As mobile broadband begins to reach every corner of the world, people’s desire to unfold the blueprint of the coming fully connected world is increasing.
5G and its next generation, 5G-Advanced (5G-A), is becoming a reality, and the lifecycle for 5G will last for a while. Based on the successful experiences of 4G security, controlling 5G security risks is achieved through joint efforts of all industries.
The industry is working together to address new security risks faced by 5G architectures, technologies, and services and potential security challenges through unified 5G security standards, common 5G security concepts, and an agreed-upon 5G security framework.
The convergence of telecommunications with other sectors, such as healthcare, education, and transportation, necessitates a holistic approach to policy development. Regulators must foster cross-sector collaboration and create an enabling environment for developing innovative digital solutions that address societal challenges. This requires a forward-looking, flexible regulatory framework that encourages experimentation, promotes interoperability, and protects consumers’ rights.
The GSMA MWC Shanghai 2024 took place under the umbrella of the Future First theme, bringing industries, continents, technologies, and communities together to realize the future’s potential. The event also featured the Middle East and Central Asia Policy and Governance Forum, themed “Driving Policy and Innovation to Shape Our Digital Future, which spotlighted the importance of regulatory authorities and stakeholders’ collaboration in the region in networks cyber security international standards adoption.
John Hoffman, CEO of GSMA Ltd., said: “MWC Shanghai is a golden opportunity for innovators, creators, policymakers and business leaders from the connectivity ecosystem to drive positive change, showcase the latest products and services, and create unmissable experiences.”
The forum discussed how to ensure 5G operations comply with national security regulations, including suggestions for regulators on developing laws and regulations and implementing regulatory policies. Senior officials and experts from the GSMA, regulators, and operators from the Middle East, North Africa, and Central Asia region, the China Academy of Information and Communications Technology, and Huawei shared industry policies, successful practices, and valuable insights on key industry trends, with a strong emphasis on cybersecurity.
The forum also covered the importance of spectrum, optical, and datacom policy planning and explored how carriers, enterprises, oversight agencies, and regulators can enhance mobile security capabilities and provide guidance for risk management strategies.
The forum sought to promote the adoption of NESAS and MCKB standards, which aim to address the growing cybersecurity challenges the telecommunications industry faces. As digital services become increasingly critical to our daily lives and businesses, ensuring the security and resilience of networks has become a top priority for policymakers, regulators, and industry stakeholders.
During the forum, industry experts emphasized the importance of a multi-stakeholder approach to cybersecurity, involving close collaboration between governments, regulators, operators, vendors, and other key players. This approach recognizes that no single entity can address the complex challenges of cybersecurity alone and that a collective effort is required to build a resilient and secure digital infrastructure. Industry leaders have also emphasized the need for collaboration and knowledge sharing in addressing the complex challenges of 5G security. Huawei serves as a model for how the industry can work together with regulators, industry associations, and partners to develop and implement robust security standards that benefit all stakeholders.
Jawad Abassi, Head of MENA at GSMA, who moderated the roundtable discussion, said, “The GSMA regularly explores a range of security considerations including secure by design, 5G deployment models and security activities. Good security practices and policies by industry suppliers are essential. The mobile ecosystem should empower advancing positive policy and spectrum outcomes, driving digital innovation to reduce inequalities in our world and tackling today’s biggest societal challenges.”
In 2020, Huawei’s 5G wireless and core network equipment was the first to pass the GSMA’s Network Equipment Security Assurance Scheme (NESAS). The integrated assessment process avoids fragmented assessments and their resulting costs while improving the transparency of security protection levels in the industry through visual and measurable results. NESAS covers 20 assessment categories, defining security requirements and an assessment framework for 5G product development and product lifecycle processes. Additionally, it uses security test cases defined by 3GPP to assess the security of network equipment.
Aloysius Cheang, Chief Security Officer, Huawei Middle East and Central Asia, reiterated that Huawei has taken a proactive approach to telecom cybersecurity standardization. Cheang said, “Cybersecurity is a team sport, and together with GSMA, we can leverage their good work, such as NESAS and MCKB, that will lay the foundation to secure broadband, 5G, 5G-A, and beyond.”
The Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) is also one of the key active players in the domain of network standards in the 5G era. In 2023, the OIC-CERT 5G Security Working Group announced the launch of a Harmonized and Unified Cybersecurity Certification System (HUCCS) as part 3 of the OIC-CERT 5G Security Framework, to systematically and comprehensively provide a common assurance mechanism for the individually certified cybersecurity outcomes of 5G networks and services among the OIC member states. Huawei was the first global ICT player to join the Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT), currently the third-largest CERT organization in the world.
In Jan 2024, OIC-CERT participating members finalized action plans and initiatives like the OIC-CERT 5G Working Group & Cloud Security Working Group, 5G security, and Cloud Security Framework. The creation of a new potential working group for AI security and supply chain security was also discussed. In conclusion, unified, authoritative, and continuously evolving standards, such as the Network Equipment Security Assurance Scheme (NESAS) jointly defined by the GSMA and 3GPP, are required in the assessment of 5G cyber security to promote continuous improvement of 5G security in the mobile industry. It is recommended that stakeholders work together using their expertise to build a 5G security system, continuously improve 5G security, and ensure that 5G security risks are controllable.