查看原文
其他

华为外籍高管舌战美媒 据理力争,回答全程高能

LearnAndRecord 2022-07-26

近日,华为美国首席网络安全官Andy Purdy接受C·SPAN采访的视频走红。面对主持人刁钻的问题,他思路清晰,据理力争,回答全程高能。

以下为采访字幕(仅供参考阅读,并非一一对应):

This week on "the communicators" we want to introduce you to Andy Purdy, chief security officer at Huawei. What does that entail?


Primarily, it is an internal role. I chair the committee for privacy, similar to the one we have globally. I.t., human relations services, etc. We are making sure we meet statutory regulatory customer requirements and our internal policies so we can manage risk from a cyber security perspective. I work with my government regulations people to talk with customers and stakeholders about issues, and tried to drive the conversation forward.


Give us a snapshot of Huawei.


Huawei is a company with 180,000 people around the world, 30% of our products come from Huawei. 32% of the components come from the United States, unleavened billion dollars a year. We have 80,000 people involved in R&D. We spent $15 billion on R&D last year. We do not have to worry about quarterly numbers, we can invest long-term and that is what we are doing. Our people are motivated by two things, we want to be involved in something interesting and important, and provide wealth for our families.


Who is the founder? And what is his background?


He was an engineer with the people's liberation army many years ago. He moved to form his own company with others with a few thousand dollars, and he has had spectacular growth. He has always incentivized people to innovate and the customer centric. The primary focus of Huawei is to be customer centric and not get every dollar of profit out of every contract, but to take a long view if our customers make money and their customers make money, we are all working well together for a common advantage.


Do any of us have a Huawei product in our hands or phones?


I have a Huawei phone, but I do not think so.


Why is Huawei considered a threat to national security in the U.S.?


It is complicated, there is not a simple answer. They are steeped in, ever since the fall of the Soviet Union, the rise of China. The reach of China, the belt and road initiative around the world, the advances in technology, some of the issues the government has with China have been a major concern, some of which are subjected to the trade talks. The U.S. is not safe in cyberspace. The U.S. looks at things from a risk perspective whether national security or other risks. If they do not look at companies who are hostile to us from a national security perspective they look at potential. Does a country have the opportunity and capabilities if they turn against the United States to cause us great harm? It is that kind of risk-based perspective that is affecting the perspective of the U.S. toward Huawei. It is more country focused than company focused.


Let's bring Drew Fitzgerald of "the Wall Street Journal" into the discussion.


I am curious, there have been rules proposed and rules enacted in the U.S. that have essentially all but banned Huawei equipment in networks in the U.S. what is the status of Huawei's business operations in America?


We have 1500 employees in the United States, a strong R&D presence. We purchased $11 billion in U.S. components last year. Our enterprise and consumer business, we are maintaining our revenues at present. The prohibitions in national defense authorization act kick in an august 2019, and those are focused on government contracts which we are not pursuing, and government contractors. There may be a greater potential impact going forward. We believe in the end the United States will have the kinds of measures in cyberspace that will make us more secure. When we get to that point, we think we will be allowed to compete on a level playing field, but in the meantime our biggest concern is probably our wireless customers that serve rural America. We believe our technologies are essential to farmers, schools, citizens, companies in rural parts of United States, and we hope we can maintain that service to serve those people.


You continue doing business with smaller providers in the United States?


Yes, we have about 40 of those customers.


Around the world there has been a lot a focus on flaws found in code, vulnerabilities in certain Huawei equipment in places like Italy and the U.K. is it possible to secure Huawei devices and networks that run off of them? Or is that a pipe dream?


It is impossible to eliminate all risk, whether 5g or whatever. It is impossible to eliminate all vulnerabilities in products. One of the advantages we have is we are one of the most examined and evaluated companies in the world. The flaws we have such as the U.K. oversight board revealed in our software engineering processes, those are things we can improve as a process, and that is what we think will make America safer and cyberspace safer. Those risk mitigation measures looking for vulnerabilities protecting threats that exist out there, we need to protect against those risks from all vendors. All major vendors have major operations in China. If there is a concern about the Chinese government, we have to protect against all those threats.


How does that work? How do these boards examine millions of lines of code and complex equipment, some of which involves intellectual property that belongs to Huawei?


We have the U.K. program were we make our source code available for review under oversight by the government and in close collaboration with the carriers, including evaluating the updates. We have programs the Canadian government does not want to emphasize much. You see a situation where private companies are addressing risk in Mexico. We supply major equipment to AT&T down there and they are not pressured to remove our equipment. We are setting up a program in Germany and working closely with Germany and our security service to come up with measures and mechanisms that make sense for understanding risk, addressing risk, testing products. They want to put in a program that addresses risks for all vendors. I was part of an opening of a transparency center in Brussels in early march. We let companies, customers, and governments come into evaluate our code. We think that external evaluation is a plus, and we would like to see our competitors that the benefits of that as well.


What is your take on the U.K. defense minister being fired related to a Huawei issue?


I do not know about the details of that. My understanding is he leaked information about preliminary discussions within the U.K. government, which apparently he describes. I see that as part of a larger picture. I was in Warsaw with vice president pence and secretary of state Pompeo, I was there when they were there. It is amazing the pushback by our closest allies, the U.K., Germany, other countries in Europe and around the world are saying, you have not given us evidence of cyber security wrongdoing by Huawei. And we believe there are effective risk mitigation measures that can be used, and if we can use those, we can get the benefits of the technology and having competition in this space. We believe competition is essential for the technology, price, etc.. When you look that the U.S. is not safe from a cyber security perspective, what does the U.S. do? There are special risk mitigation programs in effect for our competitors. They had tremendous presence in China, including Nokia and Ericsson. Somehow the risk mitigation measures in place satisfied the U.S. government. We just want to talk to the U.S. government and talk about risk mitigation measures that might work in the U.S. so we can provide assurance and transparency.


You come from a cyber background?


I was a prosecutor. I joined the president bush team to secure cyberspace and then moved to homeland security in 2003 and we were setting up the cyber security effort. I led the U.S. cyber security effort. I don't trust anybody. When I was recruited, on the part about reaching out, we will be advocates for a safer cyberspace. I have been able to be an advocate for a safer American cyberspace. I am not a defender of Huawei. We need the best technology. It is critically important we address risks. I have never been told what to say or what I cannot say, and when you look at the bigger picture, Huawei, we do not speak through the China government, and they do not speak for us. We want to talk to the U.S. government and find ways to mitigate risk.


I am sure you are familiar with Jim Lewis. I want to play a little video what he had to say about Huawei.


Huawei wants to get into your core network, and the Chinese government subsidizes them to the tune of hundreds of millions of dollars to do that. Do you think it is because the Chinese like your cuisine? Why do you think they are paying hundreds of millions of dollars to get into your phone network? Duh.


I missed the first part of what he said.


And the fact that Huawei is subsidized by the Chinese government.


There is no evidence that Huawei is subsidized by the Chinese government. No basis in fact. Each year, less than 2% of revenue comes from various kinds of China government funding. Other companies around the world that participate in those grants, so it is not true we are getting substantial funds from the China government.


I want to go back to the risk mitigation issue you mentioned earlier. A complaint or assertion that some have made, whether right or wrong, has been that even if you were to review all the code and practices of your competitors like Nokia, at the end of the day, those are countries that do not answer to their home government but are domiciled in governments friendly to the U.S. government. What is the company's response to that?


There are several things you can do, but let me mention the scale of operations that take place in China by Nokia and cisco, the active involvement of the Chinese government with Nokia, to the extent that geographic access presents risks, clearly the U.S. government has found ways to address that risk. The other thing, i saw a comment by the director of national intelligence about two issues, one has to do with backdoors which he said they can test for, and other has to do with customer data, there are mechanisms to address the risk. The ascension is because our equipment is in the network, we have access to all the information. We just want to sell into the radio access. The fact is there are strict requirements, when we go to service the customer there is an assumption the Huawei network is attached, and it is not. We have mechanisms all subject to explicit permission. Laptops with a private network cloud to access the customer network. And the ability for them to record every keystroke that is logged that touches the customer network. We are open to additional measures that can be done to make sure data is protected. The assumptions are wrong. The fact is, people talk like it is via quit providers that have the risk. We had our part of the risk, but the carriers and sec reference the fact that our network operators own the risk, they control the network. They monitor outbound traffic. They have their responsibility. The standards at of the you when cover their conduct -- the standards out of the U.N. cover their conduct. If there is harm, you cannot eliminate all risk, when something bad happens you can control the impact. Wear something comes from is a lot less important when you take the attitude you take when a foreign company buys an American company. The U.S. government requires a risk mitigation plan overseen by a committee of government agencies to guarantee they are not under undue influence.


I want to go back to the core of the network, whether a cable company or cell phone company can see all the traffic across the network. One thing interesting about Huawei, you make just about every product out there. The core of five G networks.


We like to play and all met networks. -- We like to play in all networks. The U.K. made announcement to make it look like we will not be in the core of the bridge telecom network, that was agreed to and planned. Frankly, the distinction between core and non-core as we move toward 5g there will be viral spaces in cyberspace that have strong authentication requirements. It is less an issue of core versus non-core than effective risk mitigation measures. We would love to discuss those.


Let me ask you about the last quarterly report from Huawei, using the new technology and is doing business with different providers, what is the status of that? Where are these base stations being shipped to use 5g equipment?


I am not sure I can reconstruct the business element of the base stations we have sold. I am not on the business side. Some of the widely publicized early adopters for 5g, and all the contracts are public, but I do not have on the tip of my tongue the specifics. The first quarter, our revenues were up 39%. You look at last year, 2018, the cycle for carrier networks, we were in a trough last year as we started to move up toward the deployment of 5g.


Are we in danger of having two separate 5g networks? One in China and one in the U.S.?


I do not think so. I suspect the U.S. will do what U.K. is doing which has not gotten as much publicity. I think to help manage risk and promote resiliency, which is fundamental, we have to make sure our networks are up and running and it will be more important when we have 5g. We are going to be dependent in a serious way on the digitized vertical industry sectors and government services. What the U.S. and the private companies will do will have a diversity of suppliers. Hopefully we will be one of multiple suppliers. That helps promote resiliency and reduce risk.


One of the fears, Huawei has been talked about for years as a potential threat, as we saw in Sri Lanka, the internet was shut down. We saw it in Egypt in the spring years ago. Is there a potential that Huawei could shut down people who have Huawei products?


Take a look at the new stories in the last 12 months of major outages around the world with our competitors providers. The issue of availability of these services trying to promote resiliency and more clear standards and accountability for the major carriers to make sure they can meet the needs, that is critically important. We do not have access like the carriers do for the ability to shut down. We do not control the products after they are in the networks. From a national security perspective, from the perspective of the well-being of the United States, we have to make sure the carriers are on board, protections for the equivalent vendors, that will make sure we can maintain the services we will depend on.


I want to ask about interoperability. Most companies are not going to rely on one single supplier for all of their equipment. There have been some complaints that carriers, those technical standards can make it favorable to Huawei and harder for a company that wants to use another provider to switch from Huawei is there going to be the ability of a company that wants to switch providers away from Huawei?


One of the most important developments they are coming up with is interoperability. I would like to see the U.S. putting more money into the participation in international activities. The government funds have been cut down. Private companies are involved in efforts. What are the most important threats that are going to be addressed by the standards? When you look at 5g, there are significant security enhancements being added to make it safer. The allies are winning and to the process, -- weighing in to the process, i think it would be a great thing.


The cases against Huawei in the U.S., the person arrested is she going to appear before a U.S. judge?


I think there is an appearance tomorrow. As a former federal prosecutor, i have an incline of how much judges hate those type of cases.


Do you think on a hypothetical level that this was a political move or a trade positioning move?


There is a context for everything. I am a believer in the criminal justice system in the United States and Canada. I have confidence that the procedure will be based on facts and based on the law and that whatever the correct determination is is what will take place. The process in Canada can be fairly time-consuming, so it may take longer than anyone would like.


You are here while trade talks are going on between the U.S. and China. What role do you see Huawei having in the trade talks if any?


I don't see any role, frankly. Although there has been some speculation about what way being the subject of talks or parallel talks, we want to talk with U.S. government. China does not speak for us, we don't speak through China. In Prague last week, 30 countries and the U.S. got together talking about standards. When the operators and the governments and the vendors come together to understand risk and manage it, we are all going to be better off in the and. -- in the end.


Did you have any representatives there?


I know my boss was there in Prague for the conference. Part of the conference was open and there were breakout sessions one afternoon and one morning that generated remarks from the chairman of the proceedings about the requirements that many including the U.S. government are encouraging in various countries involved in the EU in general to try to incorporate those into their requirements.


Especially in Europe, U.S. officials have gone to many countries to visit their counterparts and essentially told him not to buy equipment from Huawei. Does that have an effect in the company's business around the world? Copy from LearnAndRecord

I don't think so. I heard comments from the officials saying the publicity has been a good thing. I am not going to go there. I feel a little bad. The harsh response is generalized -- our allies have given the United States. I think the U.S. is the last -- it saddens me that we can't discuss these issues about how to address risk. Clearly, our allies, most of them, want to talk about true risk mitigation measures and provide assurance and transparency. That is what we would like to do.


Given your DHS and cyber security background, what do you think on a general level are some of the cyber security threat here in the U.S.?


I think they are pretty much everywhere. One of the biggest problems is a lack of commitment and leadership around cyber security. I think in the last year or 18 months, we have seen great efforts by the DHS. The leadership to make sure that we provide the funding necessary to fund the efforts against the election tampering and come up with the requirements for 5g, to help create greater visibility, particularly publicly traded companies, what their responsibilities are, we have got to get more action. We need goals, objectives, and milestones to track progress. We need strict oversight by congress, and we have a long way to go to improve in those areas.


One thing we have not said is that while way is now the second largest -- that while way is now the -- that Huawei is now the second largest manufacturer of phones next to Samsung.

 

If there is security concerns about our phones that operate on the android platform, it is time to raise the security requirements for all android phones to make us safer. Let's focus on the issues and make us all safer.


Gentlemen, thank you. I also want to note this program and all communicators programs are available as podcasts.


中文译文(仅供参考阅读,并非一一对应):

本周节目中我们向大家介绍Andy Purdy,他是华为美国公司的首席安全官。


主持人:Purdy先生 跟大家讲讲您的角色和故事吧

Andy Purdy:首先 这是一个公司内部职位,我担任美国网络安全隐私委员会主席,跟华为在全球范围内的网络安全隐私委员会类似,在华为全球网络安全隐私委员会中有来自各个业务部门、IT部门、人力资源部门、服务部门等多个部门的代表,需要每季度对网络安全隐私的要求进行管理,以确保我们遵从法律法规、满足客户要求 并遵守内部政策规范,便于从网络安全隐私角度来管控风险。除此之外 我还负责和政府关系、公共关系的同事一起,与客户沟通 与利益关系人交流 推动相关工作的发展。


主持人:能否请您给我们简单介绍下华为 

Andy Purdy:华为是一家在全球拥有超过18万员工的公司 ,大约30%的产品是华为自产的,华为产品中大约30%到32%的部件来自美国,每年价值约110亿美元。公司员工比较年轻,我们有(据我所知)大约8万研发人员,我们去年研发投入大约是150亿美元 这是我们最引以为豪的优势之一。我们不用担心季度报告里的数字, 我们可以将眼光放长远, 这正是我们所做的。我们员工的工作动力基本上来自两件事情,我们想参与一些非常有趣且非常重要的事情,我们想为我们的家庭幸福付出努力。我认为我们正在做这两件事 。


主持人:谁是公司的创始人?

Andy Purdy:任正非


主持人:您能介绍下他的背景吗? 

Andy Purdy:他是个工程师,这方面我不是专家。他多年前是人民解放军的基建工程兵,后来和其他四五个人一起凑了几千美元创建了华为,公司取得了惊人的发展,相比80年代后期其他公司比如Cisco, 可能增长速度没那么快。但他一直鼓励员工生产、创新、以客户为中心,华为长期以来致力于以客户为中心,了解、挖掘客户需求 并协助客户实现需求,华为并不强调赚取每份合同中的每一分钱,而是看得更长远。从长远来看 确保我们客户和他们的客户都赚钱,大家共同努力 共同获利。


主持人:现在在这个房间里所有人手上都有华为产品,或者说手机含有华为生产的零配件之类的?

Andy Purdy:我有一部华为手机,我把它放在那个房间了, 不过不一定所有人都有吧 。


主持人:为什么华为被认为对美国国家安全构成威胁?

Andy Purdy:这是一个复杂的问题, 没有一个简单的答案。华为的很多问题和地缘政治因素有关,从苏联解体、 中国在世界经济和军事上崛起以来,包括中国通过“一带一路”扩展到非洲和世界各地以及中国科技的不断发展,就一直存在这些问题。美国政府与中国之间的一些问题一直是一个主要因素,其中一些问题需要通过贸易谈判解决,一些问题可能要通过未来的对话解决。


美国的网络空间一直不够安全,因此 美国习惯从风险的角度看待问题 。无论是国家安全还是其他风险方面,从国家安全的角度来看,他们不只是看哪些公司或国家对美国有敌意,他们也关注潜在的风险 ,包括哪些国家有实力或机会后可能会对抗美国, 从而对美国造成巨大伤害,因此正是这种基于防范风险的观点影响着美国对华为的看法。这个更多的是从国家角度 而不是公司角度来看待问题了 。


主持人:好的, 我们把《华尔街日报》的Drew Fitzgerald请到了演播室,他负责《华尔街日报》电信和技术方面的报道。


Drew Fitzgerald:感谢邀请我,Andy 我想问下,在美国有一些提议甚至是颁布的法规已经全面禁止华为设备用于美国的大多数电信网络包括无线网络和有线网络中了,那么当前华为在美国的业务运作状况如何?


Andy Purdy:我们在美国有大约1500名员工 我们拥有非常强大的研发队伍,正如我提到的, 去年我们从美国购买了大约价值110亿美元的零部件,我们仍然在开展企业业务和消费者业务,我们目前的收入保持稳定。


国防授权法案的禁令我记得是8月份生效的 ,那个主要针对政府合同 这不是我们的重点,我们也没有与这些政府承包商合作,这一点可能更多的是会对未来的发展产生影响 。我们相信, 到最后美国肯定会有种种措施来保障网络空间的安全。到那个时候 我相信美国会允许华为和所有其他竞争对手同台竞争。


但与此同时,我们最大的担忧可能是现在为美国提供服务的一些华为的三级无线客户,我们认为我们提供的技术和服务对美国农村地区的农民、学校、人民和企业都至关重要 ,我们希望能继续为这些人服务。


Drew Fitzgerald:你们一直在和美国那些农村地区的小供应商合作吗 ?

Andy Purdy:是的,我们大约有40个这样的客户 


Drew Fitzgerald:在世界各地,人们都非常关注在诸如意大利、英国等地的华为设备或代码中发现的缺陷和漏洞,有什么方法确保华为设备和网络毫无漏洞吗?或者这是不可能实现的 ?

Andy Purdy:你永远不可能消除一切风险,不管在5G还是企业等其他方面,不可能消除产品中的所有漏洞。我们拥有的优势之一 我认为它确实是个优势,就是华为可能是世界上被审查和评估的最多的公司之一,因此我们的任何缺陷都可以被识别和弥补。例如 英国监督委员会在我们的软件工程流程方面发现的缺陷,这些都是我们流程中可以持续改进的一部分,我们认为这样的流程可以使美国更安全使网络空间更安全。


这些风险规避措施识别现有网络中的安全漏洞,消除威胁,我们需要防范来自所有供应商的风险,所有主要供应商在中国都有大量业务,因此也有对于中国政府的担忧,我们必须确保能够防范任何这些威胁 。


Drew Fitzgerald:这是如何做到的?这些委员会是如何检查数以百万计的代码行和非常复杂的设备的?其中一些还涉及华为的知识产权 。

Andy Purdy:在不同的国家有不同的计划和方法,在英国我们把源代码提交给政府监督机构审核,同时我们与运营商密切合作 包括评估版本更新等;我们在加拿大也有相关计划,不过加拿大政府不太想强调这一点;在墨西哥,私营公司也正在应对风险,我们在那里给AT&T提供主设备,他们没有被要求停止使用华为设备,因为AT&T是世界上风险控制最好的公司之一;在德国我们也正在制定类似计划,与德国联邦信息安全办公室(BSI)合作 制定有效的措施和机制以根据国际标准测试产品 ,掌控风险并应对风险,不过他们是想找到一个能解决所有供应商相关风险的方案。


除此之外 我们最近在布鲁塞尔还开展了一个新模式,三月初在布鲁塞尔成立了华为网络安全透明中心,我们让公司、客户和政府参观,他们也可以带上第三方专家,他们可以来评估我们的代码,我们认为这种外部评估是非常有用的,我们希望其他美国的竞争对手也能从中受益 。


主持人:Andy Purdy 你对英国国防大臣因为与华为相关的问题被革职有何看法?

Andy Purdy:我不清楚细节, 在我看来, 他被指控是因为他泄露了有关英国政府内部初步讨论的信息 ,他似乎提到过这些信息,我想更全面地看待这个问题。几个月前我在华沙的时候,美国副总统麦克·彭斯及国务卿迈克·蓬佩奥两位美国政府高官也要去那里,刚好也在那里,令人惊讶的是我们最亲密的盟友很可能是英国,但德国与欧洲其他国家以及世界各地的其他国家均表示你没有向我们提供、美国没有向我们提供华为存在网络安全违规的证据,我们确信可以采取有效措施来规避风险。


如果我们能够采取这些措施 我们将会享受科技带来的便利 更重要的是 能够从该领域的竞争获益,我们相信竞争对于技术发展、降低价格等都至关重要。


回顾我们前面讨论的,从网络安全角度来看 ,美国之前的安全状况也没有更乐观,那么美国做了什么?事实上,美国针对我们的竞争对手诺基亚和爱立信有专门的风险规避计划,支撑他们在美国开展业务,他们在中国的市场份额很大,其中诺基亚在中国上海湾成立了合资企业,此外还有其他风险规避措施 ,使美国政府确信诺基亚不会给美国带来风险。


我们只想和美国政府谈谈,讨论在美国可行的风险规避措施,以便我们提供的服务既有保障又透明公开。


主持人:现在我们来谈谈你的个人背景,你之前在联邦政府从事网络安全相关的工作对吗?

Andy Purdy:是的, 我做了很长时间的律师,我曾是联邦检察官,我加入过布什总统的团队 ,在Richard Clark手下做事, 然后从事国家网络战略工作,之后在2003年加入到国土安全部,当时我们组建了网络安全团队,后来我领导国土安全部的网络安全团队。


主持人:那么在你加入华为之前 你是不是花了些时间调研才选择相信华为?

Andy Purdy:我不信任任何人,坦率地说,当上司——华为全球网络安全和隐私官John Suffolk(曾担任英国政府首席信息官)聘用我时 我的职责主要包括两方面内容,在对外方面我们将倡导更安全的网络空间,我将能够并且事实证明我的确能够成为一个更安全的美国网络空间的倡导者,我并非替华为辩护,我想说的是我们需要最好的技术,我们需要参与竞争, 并且至关重要的是我们要应对风险,我们相信有风险规避措施, 我从未被告知该说什么、不能说什么。


坦率地讲,当你从大局来看 ,会发现我们不会通过中国政府发声,他们也不会代表我们发声,我们只想和美国政府谈谈,我们相信可以找到规避风险的方法。


主持人:我确信你对美国国际战略研究中心的Jim Lewis很熟悉,他最近在Moncton参加了这档节目,我想播放一段他关于华为的讲话视频。对于他的话您有什么感想?

Andy Purdy:我没听清前面他说的关于花几亿美元的……


主持人:他说华为得到了中国政府资助

Andy Purdy:没有证据表明华为得到了中国政府资助,这是一种典型的没有事实依据的指控, 只是假设但没有事实依据。我们的年度报告指出,每年只有不到0.2%的收入来自中国政府提供的各种基金,世界各国的其他竞争对手也会得到很多此类资助,因此,声称我们从中国政府那里得到大量资金并非属实


主持人:让我们请Drew Fitzgerald一起讨论这个话题


Drew Fitzgerald:我想回到你之前提到的风险规避问题上,因为在美国政府所做的批评言论或声明中,无论这些言论是否属实,实际上即使要审查所有的代码和操作,你们的一些竞争对手,如诺基亚、 爱立信说到底这些国家并不总迎合本国政府。但它们的所在国政府对美国政府比中国对其对立国家更友好。华为对此有何回应 当然这不是贵方能改变的 但是……


Andy Purdy:事实上,我们还是可以有所作为的。


但首先 我要说的是 诺基亚、爱立信甚至思科在中国的业务规模,诺基亚与中国政府积极合作创办合资企业,随着服务范围的扩大 相应带来了一些风险, 显然美国政府已经找到了解决这些问题的方法。


另一件事是 我看到由国家情报主管副主任最近谈到的两个问题,其中一个与后门有关, 他说他可以测试一下, 另一个与客户数据有关,这些问题都有应对机制,有人设想通过网络设备我们有权访问任何信息,我们尽量避免将这些设备应用于5G核心部分 ,而是应用于无线网络接入。事实上我们在为客户服务时有严格的要求。


还有人猜测华为网络与客户网络相连,实际不是这样的。例如,我们有各种机制,每次都要得到客户的明确许可才可接入,特别是在虚拟专用网络云访问客户网络时,专门配备的笔记本电脑,能够记录每一次与客户网络接触的动作,我们也愿意考虑采取更多措施来确保数据得到保护。但这些揣测是错误的 ,事实是人们一般是说设备供应商有风险。好吧 我们对此无法否认,但是 FCC新任主席Ajit Pai只是提到了这样一个事实,网络运营商他们有风险,他们控制着网络, 他们监控着进出的内部流量以便执行正常操作。

Drew Fitzgerald:这些是你的顾客? 网络运营商?

Andy Purdy:是的, 他们有自己的责任, ISO国际标准涵盖了联合国以外的国际联标准, 用于指导它们的行为。另外 他们还可以切断网络,这样如果网络被黑 ,我们必须预想到哪些人可能是黑客,因为你不能消除一切风险。一旦遇到问题你可以切断网络, 这样就能控制灾难性的后果 ,并且你能控制影响。所以事实上,某些事物的来源比我们对他们采取的态度的重要性要低很多。比如一家外国公司要收购美国公司,美国政府要求通过政府机构委员会监督的风险规避计划来确保不当行为得到管控,我们相信这才是正确的方式。


Drew Fitzgerald:我想回到你之前提到的内容, 即5G网络的核心部分,在该网络层级,无论是电缆公司还是手机公司都能看到几乎所有在他们网络上运行的数据,值得注意的是华为几乎生产了几乎各种网络产品,华为想要参与竞争的是5G网络核心部分吗?


Andy Purdy:我们想参与各种市场的竞争, 但是从风险规避角度来看,从消除风险的角度来看我们已经做出了选择。例如英国政府 最近发出的一份公告使形势非常糟糕,我们不会参与英国等国电信网络的核心部分,这是华为内部一致要选择的路。


但坦率地说 ,随着标准的发展以及我们在5G方面的全面发展,核心部分和非核心部分之间的区别逐渐加大,随着5G的发展 会对这些至关重要的区域和网络空间制定极其严格的认证要求。因此 核心部分或非核心部分就不那么重要了,有效和透明的风险规避措施 才是我们乐于讨论的话题。


Drew Fitzgerald:我想问华为最近的季度报告,华为提到华为利用这项新技术建立了大量的基站5G基站,华为正与许多供应商合作,具体情况如何?这些基站设在哪里?哪家公司最先使用该项技术的或5G设备?

Andy Purdy:我不确定我能否讲清我们已经销售的30至40万基站的业务情况, 我不是负责业务的,因此了解有限,这是公司宣传最广泛的信息之一。至于最新使用5G的企业, 所有与我们签订5G合同的企业都是公开的, 我一时说不出来具体有哪些。


但不可思议的是,今年第一季度我们的收入增长高达39%,你看去年 2018年, 你看那段时间运营商网络的状况,我们当时处于低谷 ,因为我们开始向5G迈进,所以我们期待未来情况会有所好转。


主持人:我们有没有可能面临必须使用两个独立5G网络的风险?一个在中国, 一个在美国。

Andy Purdy:不 ,我不这么认为。有趣的是,英国正在做的事情,我希望美国也那样做,英国没有过多的宣传,有一点非常重要, 我认为要管理风险和提高网络弹性,我们必须确保网络正常运行,若我们要全面部署5G这显得尤其关键。


过去15年间人们都在谈论网络安全,但并不是真正关心它这件事,因为大多数人并非真的那么在乎数据泄露与否。但在政府服务领域 ,我们仍非常依赖垂直的数字化产业部门。美国想要的是、而且私营公司要实现的是市场上存在多家供应商,因此华为希望能成为多家关键领域供应商之一,比如无线接入,这有助于提升网络弹性,降低风险。


主持人:有一种担忧 ,而且这也不是什么新的担忧点了,因为多年来 ,华为作为美国的一种潜在威胁一直被大家讨论,我们注意到斯里兰卡的互联网基本上被关闭了,我们也看到几年前的春季埃及也发生同样的事情,华为有没有可能关闭使用华为产品的人的网络服务?

Andy Purdy:关注一下过去12个月发生的新事件,也就是我们竞争对手在世界范围内发生的重大网络中断,网络服务的可用性正在不断的提高网络弹性,正在推动运营商制定更明晰的标准并承担责任,以确保能够满足政府、企业和人民的需要,这很关键。


事实上我们并不像运营商那样有权关闭网络,这是个理论上的问题,我们不会在产品接入网络后继续控制它们,但是从国家安全的角度来看从美国的福祉来看,我们必须确保运营商合规合法,我们必须确保降低设备供应商的风险,这样我们才能确保我们可以将我们日益依赖的网络服务维护好。


Drew Fitzgerald:我想问一些关于供应商合作和标准互通的问题,因为说到底,很多国家或公司不会依赖于一个单一的供应商来为提供他们所有的设备,华为参与了很多5G技术规格的开发,这些技术每个人都会用到,有一些运营商认为这些技术标准可能对华为有利,对于一家公司来讲,想从华为设备切换到欧盟或者东亚其他供应商的设备就更加困难了,一个公司能否从华为切换到欧洲或世界其他国家的设备供应商?他们能做到这一点吗?


Andy Purdy:我们提出开发5G标准的最重要的承诺之一,就是供应商的标准互通方面,我认为这是核心要点,运营商要求供应商达到此类标准,既要求标准互通,同时要求高质量和高安全性,所以这不是个问题。坦率地说,我希望美国投入更多的钱参与到更多的国际活动的筹备当中,由于政府投入减少, 他们对此类事件的参与度也相应降低,因此私营公司参与到了标准的制定。



我希望美国在制定什么样的标准、 怎么发展以及标准要解决的最大威胁是什么等方面能更有远见一些。比如说5G,在安全性方面有了很大的增强以后,会让大家都更安全,美国和盟国一起制定标准,这将是非常棒的。


Drew Fitzgerald:我想请问,美国正在发生的针对华为的案件,华为首席财务官孟晚舟今年早些时候在加拿大被捕,她会再上诉吗? 如果是的话, 你作何期待?

Andy Purdy:我想明天会有一场上诉.


主持人:在美国?还是加拿大的温哥华

Andy Purdy:加拿大。作为一名前联邦检察官, 我了解联邦法官有多不喜欢涉案人员讨论案情,因此,我希望不要在这里谈论这两个案件。


主持人:那么,你认为这是一个政治行为或是一个贸易战的行动吗?

Andy Purdy:每个事情都要看背景,我相信美国和加拿大的刑事司法制度,我想整个诉讼的过程都将以事实和法律为基础,判决结果肯定是基于事实和法律而做出的正确决定。我知道加拿大的所有法律流程都相当耗时,因此可能花的时间比人们预期的要长很多。


主持人:Purdy先生,在美中贸易谈判期间你恰好这里,你认为华为在这些贸易谈判中扮演什么角色?

Andy Purdy:坦率地说我不认为华为充当了任何角色,正如我之前提到的,尽管有人猜测华为是会谈的主题或参与了会谈,我们想和美国政府谈谈,中国不能代表我们发声, 我们也不通过中国发声,上周在布拉格的会谈过程中我们发现,30个国家包括美国都聚在一起探讨标准问题,当运营商、政府和供应商都聚在一起讨论了解风险和管理风险的必要性,这最终将惠及我们全体。


Drew Fitzgerald:华为被邀请参加布拉格会议了吗?华为有派代表参加活动吗?

Andy Purdy:我的上司出席了会议,John Suffolk在布拉格参加了会议,会议有一部分是开放性的,一个下午和一个早上有分组座谈会,汇总了会议过程中主席的讲话,涉及多个国家(包括美国)以及欧盟的公司,他们试图把这些纳入他们的工作中,包括和谁购买以及如何监督他们所做工作。


Drew Fitzgerald:我想问包括此次事件和上次布拉格会议中的美国官员去了很多地方,特别是欧洲,访问这些国家相应的官员 基本上都是去告诉他们不要从华为购买设备,这对华为在世界各地的业务有什么影响吗?

Andy Purdy:我不这么认为, 事实上我听到一些官员的言论,华为则表示这些是不错的宣传,我不会这样说。坦率地说 我对我们的盟国对美国的严厉回应感到有点难过,我认为美国是最后一个自由及人权的乐土,因此美国对世界的意义独特,遗憾的是 我们没能讨论这些关于如何控制风险的问题,很明显我们大多数盟友希望讨论真正的风险规避措施以提高安全性和透明性,这就是我们要做到的  。


主持人:Andy Purdy 考虑到你的网络安全从业背景和国土安全部背景,你认为在一般层面上 美国有哪些网络安全威胁?

Andy Purdy:我认为这些隐患几乎无处不在,我认为最大的问题之一是缺乏网络安全方面的承诺和领导力,我认为在过去的15-18个月里国家安全局做出了巨大努力,但是领导层要确保为竞选活动提供必要资金,要协助提出5G要求,明确美国公司特别是上市公司要怎么做、明确他们的关键责任是什么、我们能做的事情是什么, 这些方面要有更多的行动,我们要有目标、目的、里程碑计划,这样才能跟进进展,最终实现成功。除此之外,国会要有更严格监督, 要改善这些方面, 我们还有很长的路要走 。


主持人: 还有一件事我们没有提到,华为现在是全球第二大智能手机制造商,仅次于三星

Andy Purdy:我想说的是,美国政府在2018年初显然对AT&T和Verizon施加了压力,以安全因素为由让他们不要使用我们的手机,我想问的是,如果我们的手机存在安全问题,我们手机是基于Android平台运行的,那么是时候提高所有Android手机的安全要求了,我们要集中精力解决问题共同提升网络安全。


- END -

「持续行动第五年,LR是怎么做到的?」

LearnAndRecord

2015年2月8日

2019年5月28日

第1571天

每天持续行动学外语

您可能也对以下帖子感兴趣

文章有问题?点此查看未经处理的缓存