The moment of truth for 5G cybersecurity in Spain is approaching: According to Royal Decree-Law 7/2022, which received the green light from Congress at the end of April, telecommunications operators must have their risk analyzes ready – including the ‘mitigation measures’ – in September, as well as concluding the preparation of the ‘National Security Scheme for 5G networks and services’ by the Government, which develops aspects of the Royal Decree (hierarchy of risks, examination of vulnerabilities, diversification of the operators’ supply chain, etc…). In parallel, at the end of June, it will be known if Spain classifies any of the large infrastructure providers (Huawei, Nokia and Ericsson) as ‘medium or high risk’.

This will force them to send the Government, within half a year, their own risk report together with their solutions. In this context, the director of Cybersecurity or CSO of Huawei Spain Gonzalo Erro has requested this Thursday, during a meeting with Spanish journalists in Brussels, “a regulation that is objective, non-discriminatory and proportional” and showed his support for the establishment of this type of legislations.

The representative of the Chinese manufacturer has not gone into the fact that the norm has finally been processed as a royal decree law when the approach was that of its approval as a Law. A script twist caused by the Russian invasion in Ukraine: «The framework In general, the structure of the articles is maintained with some change compared to the 2020 version, after having taken into account the contributions of the public hearing phase”, explained the Huawei representative on a standard that is born from two initiatives of the European Commission (Recommendation of March 26, 2019 on cybersecurity of 5G networks and Communication of January 29, 2020 on the ‘Safe Deployment of 5G in the EU’) and which proposes a series of recommendations to member countries (‘ Toolbox’). In any case, Erro has remarked that “we are working and comply with the standards” and highlighted the “ecosystem of certification laboratories in Spain”.

Asked about the fact that an operator like Telefónica has chosen to have Nokia and Ericsson as infrastructure and 5G technology providers, Erro (Huawei Spain) expressed his desire that “operators make their commercial decisions based on their analysis of risks” and highlighted that “they have been working with us for more than 20 years and we hope to continue passing the verifications that they determine to continue working with them.” In this sense, he has pointed out that they expect to see the details of the development measures of the ‘Scheme’ “but we believe that our homework is done.”

In the meeting with the Spanish media, which took place at the Cybersecurity Center that the Chinese group has in the Belgian capital, Huawei’s CSO for Western Europe Bob Xie also spoke, defending “that security services are not just a technical issue” and valued Huawei’s efforts in this area, using the Brussels Cybersecurity Center as an example “a platform to collaborate with others, test products and a lot of services.” All this through product certification and both internal and external audits.

The multinational, whose headquarters are in Shenzhen (China), employs some 2,600 people around the world in tasks related to cybersecurity. In our country, where the company has about 900 employees, there is a team of between 10 and 12 people in these tasks, four of them full time. “It is a very important issue, the CEO is very involved in the decisions made at this time,” Erro pointed out.

Specifically, the company has established global governance headed by the head of Cybersecurity John Suffolk, who reports directly to Huawei’s global CEO Ren Zhengfei, who holds monthly meetings in this area with the seven geographic groups (China, Nordic countries , Eurasia, the Middle East, Latin America, Asia Pacific and Western Europe) In charge of Suffolk are the cybersecurity and Transparency centers promoted as places of exchange with clients or industry (Brussels, Bonn, Rome, Banbury, Dubai, Toronto and Shenzhen) and the ‘Independent Cyber ​​Security Laboratory’ (Independent Cyber ​​Security Lab), located in Huawei’s headquarters in China and which employs about 200 people, with highly specialized profiles, dedicated to examining the security of each solution from the well-known manufacturer. In addition to resorting to external audits with officially accredited companies, although attentive to the development of a definitive European standard.

2