GSMA NESAS & MCKB: Leading the Way in Mobile Network Security International Standards for Regulators and Operators in the Region

As our interconnected digital world becomes essential, new technologies like 5G, cloud computing, big data, and AI create exciting possibilities. However, vulnerabilities increase alongside these advancements. Over 100 countries now have data protection laws, highlighting the growing focus on cybersecurity.

As the deployment of 5G technology and its next generation, 5G-Advanced (5G-A), which was already announced this year by global vendors like Huawei, mobile networks are increasingly becoming the backbone of our digital life, and robust cybersecurity standards and good practices are paramount for telecom authorities and operators.
Pioneering 5G deployment, Saudi Arabia and the GCC are now upgrading to 5G-Advanced for even greater value.

The telecom industry, constantly adapting, integrates cloud and AI with these networks, driving new digital business models. Telecom’s role in national security necessitates robust cybersecurity. Regulators, operators, and industry stakeholders in the region must collaborate to identify best practices and implement measures to safeguard networks, systems, and data from cyber threats. This cross-sector effort requires close cooperation with service providers, equipment manufacturers, and government agencies to mitigate risks, develop best practices, and raise cybersecurity awareness.

At the recently concluded MWC Shanghai 2024 organized by GSMA, the ‘Middle East and Central Asia ICT Policy and Governance Forum’ round table, themed “Driving Policy and Innovation to Shape Our Digital Future”, mobile network security took centre stage. The forum brought together a wide range of stakeholders, including senior officials from GSMA, regulatory authorities, operators, Huawei, and the China Academy of Information and Communications Technology, to discuss industry policies, successful practices, and valuable insights on network security and key industry trends.

The round table discussed the importance of spectrum, optical, and datacom policy planning and explored how carriers, enterprises, oversight agencies, and regulators can enhance mobile security capabilities and guide risk management strategies. The discussions also sought to promote the adoption of GSMA’s Network Equipment Security Assurance Scheme (NESAS) and Mobile Cybersecurity Knowledge Base (MCKB). Attendees also reviewed industry policies and best practices, with examples from China’s successful use cases.

Mr. Jawad Abassi, Head of MENA at GSMA, who moderated the roundtable discussion, said, “The GSMA regularly explores a range of security considerations including secure by design, 5G deployment models and security activities. Good security practices and policies by industry suppliers are essential. The mobile ecosystem should empower advancing positive policy and spectrum outcomes, driving digital innovation to reduce inequalities in our world and tackling today’s biggest societal challenges.”

GSMA NESAS is a rigorous security framework covering some of the most vital aspects of national critical infrastructure. Providing a universal industry standard, it highlights the ability of network equipment vendors to meet and maintain security levels—from product development to lifecycle management processes. Specifically, it covers equipment that supports functions defined by 3GPP and is deployed by mobile network operators on their networks.

NESAS is a trusted and proven standard for tracking records across the world. Vendors’ equipment is tested and audited against a security baseline defined by industry experts through GSMA and 3GPP. It reflects the security needs of the entire ecosystem – including regulators, mobile network operators, hyperscalers, and equipment vendors. The standard continually evolves to meet the needs of the whole industry, based on 3GPP + GSMA standards – avoiding security requirements fragmenting regionally. The GSMA works with internationally recognized partners to audit and test equipment, with selection criteria agreed upon by the GSMA NESAS Oversight Board.

Audits and evaluations allow experts to give in-depth feedback and analysis – helping vendors improve their processes and products while enhancing security across the wider industry. The list of accredited vendors provides near real-time visibility of security status, allowing procurement teams to make informed decisions and comparisons. Huawei’s 5G wireless and core network equipment (5G RAN gNodeB, 5G Core UDG, UDM, UNC, UPCF) and LTE eNodeB were the first to pass the GSMA’s Network Equipment Security Assurance Scheme (NESAS). With one transparent and independent global scheme reflecting the security needs of the entire ecosystem, regulators in the region can take advantage of clear guidance and support for national security mitigations.

GSMA has created the Mobile Cyber Security Knowledge Base (MCKB), which offers the combined knowledge of the 5G ecosystem to increase trust in 5G networks and make the interconnected world as secure as possible. The Knowledge Base is regularly enhanced and extended to respond to the evolving cybersecurity threat landscape.
The 5G Cybersecurity Knowledge Base is an industry effort that composes a comprehensive threat landscape designed to help key stakeholders such as MNOs, equipment vendors, regulators, application developers, and service providers understand the security threats posed by 5G networks in a systematic and objective fashion.

It provides essential insights for the stakeholders’ risk management strategy as well as guidance covering best practices and risk mitigation measures. The Knowledge Base will help enhance 5G security competencies and capabilities and strengthen the work of carriers, enterprises, oversight agencies, and regulators. At an operational level, the Knowledge Base offers clear instructions for taking step-by-step actions to build security assurance while considering the entire risk spectrum of 5G end-to-end networks.

Jeff Wang, President of the Public Affairs and Communications Department at Huawei, said, “To fully reap digital dividends, we need to pay more attention to enhancing connectivity, embracing digital application, and empowering digital talent.” The forum discussions provided recommendations for various countries in the region based on their specific needs and achievements in these areas and the need to specifically improve their optical fibre networks to ensure homes and offices have the speed and stability for these advancements.

The forum spotlighted the robust national network development strategies aligned with visions and key industries crucial for the growing demand for advanced services that necessitate network upgrades, vital for ambitious projects, as is the case of Saudi Arabia’s 10Gbs Society. Supportive policies from governments will incentivize carriers and enterprises to invest in infrastructure optimization.

Lin Yanqing, Principal Consultant, Industry Policy Public & Government Affairs, Huawei Technologies and Aloysious Cheang, Chief Security Officer, Huawei Middle East and Central Asia, joined the round table discussions and reiterated that Huawei has taken a proactive approach to telecom cybersecurity standardization. Cheang said, “Cybersecurity is a team sport, and together with GSMA, we can leverage their good work, such as NESAS and MCKB, that will lay the foundation to secure broadband, 5G, 5G-A, and beyond.”

The company works with the GSMA, the ITU, the 3GPP, and others, as well as through partnerships with security organizations and companies, to ensure the security of its customers and promote the healthy development of the mobile ecosystem, the executives explained. Huawei has passed NESAS/SCAS 2.0 evaluations for its 5G base station and NESAS audits for its RAN and core network, demonstrating the company’s commitment to cybersecurity. Saudi Arabia’s Vision 2030 fuels a digital revolution, prioritizing network investment. As the digital backbone, robust networks are essential for faster internet, advanced services, and a secure, sustainable digital economy.

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button