As the world becomes increasingly connected through advanced telecommunications networks, ensuring the security and resilience of these systems has become a paramount concern for governments, industry players, and consumers alike. To address this critical challenge, the GSMA has been at the forefront of developing and promoting industry standards and best practices, with its Network Equipment Security Assurance Scheme (NESAS) being a prime example of its efforts.
NESAS was a key focus area during the Middle East and Central Asia ICT Policy and Governance Forum, hosted by the GSMA at MWC Shanghai 2024 on June 27. The forum brought together experts from the GSMA, regulators and operators from the Middle East, North Africa, and Central Asia, senior officials from the China Academy of Information and Communications Technology, and Huawei to discuss the importance of globally recognized security standards in the 5G era.
These experts explored the intersection of innovation and cybersecurity. The advent of 5G networks has unlocked a plethora of opportunities for innovation, enabling the development of transformative technologies such as the Internet of Things (IoT), artificial intelligence (AI), and virtual reality (VR). However, the increased complexity and interconnectedness of these networks have also expanded the attack surface for cybercriminals, making it imperative for the industry to adopt a proactive and collaborative approach to security.
NESAS represents a significant step forward in this direction, providing a comprehensive framework for assessing network equipment security and promoting industry best practices. By aligning with 3GPP standards, NESAS ensures a consistent and transparent approach to security evaluation, helping to build trust and confidence among all stakeholders.
These benefits extend beyond the technical aspects of network security. By promoting a globally recognized standard, the framework helps to create a level playing field for equipment vendors, encouraging innovation and competition while ensuring that security remains a top priority. This, in turn, benefits operators and consumers, who can have greater confidence in the security of their networks and the services they rely on.
During the forum, industry leaders emphasized the importance of collaboration and knowledge sharing in addressing the complex challenges of 5G security. Huawei serves as a model for how the industry can work together with regulators, industry associations, and partners to develop and implement robust security standards that benefit all stakeholders.
Jeff Wang, President of the Public Affairs and Communications Department, Huawei, said, “To fully reap digital dividends, we need to pay more attention to enhancing connectivity, embracing digital application, and empowering digital talent.”
Jawad Abassi, Head of MENA at GSMA, who moderated the roundtable discussion, said: “The GSMA regularly explores a range of security considerations including secure by design, 5G deployment models and security activities. Good security practices and policies by industry suppliers are essential. The mobile ecosystem should empower advancing positive policy and spectrum outcomes, driving digital innovation to reduce inequalities in our world and tackling today’s biggest societal challenges.”
As the rollout of 5G networks continues to accelerate worldwide, the importance of initiatives like NESAS cannot be overstated. Governments and regulators play a crucial role in fostering a secure and resilient 5G ecosystem by adopting and promoting globally recognized security standards. Doing so can help create a harmonized approach to security that transcends borders and promotes international cooperation.
Moreover, the success of NESAS relies on the active participation and support of all industry players, from equipment vendors and operators to security experts and academia. By working together to evolve and strengthen the NESAS framework continuously, the industry can stay ahead of emerging threats and ensure that 5G networks remain secure and trustworthy for years to come.
As the digital world continues to expand and change rapidly and securing it is critical to how society functions. MNOs need to understand the security threats and challenges they face. To assist them, GSMA has created ‘The Mobile Cybersecurity Knowledge Base (MCKB). The GSMA regularly explores a range of security considerations including secure by design, 5G deployment models and 5G security activities. This analysis is collated into a GSMA 5G Cybersecurity Knowledge Base (MCKB) to provide useful guidance on a range of 5G security risks and mitigation measures.
Aloysius Cheang, Chief Security Officer, Huawei Middle East and Central Asia, reiterated that Huawei has taken a proactive approach to telecom cybersecurity standardization. Cheang said, “As we chart our journey into the digital future, cybersecurity must safeguard the trust and resiliency of the network, the cyberspace, and the metaverse where data is the new oil as organizations’ assets are increasingly digitalized or virtualized. We must ensure that we continue to embrace the culture of openness, transparency, and collaboration. Cybersecurity is a team sport, and together with GSMA, we can leverage their good work, such as NESAS and MCKB, that will lay the foundation to secure broadband, 5G, 5G-A, and beyond.”
The Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) is also one of the international organisations active in the 5G era standards. Last year, its 5G Security Working Group has announced the launch of a Harmonized and Unified Cybersecurity Certification System (HUCCS) as part 3 of the OIC-CERT 5G Security Framework, in order to systematically and comprehensively provide a common assurance mechanism for the individually certified cybersecurity outcomes of 5G networks and services among the OIC member states. HUCCS is a timely update of the OIC-CERT 5G Security Framework released in early 2022. Huawei was the first global ICT player to join the Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT), currently the third-largest CERT organization in the world.
Additionally, Huawei and the ITU Arab Regional Cyber Security Center (ITU-ARCC) signed an agreement to jointly promote public-private partnerships (PPPs) in cybersecurity earlier this year. The cooperation agreement marks a new era of cooperation to promote Arab world cybersecurity knowledge transfer, sharing of best practices and capacity building. Specifically, the agreement seeks to strengthen the collaboration among Arab cybersecurity experts to address threats and incident response in cyberspace effectively. It also aims to nurture an open, mutually beneficial and collaborative cybersecurity ecosystem through inclusive public and private partnerships. Further, both entities seek to jointly support efforts to establish a trusted, prosperous and sustainable Arab digital economic ecosystem.
In conclusion, the GSMA’s NESAS initiative represents a significant milestone in the global effort to secure 5G networks. By providing a comprehensive and globally recognized framework for security assessment and best practices, this framework is helping to build trust, foster collaboration, and drive innovation in the telecommunications industry. As we move forward into an increasingly connected future, collaboration will be essential in ensuring that the benefits of 5G technology can be realized while mitigating the risks posed by evolving cyber threats.