ZTE Cybersecurity is Assured Throughout the Full Product Life Cycle
In the development of 5G, security is a critical question that is being discussed frequently in the industry. The whole industry and stakeholders are working together to improve cybersecurity, from the creation and conformance of industry standards through coordinated vulnerability response and disclosure to enhance security measures for manufacturers. As a leading global provider of integrated communications solutions, ZTE Corporation is committed to ensuring network equipment security, providing customers with secure and trustworthy products and services, and fostering the digital transformation of industries by improving global users’ experiences through secure and reliable network connections.
In the past years, ZTE applies industry standards and best practices to implement top-down, risk-based cybersecurity governance throughout the product life cycle, which is introduced in details in ZTE Cybersecurity White Paper.
To be more specific, for supply chain, ZTE emphasizes the security and credibility of manufacturing and guarantees continuity and resilience of supply. For R&D, ZTE adopts the security by design principle to ensure that the product development process is secure and controllable through the continuously improved process. For engineering service, ZTE complies with standardized operations to ensure the secure delivery of products and services.
ZTE adopts industry technical standards, certification systems, and evaluation frameworks, and leverages its cybersecurity labs to enable customers, regulators, and stakeholders to verify security of ZTE products in a convenient, effective and transparent way.
ZTE is committed to providing customers with secure and trustworthy products and services, ensuring the security of communications network equipment, to realize digital transformation enabled by 5G networks.
It is ZTE’s Corporate Vision to enable connectivity and trust everywhere. In cybersecurity, ZTE’s vision is “Security in DNA, trust through transparency”. Abiding by laws and regulations, following industry standards and customer needs, ZTE is committed to delivering secure and trustworthy products and services to customers, ultimately to enable connectivity and trust everywhere.
To strengthen cybersecurity governance, ZTE has established an organizational architecture based on the three lines concept. By separating security groups from front-line business divisions, this structure eliminates conflicts of interest. It successfully ensures cybersecurity from numerous viewpoints and levels through the first line’s self-inspection by business units, the second line’s independent security evaluation, and the third line’s security audit.
ZTE has put in place strong cybersecurity policies, processes, and recommendations. The essential needs for cybersecurity governance are outlined in the cybersecurity policies. ZTE has also released a set of security management guidelines and requirements that are reviewed on a regular basis. Following these security criteria, each business unit carries out security actions. During the implementation phase, relevant outcomes and records are retained as evidence for auditing by appropriate parties.
ZTE places a premium on the development of both security knowledge and skills. It has built a complete talent cultivation system that combines career development and training for cybersecurity experts in the sectors of security standards, security planning, security design, secure coding, security tools, penetration testing, etc.
In addition, ZTE has a culture of disseminating a variety of security-related information, such as cybersecurity news, cutting-edge security technologies, and best practices, to all employees, as well as hosting security technology conferences, security open days, case study sharing, and other events. Through a variety of engaging activities, security awareness education permeates employees’ regular tasks.
Only on the basis of maintaining security can the digital transformation of technology-based sectors and sustainable development be more effectively achieved in the 5G era. ZTE states that it will continue to invest more resources into the research of security technologies and methods, continuous innovation, and the introduction and study of advanced cybersecurity management concepts and methods in order to improve product security and service capabilities to meet new security requirements brought about by new technologies, new applications, and new business models.
Insisting on the principles of transparency, openness, trust, and collaboration, ZTE collaborates more closely with customers, partners, governments, vendors, and standards organizations to address future cybersecurity challenges, to build a reliable and resilient supply chain, and to continuously provide customers with secure and trustworthy products and services.