By Michael MacDonald, Chief Digital Officer at Huawei Asia Pacific
Fifth generation mobile cellular technology, or 5G, will play a gigantic role in the digital economy, powering ultrarealistic virtual and augmented reality experiences, redefining business with automation, and connecting more people and things than ever before. Combine this with cloud, IoT, and AI, and it’s about time we update our security thinking to keep up.
We live in a world of cloud connectedness and often forget it’s not just people on the network, its sensors, cameras, heck even toothbrushes. And applications no longer run on a single server, instead data might flow across multiple data centers, several networks and very likely even across international borders.
For decades, the 3GPP and GSMA have been the leading organizations that define and promote mobile standards and releases, rallying hundreds of vendors, thousands of operators, and ultimately billions of consumers behind them. Based on leading technologies, these organizations define the look and feel of networks of the future and ensure a level of interoperability, maintainability, and affordability that consumers need for mass adoption of digital services.
The 3GPP has over 700 members from the industry including vendors, operators, and policymakers and is the main standards body that defines mobile releases to meet the requirements of each mobile generation defined by the ITU-R.
With over 1200 member companies including 750 mobile operators, the GSM Association is an industry organization that represents the interests of mobile network operators globally.
The unique long-term relationship between the 3GPP and the GSMA makes them ideally positioned to address security concerns and so jointly they have established the Network Equipment Security Assurance Scheme, with the intention to launch an ongoing security improvement program that is focused on mobile network infrastructure equipment.
Ultimately, NESAS introduces a security baseline for the mobile industry to improve vendor security, transparency and operator confidence. Operators and security agencies can then build on this common security foundation to define additional security requirements if they want. NESAS will help address new requirements and issues while minimizing fragmentation.
Recently the GSMA has increased the scope of their role by launching their comprehensive 5G Cybersecurity Knowledge Base to further help identify, map and mitigate potential risks. The 5G Cybersecurity Knowledge Base provides guidance on a wide range of security risks and mitigation measures with the goal to improve trust in 5G networks and ultimately secure our digital world.
As a means to help 5G ecosystem players including vendors, service providers and regulators, the GSMA has conducted a thorough threat analysis with input from leading organizations including the 3GPP, ENISA and NIST.
To date the Knowledge Base includes a recommended set of baseline security controls that network operators should consider deploying to mitigate threats that include a range of known threats to mobile networks as well as those introduced more recently with Network Function Virtualization and GTP-U security, along with references to relevant standards and other best practice resources. The solution description for each control identifies specific advice that allows the operator to fulfil the control objectives.
In addition, several specific solutions are identified including Key Management for 4G and 5G used between the interconnect parties to secure the signaling communication, understanding potential risks, threats and countermeasures related to 5G interconnection security, guidance and recommendations for security algorithm deployment and both a fraud risk and security guide.
The Knowledge Base will ultimately enhance overall 5G security and awareness and strengthen the capabilities of businesses, operators and regulators and according to the GSMA website, provides step-by-step instructions to “build security assurance while considering the entire risk spectrum of 5G end-to-end networks.”
As the focus on security grows, vendors too are stepping up their game. In June of this year, Huawei opened its largest global cybersecurity and privacy protection transparency center in Dongguan, China, with representatives from GSMA, SUSE, the British Standards Institution, and regulators from the UAE and Indonesia speaking at the opening ceremony.
The center provides a platform to share expertise in cyber governance and work on technical solutions together with regulators, independent third-party testing organizations, and standards organizations, as well as Huawei customers, partners, and suppliers, and is specifically designed to promote cybersecurity development through joint innovation, security testing and verification.
Huawei further marked the event with the release of its Product Security Baseline, the culmination of over a decade of experience and the first time it has made its product security baseline framework and management practices available to the industry as a whole.
At the groundbreaking event, Mats Granryd, Director General of GSMA, said "The delivery of existing and new services in the 5G era will rely heavily on the connectivity provided by mobile networks and will fundamentally depend on the underlying technology being secure and trusted."
Managing cybersecurity risk is a shared responsibility. Governments, standards organizations, and technology providers need to work together to develop a unified understanding of cyber security challenges. The GSMA’s Cybersecurity Knowledge Base and Huawei’s Global Cyber Security and Privacy Protection Transparency Center are fundamental to setting shared goals, aligning responsibilities, and ultimately cultivating a cooperative environment to build the trusted digital environment we need to secure our digital futures.
About the Author:
Group Chief Digital Officer and Executive Consultant, Huawei Asia Pacific
Mike is a 23-year ICT veteran with a focus on digital transformation, technology leadership, industry trends, and customer insight. He has been with Huawei for 10 years and currently operates as Chief Digital Officer (CDO) and Executive Consultant of the Asia Pacific region. Mike has previously held several CXO roles including CEO of a global SaaS and IoT startup, Chief Solution Officer at a leading Cisco/Nortel Solutions Integrator, and Chief Technical Officer at Nortel Asia.