KATHMANDU: When the internet was first invented on January 1, 1983, it was all about connectivity only. Initially, no one realised that the internet would dramatically change the way we lived our lives. From academics to professional work to just sending mails to loved ones, the world went through a transformation and today within a few decades everyone and everything has gone digital. And it did not take a year before we had our first mobile phone.
Over the years, mobile phone technology has gone through rapid advancements and from simple phones through which we could only make calls and use a few basic features, we now are talking about 5G technology. For people who actually have not delved enough into the 5G technology what we have to realise is that it offers speed reaching 10 gigabits per second which is up to 100 times faster than 4G. This literally means that downloading a high-definition film over a 4G network, for example, takes 50 minutes on average, however, on 5G, it will take just nine minutes.
However, along with the rise in the use of 5G technology the downside is that it has ushered in a new array of cybersecurity concerns. The dynamic software-based systems of 5G technology have far more traffic routing points than the current hardware-based, centralised hub-and-spoke designs that 4G has. This means that the multiple unregulated entry points to the network can allow hackers access to location tracking and even cellular reception for logged-in users
Hence, to deal with these cybersecurity concerns governments and stakeholders across the world have started laying more emphasis on establishing and implementing new rules and regulations and standards. In this regard, the Network Equipment Security Assurance Scheme (NESAS) was finally conceived and today is the benchmark to gauge the security of 5G technology.
It was in 2020 that the Germany Security Catalogue 2.0 recognised Network Equipment Security Assurance Scheme (NESAS) as a 5G security certification standard and worked with all parties to promote the development of a unified 5G certification standard in the European Union.Later, in February 2021, the European Commission sent a request to the European Union Agency for Cybersecurity (ENISA) to prepare 5G security certification schemes.
It was the beginning of the policies that needed to be drafted and adopted for security measures for 5G telecommunication. Though the NESAS was first introduced in the European Union, governments in Asia too started to gradually realise its importance and started to take steps towards that direction. Malaysia began to introduce the NESASinto Malaysia’s 5G network industry on March 30, 2021.
Similarly, the Singapore government acknowledged NESAS(IMDA 21 GHz Public Consultation Document) on July 26, 2021 and Indonesia kicked off its 5G Task Force team who cooperate between BSSN(National Cyber and Crypto Agency) and Mastel(Masyarakat Telematika Indonesia),telecom operators,GSMA and 3GPP on August 12, 2021.
As the concept of NESAS started gaining ground, the Minister of Economic Affairs and Climate of the Netherlands introduced a regulation (number WJZ/20056324)on October 1, 2021, which contained further rules regarding the security and integrity of public electronic communications networks and services (Telecommunications Security and Integrity Regulations).
Soon after the Netherlands government introduced more regulations for the security and integrity of the communications system the Office of the National Broadcasting and Telecommunications Commission (NBTC) officially released the national 5G security guideline to call for stakeholders of Thailand telecom industry to comply with NESAS standards on November 3, 2021.
Realising the growing need for security in its telecom industry, the Sri Lankan government too achieved a consensus with its stakeholders on the NESAS scheme and it was designated the national 5G security standard on November 30, 2021.
What needs to be understood by one and all is that the Network Equipment Security Assurance Scheme or NESAS 1.0 and 2.0, jointly initiated by 3GPP and GSMA and developed together with major operators and vendors, defines cyber security specifications and evaluation mechanisms for the mobile industry. With the rising use of mobile telephony this was deemed very necessary by all concerned.
Among the private players it was Ericsson which promoted the establishment of a telecom equipment security evaluation mechanism based on 3GPP in 2012.Furthermore, a four-in-one (vendors, audit institutions and labs, regulator) ecosystem has also been formed for the development of NESAS.
To further enhance the potential of the system the NESAS 3.0 deals with three major aspects that are Penetration Test, Cryptographic Analysis and finally Software Engineering Enhancement.
The International Mobile Telecommunications-2020 or the IMT-2020 technical standard is the name given by the International Telecommunication Union(ITU) to the 5G standard, that is, the next-generation mobile communication technology to be used after 2020.
The International Telecommunication Union is a specialised agency of the United Nations responsible for all matters related to information and communication technologies. It was established on 17 May, 1865 as the International Telegraph Union, making it the oldest UN agency.
Likewise, 3GPP 5G technology officially became the ITU IMT-2020 5G technical standard. The ITU-T Study Group 17 (Security) followed 3GPP SA3 security standards and research on cutting-edge technology security.
Meanwhile, the Chinese Ministry of Industry and Information Technology (MIIT) and China Academic of Information and Communications Technology (CAICT) also launched the China IMT2020 5G Promotion WG. Meanwhile, Malaysia IMT 2020 5G standard was drafted by the Malaysian Communications and Multimedia Commission (MCMC) and Malaysian Technical Standards Forum Bhd (MTSFB).
The ITU-R WP 5D#35e teleconference was held on July 10, 2020 with over 200 delegates and experts from government authorities, telecommunications manufacturing and operation enterprises, and research institutions from across the globe. During the conference it was accepted that the 3GPP 5G technology (including NB-IoT) meets the requirements of the IMT-2020 5G technical standard. Furthermore, it was also officially accepted as the ITU IMT-2020 5G technical standard.
With the close collaboration of various countries and industries throughout the world, ITU was able to complete the milestone of the IMT-2020 5G technology standard as planned and ushered in an intelligent world of Internet of Everything.
As mentioned earlier, the IMT-2020 technical standard is the name given by the ITU to the 5G standard. The ITU has formulated detailed evaluation methods and indicator requirements to ensure the advancement of 5G technologies which have been gathering pace in recent years.
From 2016 till date, the selected candidate technologies have been evaluated in detail in three 5G target application scenarios: eMBB (Enhanced Mobile Broadband), URLLC (Low-latency and High-Reliability Communication), and mMTC (Large Machine-to-Machine Communication).
The 3GPP 5G technology meets the requirements of the IMT-2020 technical standard in terms of services, spectrum, and technical performance indicators, and has advanced technical capabilities such as a peak rate exceeding 20 Gbit/s, a communication delay of less than 1 ms, and support for one million devices per square kilometre. It also meets various other 5G application requirements.
The Global System for Mobile Communications Association or GSMA maintains the universality and neutrality of the NESAS main scheme. Based on that, NESAS- CCS is a customised form of NESAS to adapt to the EU Cybersecurity Act. In Germany, the Security Catalog 2.0, under the Federal Office for Information Security (BSI), has recognised NESAS as a 5G security certification standard, promoting its development as part of a unified 5G certification standard in the European Union.
In China too, NESAS has been approved as the basic standard for 5G security assessment and has been implemented by China’s IMT 2020 promotion team. All 5G equipment suppliers in the Chinese market comply with the NESAS standard system. Approximately, 1.5 million 5G sites in China’s 5G networks (as of December 2021) were expected to be NESAS compliant and certified.
To further enhance its cybersecurity, a few Malaysian entities also took the initiative to build a 5G Cybersecurity Lab in Malaysia. Celcom and CyberSecurity Malaysia (CSM) collaborated with Huawei and signed a memorandum of understanding in March 2021 for the purpose. As per understanding between the concerned parties, the test laboratory will not only execute test cases pertaining to the Internet of Things (IoT) and telecommunications security but also improve the country’s preparedness in responding to cyberattacks in relation to 5G.
Over the years, Huawei as leading technology giant, has made continuous improvements to its security practices. As a result, Huawei is among the world’s foremost ICT companies, and not one to rest on its achievements the company remains committed to not only building confidentiality, integrity, availability, traceability and user privacy protection in 5G equipment based on the 3GPP security standards, but also in collaborating with operators to build high cyber resilience in networks from the operation and maintenance (O&M) perspective.
The collaboration between Huawei and the Malaysian parties will also jointly identify strategic core areas in managing, mitigating and reducing threats to cybersecurity and introduce the NESAS or other equivalent standards and requirements into Malaysia’s 5G network industry.
Meanwhile, in Sri Lanka too, from the government perspective, international cooperation and the industry-wide concerns, the panel offered a comprehensive view on how do the government, industry and standard organisations should work together, building standards to mitigate the risks brought by disruptive technologies. To ensure network operations are sustainable and cost-effective to the ecosystem, the panel set up to look into 5G security issues believes that the network security assessment scheme should follow a universal and uniform standard.