The evolution to 5G is destined to change all societies around the globe, and that is particularly evident in the Middle East region. The widespread adoption of the Internet of Things (IoT), cloud computing, and artificial intelligence (AI) have all been supported by 5G networks, transforming our way of living for the better. Among the first countries in the world to embrace 5G, Qatar's smooth rollout is an exemplar for future adopters. Its 5G strategy has been part of the broader digital ambitions outlined in the Qatar Vision 2030, which aims to boost digital development to attract investment, lay the foundation of a sustainable economy, and spur domestic growth.
As mobile broadband is widespread, 5G networks need to meet the requirements of unprecedented connectivity in three scenarios: Enhanced Mobile Broadband (eMBB), focusing on services that require ultra-high bandwidth, such as high-definition video (4K/8K), virtual reality (VR), and augmented reality (AR), meeting user demands for a digital life; Massive Machine-Type Communications (mMTC) for scenarios requiring high-density connections, such as intelligent transportation, smart grid, and intelligent manufacturing (Industry 4.0); and finally providing Ultra-Reliable and Low-Latency Communications (URLLC) for latency-sensitive services, such as autonomous driving, Internet of Vehicles (IoV), and remote control, meeting user demands for a more infused digitized economy.
While 5G empowers the national economy with unprecedented business potential, we cannot dismiss the cybersecurity challenge it brings as more things become interconnected. The industry is working together to address new security risks faced by the new 5G architectures, technologies, and services, to address potential security challenges through unified 5G security standards and an agreed 5G security framework. The 3GPP SA3 Working Group has established 42 projects to analyze security threats and risks in various 5G scenarios. Conclusions are gradually being drawn from these projects and implemented in security standards, such as the established project by the GSMA and 3GPP, NESAS (Network Equipment Security Assurance Scheme), which assess the security of mobile network equipment development and verification. The GSMA 5G Cybersecurity Knowledge Base proposes the security concept of shared responsibility and baseline security controls based on common 5G network threats and key security solutions. With these measures, we believe that 5G cybersecurity is manageable and verifiable.
Growing in its domain, the 5G network inherits the 4G network security framework but introduces new enhanced security features. Its access and core networks interconnect through standard protocols, support inter-vendor interoperability, and have standards-based security protection mechanisms. Hierarchy-wise, 5G cybersecurity can be divided into three layers. First is the application security for both traditional mobile end users and vertical industries that provide or use a range of applications. This security layer requires collaboration among operators, device suppliers, and application providers to ensure the security of 5G networks and the users and services they support. Application security is not heavily dependent on the security of network pipes. Vertical industries must take responsibility for the security of their solutions, protect critical assets at the application layer from network attacks, promptly detect security threats, and quickly restore essential services. Second is the network, usually managed and operated by operators. They consider network compliance and the security of network design, deployment, O&M, and operations, and continuously performcomprehensive risk assessment based on network components as well as the network equipment and architectures provided by vendors to ensure effective management of security threats. The third is product security, which equipment vendors must provide. It focuses on product compliance, secure development process, and security capabilities. A security assessment is critical for product security, as it provides a basis for assessing whether network equipment and components are designed and implemented in compliance with security requirements. NESAS, established by the GSMA and 3GPP with global operators, equipment vendors, and third parties, is a globally recognized security assurance framework for the mobile industry.
5G cybersecurity is a shared responsibility of key stakeholders, including operators, interconnection providers, equipment vendors, application providers, standards organizations, governments, and regulators, each with their own clearly defined responsibilities. When fulfilled, these responsibilities can enable the secure deployment and operations of 5G systems. Governments can be part of these efforts by controlling risks to operating 5G services in line with national regulations. A recommended strategy to address 5G security challenges is to formulate laws and regulations, involving cross-discussions with all public and private partners, to work on building a consistent security framework. Governments can play a key role in defining their own national requirements in terms of improving security, and hence their regulators can encourage the development of new technologies with risk control mechanisms to address both their economic objectives and security needs. This can be achieved through collaborations with all stakeholders, based on a common goal to define standards, and allowing more suppliers that meet security specifications to participate in national 5G construction and development, and defining security regulations, assurance mechanisms, and certification programs. These measures will improve national 5G network construction and operation efficiency, reduce costs, and stimulate positive social and economic development. In this case, NESAS, therefore, acts as an authoritative, unified, and open security assessment reference for the communications industry, helping governments, regulators, and operators monitor and manage local cybersecurity risks more efficiently.
Committed to not only building integrity, confidentiality, availability, traceability and user privacy protection in 5G equipment based on the 3GPP security standards, Huawei maintains its collaborations with operators to build high cyber resilience in networks from the O&M perspective. As networks become more open by the day, and cloud, digitization and software-defined everything are growing their prevalence in the industry, Huawei continues to ensure it builds secure, trustworthy and high-quality products and services through Huawei R&D. Huawei's R&D has made good progress in the operation of the live network. Huawei has built more than 1500 networks in over 170 countries and regions in the past 30 years, covering over one-third of the world's population, with no cyber security incidents.
Therefore, Huawei calls on the industry to work together to share responsibilities, unify standards, formulate clear regulatory measures, and build a secure, reliable, open, and transparent 5G security ecosystem widely recognized by stakeholders and benefits everyone.
— The author is the chief security officer of Huawei Gulf North