,也没有期望未来的存在。
徐直军当天还与媒体交流了公司软件工程能力提升项目、公司研发运作等热点话题。
徐直军接受英国媒体团专访文字实录
华为轮值董事长徐直军畅谈公司软件工程能力提升项目、公司研发运作、网络安全、美国问题等热点话题
—20190213徐直军接受英国媒体团采访实录
1、PC Pro 记者:华为如何去把不同的研发活动进行分开?无线通信的基础研究以及面向客户以客户需求为主导的特性开发方面,华为如何进行划分和进行投入上面的平衡?
徐直军:华为构筑了一个既跟业界相似又有不同的研发投资管理体系。整个研发流程和管理体系叫IPD,是1998年引入IBM做的咨询并构建的。整个流程和管理体系既有对面向未来的投资(主要是研究和创新),又有基于客户需求为导向的产品开发投资,以及怎么把产品做出来的工程能力和技术投资。这三方面的投资在每年研发的投资预算中是分开的,各自投资范围内由各自的团队做决策。
以客户需求为导向特性开发投资预算的决策机构叫做IRB、IPMT,面向未来的研究创新技术决策机构叫ITMT。他们决策做什么、不做什么、什么时候做出来。
2、PC Pro 记者:审视周期一般多长?
徐直军:不是按照月或者按照季度审视的,而是基于每个产品开发进程中到了某个时间、某个阶段进行审视。
面向未来的研究、创新,包括产生专利的投资决策机构叫ITMT。历史上研究与创新的预算占总研发预算10%,这些年逐步提升接近了20%,未来希望能达到30%。我们有专门的团队、预算、决策机制去面向未来,这里面会产生大量的专利。还有大量的团队和相应的决策机制开发产品满足客户需求。
例如,5G是2009年直接由ITMT决策做研究。当时我们在英国宣布投资6亿美金做5G的研究。5G研究走到今天还没有完全结束,但是基于研究成果,5G产品的开发三年前就启动了,这是由IRB和IPMT决定的。
3、Computer World 记者:5G历史上有没有那么一个灵感突现的时间点?说这是一个有战略性的东西要作为核心战略。比如您刚才提到08年,当时这个技术还不不存在,但是预测未来若干年之后会成为重要的技术或者市场机会?
徐直军:没有你说的那么伟大。移动通信产业是有规律的,2G以后肯定有3G、4G、5G。5G以后考虑是6G。当4G产品出来以后,从研究角度来讲肯定是去研究5G。
5G不是一个技术,而是一个概念,是“代”的意思。4G已经研究结束了,要去寻找研究下一代的技术,5G是这些适合的技术集合。
2019年,5G的研究基本上结束了,研究团队就在思考未来无线的技术怎么发展?6G将要有哪些技术?要去做研究、创造。我认为,在2028-2030年左右,6G就会像现在5G这么热闹,这是我们产业的规律,不做5G在这个产业上就没有未来。
每一次的技术升级,都会有一些企业跟不上,也有一些企业会做的更好。
4、每日电讯报记者:您对美国国务卿蓬佩奥提到中国的技术公司在5G方面发挥作用表述的回应是?像德国、法国表示不会跟随美国的态度排除中国的公司,是否意味着中国在这场辩论中已经获胜?
徐直军:有没有获胜我无法做评论。我看到蓬佩奥在匈牙利的发言,也看到了他在波兰的发言,当然看到的是中文版本。我认为,蓬佩奥先生的言论进一步表明这是美国政府对华为发起的有组织、有策划的一次地缘政治行动,是用一个国家机器针对我们这样一个弱小的,连芝麻都不如的企业。
华为有三十年历史,服务于170多个国家,30亿人口。我们到底怎么样?我们的客户、合作伙伴、服务的30亿人应该有清晰的认识。
我们一直在想,大家也都在问,他们一直这样针对华为究竟是出于网络安全考虑还是有其他动机?他们真的在考虑其他国家人民的网络安全、隐私保护还是有其他的企图?
也有人说他们是为中美贸易谈判找筹码,也有人说由于这些国家大规模用了华为的设备使得美国相关机构获取这些国家信息时存在困难,或者监听这些国家的相关机构和领导人不方便了。
全世界70多亿人还是有智慧的,大家应该能够从中看到各种可能。
5、金融时报记者:您之前接受德国媒体采访时提到,觉得网络安全一部分是政治问题,一部分是意识形态的问题。您觉得网络安全是政治性问题的话,美国政府有自己的政治性目的,未来过五年、过十年最后的结果是什么样?您认为会有两种分开的网络世界、两种分开的技术体系吗?一方面是中国、一方面是美国。
我不能代表《金融时报》,但我个人很同意您的看法(应该有一个统一标准),但是在技术上可能不可行。
徐直军:网络安全本来是一个技术问题、一个专业问题。全世界所有的科学家、工程师们都在为解决这个问题而努力。华为也在跟各国政府以及产业界共同推动相关标准的构建,基于标准来衡量产品是否安全。
最近这段时间把5G和网络安全结合在一起源头来自于哪里,我想大家都是清楚的。本来5G设备提供商主要是诺基亚、爱立信、华为、三星、ZTE,没有美国公司。中欧之间一直在努力为5G或者未来的移动通信打造一个全球标准,提高整个产业链的投资回报,降低整个产业链的成本。
经过产业界共同努力,5G终于全球有了一个统一标准,大家都按照这个标准做产品。但是现在部分政客把网络安全、5G政治化、意识形态化,我认为,这是不可持续的。
技术终究是技术,必须要靠科学家、工程师们干出来,科学家和工程师还是倾向于构筑一个共同的全球标准,大家共同把这个标准做好。
当然,不同的国家基于自己的考虑有权决定选择哪些厂商部署它的网络,这在历史上也是很正常的事情。华为4G也没有进入所有的国家,华为的5G也不期望进入所有的国家,只能聚焦于服务好愿意选择我们的国家和运营商。
比如说,深圳旁边的城市–广州移动就没有选择我们的4G设备,这很正常。澳大利亚的市场还不如广州移动大,新西兰还不如我的老家益阳大。华为连广州移动都没有提供产品,少几个国家也无所谓。我们无法服务所有的国家、所有的客户,精力也是有限的,也不可能垄断全球市场。深圳周边的市场都没有机会,对我们产业界来说都是很正常的事情。集中精力服务好愿意选择华为的客户和国家,我们把它做得更好。
6、新政治家记者:现在有一些讨论说美国会出一个行政命令,禁止华为设备在美国的使用,对华为5G部署有多大的影响。美国毕竟是一个超级大国,如果这个成真的话华为对这个结果会有多么担心?
徐直军:首先,华为的设备在美国基本不存在。历史上我们4G服务了美国边远地区的人民,帮助运营商为农村边远地区美国人民提供了移动通信服务。(您提到的这个消息)我也在媒体上也看到了,但是结果如何对我们没有多大影响,本来我们(在美国)也没有存在,也没有期望未来的存在。
7、媒体协会记者:在去年年底时,英国中情六处的负责人包括英国的国防部长都出来暗示说对华为设备安全表示担心,最近看到了英国王子基金会中断了接受华为的捐赠。现在对于这些事态的出现,华为有多大程度上的挫败感和失望?
徐直军:首先,英国政府一直对华为设备的安全有担心,所以华为和英国政府共同建了一个HCSEC,进行安全方面的合作。通过开放的合作来解决英国政府对华为设备用于英国网络安全担心的问题。
今天早上恰好看到了FT上发表的原来英国GCHQ的主管Robert Hannigan 写的一篇文章。这篇文章解释了你所有的问题,你可以看一看。GCHQ为了保护整个英国网络安全,服务好英国老百姓,他们采取了一系列的机制进行有效的管理和监督。我也很认同他的副标题,我们应该基于对潜在威胁的清晰理解进行技术判断(Technical judgments should be made on a clear-eyed view of the potential threat),而不是把它简单的政治化。我觉得他比我回答得更好。
英国王子基金会不再接受华为捐赠的问题,对于华为来讲没有什么挫败感。我们是基于基金会帮助青年人方面做出卓越的成绩表示最大的敬意进行捐赠,跟政治没有关系。我们也很遗憾,他们这样的决定是基于对华为片面的、没有根据的信息做决定的,也没有跟我们沟通。
退一步讲,不接受和接受对华为都没有什么影响,但是我还是对基金会帮助青年人做出的贡献和未来继续帮助青年人表示敬意!
8、计算机世界记者:有一个很有意思的发现,历史上华为跟“五眼国家”中的两个–加拿大、英国的关系都很好的,想问一下华为跟五眼国家的情报机构关系如何?我猜测情报机构既然有能力对光纤通信进行监听,应该有能力对通信盒子里的通信进行监听,华为多大程度上跟五眼国家的情报机构进行合作?
徐直军:我对华为跟情报机构合作情况不清楚,但是华为跟英国的GCHQ合作我是清楚的。我们跟英国的合作是建设性的合作,不是简单的YES or NO,而是基于各自关心的课题来找到技术上和监督上的解决方案,使得合作能够开展下去。
华为跟英国政府以及英国产业界合作,一直是中英合作的一个典范。过去中英政府之间的交流、民间的交流一直把华为在英国的投资、发展以及跟英国政府的合作方式当作一个范例。中西方在价值观不同、文化背景不同情况下,还是能够开创出建设性、友好的合作方式的范例,使得华为也愿意在英国不断地投资、不断地发展。也让英国的运营商能够去使用华为的技术、产品和解决方案,服务于英国人民。
两种价值观和文化背景不同的合作,要么YES or NO,很难坐下来建设性地找到解决办法,解决各自关注的问题,促进合作。
我们和英国合作得好的原因之一就是英国的开放和自由贸易精神。英国崇尚用规则、用监管等办法来解决问题,而不是简单的YES or NO。这也是英国之所以成为自由、开放国家的关键之所在。
9、PC Pro 记者:我的问题和“融合”这个词紧密相关,今天上午看了华为企业业务方面,是IP网络的服务平台。大家都在提,做网络的监控,这里面所有的网络流量都在这里,面临了挑战。另外,还有运营商网络,有ATM,还有其他标准。现在政府在这块要求跟企业网络要求一样,但是它所用的工具非常不同的。有没有可能5G数据流量在做传输时遵循企业网络标准做信息的发布。这样的话有没有可能解决现在安全担忧的问题。现在很多人担心前端就是一个单的盒子,所有的东西都在运营商网络去传,企业业务拓展以及华为的布局有没有帮助解决华为在网络基础设施面临的网络安全挑战?
徐直军:如果所有的网络安全挑战是技术问题,那本质上就可以通过技术和监督来解决。大家都清楚,网络安全现在是全球共同面临的挑战。所以,5G在选择技术、标准的制定的过程中就特别关注安全相关问题。5G使用的技术和构建的标准相比2G、3G、4G更安全,这一点你可以找3GPP专家、GSMA专家了解验证。
而且5G传输的关键信息可以进行256位的加密,意味着要用还没有出来的量子计算机才能解密。
10、PC Pro 记者:您现在提到的是基于空口的无线通信,现在担心的是基础设施层面。
徐直军:5G是手机到基站,基站上去就是网络,华为在英国网络只提供了基站设备。基站以上的网络跟华为没直接关系。
Robert的文章也特别说了,网络的“核心”部分华为没有进入。
基站以上跟华为没关系,都是其他厂商的设备。
11、金融时报记者:刚才的解释是在英国华为只提供基站,从用户的端口到基站是加密的过程,到了基站以后数据被解密进入IP网络?
徐直军:解密是运营商或者政府的事情,加密也是运营商或者政府的事情。
金融时报:通过你们的设备做出加密?
徐直军:我们不能掌握密钥,掌握全球的密钥不就翻天了吗?各个国家掌握自己的密钥。
12、 金融时报记者:关于去年的NCSC 2018年的报告,主要的问题是关于华为软件中第三方部件,有人说这样的问题是因为华为的公司文化,华为比欧洲公司更愿意从不同来源得到部件。极端一点说美国起诉书中提到华为之前鼓励员工拿到别的公司技术这个例子,这是一个很极端的例子。你们怎么用计划的20亿美元开发解决第三方部件的问题,您认为第三方部件问题来自于哪里?是公司文化还是怎样的原因?这个时间段怎么解决这个问题?
徐直军:首先,你的理解是错误的,你提到的第三方软件主要是美国风河公司的操作系统叫“VxWorks”,我们原来以为用美国公司的操作系统英国政府最相信了,后来发现不是这样的。
任何一个产品无论是硬件还是软件都会基于一个操作系统来开发,就像所有软件商都基于windows、Linux开发一样。我们做基站软件也要基于一个操作系统来开发,英国网上运行的华为基站用的就是VxWorks。当然,还有一些第三方的软件和开源软件。报告中提到是,对所有第三方软件管理中有改进的地方,而不是不能用(第三方软件),(如果)不能用的话,就要靠每家公司把所有的软件做出来,每家都要做一个windows,每家都要做一个Linux,每家都要做Oracle类似的数据库,这是不可能的。
我们后来找到了风河公司,他们告诉我们,这个软件以及华为正在用的这些版本,在英国各行各业,甚至一些比电信行业更敏感的行业里都在大规模使用。华为在软件开发过程中使用其他公司的操作系统、数据库以及开源软件,这些跟华为文化没关系,这是所有做产品的企业必然的选择,因为(一家公司)不可能做所有的东西。
现在大家有一个疑问,华为软件工程能力的提升为什么要花三到五年时间,为什么还要投20亿美金额外的投资?
把这个问题说明白了需要比较长的时间,不知道大家愿不愿意听。
华为最早跟英国政府合作成立HCSEC,主要是因为英国政府担心华为产品有后门。我们把源代码送到HCSEC,让英国有DV认证的英国公民看源代码,以此证明没有后门,看出来的结果也是没有后门。这是最初的目的。
全世界都知道华为敢于把源代码放到英国的HCSEC,让英国有DV认证的英国公民来看源代码,证明了我们没有后门。Robert在文章上也讲了,GCHQ也清楚了,所以现在其他国家担忧的后门的问题,其实在英国早就解决了。在我们决定把源代码拿到英国这个过程中,后门问题就解决了。
解决这个问题之后,HCSEC要看一看华为产品的防攻击、防渗透、防各种威胁的能力怎么样。在增强华为产品的防攻击、防渗透能力上,我们做了八年的工作。经过八年的努力,可以说,这个行业中华为产品在这方面是最强的,而且不是我们自己说的,是一家美国公司,Cigital公司通过评估和调查做的结论。
Cigital是一家专业的软件安全工程成熟能力进行评估的美国公司,从2013年开始,每年对我们产品的安全管理进行评估,有12个评估项目,我们有9项达到了业界最高级水平,其他三项也高于业界的平均水平。
但是大家很清楚,安全威胁的环境在发生变化,攻击渗透的技术不断进步,黑客能力水平越来越高。单单安全能力强,防攻击、防渗透能力很强,就好比是一个椰子,外壳很坚硬。万一外壳攻破了会怎么样?不能像椰子一样里头是一堆水。
所以,我们共同的关注点就从外面转到了里面。里面怎么样涉及到韧性,涉及到开发过程是不是高质量,是不是可信。从结果角度上升到了过程角度,结果要好,过程也要好。
HCSEC是可以看到华为的源代码的,(代码)是不是可读,是不是易修改、易构建都知道,好比一个人是赤裸在那里。
现在CESC的问题是,你们的代码不够漂亮。代码是华为三十年在通信行业,像windows一样累积起来的三十年代码,华为的代码要在不漂亮,易读、易修改等方面进行改进,还要把过程改进。不但结果是高质量,可信的,过程也要是可信的,才能证明可信。这就把焦点聚焦到整个软件的生产过程,我们叫做软件工程与实践,而且用面向未来的标准来对应历史上三十年的所有代码。
过去面临的安全风险、使用的软件技术、编程能力跟现在是有差别的,跟未来要求肯定更有差别。把历史上三十年的所有代码进行重构、重写。这个投资是巨大的,而且对华为现在进行的满足客户需求进度产品上是有冲击的。
在这件事情上,我们跟NCSC有相当一段时间剧烈的冲突,(华为)只愿意对新增代码达到要求,而不愿意对历史的代码进行重构。几乎所有的高管都去碰撞过,但在碰撞过程中,不断地加深理解,重构也好、过程质量做好也好,这不是一件简单的事情,对于华为公司未来的发展、未来真正建立可信是有价值的。
未来世界是一个云化,智能化,软件定义一切的世界,关键在于软件,软件必须得到对政府相关机构及客户的信任。信任既要结果可信,也要过程可信,既要结果质量,也要过程质量。这对于华为公司实现远大的理想至关重要。
所以我亲自去了NCSC两次,跟他们进行交流,发现不能再相互碰撞下去,这不仅仅是为了满足NCSC的要求,更是华为公司面向未来必须要采取的行动和措施,所以我回来说服了相关领导,在董事会决策要做软件工程能力提升的变革。
13、金融时报记者:请问大概什么时候?
徐直军:去年年底。董事会通过激烈的辩论后,决策要开始彻底地进行软件工程能力提升变革,目标就是要打造可信的产品。变革要花三到五年时间,根据我们面向未来的标准和要求,彻底地变革整个软件的生产过程,同时对历史上所有的代码以未来的标准进行重构。
既要满足客户需求、又要重构,必须要有新的投资,才有20亿美金额外投资,这20亿美金主要是用于历史代码的重构以及所有工程师训练等等相关变革的费用。遗憾的是我成了变革的责任人,使得我未来五年要增加很多工作。最近这段时间,我花了大量的时间在做变革相关的事情。
20亿美金只是启动资金,肯定是不够的,希望通过三五年的努力真正能够打造让各国政府信任、让客户信任的产品。这样的话,华为未来就有更好地发展。为此我们的创始人新年第一封邮件向所有员工发了一封信–“全面提升软件工程能力与实践,打造可信的高质量产品”。
什么叫过程质量?举一个简单的例子。大家可能觉得中餐很好吃,但是应该很少有人去厨房看过。厨师用什么动作、什么过程、什么东西把这个菜炒出来,很多人不知道。
现在要走进厨房,对于厨师炒菜建立一套流程、标准、行为规范。厨师不按这个动作做,那么做出的菜可能就难吃一点,纠正过来又变得好吃了。这就是我们做软件能力提升变革,要把整个软件生产过程、以及生产出来的代码实现高质量、实现可信。
这很挑战,但是也是我们必须要做的事情。所以为什么要三到五年,为什么20亿美金只是启动资金。
其实我们现在还搞不清楚未来总要投多少钱。
当然,华为有一个优势,我们不是上市公司,现在少挣点钱没关系。只要有未来,就是最大的胜利。员工都是股东,大家可以理解,现在利润低一点是可行的,但没有未来是不行的。
14、新政治家记者:能不能大概估一下把整个代码进行重构的话可能成本有多大?
徐直军:我们正在做高阶设计,还没有估出来。估出来告诉你,希望在3月底把高阶计划做完。
我想强调一下,刚刚提到的的问题不是华为独有的,而是整个产业界的公司都有。(不同公司)在不同领域上改进可能都不一样,但没有一家是完美的。而且这还是一个动态变化的情况。(如果)任何企业把代码送到英国去,让英国有DV证书的公民去看,(他们也)同样会发现很多问题。
15、每日电讯报记者:刚才提到变革成本问题,想问在整个变革过程中对于这些代码的重构,HCSEC在验证监督方面会发挥什么样的作用,时间轴怎样的?
徐直军:所有重构后的代码,只要是用在英国网上的(代码)都会被HCSEC检视。结果好坏NCSC是知道的。我们现在说的都只是期待,最终要靠结果来验证,到底做得怎么样。
华为在英国建立HCSEC目的就是要找问题,就是希望它能够发现问题,推动我们进步。而不仅仅为了找后门,(因为)后门(根本)不存在。2018年,华为为HHCSEC投资600万欧元,给华为找问题上,这是存在价值的。从我的角度来讲,这对所有的研发团队也是一个促进、也是一个验证。
16、Computer World 记者:互联网的起源也是从军方起来的,包括美国也是。从技术的角度来看,似乎变得更加靠近政治,您觉得这是一个问题吗?如果是的话如何解决?
徐直军:技术一直都是跟政治结合在一起的。什么叫政治?想让它政治化就政治化,想让它不政治化就不政治化。这种事情怎么来解决?
人类走了这个历程,各个国家有智慧的人是很多的。技术的进步是造福于人类的,尤其是5G,5G不是原子弹,不伤害人,5G是造福于所有的老百姓,为老百姓去享受更好的数字化体验带来价值的。
关于隐私保护,欧盟已经出台了GDPR,现在英国还没有脱欧,是遵守的,脱欧以后(相信)英国也会有自己的标准,只要按照这个标准做,就可以保护好英国人民和欧洲人民的隐私。
任何企业要违反GDPR是要受到重罚的,我们很欣赏GDPR这种标准,因为它是公开透明、一视同仁,大家都要遵守,不遵守就要受到处罚。
从技术和专业角度来讲,网络安全本来可以制定标准,一旦有了标准,是公开的、透明的、无歧视的,大家都遵守这个标准,不遵守这个标准就要受到处罚。
但是如果从意识形态和政治的角度出发,那就是基于怀疑和假设来说你行或者不行。那就(好比我现在说你):你终究会杀人的。在你没有去见上帝之前,总有一天你可能会去杀人。
这就是华为现在受到的待遇。
17、金融时报记者:您之前讲过在亚洲地区是最主要是5G市场,欧洲5G还没有成熟,您可以数量化一下这个预测吗?您认为亚洲哪些国家近几年代表百分之多少华为5G的市场呢?
徐直军:我把全球市场分为三类:
第一类,5G需求比较大的市场,中国、日本、韩国和海湾国家。
第二类,欧美的一些发达国家,包括美国。现在对5G需求还没有那么强烈,4G都不见得很好。你们知道法国的基站数量跟深圳比是什么结果吗?法国所有4G基站加起来没有深圳移动一家多。
第三类,发展中国家,根本还没有需求。
华为未来几年5G收入主要还是第一类市场,少量来自第二类市场。
Huawei Xu Zhijun and British Media Exchange: 5G is not an atomic bomb, can benefit the people
On February 13, 2019, Xu Zhijun, Chairman-in-Office of Huawei, was interviewed by six British media. He frankly and directly communicated with the British media and talked about many hot topics of media concern. The main points and facts are as follows:
Talking about the improvement of software engineering capability: This is not a simple matter, it is valuable for the future development of Huawei Company and the establishment of trustworthiness in the future. (Software Engineering Capability Improvement) is not only to meet the requirements of NCSC, but also Huaweis actions and measures for the future. This is crucial for Huawei to achieve its ambitious vision.
Talking about 5G: 5G is not an atomic bomb, it does not harm people. 5G is for the benefit of all the people and brings value to the people to enjoy a better digital experience.
Talk about US$2 billion: US$2 billion is just a start-up fund. We hope that through three or five yearsefforts, we can truly build products that can make governments trust and customers trust. In this way, Huawei will have better development in the future.
Talk about network security: Technology is technology after all, and it must be done by scientists and engineers. Scientists and engineers still tend to build a common global standard, and we all work together to do a good job of this standard.
Talking about the future: As long as there is a future, it is the greatest victory. Employees are shareholders, you can understand that it is feasible to lower profits now, but not in the future.
Talk about Huawei in the UK: Huaweis cooperation with the British government and British industry has always been a model of Sino-British cooperation.
1. PCPro Reporter: How does Huawei separate different R&D activities? How does Huawei divide and balance its investment in basic research of wireless communication and customer-oriented feature development?
Xu Zhijun: Huawei has built a R&D investment management system that is similar to and different from the industry. The whole R&D process and management system, called IPD, was introduced into IBM in 1998 to consult and build. The whole process and management system includes both future-oriented investment (mainly research and innovation), customer-oriented investment in product development, and how to invest in engineering capability and technology. These three aspects of investment are separated in the annual R&D investment budget, and each investment scope is decided by its own team.
The decision-making body for developing investment budget with customer demand-oriented characteristics is called IRB and IPMT, and the decision-making body for future research and innovation technology is called ITMT. They decide what to do, what not to do and when to do it.
2. PCPro Reporter: How long is the inspection cycle?
Xu Zhijun: Not by month or quarter, but based on the time and stage of each product development process.
Future-oriented research and innovation, including patent-generating investment decision-making institutions called ITMT. Historically, R&D and innovation budgets accounted for 10% of the total R&D budget, which has gradually increased by nearly 20% in recent years and is expected to reach 30% in the future. We have a dedicated team, budget, decision-making mechanism to face the future, which will generate a large number of patents. There are also a large number of teams and corresponding decision-making mechanisms to develop products to meet customer needs.
For example, 5G was directly studied by ITMT decision-making in 2009. At that time, we announced that we would invest $600 million in 5G research in the UK. The 5G research has not been completed yet, but based on the research results, the development of 5G products started three years ago, which is decided by IRB and IPMT.
3. ComputerWorld Reporter: Is there such an inspiration point in 5G history? It is said that this is a strategic thing to be the core strategy. For example, you just mentioned that in 2009, this technology did not exist at that time, but it is predicted that it will become an important technology or market opportunity in the next few years?
Xu Zhijun: Not as great as you said. Mobile communication industry is regular. There must be 3G, 4G and 5G after 2G. After 5G, consider 6G. When 4G products come out, from the research point of view, it must be to study 5G.
5G is not a technology, but a concept, meaning generation. The research of 4G is over. We need to find the next generation technology. 5G is the suitable technology set.
In 2019, the 5G research is basically over, and the research team is thinking about how wireless technology will develop in the future. What technologies will 6G have? To do research and creation. In my opinion, around 2028-2030, 6G will be as busy as 5G now. This is the rule of our industry. Without 5G, there will be no future in this industry.
Every technological upgrading, there will be some enterprises can not keep up with, and some enterprises will do better.
4. Daily Telegraph Reporter: What is your response to Secretary of State Pompeos statement that Chinese technology companies play a role in 5G? Does it mean that China has won the debate when Germany and France say they will not follow the American attitude and exclude Chinese companies?
Xu Zhijun: I cant comment on winning or not. I saw Pompeos speech in Hungary and his speech in Poland, of course, the Chinese version. In my opinion, Mr. Pompeos remarks further show that this is an organized and planned geopolitical action launched by the US government against Huawei, a weak and inferior company like us, using a national machine.
Huawei has a 30-year history, serving more than 170 countries and 3 billion people. What the hell are we doing? Our customers, partners and 3 billion people who serve should have a clear understanding.
Weve been thinking, and youre asking, whether theyve been targeting Huawei in this way because of cyber security concerns or other motives? Are they really considering cyber security, privacy protection or other attempts by people in other countries?
Others say they are looking for bargaining chips for Sino-US trade negotiations. Others say that the large-scale use of Huaweis equipment in these countries has made it difficult for relevant U.S. agencies to obtain information about these countries, or it is inconvenient for them to monitor the relevant institutions and leaders of these countries.
More than 7 billion people around the world are still wise, and we should be able to see all kinds of possibilities.
5. Financial Times Reporter: As you mentioned in your previous interview with German media, you feel that cyber security is partly a political issue and partly an ideological issue. If you think cyber security is a political issue, the U.S. government has its own political purpose. What will be the final result in the next five or ten years? Do you think there will be two separate network worlds and two separate technology systems? On the one hand, it is China and on the other hand, it is the United States.
I cant represent the Financial Times, but I agree with you personally (there should be a unified standard), but it may not be technically feasible.
Xu Zhijun: Network security was originally a technical and professional issue. All scientists and engineers around the world are working hard to solve this problem. Huawei is also working with governments and industry to promote the construction of relevant standards to measure product safety based on standards.
I think we all know where the source of the combination of 5G and network security came from recently. Originally, Nokia, Ericsson, Huawei, Samsung and ZTE were the main suppliers of 5G equipment. There were no American companies. China and Europe have been striving to create a global standard for 5G or future mobile communications, improve the return on investment of the entire industry chain, and reduce the cost of the entire industry chain.
Through the joint efforts of the industry, 5G finally has a unified standard in the world. Everyone makes products according to this standard. But now some politicians are making cyber security, 5G politicization and ideological, which I think is unsustainable.
After all, technology is technology, which must be done by scientists and engineers. Scientists and engineers still tend to build a common global standard, which we all do well together.
Of course, it is also normal in history that different countries have the right to decide which vendors to deploy their networks based on their own considerations. Huawei 4G has not entered all countries, and Huawei 5G does not expect to enter all countries. It can only focus on serving well and willing to choose our country and operators.
For example, Guangzhou Mobile, the city next to Shenzhen, has not chosen our 4G devices, which is normal. Australias market is not as big as Guangzhou Mobile, and New Zealands is not as big as my hometown, Yiyangda. Huawei does not even provide products for Guangzhou Mobile, nor does it matter in a few countries. We cant serve all countries, all customers, and our energy is limited. We cant monopolize the global market. There are no opportunities in the markets around Shenzhen, which is normal for our industry. Focus on serving customers and countries willing to choose Huawei, we will do it better.
6. New politician journalist: Now there are some discussions that the United States will issue an executive order to prohibit the use of Huawei equipment in the United States, and how much impact it will have on the deployment of 5G in China. After all, the United States is a superpower. How worried would Huawei be about this result if it came true?
Xu Zhijun: First of all, Huaweis equipment does not exist in the United States. Historically, our 4G service has served people in remote areas of the United States, helping operators to provide mobile communications services for people in remote rural areas of the United States. (The news you mentioned) I also saw it in the media, but how it turned out didnt have much impact on us. We didnt exist (in the United States) and didnt expect to exist in the future.
7. Journalist of Media Association: At the end of last year, the head of CIA 6, including the British Defense Minister, came out and hinted that he was worried about Huaweis equipment safety. Recently, he saw that the Princes Foundation of Britain had interrupted the acceptance of Huaweis donations. To what extent are Huawei frustrated and disappointed by these developments?
Xu Zhijun: First of all, the British government has been worried about the safety of Huawei equipment, so Huawei and the British government have jointly established a HCSEC to cooperate on security. Through open cooperation to solve the British governments concerns about the use of Huawei equipment in the UK network security.
This morning I happened to see an article written by Robert Hannigan, the former head of GCHQ in Britain, published on FT. This article explains all your problems. You can have a look at it. GCHQ has adopted a series of mechanisms for effective management and supervision in order to protect the whole UK network security and serve the British people well. I also agree with his subtitle that we should base our technical judgment on a clear-eyedview of the potential threat rather than simply politicize it. I think he answers better than I do.
The Prince of England Foundation no longer accepts Huaweis donation. There is no sense of frustration for Huawei. We are making donations based on the greatest respect for the outstanding achievements of the Foundation in helping young people. It has nothing to do with politics. We also regret that their decision was based on one-sided and unfounded information about Huawei and did not communicate with us.
Neither acceptance nor acceptance will have any impact on Huawei, but I still pay tribute to the contributions made by the Foundation to help young people and continue to help them in the future.
8. Computer World Journalist: There is an interesting discovery that Huawei has a good relationship with two of the Five-Eye Countries – Canada and Britain. What is Huaweis relationship with the intelligence agencies of the Five-Eye Countries? I guess since intelligence agencies have the ability to monitor optical communications, they should be able to monitor communications in communication boxes. To what extent does Huawei cooperate with intelligence agencies in Five-Eye countries?
Xu Zhijun: I am not clear about Huaweis cooperation with intelligence agencies, but I am clear about Huaweis cooperation with GCHQ in the UK. Our cooperation with the UK is constructive, not simple YESorNO, but based on our respective concerns to find technical and supervisory solutions to enable cooperation to continue.
Huaweis cooperation with the British government and industry has always been a model of Sino-British cooperation. In the past, exchanges between the Chinese and British governments and private exchanges have taken Huaweis investment, development and cooperation with the British government as an example. Under the circumstances of different values and cultural backgrounds, China and the West can still create a model of constructive and friendly cooperation, which makes Huawei willing to invest and develop continuously in the UK. It also enables UK operators to use Huaweis technology, products and solutions to serve the British people.
The cooperation of two different values and cultural backgrounds, or YESorNO, is difficult to sit down and constructively find solutions to their respective concerns and promote cooperation.
One of the reasons for our good cooperation with Britain is its spirit of openness and free trade. Britain advocates rules and regulations to solve problems, rather than simple YESorNO. This is also the key to Britains becoming a free and open country.
9. PCPro Reporter: My problem is closely related to the word convergence. This morning I saw Huaweis business, which is the service platform of IP network. Everyone is talking about monitoring the network, where all the network traffic is here, facing challenges. In addition, there are operator networks, ATM, and other standards. Now the government has the same requirements as the enterprise network, but the tools it uses are very different. Is it possible for 5G data traffic to publish information in accordance with enterprise network standards when doing transmission? Is it possible to solve the current security concerns? Nowadays, many people worry that the front end is a single box. Everything is transmitted through the operators network. Does business expansion and Huaweis layout help to solve the network security challenges Huawei faces in its network infrastructure?
Xu Zhijun: If all the network security challenges are technical problems, they can be solved by technology and supervision in essence. As we all know, network security is now a common global challenge. Therefore, 5G pays special attention to safety-related issues in the process of selecting technology and formulating standards. 5G is safer than 2G, 3G and 4G in terms of technology and construction standards, which you can check with 3GPP and GSMA experts.
Moreover, the key information transmitted by 5G can be encrypted by 256 bits, which means that the quantum computer that has not yet come out can be used to decrypt.
10. PCPro Reporter: What you are talking about now is wireless communication based on air port. What you are worried about now is the infrastructure level.
Xu Zhijun: 5G is mobile phone to base station, base station is the network, Huawei only provides base station equipment in the UK network. The network above the base station is not directly related to Huawei.
Roberts article also specifically says that Huawei, the core part of the network, has not entered.
It has nothing to do with Huawei above the base station. Its all equipment from other manufacturers.
11. Financial Times Reporter: The explanation just now is that Huawei only provides base stations. From the users ports to the base stations, it is a process of encryption. After the base stations, the data is decrypted into the IP network.
Xu Zhijun: Decryption is the business of operators or the government, and encryption is also the business of operators or the government.
Financial Times: Encryption through your devices?
Xu Zhijun: We cant master the key. Wouldnt it be a great success to master the global key? Each country has its own key.
12. Financial Times Reporter: About last years NCSC 2018 report, the main question is about third-party components in Huawei software. Some people say that this problem is because Huaweis corporate culture, Huawei is more willing to get components from different sources than European companies. At the extreme, the U.S. indictment mentions Huaweis previous example of encouraging employees to acquire technology from other companies, which is a very extreme example. How do you use the planned $2 billion development to solve the third-party component problem? Where do you think the third-party component problem comes from? Is it corporate culture or what? How to solve this problem in this period of time?
Xu Zhijun: First of all, your understanding is wrong. The third-party software you mentioned is mainly the operating system of American Wind River Company called VxWorks. We thought that the British government believed most in using the operating system of American company, but later found that it was not.
Any product, whether hardware or software, will be developed based on an operating system, just as all software vendors develop on windows and Linux. We also need to develop base station software based on an operating system. VxWorks is the base station of Huawei which runs on the Internet in the UK. Of course, there are also third-party software and open source software. It is mentioned in the report that there are improvements in the management of all third-party software, rather than the inability to use (third-party software), (if not), it is impossible for every company to make all the software, each company has to make a windows, each family has to make a Linux, and each family has to make Oracle-like databases.
We later found Fenghe, and they told us that the software and the versions in use by Huawei were widely used in all walks of life in the UK, even in some industries more sensitive than the telecommunications industry. Huawei uses other companiesoperating systems, databases and open source software in its software development process, which has nothing to do with Huawei culture. This is an inevitable choice for all companies that make products, because it is impossible for them to do everything.
Now you have a question, why does it take Huawei three to five years to improve its software engineering capability, and why does it invest more than $2 billion?
It will take a long time to explain this problem. I wonder if you would like to listen to it.
Huawei first cooperated with the British government to establish HCSEC, mainly because the British government feared that Huawei products had a back door. We sent the source code to HCSEC and let British citizens with DV certification look at the source code to prove that there is no back door and the result is no back door. This is the original purpose.
The whole world knows that Huawei dares to put the source code into the UK HCSEC and let British citizens with DV certification see the source code, which proves that we have no back door. Robert also said in his article that GCHQ is clear, so the back door problem that other countries are worried about now has already been solved in Britain. When we decided to bring the source code to the UK, the back door problem was solved.
After solving this problem, HCSEC should look at Huaweis ability to prevent attacks, penetration and threats. We have worked for eight years to enhance the anti-attack and anti-penetration capabilities of Huawei products. After eight years of hard work, it can be said that China is the strongest product in this industry, and it is not what we call it. It is an American company. Cigital made the conclusion through evaluation and investigation.
Cigital is a professional software security engineering maturity assessment company in the United States. Since 2013, we have evaluated the safety management of our products every year. There are 12 evaluation projects. Nine of them have reached the highest level in the industry, and the other three are higher than the average level in the industry.
But it is clear to all that the environment of security threats is changing, the technology of attack penetration is improving, and the level of hacker ability is getting higher and higher. Single security capability, anti-attack, anti-penetration capability is very strong, just like a coconut, the shell is very hard. What happens if the shell breaks? You cant have a pile of water inside like a coconut.
So our common focus shifted from the outside to the inside. How does it involve resilience, whether the development process is of high quality, and whether it is credible? From the perspective of results to the perspective of process, the results are good, and the process is also good.
HCSEC can see the source code of Huawei. (Code) Is it readable, easy to modify, easy to build, as if a person is naked there?
Now the problem with CESC is that your code is not beautiful enough. Code is the 30s code accumulated by Huawei in the telecommunication industry like Windows. Huaweis code should be improved in the aspects of not beautiful, easy to read, easy to modify, and process improvement. Not only is the result high-quality and credible, but also the process is credible to prove credible. This focuses on the entire software production process, which we call software engineering and practice, and uses future-oriented standards to correspond to all the code in history for 30 years.
The security risks faced in the past, the software technologies used, and the programming capabilities are different from those of today, and certainly more different from the requirements of the future. Refactoring and rewriting all the code in the past 30 years. This investment is enormous, and has an impact on Huaweis current product schedule to meet customer needs.
In this matter, we have had quite a period of intense conflict with NCSC, (Huawei) is only willing to meet the requirements of the new code, rather than reconstructing the historical code. Almost all senior executives have collided, but in the process of collision, they constantly deepen their understanding, reconstruct or improve the quality of the process. This is not a simple matter. It is valuable for Huaweis future development and the real establishment of credibility in the future.
The future world is a cloud, intelligent, software defines everything. The key is software. Software must be trusted by relevant government agencies and customers. Trust requires both credible results and credible processes, as well as quality of results and process. This is crucial for Huawei to achieve its ambitious vision.
So I went to NCSC twice personally and communicated with them, and found that they could not collide with each other any more. This is not only to meet the requirements of NCSC, but also the actions and measures Huawei company must take in the future. So I came back to convince the relevant leaders to make the decision of the board of directors to make software engineering capability improvement changes.
13. Financial Times Reporter: When is it?
Xu Zhijun: At the end of last year. After the board of directors passed the fierce debate, the decision-making should start to thoroughly improve software engineering capabilities, the goal is to create credible products. Change takes three to five years to radically change the entire software production process according to our future-oriented standards and requirements, while refactoring all the code in history to future standards.
To meet customer needs and restructure, new investments are needed to generate $2 billion in foreign investment, which is mainly for the cost of restructuring historical codes and training all engineers and other related changes. Unfortunately, I have become the responsible person for the change, which will make me have a lot of work to do in the next five years. Recently, I have spent a lot of time doing things related to change.
Two billion dollars is just starting up capital, which is certainly not enough. We hope that through three or five yearsefforts, we can truly build products that can make governments trust and customers trust. In this way, Huawei will have better development in the future. To this end, our founder sent a letter to all employees in the first email of the New Year – to comprehensively improve the ability and practice of software engineering, to build credible high-quality products.
What is process quality? Take a simple example. You may think Chinese food is delicious, but few people should have seen it in the kitchen. Many people dont know what kind of action, process and thing the cook uses to fry the dish.
Now we need to go into the kitchen and set up a set of process, standards and behavioral norms for cooks to stir-fry vegetables. If the chef doesnt follow this action, the dishes may be a little unpleasant, and corrected to be delicious. This is what we do to improve software capabilities, to achieve high quality and credibility of the entire software production process, as well as the generated code.
Its challenging, but its something we have to do. So why three to five years? Why is $2 billion just a start-up fund?
In fact, we still dont know how much were going to spend in the future.
Of course, Huawei has an advantage. We are not listed companies. Its okay to make less money now. As long as there is a future, it is the greatest victory. Employees are shareholders, you can understand that it is feasible to lower profits now, but not in the future.
14. New politician reporter: Can you give a rough estimate of the possible cost of refactoring the entire code?
Xu Zhijun: We are doing high-level design, which has not been estimated yet. Estimate it and tell you that we hope to finish the high-level plan by the end of March.
I would like to emphasize that the problems just mentioned are not unique to Huawei, but the companies in the industry as a whole. Improvements may vary in different areas, but none of them are perfect. And its a dynamic change. (If) any company sends its code to the UK for citizens with DV certificates to see, (they) will also find many problems.
15. Daily Telegraph Reporter: I just mentioned the cost of change. I would like to ask what role HCSEC will play in verification supervision and what is the timeline for the restructuring of these codes in the whole process of change.
Xu Zhijun: All reconstructed code, as long as it is used on the British Internet (code), will be reviewed by HCSEC. The results of NCSC are known. All were talking about now is expectation, and ultimately its up to the results to verify how well were doing.
Huawei set up HCSEC in the UK to find problems, that is, to find problems and promote our progress. Its not just about looking for the back door, because the back door doesnt exist. In 2018, Huawei invested 6 million euros in HHCSEC to find problems for Huawei, which is of value. From my point of view, it is also a promotion and a verification for all R&D teams.
16. ComputerWorld Reporter: The origin of the Internet is also from the military, including the United States. From a technical point of view, it seems to be getting closer to politics. Do you think this is a problem? If so, how to solve it?
Xu Zhijun: Technology has always been combined with politics. What is politics? If you want to politicize it, politicize it. If you want to politicize it, you will not politicize it. How can this be solved?
Humanity has gone through this process, and there are many wise people in every country. Technological progress is beneficial to mankind, especially 5G, 5G is not an atomic bomb, does not harm people, 5G is beneficial to all the people, for the people to enjoy a better digital experience to bring value.
With regard to privacy protection, the EU has introduced GDP R. Now Britain has not yet left Europe, and is abiding by it. After leaving Europe, Britain will also have its own standards. As long as it does according to this standard, it can protect the privacy of the British people and the European people.
Any enterprise will be heavily punished if it violates GDP R. We appreciate the standard of GDP R, because it is open, transparent and non-discriminatory. Everyone should abide by it. If they do not abide by it, they will be punished.
From a technical and professional point of view, network security could have set standards. Once there are standards, they are open, transparent and non-discriminatory. Everyone abides by this standard, and if they do not abide by this standard, they will be punished.
But from an ideological and political point of view, its based on doubts and assumptions that you can or cant. Then (as I say now): youre going to kill somebody. You may kill someday before you go to see God.
This is how Huawei is treated now.
17. Financial Times Reporter: As you said before, the 5G market is the most important in Asia, while the 5G market in Europe is not yet mature. Can you quantify this forecast? What percentage of Asian countries represent the 5G market in recent years?
Xu Zhijun: I divide the global market into three categories:
Firstly, the market with large demand for 5G is China, Japan, Korea and Gulf countries.
Second, some developed countries in Europe and the United States, including the United States. At present, the demand for 5G is not so strong, and 4G is not very good. Do you know what is the result of comparing the number of base stations in France with that in Shenzhen? All of Frances 4G base stations add up to less than Shenzhen Mobile.
Third, developing countries have no demand at all.
Over the next few years, Huaweis 5G revenue will mainly come from the first market, with a small amount coming from the second market.
Source: Xinsheng Community Responsible Editor: Wang Fengzhi_NT2541
https://www.jqknews.com/