How Secure Is 5G?
In this post, I want to address certain misunderstandings about 5G and cybersecurity and explain (a) Huawei’s commitment to 5G cybersecurity (b) why we cannot access data from 5G networks and (c) Why 5G is the most secure wireless network technology to date.
Cybersecurity is very important to all of us, because we’re living in an era where information and data are our most valuable asset. That’s why we’re so focused on data privacy and personal information. Cyberattacks are a potential threat to everyone, with viruses and phishing able to target individuals’ mobile devices, companies, and governments. So it’s crucial for us to focus on developing and producing secure technologies.
A New Approach to Cybersecurity and National Security
Information security is like an onion in that it has multiple layers. People assume that technology is everything, but it is only one layer and perhaps the easiest one, People tend to overlook that ecosystem ownerships, patents, regulations, laws, directives, cyber strategies, processes, standard operating procedures, best practices, and cyber diplomacy are equally important. And sometimes even more challenging.
Our goal is to provide a fresh approach to cybersecurity and national digital sovereignty. We comply with national legislations and take an extremely responsible attitude to the legal context of security, something we believe that every 5G network vendor has a responsibility to do.
In May 2020, we became the first vendor to pass the NESAS audit for 5G wireless and core network equipment.
Huawei’s 5G networking equipment allows nations to use their own encryption algorithms, the encryption keys of which are not available to Huawei, outsiders, or other governments – only local mobile operators are allowed to perform decryption when legally required to do so. Thus Huawei does not have access to data which is flowing through Huawei’s equipment. Central our strategy is to support the national data sovereignty of every country.
The Importance of Standards in Cybersecurity
We are a strong advocate for cybersecurity standards that are globally recognized and agreed upon. Huawei believes that trust needs to be based on facts, facts need to be verifiable, and verification needs to be based on common standards. Based on industry practices, certification is the most effective way to address security issues. Certification is verification that everyone reads standards in the same way and it therefore guarantees interoperability. That means that different vendor’s equipment can work seamlessly together.
So, what have we done in this area?
- Established a sustainability management system based on the International Standards Organization (ISO) standards, and passed third-party certification to ensure that Huawei’s R&D and production processes are trustworthy.
- Established an information security management system based on the ISO27000 series standards and passed the ISO 27001 certification
- Established a supply chain security management system based on the ISO 28000 standards, as well as the TAPA and C-TPAT requirements; passed the ISO 28000 certification (Chinese Supply Center, European Supply Center, and Mexican Supply Center); and obtained C-TPAT membership.
- Optimized our development and supply chain management practices by referring to the Open Trusted Technology Supplier Standard (OTTPS) and is conducting the OTTPS certification.
- Incorporated internationally recognized cyber security certification standards and requirements, such as CC and FIPS, into product R&D. We proactively invite third-party labs to certify Huawei products. In April 2019, we had already obtained 242 product security certificates, including 43 CC certificates, 6 CC EAL4+ certificates, 20 FIPS certificates, and 15 PCI certificates.
5G Security Challenges
5G faces security challenges due to new services, architectures, and technologies, as well as higher user privacy and protection requirements. However, 5G is the most secure telecommunications standard that the industry has developed to date.
3GPP SA3, for example, has analyzed 5G threats and risks in 17 security areas, including:
- Security architecture, authentication, security context, and key management
- Radio access network (RAN) security
- NG-UE security,
- Subscription privacy
- Network slicing security
- Relay security
- Network domain security
- Security visibility and configurability
- Credential provisioning, interworking and migration
- Small data, broadcast/multicast security, management security, and cryptographic algorithms.
The assets of wireless and core networks, computing resources, accounts, passwords, logs, configurations, and charging data records (CDRs) are operated and maintained by operators, not equipment’s vendors. Hackers attack wireless networks in an attempt to steal and tamper with users’ personal data or compromise the availability of networks or computing resources. The way in which equipment vendors work together with operators to make this more difficult for hackers is by implementing 3GPP specifications. For example, the Packet Data Convergence Protocol (PDCP) can be used for the air interface and IPsec for transmission to guarantee the confidentiality and integrity of users’ personal data.
Read more about the industry standards, Huawei’s approaches, and joint efforts of industry partners in our 5G Security White Paper. The paper addresses these questions.
- Why is 5G secure? How do experts from industry and standards organizations ensure that 5G security risks can be effectively managed in terms of security protocols and standards as well as security assurance mechanisms?
- Why is Huawei 5G secure? What technical approaches has Huawei adopted to ensure cybersecurity of Huawei equipment?
- How can we ensure 5G cybersecurity? This includes Huawei’s support for cyber resilience and recommendations for deploying and operating 5G networks in a secure manner.
- How can we continuously improve the 5G security level from the perspectives of different stakeholders to address future challenges.
- Why must stakeholders work together to ensure that 5G security risks are controllable?
We believe in digital independence, competitive mobile networks, and a level playing field for all market players. Basing security and privacy on strong standards is critical to that.
Security is a journey not a destination – a journey that we are ready to walk with organizations and nations.
Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.