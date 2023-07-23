Il Cyber Security and Transparency Center di Huawei, in Rome, overlooks the luxuriant green park that surrounds the large fortified monastery that is the Tre Fontane Abbey. From the windows of the center one would enjoy a heavenly view, were it not for that the windows are largely darkened. Because the Huawei building is too a kind of fortress. Metal detectors, video cameras and ubiquitous badge readers underline the importance – and confidentiality – of the work that takes place inside.

It is no coincidence that the man who directs the work inside the structure, Luke Piccinelli, who performs the functions of Chief Cybersecurity and Privacy Officer of Huawei Italia, has two rooms available. “It is my role that requires them for security reasons – he explains – One room is located in a public environment and is available for external activities. While the other, reserved and safe inside the CS&TC, is a further demonstration of the company’s seriousness and professionalism, aimed at guaranteeing the highest security standards for institutions, customers and the Italian business community to which we address”.

Huawei’s CS&TC allows customers of the Chinese company to carry out safety checks on the equipment it produces. “But there’s more – Piccinelli proudly says -. Here government agencies, expert technicians, industry associations and standardization bodies, have at their disposal a platform for security communications, collaboration and innovation on security standards and verification mechanisms. This structure is open to customers and independent third-party certification bodies who can perform fair, objective and independent security tests and verifications”.

In fact, in the most protected rooms of the structure, both company personnel and customers and third-party certification bodies can use software, technical documentation, test tools and the technical support necessary to perform tests according to recognized standards.

In Huawei’s CS&TC, control over equipment is continuous. “We don’t only carry out tests before the products go live on the market – says the manager – but also afterwards, through monitoring that requires a connection to the tools in use”.

In this process Huawei believes, and above all invests, a lot. Globally, the Chinese company spends more on cybersecurity than anyone else in the sector: a figure that amounts to 5% of the company’s R&D investments, averaging $750 million annually.

“Furthermore, 2% of engineers at Huawei, which has over 190,000 employees, are specialized in cyber security – reads a company statement – compared to 1% of the industry average”.

“What we do in the CS&TC – says Piccinelli – also has an impact on the development of Huawei’s products, since we carry out tests on their security from the early stages of design. We are talking about cyber security by design, which therefore embraces the entire production cycle of the machines and also of the software”.

Luke PiccinelliChief Cybersecurity and Privacy Officer di Huawei Italia

In short, Huawei engineers and designers, when they design a new device or, for example, a new component for network instrumentation, are already well aware of what they are. the required safety standards, and set their work right on these. In the company’s cyber security centres, such as the one in Rome, a further test and verification step is carried out.

“In this center, in Italy, for example, it is also possible to consult and check the electrical diagrams that are designed and produced in China – explains Piccinelli – or you can carry out tests on components that are supplied by third parties and which will be inserted into Huawei products. And which in any case must comply with the standards from the outset”.

“Standard” and “certification” are two words that Luca Piccinelli repeats often. They are terms carved in stone, for those who firmly believe in the Gospel of cybersicurezza.

Without certain standards, shared internationally, it would be chaos. Piccinelli knows this well, it’s a lesson he learned early. His career has gone through crucial phases of change in the world of cybersecurity. When the manager of Huawei took his first steps in this area, things were very different.

“After my classical high school diploma, I attended the engineering faculty at La Sapienza and I graduated with a thesis on the old Marconi Electronic Systems – says Piccinelli -. Later I did a master’s degree in safety science. And I put what I learned to good use almost immediately, because I won an Air Force competition and for two years, between 1999 and 2001, I managed the security at the Viterbo military airport”.

Piccinelli smiles. And he says: “Basically I realized the dream I had as a child: I liked planes but also antennas and telecommunications”.

“But at the time, at the beginning of the 2000s to be clear, few talked about safety – adds the manager -. Safety managers, like me, were not even invited to meetings”.

From security to the armed forces, and after a working interlude in the Italian missile company – “I was in charge of the security systems of the command and control stations” – Piccinelli moved on to the world of telecommunications. He started his new adventure in London, together with British Telecom, for which he worked on the launch of the 3G technology. Then he moved on to an Italian operator, Blu, to whose development he contributed by dealing, in particular, with cybersecurity.

And in 2003, exactly twenty years ago, Piccinelli moved to Telecom, where he remained for a decade holding various positions, including the one – which after some time seems to be more dear to him – of Telecom delegate at the Global Certification Forum, “an English company – says Piccinelli – which certifies smartphones internationally”.

“At the time – adds the manager – there were interoperability and security problems to solve. I also chaired this company’s cybersecurity subgroup for a time. I spent at least a week a month on this commission, flying all over Europe, the US and Canada.”

At a certain point, one of Piccinelli’s routes crossed with that of Huawei, which is not simply a manufacturer brand of smartphones, notebooks or smartwatches. The Chinese company, based in Shenzhen, is also – and today above all – the world‘s leading supplier of network equipmentwith a market share of 25%.

It’s 2013 and Piccinelli moves to Huawei bringing with him a wealth of experience. And an awareness: “Standards, in the development of a technology, are everything – he says -. First of all because they guarantee the interoperability of the networks, in short, they allow operators to ‘talk’ to each other. And then, which is no less important, because they make the networks themselves more resilient and secure”.

‘Standard’ is the word Piccinelli would probably like to see written on the walls of the department he heads. “When years ago I moved from the United States to China, passing through Europe, every time I had to change my cell phone depending on the country I was in – he says -. This meant that there were different standards. And that international security cooperation was very difficult. For many years, however, fortunately there has been a standard called Common Criteria which dictates guidelines for all technologies. This standard sets standards and requirements that must be met by manufacturers around the world. Let’s not forget that the computers or smartphones we use have parts that come from different parts of the globe”.

Indeed it is. It may happen that a product is designed in the company’s country of origin but then produced in another, “just as a Huawei smartphone has glass that is worked in Paris, France, and perhaps a camera that was produced in Germany,” explains Piccinelli.

“How do you think these pieces of hardware integrate into one device securely? It is possible because the large manufacturing companies have sat down at a table and have drawn up requirements, let’s call them protocols, which must then be respected”. Let’s take the USB port for example. “If it is unassailable – explains Piccinelli – it is because behind it there is a code and a series of firewalls that prevent it from being attacked. Once the standard is shared internationally, it’s strong.”

This is, therefore, the most complex and fascinating challenge that cybersecurity and the people who deal with it face on a daily basis. Don’t be divided by geopoliticsfor example, but rather be as open as possible, because cybersecurity is pure technology that requires discussion and continuous dialogue.

“And this is also why – explains Piccinelli – we Cyber ​​Security Officers often talk to each other, trying to use the same language to guarantee the security of our products”.

The constitution ofItalian Cybersecurity Agency, according to Piccinelli, was fundamental in giving new impetus to the tests that are carried out in our country. Thanks to the certifications issued to the laboratories of our country, it is in fact established a new technological sovereignty which allows you to carry out checks in compliance with international standards, of course, but directly in the structures present in the area. An advantage that is not insignificant.

Piccinelli, for his part, wakes up every morning with a thought that accompanies him in his working days. And that makes him happy: “With what we do in our center, I think we are making a contribution to the growth not only of Huawei, but also of Italy itself from the point of view of cybersecurity”.

