Huawei Canvasses Collaboration with Stakeholders on Network-wide, end-to-end Cybersecurity

Global Information and Communication Technology infrastructure provider Huawei has canvassed for collaboration among stakeholders in the cyber-security ecosystem to eliminate the potential of any network security risks.

According to the Head of Cybersecurity, Huawei Nigeria, Osita Nweze, the government must work with industry stakeholders to develop unified security standards to ensure all network-based equipment and services reach the same level of security. Nweze disclosed that with the six network security centres built by the company worldwide, other stakeholders needed to take advantage of these resources through collaboration in managing any potential risk.

“Through the independent Huawei Cyber Security Evaluation Centre (HCSEC) in the UK, Huawei evaluates its products, and the UK government provides ideas and recommendations for improvement. Huawei is also the only company in the telecom sector that is willing to have its source code reviewed. This demonstrates our commitment to openness and transparency. In Germany and Canada, Huawei has put different collaborative mechanisms for evaluation and certification. Huawei is not worried about issues in these tests because any such issues will help us identify specific areas of improvement and provide our customers with more secure products,” he said.

He stated that the 5G security standards provide more robust encryption algorithms and flexible certification mechanisms relative to past generations of wireless technology. “The common criteria (CC) certification is the world’s most widely recognised and authoritative security certification for IT products. Governments and relevant enterprises jointly develop the CC security standards,” he added.

He noted that as a member of standard bodies such as ISO, ITU,3GPP, GSMA, the company plays an active role in security standardisation, stressing that there is a need for players in the industry to take a look at specific considerations such as agreed security standards, the defining characteristics of their industry, and the security implications in determining their own required levels of security certification.

He explained that the operators and vertical industries must insist on having all equipment and services needed for requisite levels of security certification as this would help ensure network-wide, end-to-end cyber security. Citing the example of South Korean operator LGU, he said the operator requires a CC EAL4 certification for 5G equipment before it can enter its networks.

He tasked equipment vendors to improve on their capabilities in cyber security design so that their products can meet all relevant security standards and the security certification requirements of their customers. “Equipment vendors such as Huawei should ensure the security of their LTE and 5G products by design in line with the 3GPP, CC, and other security standards,” he noted.

He also emphasised the need for vertical industries and operators to trust the third-party evaluators’ capacity to independently certify network equipment and services based on agreed security standards. “3GPP is now drafting its Network Equipment Security Assurance Scheme (NESAS) standards. GSMA will review the qualification of third-party certification labs. Only qualified third-party labs are allowed to certify the security of network elements,” he said.

-ENDS-