Security

GSMA sticks its neck out over Huawei: calls for an enhanced security assurance and testing regime

By Ian Scales

Feb 15, 2019

© Flickr/cc-licence/YuriSamoilov

  • GSMA implies that a straight ban of Huawei kit from European networks would be a mistake
  • Says network security requires a fact-based and risk-based approach...
  • .. and must go hand-in-hand with maintaining competition in network equipment supply

The GSMA yesterday called on political leaders in Europe to have faith in the industry’s ability to ensure the security of its own networks through rigorous joint testing and security vigilence. Outside input and political support and oversight are welcome.

No mention of Huawei because the GSMA is highlighting a set of permanent, structural, risk-based measures required to reduce the risks from bad actors, whether or not the elephant in the room has lumbered into the security cross-hairs.

But of course, it IS all about Huawei whose potential banishing from Europe’s 5G build would likely delay implementation by up to two years.

The GSMA line should be digested alongside the Q&A we published yesterday by Huawei’s rotating Chairman, Eric Xu. There are interesting similarities.

It has to be said, however, that this political problem is partly one of the industry’s own making. The GSMA points out in the below document that 5G is built on 4G: “5G is, in essence, an evolution of the 4G standard, with enhanced features in terms of latency, speed and security.”

All true, but that’s not the impression one gets from the GSMA’s own hype in support of the new mobile standard. Far from being just an ‘evolution’, 5G is usually presented, and not just by the GSMA, as “transformational” and a ‘G’ like no other and therefore so nationally valuable that there’s a desperate ‘race’ to be first to the 5G finish line (5G doesn’t have a finish line). Being second is not an option.

Not surprising then that even European politicians have bought into the ‘5G or bust’ syndrome and therefore have heightened fears of high tech skulduggery.

Here’s the press release

GSMA CALLS ON EUROPE TO SAFEGUARD NETWORK SECURITY AND COMPETITION IN THE SUPPLY OF TELECOMS INFRASTRUCTURE

5G will transform the way that European citizens live and work. 5G – working together with and built as an add on to, existing 4G networks – will connect people and things faster than ever before. It will drive efficiency, productivity and help us all use finite resources more effectively, particularly for industrial applications. In addition to the huge benefits for business and the economy it will offer important breakthroughs in the provision of health care, skills and education.

As with 4G, robust competition amongst network infrastructure suppliers is essential to European operators’ ability to deliver innovative services to European citizens and businesses at competitive and affordable prices. By 2025, mobile operators are expected to invest between €300 billion and €500 billion on the roll out of 5G across Europe, and as an industry will generate over 4 per cent of GDP.

To safeguard this investment, retain competitiveness and data affordability, as well as maintain consumer trust, mobile operators have always prioritised network integrity, will never compromise on security and already have a proven track record of deploying secure 4G networks. 5G is, in essence, an evolution of the 4G standard, with enhanced features in terms of latency, speed and security.

As European policy makers consider ways to further secure network infrastructure, we urge them not to lose focus on all relevant policy objectives – security, competition, innovation and consumer impact. This requires a fact-based and risk-based approach, including recognition that Europe’s starting points and approaches to date, have been different from some other parts of the world. Specifically actions that disrupt the equipment supply for the various segments of the network (access, transport and core), will increase costs to European operators, businesses and citizens; delay 5G deployment by years across Europe and potentially also jeopardise the functioning of existing 4G networks upon which 5G is intended to be built.

Such significant consequences, intended or not, are entirely avoidable. European mobile operators already have established working relationships with national security agencies across Europe. These operators stand ready to work with policy makers now to agree on further proportionate and risk-based methods, not least a common, consistent and agreed security assurance, testing and certification regime for Europe. This will give confidence in network security while maintaining competition and innovation in the supply of network equipment and data affordability to end-users.

The GSMA specifically asks European policymakers to consider the following points and proposal:

Security and Trust

  • Security and trust are critical to the continued success of the mobile network operators and to the entire connected economy. Reflecting the large variety of threats, operators’ security approach is risk-based, using multiple layers of protection, of which network security is one aspect;
  • Governments and mobile operators both have a role to play in safeguarding the integrity of telecommunications infrastructure;
  • To maintain the confidence of their customers, mobile operators already invest heavily in making sure their networks – and the equipment put into the networks – are secure;
  • Mobile operators have exacting supplier selection processes to ensure high quality supply partners and have teams of network security experts that undertake rigorous testing and on-going monitoring to protect network integrity and performance;
  • Mobile operators, as well as some government security agencies, have meticulously tested mobile network infrastructure for years and have not discovered any evidence of wrongdoing.; and
  • Cyber attacks are today a significant challenge for both governments and businesses everywhere. In this respect, mobile operators are ready to work with European agencies in charge of promoting certification and security requirements (e.g. Cyber Security Act).

Competition, Innovation and Consumer Impact

  • 5G promises to deliver greater economic and societal benefit than any previous generation of mobile technology;
  • 5G will empower European citizens and be transformative for European industry;
  • Mobile operators need access to the best available technology to efficiently roll out best-in-class 5G networks across Europe, which will, in turn, enable innovations in Artificial Intelligence, Internet-of-Things and Big Data;
  • Competition amongst equipment vendors has been a major driver of innovation;
  • Limiting or stalling the deployment of 5G or requiring changes to existing 4G infrastructure, risks leaving European consumers and businesses behind; and
  • Investment and innovation will move to those countries where 5G is happening first and fastest, impacting jobs and growth.

The GSMA’s Security Work and Recommendation

  • In addition to security tests carried out by individual operators, further testing is carried out in some countries by recognised third party laboratories;
  • The GSMA has experience in this area, having developed the Network Equipment Security Assurance Scheme (NESAS) in partnership with 3GPP, the international 5G- standardisation body;
  • To take this further, the GSMA is assembling a task force of European operators to identify ways to enhance and extend existing schemes; and
  • The GSMA recommends that governments and mobile operators work together to agree what this assurance testing and certification regime for Europe will be, so that it ensures confidence in network security while maintaining competition in the supply of network equipment.”

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.

Subscribe

Cookies

TelecomTV uses cookies and third-party tools to provide functionality, personalise your visit, monitor and improve our content, and show relevant adverts.