By Syed Jawad Imam Jafri, Cyber Security and Privacy Officer (CSPO), Huawei South Africa – Mobile operators have to keep their network secure. But how do they know if they’re succeeding?
They need a standard by which to measure the security of any network and the equipment on which it runs. Cyber security assessment mechanisms shall follow globally accepted uniform standards to ensure that their operations are cost-effective and sustainable for the ecosystem.
The Network Equipment Security Assurance Scheme (NESAS) jointly defined by the Global System for Mobile Communications Association (GSMA) and Third Generation Partnership Project (3GPP) has been used to assess the security of mobile network equipment. It provides an industry-wide security assurance framework to improve security across the mobile industry. NESAS defines the security requirements and assessment framework for security product development and lifecycle processes, and uses security test cases in the Security Assurance Specifications (SCAS) defined by 3GPP to assess the security of network equipment.
Currently, 3GPP has initiated security evaluation of multiple 5G network equipment, and major equipment vendors and operators are actively participating in the NESAS standard formulation. Huawei is the first vendor to pass the NESAS audit for 5G wireless network equipment. NESAS brings the following benefits to equipment vendors:
- Provides accreditation from the world's leading mobile industry representative body
- Delivers a world-class security review of security related processes
- Offers a uniform approach to security audits
- Avoids fragmentation and potentially conflicting security assurance requirements in
different markets
NESAS brings the following benefits to mobile operators:
- Sets a rigorous security standard requiring a high level of vendor commitment
- Offers peace of mind that vendors have implemented appropriate security measures
and practices - No need to spend money and time conducting individual vendor audits
NESAS brings the following benefits to regulators:
- Developed by the mobile communications industry to prevent standards
fragmentation - Open, maintained by the industry, and continuously evolving and enhanced
- Cost-effective, innovative, a low market entry barrier, and promoted security benefits
The GSMA released NESAS 1.0 in October 2019, continued to drive the evolution of NESAS based on industry requirements, and released NESAS 2.0 in February 2021.
Currently, the NESAS ecosystem has been established. Mainstream equipment vendors actively participate in NESAS evaluation, where Huawei’s RAN and core network are the first to pass its audit and security function tests. The world’s top audit bodies and well-known testing labs are qualified for evaluation. Multiple tier-1 operators require that NESAS compliance be included in 5G bidding documents.
Trust is built on facts. Facts must be verifiable. Verification must be based on common standards. NESAS gives us a completely new way to assess cyber security on mobile networks. For 5G networks it provides the right kind of standards, customized, authoritative, global, unified, open, and constantly evolving. Now, that's a benchmark we all can use to make sure networks are secure.