 Right, so I'm going to be talking about things from a manufacturer's point of view. I represent Hawaii and the UK. So just going to start with just reminding ourselves of the landscape. So the technology over the last 25 years has delivered massive social benefits in terms of health, in terms of education, in terms of opportunity. And I think it's really important that we don't lose sight of the positive aspects that technology has delivered when we start thinking about the threats. So now we live in a world of truly global networks, truly interdependent networks. A true global supply chain across the industry that we have. We've moved into the Internet of Things. There are 7 billion people on Earth, there are 50 billion devices interconnected. And in a lot of cases, those devices are not necessarily obvious to us in our day-to-day lives, but they're definitely there and they're definitely connected. And we throw terms around, like global supply chain, without necessarily thinking about what does it actually mean in practice. So for reasons I don't bore you with, I have the pleasure of carrying two cell phones. So I have a cell phone manufactured by my employer, Hawaii. So Chinese company. Now I look at my cell phone and if I think about Hawaii's products, about 30% of our components come from China. 32% of our components come from America. 10% from Europe. The rest come from the rest of the world. I also carry an iPhone. It says on the back, designed in California, which I believe is still part of America at the moment. And then it says next to that, it says made in China, okay? So my question is, is my Chinese phone more American than my American phone? Because the truth is, in the world we live in today, there is no such thing as an American device, a Chinese device, or a European device. There happens to be a particular company which is headquartered in a particular part of the world, but every device is now part of the global supply chain. So when we're thinking about securing our technologies, we need to make sure we're clear. So I've been in the industry since 1980. And in my experience, there's two types of security. There's real security, which is based on facts. Facts based on evidence, evidence based on evaluation. And it's really hard. If it was easy, we'd have already done it years ago, right? And then the other type of security is the illusion of security. Now, the illusion of security is based on paranoia, based on fear, based on doubt, and it's easy. Because you don't have to do any of that evidence, malarkey. You can play to stereotypes, okay? But when you do that, it's not securing your assets. So to make sure we get the social benefits and continue to get the social benefits of the technology, we need to deliver two things to the community. We need to deliver secure networks, but we also need to deliver trust. Trust at a consumer level, a corporate level, and a regulator level. And trust is often based on emotion. As we've seen with the food chain, that when trust is based on emotion, it can be misplaced. We've seen in Europe with the meat scandals. We've seen in China with the baby milk scandals. So therefore, as part of that delivering secure networks and delivering trust, we need to make sure it's based on facts. And that's the target for us to deliver. The threats have changed, as my friend up on stage who has just described. The threats have definitely involved. So I spent 10 years in the virus industry. And there was a tipping point in about August 2003, 18th of August, when we saw the so big virus come out. And I'll give you two data points. Christmas 2002, 25% of all of the email on the internet was virus or spam. Jump forward a year, Christmas 2003, 75% of email on the internet was virus or spam. And it was due to the industrialization of the virus industry. In the early days, as he says on the slide, you had the classic crazy guy in his back bedroom knocking up a virus, trying to break into the Duke of Edinburgh bank account because he wanted to embarrass him. Jump forward to the end of 2003, now it's a multi-billion dollar business. Now there's real money to be made. So it's not just the good people who are making money out of the internet or so the bad people are looking for opportunities to exploit it. So therefore the landscape has fundamentally changed. Now I go to quite a few of these conferences, and I speak. And you're always guaranteed that at some point during the session, someone will stand up and say, what we need to do is we need to collaborate. And then someone else will stand up and say, what we need to do is we need to share information. Now at the end of the conference, we'll put our coats on, we'll leave and we do nothing. Right, that's the human condition. So we need to change that. We need to open this in transparency in how we're approaching the technology. And the way we've approached it in Huawei is that we've looked at what did the Japanese do in the car industry back in the 1960s. So I grew up in the UK in the 1960s and 1970s. And back then, the UK car industry had a quality problem. So the UK's response to that was, what we need to do is at the end of the production line, we'll have our best quality engineers and they'll check all the cars and any of the cars that don't reach the quality will throw the cars away. And we'll measure how good they are by how many cars they reject. The Japanese had a different approach. The Japanese said, you don't want your best guys checking the cars, you want your best guys building the cars. So the approach the Japanese took was they said, right, we're going to build quality in to our cars right at the very start of the production line and through every single process in that production line. And that's why, ultimately, the Japanese won, okay? We need to take the same approach for cybersecurity. Now I say, I joined the industry in 1980 and back then it was pretty simple. I could draw on a single piece of A4, the entire telecoms architecture of the UK from memory. You jump forward to where we are today, I'd struggle to draw the average corporate network with the amount of layers and complexity in the architecture. But often our approach to security hasn't changed. It's still a bolt on. As people rush towards features and functions right at the end of the production line, someone will say, right, now what we need to do is make sure those features are secure. It's too late. So the approach needs to be a built-in approach, not a bolt-on approach. So in Huawei, what we did was we looked at our experience of 26 years in the industry and said, okay, what have we learned in those 26 years? And we took that as a data point. Then we looked at what are the rest of the industry do on security and we took that as a data point. We then brought in external consultancy. It's done a lot of money on external consultancy to get their view of what do we need to do and part of the external consultancy part was about evidencing what we do. Because it's no good taking my word for it, right? Then the fourth thing we did was who are the people who really know? Well, let's talk to our customers. Let's work in partnership with regulators to get their view. Because the mantra in our organization is the ABC rule. Assume nothing, believe no one, check everything. Quite a cynical lot. But that's the way you need to build security and it needs to be evidence. It needs to be open and transparent. It needs to be that you can bring someone else in and say, don't take our word for it, look at what we've built. So we've basically taken that approach and made sure that every single facet of our business has cybersecurity built into it, right at the feature development stage right through to delivery. What that means in practice is you need to cover every single aspect of your business from the strategy and governance right the way through to standards, making sure that we're thinking about the standards bodies and my boss, John Suffolk, one of his statements is, the problem with standards is there's too many of them. They're not standard. So what we need to do is think about the NIST platform and the NIST directive and for the first time make sure every stakeholder has input into it. It's up till now, in a lot of cases and I think one of the reasons why today is so important is that you've had like-minded individuals working in small silos, segregated from each other. But because we need to build that truck, consumers, corpora and regulators, we need to make sure that all the stakeholders have a voice. So I think part of it again today is to make sure everyone is involved in this debate so that when we're building the technology it is open and transparent and everyone can see exactly what we're delivering. The laws and regulations. So I have the benefit of living in the European Union. We have a single data protection directive implemented in 28 different manners. It's really hard, right? So when we're thinking about European regulation and we're thinking about start-up communities, again we need to think about do the regulations scale down to a start-up as well as scaling up for a large corporation? I've worked in a number of start-ups. I've worked in start-ups in Europe. I've worked in start-ups in the US and running a start-up in Europe is really hard because effectively you left, because of the complexity you left with three choices. Do I limit my vision? Do I become a niche player because it's too hard to operate in 28 countries? That's an approach, limit my ambition. The other approach I can take is do I just ignore the regulation? I try and fly below the road for so long that by the time someone catches up with me I'm big enough to bind myself out of trouble. Or the third option is give up on Europe and move to America and come back to Europe when you're big enough. Okay, so again we need to think about the regulations. Human resources, my friend has already spoken about that. People are always your weakest link. Always your weakest link. I ran operations for a number of years and in operations, the kind of mindset is people always do two things for you. They're always guaranteed to do two things. They do lots of other things but people always do two things. They cost you money and they make mistakes. That's what they're always guaranteed to do. So we're thinking about people we need to think about what are they actually doing not just measuring the outcomes. It's about, I don't know, 200 of us in this room. So imagine all of us working the same company. We all turn up every down, we all make widgets. But one person in the room, my friend David here he's faster than the rest of us. And you say, well done, David. He must be better than the rest of us because he builds widgets faster than everyone else. No. The key to people management is, why is he faster? Really understanding, if we build processes to deliver security, we need to make sure that that process is followed and that he's not faster than the rest of us because he has to be cutting steps. The most extreme example I can think of of that is the Chernobyl nuclear disaster, right? So this room minus was about Chernobyl. So they were doing a load test. They were due to do the load test during the day. But because it was unseasonally cold that day they kept the power station on during the day and they thought, right, what we'll do is we'll run the test at night. And for reasons we'll probably never understand the guy that night who was in charge of the power station said, you know what, there's a lot of process here. I think we can cut some of these steps out. Now we have no idea how many times he'd cut those steps out in the past and been successful. We do know that the night he decided to cut those out he wasn't successful, right? So when we think about people, we need to make sure we're not just measuring the outcomes but we're measuring exactly how they're delivering their work. I've talked about research and development, making sure we have those processes built in, think about security at the start. And it goes around all the elements, every single aspect of the business, including auditing, making sure that we have openness and transparency. So, I'll close at that point a couple of things. This is not a single company or single country issue. We have global connected networks. I've talked about the example with the phones. So therefore we need to think about the supply chain and making sure we're measuring all of the supply chain. That we're not judging security based on the color of the flag outside the headquarters building. We're measuring security and the componentry within the networks, the architecture of the networks, the people who are running the networks, making sure we're covering all aspects of it. And as I say, we're trying to do that in Huawei, but it's not just about us. It's about everyone in the community doing the same thing, raising the bar for everyone in the industry on there. We've made massive social benefits, massive social changes. We need to make sure we don't lose those social changes by overreacting and not put in place to protect ourselves. Making sure we put the right measures in place to protect ourselves. And that's why it has to be a community approach to a community problem. And with that, I'll close. Thank you. David.