Strengthening the Future of Critical Information Infrastructure with International Best Practices
As 5G is gradually deployed in most countries, 5G will become part of critical information infrastructure which may expose new security threats and challenges. Cybersecurity has always been a shared responsibilities among all stakeholders and all of us have a role in risk identification and mitigation. These risks can be addressed by coordinated and verifiable security measures based on common standards and approaches to verification. Politics does not solve a single vulnerability, splitting our coordinated efforts weakens security, it does not enhance it. We must resist the threat of technological split in the ecosystem that could threaten interoperability, scalability and security. Recently the international organization GSMA released a 5G Cybersecurity Knowledge Base which is an industry effort that details a comprehensive threat landscape designed to help key stakeholders understand the possible security threats posed by 5G networks in a systematic and objective way. At the same time the Network Equipment Security Assurance Scheme known as NESAS developed and operated by the GSMA in cooperation with 3GPP. NESAS is an industry-wide security assurance framework aiming to facilitate improvements in network equipment security levels. NESAS stipulates the methodology and security targets for the network equipment being evaluated and was developed to help vendors and operators avert fragmented regulatory security requirements. The scheme addresses both a product line's development and lifecycle management processes as well as the security of the network product itself. It sets a globally-applicable common security baseline that network equipment vendors can attain.