Governments and industry organizations should work together to develop unified security standards to ensure all network-based equipment and services reach the same level of security.

This was disclosed recently by Huawei Technologies (Nigeria) Limited’s head, of cyber security, Osita Iweze.

“The 5G security standards defined by 3GPP – an international standards body for mobile communications – provide more robust encryption algorithms and more flexible certification mechanisms relative to past generations of wireless technology.

“The common criteria (CC) certification is the world's most widely recognized and authoritative security certification for IT products. Importantly, the CC security standards are jointly developed by governments and relevant enterprises.

“Regardless of this however, operators and vertical industries should determine their own required levels of security certification based on agreed security standards, the defining characteristics of their industry, and the implications these have on security. Operators and vertical industries should also require all equipment and services to meet requisite levels of security certification in order to ensure network-wide, end-to-end cyber security.

“Equipment vendors need to improve their capabilities in cyber security design so that their products can meet all relevant security standards and the security certification requirements of their customers. Equipment vendors such as Huawei should ensure the security of their LTE and 5G products by design in line with the 3GPP, CC, and other security standards.

“On our part, Huawei plays an active role in security standardization and is a member of standards bodies, including ISO, ITU, 3GPP, and GSMA. Huawei holds 17 chair and deputy chair positions in security standards bodies. Our 5G security architecture has become part of 3GPP's technical specifications for 5G security,” he said.

Speaking further, Iweze said that Huawei has built six network security centers around the world and works with governments and operators to manage any potential network security risks through these networks.

“Both for industries and the general public alike, we need to build trust in the ability of third-party evaluators to independently certify network equipment and services based on agreed security standards. There needs to be trust in their ability to produce fair results.

“3GPP is now drafting the standards for its Network Equipment Security Assurance Scheme (NESAS). GSMA will review the qualification of third-party certification labs. Only qualified third-party labs are allowed to certify the security of network elements.

“Through the independent Huawei Cyber Security Evaluation Centre (HCSEC) in the UK, Huawei evaluates its products and the UK government provides ideas and recommendations for improvement. Huawei is also the only company in the telecom sector that is willing to have its source code reviewed. This demonstrates our commitment to openness and transparency,” he said.