Trust as a Cybersecurity Ecosystem, Not Just a Value
According to research by GSMA Intelligence, there will be 9.8 billion mobile connections by 2030, of which 5.3 billion will be 5G. The research suggests that if mobile adoption increases by 10%, the impact on GDP can be 1%. So, connectivity can offer clear economic and social benefits.
Telecoms infrastructure serves as part of the core foundation of modern digital economies. It plays a crucial role in helping governments, at both the national and transnational levels, to achieve economic growth, digital inclusion and affordable access, social mobility and environmental objectives through communication. The benefits of a digital economy for the Middle East and North Africa were highlighted in a World Bank report last year, which this year predicted that Africa will have the largest share of the global workforce by 2100, making it crucial to have uptake of digital technology.
In addition, as emphasized by the Open-Ended Working Group (OEWG) and the United Nations Group of Governmental Experts (GGE), security, trust, and stability are essential for building and creating an inclusive cyber ecosystem.
Trust in connectivity is essential for economic development
Without cybersecurity measures in place, trust in connectivity will remain low, affecting the development of economies and willingness of consumers to engage in a digital connected economy. However, trust cannot be just based on certain values or principles because in a multi-cultural world, these are just too diverse and can never by unified.
Therefore, a framework is essential for accommodating the dynamic nature of cybersecurity – newly emerging threats, policy evolution, technology developments, and changing economic and social factors. A framework must factor in policies, practices, and procedures, and support all organizations with protecting their assets via a process that includes identifying, assessing, and managing potential disruptions.
Creating trust is actually a process that must be done in a structured manner, so it brings together all representative stakeholder voices that are committed to unified standards and also willing to take part of the responsibility for establishing a cybersecurity ecosystem.
For example, in the area of critical infrastructure (CI), more than 200 cyber security legislations were proposed, passed, or took effect globally between 2020 to 2022. These legislations were primarily focused in Europe and Asia Pacific. Most developing countries have incorporated CI protection legislation into general cybersecurity legislation. However, a challenge remains in that legislation should be reasonably designed in alignment with the ability to implement it. This includes making legislation affordable so that a country can enforce, comply with, and maintain the legislation.
What kind of framework is needed to build trust?
In the development of legislation or framework the resources of a country must be considered including financial, human, technical, infrastructural, and or institutional resources as well as political, and social circumstances in order to ensure that there isn’t a ‘policy implementation gap’, meaning that there is a difference between the expected outcome during the policy design stage and the actual result after implementation. This tends to be a caused by two factors: an unrealistic assessment of the implementation ability of a country, and fundamentally, a lack of multi-stakeholder collaboration.
Multi-Stakeholder Partnerships (MSP) bring together different societal players (public sector, private sector, civil society, and academia) working together as equals, sharing risks, and combining unique resources and competencies to address challenges or exploit opportunities in ways that one cannot achieve alone. This can facilitate the development of sustainable frameworks. Based on fruitful outcomes from the WSIS Panel at the SAMENA Leaders’ Summit and our industrial knowledge, we developed the TRUST framework, to help build the cybersecurity ecosystem holistically.
The TRUST framework
T-Technical Base: Cybersecurity is rooted in technology. Cybersecurity risks can be appropriately governed by technical measures and mitigated by technical innovation. For example, with 4G authentication, telecommunications operators authenticate users using a SIM card placed inside a smartphone or another device. However, IoT connections vary in size and power consumption, as well as the type and quantity of data they can send and receive. With the diverse range of devices and requirements required by IoT, a single SIM from a single telecommunications operator is unable to cope. 5G eliminates the need for a SIM card by assigning unique identities to each individual device, so the responsibility for authentication is shifted from the operator to individual service providers.
R-Responsibilities: 5G cybersecurity is a shared responsibility that involves key stakeholders including MNOs, interconnection providers, vendors, application developers, service providers and governments, each with a clearly defined set of responsibilities which (when fully met) can enable the deployment and operation of 5G systems in a secure manner. This means that only with appropriate different roles’ can responsibilities be taken in a way that the ecosystem can enter a ‘virtuous circle’ and develop rapidly as seen in the development of the GMSA’s 5G cybersecurity knowledge base ‘shared responsibility model’ (GSMA – 5G Cybersecurity Knowledge Base).
U-Unified Multi-stakeholders’ Collaboration: Collaboration between all stakeholders is essential. Users, regulators, industry experts, and governments need to leverage the collective knowledge of industry. Without this shared knowledge of the stakeholders such as the ITU, local governments, academics, ETSI, ENISA, and other ICT corporations and players, innovation will be stifled within the industry and risks will not be highlighted at an early stage.
As said by Adel Mohamed Darwish, Director of Regional Offices for ITU for Arab States,
“We are now faced with a global space, not only a local market. The input of private sectors and industry organizations is helpful, cybersecurity and digital transformation needs multi-stakeholder cooperation.”
S-Standardized Baseline and an International Common Standard to Follow: As the global market grows, a standardized baseline for both ICT development and cybersecurity together is essential to avoid fragmentation.
During the opening ceremony of SAMENA Leaders’ Summit, his Excellency Sheikh Nahayan Mabarak Al Nahyan, UAE Cabinet Member and Minister for Tolerance and Coexistence called for responsibility within the ICT industry as the industry develops, “In UAE, we share the aspiration of having a digital world that is sustainable and secure, meets present and future needs, is committed to satisfying best international standards, and is ready to promote community engagement and support in all countries around the world.”
This is also demonstrated by GSMA, “5G security risks can be addressed through the deployment of coordinated and verifiable security measures based on common standards.”
Developing standards for cybersecurity by aligning standards is similar to the C2C-CC and W3C consortia, which have guided the development of the world wide web making it accessible to all. Developing standard processes and policies will facilitate clarity.
T-Transparency and Fairness – Governance and policy development: Policy and governance is necessary for the orderly operation of markets across borders and jurisdictions, and potentially even intervention when faced with market failure. Therefore, market structures must be transparent to avoid unnecessary costs that may impede implementation and instead encourage and foster vitality. This ultimately protects consumers and users. For example, the WTO faced the challenge of maintaining a multilateral trading system when more developed member countries have access to better quality and more timely trade information then less developed countries. The question of how to create real-time sharing of information, including supply chain disruptions, became a digital divide transparency challenge.
Now, just as it is important to communicate when technology is being applied, such as the use of AI for checking credit ratings or resolving trade problems, it is equally important to share intelligence on security breaches, prevent cyberattacks, and promote cyber resilience.
Trust requires an ecosystem
Trust cannot be an assumption of shared values and behavior but needs to be a tangible process that reflects the diverse expertise and voices of all stakeholders. Only in this way will standards be agreed and implemented.
With 5G facilitating more data exchange and opportunities, it is essential that we are able to enjoy the benefits in a secure, sustainable way that protects all assets from the dangers of cyber-attacks.
According to the UN’s Secretary-General’s Roadmap for Digital Cooperation by 2030, every person should have safe and affordable access to the internet. Keeping society safe whether in the delivery of education, manufacturing or food delivery is essential. Connectivity is a right and all users in society deserve to be safe – whether corporations, governments or individuals.
Trust is much more than just a value, it is an ecosystem.
Learn more about Huawei’s commitment to cybersecurity and privacy protection.
Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.