Discussions between Chinese technology giant Huawei and Britain's intelligence service GCHQ sparked a rethink of its foundational code and, ultimately, a near total rewrite of its legacy software, according to the vendor's 'rotating CEO' Eric Xu.
This has helped Huawei better align with current standards, and future proof its product line, he added.
At a wide-ranging press roundtable today at Huawei's Shenzhen headquarters, Xu also spoke about what he sees as overt politicisation of the 5G security debate, and hit back at claims led by America and Australia that the company is a risk to national security, as well as threats from president Donald Trump to no longer do business with the company.
Xu pointed out that Huawei has virtually no presence in the USA anyway, in either its enterprise, networking or consumer electronics wings, although it did provide connections to rural communities at one point.
US Secretary of State Mike Pompeo went as far as to suggest that Europe's relationship with Huawei could threaten the relationship between the USA and Europe, in comments made on Monday.
"I think Mr Pompeo's remarks are yet another indication that the US government is undertaking a well-coordinated geopolitical campaign against Huawei," said Xu. "It's essentially using a national machine against a small company - as small as a sesame seed."
He added that he believed Huawei's customers in more than 170 countries can speak better for "what kind of" company Huawei is.
Xu asked: "Is the recent fixation on Huawei truly about cyber security or could there be other motivations?"
"Are they truly considering the cyber security and privacy protection of the people in other nations, or are there possibly other motives? Some other people argue that they are trying to find leverage for US-China trade negotiations.
"Some other people argue that if Huawei equipment was used in those countries, US agencies would find it harder to get access to information of those people, or find it harder to intercept their mobile communications... I believe in the wisdom of seven billion people in the world and I figure they clearly can see those different types of possibilities."
Xu added that China and Europe have long worked together to create unified global standards both for 5G and for future mobile communications technologies, with the aim of producing greater clarity on security needs and allowing vendors to follow a single set of standards.
He also highlighted how "no American company" is in the top-five 5G equipment producers, namely: Nokia, Ericsson, Huawei, Samsung and ZTE.
"But now, some politicians have turned either 5G or cyber security into a political or ideological discussion which I believe are unsustainable," he said, adding that he believes "technology is technology" and that it will spend on engineers and scientists to create products around those agreed-upon global unified standards.
While there is currently a raft of controversy aimed at Huawei from some of the Five Eyes countries - the countries whose alliance in spying on the world in a global surveillance dragnet was exposed by Edward Snowden - Huawei has also enjoyed a long relationship with two of those countries, namely the UK and Canada.
In fact, as well as two major deals signed with the British government over the last decade, the former CIO for the British government, John Suffolk, now heads up Huawei's independent cyber security lab in Banbury.
There, Huawei products are torn apart and the code is closely examined by British national cyber security leaders with high levels of clearance.
"I'm not very clear about Huawei's cooperation with the intelligence agencies of the countries you mentioned but I know Huawei's engagement with GCHQ in the UK," Xu said, responding to a question from Computerworld UK about this seeming contradiction between the Five Eyes nations. "Huawei's collaboration with the UK, I think, is a constructive collaboration."
"Huawei's investment development presence and engagement with the UK government has been taken as a case study to a certain degree," he added.
Xu added that the UK's approach to free trade based on "clear rules and rational regulation" for addressing concerns has been fundamental to the relationship between the two parties.
A $2 billion legacy re-write
As mentioned earlier, this collaboration went as far as Huawei offering up its complete source code to GCHQ and the British government.
While the British security services were satisfied that there were not 'back doors' in Huawei equipment, Xu said that the process of increased security scrutiny led to a "fierce" board room debate about how the company can protect its current and future portfolios, as well as baking in resiliency from the start.
The result will be a five year commitment to improving software engineering capabilities to the tune of $2 billion, Xu said.
"So what's going around in a big way in other countries right now about this back door discussion in cyber security has long been addressed in the UK," Xu said.
"And I think this whole discussion around back doors was long addressed when it comes to the UK from the time that Huawei decided we delivered our source code to the UK for testing."
But, he added, the company is aware that the threat environment keeps evolving. He compared defences alone to being akin to the shell of a coconut - a very firm outer layer but with water inside.
So during the company's work with the British government it was decided that the company will "re-factor" or re-write its 30-year legacy source code, to create resiliency now and also in the future around these incoming 5G standards and beyond.
"As you can imagine the investment is massive, and this also has impact on the project schedule in terms of functionalities and features we deliver to our customers today in the market," Xu said.
"On this specific topic there has been a long, strong debate between Huawei [and the British government] in a sense that we wanted to focus on the incremental, the new code instead of re-factoring all the legacy code."
But because cloud intelligence and software-defined products will only become more prevalent, the company decided that it would need to embark on a comprehensive software engineering transformation programme. This was agreed on last year after "fierce" discussion at the board level.
"This transformation will take three to five years to complete," Xu said. "Essentially, it will take the future standards, future requirements to reboot our processes for software production. And we are going to take those future standards to refactor or rewrite our legacy code."
This is where the additional $2 billion in R&D budget comes in, to be used "primarily for legacy code refactoring, training or retraining of our R&D engineers".
Is the mask slipping?
Finally, Computerworld UK asked if the mask was slipping in terms of the seemingly more overt geopolitical links to the development of technology - particularly now that the American companies are being challenged.
"Technology has always been really combined with politics. What is politics? People can politicise one thing if they want to, and they can definitely not politicise one thing if they don't want to," Xu answered.
"How to address it in the end? I believe humanity has gone through such a long history and such a long journey and there are a lot of people who have the right wisdom.
"For sure technology advancements bring benefits to humankind. Take 5G for example - 5G can certainly bring benefits to the general public in that they can enjoy much better digital experiences. It's certainly not the atom bomb.
"5G, in whichever case, will not hurt people."
He went on to talk about the importance of GDPR and the presence of robust privacy protections, "so as long as players follow those standards then privacy will be adequately protected for people in the UK and across Europe," he said.
"Any company who violates the stipulations in GDPR will be subject to severe punishment. So we appreciate standards and regulations such as GDPR. In a sense GDPR is open, transparent, and non-discriminatory.
"That applies to all the players. So whether you get praised or punished totally depends on whether you act in a way that's written in accordance with GDPR regulation."
"I think the similar standards can be set up for cyber security if we only look at it from a technical point of view - as long as there are standards on cyber security that are open, transparent, and non-discriminatory. I think that would be a clear guideline for all the players.
"Those who follow, it's OK to keep doing business. Those that violate - they will get punished. As simple as that."