As the underlying technology that comprises 5G has developed, a variety of industry groups, working hand-in-hand with national and international regulatory agencies, have collaborated to ensure global scalability of the next generation of cellular. This unified approach, as with previous generations of technology, is an imperative–devices made in China need to work in the U.S., architectures developed in the U.K. need to be replicable by manufacturers in Southeast Asia and handsets need to roam between 5G networks in Switzerland and South Africa.
In order for all of that to work, there needs to be a unified set of standards that define 5G. That same methodology should, and to some extent does, apply to the cybersecurity that protects data transmitted across 5G networks anywhere in the world.
Cybersecurity for mobile networks follows a hierarchical model and can be classified by domain. The 5G cybersecurity architecture comprises:
Network access security;
Network domain security;
User domain security;
Application domain security;
And SBA domain security.
The level of security baked in to 5G from the standards level represent numerous enhancements over its predecessor LTE. These enhancements include:
Stronger air interface security;
Better interconnection security;
Improved user privacy protection;
And an upgrade to 256-bit encryption.
As Kevin Jackson, CEO and founder of GovCloud Network, explained during a recent Huawei seminar: “Global standardization is critical to address this because competition is not in the technology itself, but in the services that you deliver, but primary to all of this, is the security of the data and information for your customers. A lack of a consistent pattern or rules is also a major threat to the cybersecurity of our current and future telecommunications infrastructure.”
So with guardrails in place based on the work of numerous international technical bodies and developed with input from other national and international governmental organization, how do you apply global standards to a dynamic, competitive marketplace?
The key role of independent verification in 5G security
Germany’s approach to 5G cybersecurity is comparatively progressive and aligned with the notion of independent verification. Jochen Homann, the president of German telecoms regulator Bundesnetzagentur, discussing how the nation would consider 5G vendors, said, “The position the Bundesnetzagentur takes is that no equipment supplier, including Huawei, should, or may, be specifically excluded.”
The U.S. government has recently been urging European governments to ban Huawei infrastructure from their 5G networks, arguing that the Chinese authorities could use the vendor’s technology to conduct espionage. But, according to Homann, “The Bundesnetzagentur has not received any concrete indications against Huawei. Nor are we aware of any other body in Germany that has received any reliable indications,” Homann added.
Homann also said that a decision to ban Huawei from the process would cause problems for German mobile carriers: “The operators all work with Huawei technology in their systems. Huawei also holds a large number of patents in this area. If Huawei were excluded from the market, this would delay the roll out of the digital networks,” he said. “If Huawei meets all the requirements, it can take part in the 5G network roll out. There will be no requirements on the part of the Bundesnetzagentur that are aimed at a particular company.”
In March this year, Huawei opened a Cybersecurity Transparency Centre in Brussels, home of the European Union’s government, in an ongoing effort to provide concrete measures to guarantee the cybersecurity of its 5G solutions.
During the grand opening, Rotating Chairman Ken Hu said, “Trust needs to be based on facts, facts must be verifiable, and verification must be based on common standards. We believe that this is an effective model to build trust for the digital era.”
The facility provides a physical space to allow government agencies, technical experts, industry associations, and standards organizations access to a platform where they can collaborate on security issues. The center provides stakeholders to end-to-end cybersecurity practices, from strategies and supply chain to R&D and products and solutions. This allows visitors to conduct hands-on exploration of the cybersecurity associated with Huawei’s products and solutions in areas including 5G, IoT, and cloud. The facility also provides a product security testing and verification platform and related services to Huawei customers.
“The industry lacks a unified set of technical standards for security, as well as systems for verification. This is complicated by the globalization of the value chain. Digital products include components from many different countries, with many different standards, or no standards at all. There is an urgent need to invest in security standards and verification systems at the national level, as well as professional resources and skills,” Hu said.