5G Is On, Bringing Both Opportunities  and Challenges

As mobile broadband begins to reach every corner of the world, people’s desire to unfold the blueprint of the coming fully connected world is increasing. In the era where all things will be connected over mobile broadband, 5G networks need to meet the requirements of unprecedented connectivity. In general, most threats and challenges faced by 5G security are the same as those faced by 4G security. However, the additional security challenges brought by new architectures, services, and technologies to 5G networks must be considered.

In terms of new architectures, new 5G software and network deployment architectures introduce new interfaces and boundaries. The new Service Based Architecture (SBA) and slice architecture shall adapt to new security requirements, such as SBA-based identity authentication, slice security protection, and multi-slice risk management, to prevent attacks. In 5G network deployment, the User Plane Function on the core network is moved from the central equipment room to the Mobile Edge Computing (MEC), introducing new boundaries.

The convergence of connection and computing also creates new security challenges. As for new services, 5G networks empower vertical industries and shall provide better security capabilities for industry applications to meet these industries’ security requirements. In terms of new technologies, cloudification and virtualization technologies are widely used on 5G core networks, which creates security risks in the sharing and virtualization of infrastructure resources. In the future, the impact of quantum computing on traditional cryptographic algorithms shall also be considered to ensure network security.

The industry is working together to address new security risks faced by 5G architectures, technologies, and services, and address potential security challenges through unified 5G security standards, common 5G security concepts, and an agreed 5G security framework. In 2020, 111 companies (including their subsidiaries) from around the world sent technical experts to six SA3 meetings to develop the latest 5G security standards. The 3GPP SA3 Working Group has established 42 projects to analyze security threats and risks in various 5G scenarios. Conclusions are gradually being drawn from these projects and implemented in security standards. The GSMA and 3GPP jointly define NESAS to assess the security of mobile network equipment development and verification. The GSMA 5G Cybersecurity Knowledge Base proposes the security concept of shared responsibility and baseline security controls based on typical 5G network threats and key security solutions. The top-down design principles of the 5G security architecture ensure a systematic, dynamic, and adaptive security framework. With these measures, we believe that 5G cyber security is manageable and verifiable.

Huawei Is Committed to Ensuring 5G Equipment Security and Cyber Resilience. Huawei R&D focuses heavily on security throughout product development, adhering to the principle of security by design and security in process. Cyber security activities built into the process are performed in strict compliance throughout the entire product lifecycle, so that security requirements can be implemented in each phase. Huawei R&D provides the Integrated Product Development (IPD) process to guide end to end (E2E) product development.

Since 2010, Huawei has started to build cyber security activities into the IPD process according to industry security practices and standards such as OWASP’s Open Software Assurance Maturity Model (OpenSAMM), Building Security In Maturity Model (BSIMM), Microsoft Security Development Lifecycle (SDL), and NIST CSF as well as cyber security requirements of customers and governments. Such activities include security requirement analysis, security design, security development, security test, secure release, and vulnerability management. Check points are used in the process to ensure that security activities are effectively implemented in product and solution development. This practice improves the robustness of products and solutions, enhances privacy protection, and ensures Huawei provides customers with secure products and solutions.

5G is becoming a reality and the lifecycle for 5G is going to be lasting for a while. Based on successful experience for 4G security, controlling 5G security risks is achieved through joint efforts of all industries. To control risks in the 5G lifecycle, we need to continuously enhance security solution capabilities through technological innovation and build secure systems and networks through standards and ecosystem cooperation.