As countries accelerate 5G development, stakeholders in the industry must arrive at a consensus to promote healthy and rapid 5G services. Telecom Review Asia interviews Dennis Chan, Country Security and Privacy Officer of Huawei Singapore, on the sidelines of the 2022 GSMA Mobile 360 Asia Pacific Summit, to delve into the importance of adopting international security standards to drive robust digital economies in an evolving threatscape. It is the grand return of the Mobile 360 APAC after it was running virtually in the past 2 years, with over 1300 registrations from 55 Countries and over 150 speakers, 52% from its core ecosystem and 48% from adjacent verticals.
The nature of 5G introduces security risks that stem from new services, architectures and technologies not present in previous generations of mobile communications. For instance, interworking 5G networks with cloud, AI and IoT adds to emerging security threats as new attack agents for malicious actors widen the attack surface.
Yet at the same time, 5G delivers security enhancements over 4G, such as enhanced cryptographic algorithms and privacy protection, heightened operator roaming security, user plane integrity protection over the air interface and service-based architecture (SBA) domain security.
Elaborating, Dennis Chan, Country Security and Privacy Officer of Huawei Singapore, said, “In terms of enhanced cryptographic algorithms, 5G standards have continuously evolve on security mechanism such 256 bit encryption algorithm. Moreover, in 5G, international mobile subscriber identities (IMSIs) are transmitted in ciphertext to mitigate attacks, while new SBA domain security helps address security risks posed by the SBA. Chan also noted that operator roaming security is enhanced as 5G defines Security Edge Protection Proxy (SEPP) to implement E2E security protection for inter-operator signaling.
Amid a changing cybersecurity landscape brought on by 5G, the industry calls for trust built on global security assurance standards to provide all stakeholders a greater level of confidence. Already, various security certification methods have been established over the last three decades to assess the security postures of telecom operators and suppliers, as new waves of risks and challenges emerge.
For instance, the GSMA has developed the Network Equipment Security Assurance Scheme (NESAS), a security advancement aimed at 5G communication, to cover security standard requirements and assessments of the quality and characteristics of telecommunication equipment. In addition, the 5G Cybersecurity Knowledge Base provides guidance on identifying risks as well as mitigating measures to help stakeholders systematically understand and respond to 5G cybersecurity threats at a technical level.
Concurring on the importance of embracing industry standards to accelerate digital aspirations and deliver affordable and quality 5G, H.E. Thong Chenda, Chairman of Telecom Regulator of Cambodia said in his keynote speech at the 2022 GSMA Mobile 360 Asia Pacific Summit: “Cambodia plans to issue 5G commercial licenses in the following years and encourages leading global and national mobile operators to participate in 5G service development. In terms of spectrum, Cambodia supports the global unified 5G spectrum division and standard formulation initiated by the ITU and GSMA.”.
“While promoting the healthy and development of 5G services, Cambodia believes that international security standards need to be adopted to safeguard the development of the digital economy. Various security certification methods have been created over the last 30 years to assess the security postures of suppliers and operators.” H.E. Chairman shared.
Sharing this sentiment, Chan noted that “in today’s digital world, international standards are recognized by most global stakeholders and represent a fair system that speaks a common language across different markets”. It is with this understanding that, at Huawei, product security is a critical component in the R&D process, during which products are tested and certified with NESAS by industry certification bodies.
“Standards also establish a unified set of requirements for compliance and that include verification and testing which will be performed by certification bodies, so that any product that can conform to these standards will demonstrate its level of quality and safety baselines have been met,” Chan added.
Public-Private Partnerships to Safeguard the Development of Digital Economies
Cybersecurity is an opportunity for stakeholders to engage in enhanced cooperation to promote security and digitization in today’s digital space. Chan shared that “public-private partnerships will allow collective effort from all stakeholders to strengthen security defence and effectively reduce risks”.
Recognizing the need for close collaboration, Huawei works with regulators, service providers and developers to ensure due diligence on cybersecurity. For instance, Huawei has partnered with the Cyber Security Agency of Singapore on the Cybersafe Partnership Program to develop the Cyber Essentials Mark to help SMEs with their cybersecurity posture.
Huawei is also partnering with the Cambodian government to accelerate digital transformation. Sharing on this, a spokesperson from Huawei Cambodia proposed safeguarding the development of the country’s digital economy based on the international security standards.
This means Cambodia supports and recognizes the importance of adopting security standards such as NESAS and GSMA 5G CKB as these standards and measures as a regulatory basis to standardize telecommunication services are effective and provide the highest level of security for subscribers.
“On the other hand, Cambodia is committed to cooperate with the development partners in building the nation while also ensuing that cybersecurity standards are in place especially in this post Covid-19 recovery era,” the spokesperson added.
“Essentially, cybersecurity is about shared responsibilities.” Chan concluded that Huawei will continue to focus on partnerships with regulators, service providers and other eco-partners to leverage both the security knowledge base and optimal standards to develop robust 5G ecosystems.