How the world can work together for 5G security
By Huawei
John Suffolk, SVP and Global Cyber Security Officer at Huawei spoke at GovWare 2021.
As 5G begins to roll out across the world, governments and industries cannot afford to keep their head in the sand. The way to address the inevitable threats is to share up to date knowledge with one another and work together to secure the networks.
Suffolk discussed the need for teamwork to secure 5G at GovWare 2021. He laid out the next steps for governments and businesses, to best meet citizen needs.
Sharing information for cyber safety
5G is not a sci-fi fantasy, it’s a present day reality. 400 million households in China are already using 5G, supplied by one million transmitters, Suffolk highlighted. Singapore plans to adopt 5G across the whole nation by 2025, reported the Straits Times.
But to secure 5G, technology providers should share relevant cybersecurity information, he explained. Even though they “compete with each other as vendors”, they must work together in the common goal of protecting citizens, he said.
“We can't just chase the final dollar of profit” without spending a dollar on the security behind the 5G rollout, Suffolk summarised.
GSMA is an industry association representing global mobile operators, is taking on this task, he identified. The association has set up a 5G cybersecurity knowledge base made freely available to its members.
This knowledge database provides information on three key areas, Suffolk said. Firstly, it points out the vulnerabilities in 4G, and how governments and 5G providers can learn from this information.
Secondly, it shares advisories on how to protect 5G network and how industries can comply with the security regulations.
Thirdly the database highlights the need for security in all the systems connected to 5G. Without securing the surrounding infrastructure, it is like locking the front door to your home but leaving all the windows open, Suffolk explained.
Finding checks and balances
Technology has the potential to leave a positive impact on citizens’ lives, said Suffolk, the former Chief Information Officer of the UK government. But governments need to put together the “right checks and balances” to ensure digitalisation is secure, he emphasised.
One way to do this is through a regulator, he recommended. Having an expert organisation to verify security protections will help showcase the measures that telecommunications businesses are taking, he explained.
“The problem with standards is that they’re not standard”, Suffolk has observed in the past. But now is a good opportunity to collectively follow a core set of principles that will get 5G providers “up to a continuously high level of security”.
Following the NESAS scheme would achieve this, Suffolk identified. This security model focuses on reducing vulnerabilities in the mobile industry. It allows organisaitons to voluntarily submit their network equipment to be audited for security vulnerabilities, its website explains.
Having a single set of standards for security would reduce the fragmented approach to regulation that currently exists, Suffolk shared. The standards provide a security checklist that is easily followed by all, he explained.
Next steps for governments
Cybersecurity proficiency is for citizens too, not just for governments and businesses, Suffolk highlighted. A citizen using a device without any security updates poses a risk to the networks they join, he said.
Governments need to take a more “aggressive” approach to their own cybersecurity, Suffolk advised. If citizens don’t have the latest security update on their devices, they shouldn’t be allowed access to government networks, he suggested.
A shared data policy is another area that governments should be looking at, he said. Different countries and regions have their own regulations when it comes to data, but the international community should find a balance, Suffolk said.
The rollout of 5G is coming, and a standardised cybersecurity network would help prevent malicious attacks by hackers. To do this, governments should be agreeing on common values while industries share security information.