The Organisation of Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) has continued the OIC-CERT 5G Security Framework adoption among member countries in 2022.
Earlier this year, the OIC-CERT 5G Security Framework Workshop, hosted by CyberSecurity Malaysia was held in conjunction with the Malaysian Edition of Safer Internet Day 2022. It aimed to provide awareness of the importance of 5G security, to develop a common 5G security framework for risk assessment and management, and to develop a common standard for OIC member countries that can be used to mitigate any technical difficulties in rolling out 5G. This event set the ball rolling for similar workshops held in other OIC-CERT member countries. According to the Malaysian Communications and Multimedia Commission (MCMC), “The OIC-CERT 5G Security Framework will be another reference point guiding in ensuring the overall network security, resiliency and survivability of Malaysia’s 5G implementation.”
Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, CEO of Cybersecurity Malaysia and the OIC-CERT Permanent Secretariat, said, “The OIC-CERT 5G Security Framework has garnered tremendous interest since its launch in January 2022. Within ten months, we have promoted the Framework in six countries, resulting in in-person engagement with OIC-CERT members from Malaysia, the UAE, Egypt, and Tunisia, among others.”
“The UAE is leading the adoption of the OIC-CERT 5G Security Framework. The country is building a strong foundation in its critical information infrastructure that supports the emergent metaverse and other future digital initiatives. With the UAE providing a reference point on the versatility and adoptability of the 5G Security Framework, we hope to see more members joining the bandwagon by the end of 2022. This will play an important role in elevating the digital readiness of OIC countries,” he added.
At GISEC 2022, Middle East and Africa’s most influential and connected cybersecurity event, the Northern Africa leg of the roll-out in late March. This was followed by the Cybersecurity Innovation Series (CSIS) Egypt edition, where Mohd Shamir Hashim, the Senior Vice President of CyberSecurity Malaysia International Engagement and the Co-Chair of the OIC-CERT 5G Security Working Group, had a meeting with the National Telecom Regulatory Authority (NTRA), Egypt and the National Agency for Computer Security (ANSI) Tunisia. As a result, both agencies indicated the possibility of adopting the OIC-CERT framework in managing 5G security in their countries.
Recently, H.E. Dr Mohamed AI-Kuwaiti, Head of Cybersecurity for the UAE Government announced that the country had developed a UAE Telecom Cybersecurity Guidance, currently under review, which will effectively strengthen UAE telecommunication cybersecurity in a holistic and systematic manner, involving governance and management, implementation, and improvement of a secure, resilient and self-healing telecom network. Comprised of two parts, the Guidance defines a defense-in-depth, zero-trust driven multi-layered framework based on the OIC-CERT 5G Security Framework. This approach builds security incrementally from the physical layer security to the application layer security based on internationally recognized standards and best practices. The first layer on the equipment security looks at mandating GSMA/3GPP NESAS/SCAS certification as a baseline requirement in the first part to defining a world-first telecom information security management system or the T-ISMS based mainly on GSMA 5G Cybersecurity Knowledge Base and other global standards, which are all recommended by the OIC-CERT 5G Security Framework.
With the UAE leading the adoption of the 5G Security Framework, the country will become an ideal reference point that will provide guidance on how the framework can be utilized to promote the standardization of 5G security on an open and transparent platform to accelerate the seamless, cost-effective roll-out of 5G among the OIC-CERT member states.
The OIC-CERT 5G Security Framework is designed based on the Plan, Do, Check, and Act (PDCA) cycle of the security management systems. However, this framework does not extend many controls under PDCA, but instead further clarifies and simplifies the journey of 5G adoption for OIC member countries in terms of cybersecurity. These four components are uniquely developed as the enabler of PDCA, focusing on baseline and indispensable elements to better maintain and operate a 5G security system in a holistic manner.