Asia-Pacific Cyber Security Salon, the first session in the 2021 Cyber Security Salons regional series, was held online this Tuesday. The salon brought together several key country regulators, industry, and cybersecurity experts, to explore a range of cyber challenges facing the world, as well as prospects for collaborative approaches to developing closer global cooperation on cyber security.
The cybersecurity threat is global, yet the mitigation and defense mechanisms remain national and, at best, regional. As sophistication grows in how we tackle cyber-related threats, so should a more closely aligned regional and eventually, international approach emerge.
In particular, as the APAC region endeavors to boost post-pandemic economic recovery and digital transformation in the 5G era, promoting common security standards and frameworks have become not only important for risk management but also for technological advancement and economic development.
During the cybersecurity salon, experts shared their thoughts on cyber policies and best practices developed at industry and national level, feeding into regional collaboration, among which Network Equipment Security Assurance Scheme (NESAS) has been pinpointed to be an important cooperation mechanism and security standard.
As a cyber security specification and evaluation mechanism defined for the telecommunications industry, jointly initiated by 3GPP and GSMA, NESAS consists of two parts: 1) supplier development and product lifecycle process assessment; 2) Evaluate network element products. Together they define a globally applicable general security baseline. Based on NESAS, we can verify whether network equipment meets security requirement list and whether device vendors develop products according to unified security standards.
Launched in October 2019, NESAS has gained broad support across the industry. Based on NESAS 1.0, a four-in-one ecosystem has been formed. Operators, equipment suppliers, audit institutions and laboratories, governments, and government agencies jointly promote NESAS as a global standard for mobile communications cyber security certification in the 5G era. 10 global tier-1 carriers request NESAS before deployment. Several major vendors support NESAS as the basis for unified 5G cyber security certification. NESAS itself is also continuously optimized and evolved. The NESAS 2.0, released in February 2021, is further enhanced and covers more industry needs.
Meanwhile, NESAS has been widely recognized by EU member states. The co-chairs of the 5G Sub-Group (Germany and Poland) recommended in their latest public speech that GSMA NESAS is the only candidate scheme currently in the 5G network side.
There has been a growing consensus that NESAS helps to provide transparency in measuring vendors' network equipment security and to reduce the burden of security assessment on government regulators and operators, and vendors. By deploying unified and technology-based security evaluation standards, it is conducive to avoid the potential for fragmentation and reduce network access costs.
"NESAS provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry. In Thailand, the Cybersecurity plan is being developed. There will be development all around ecosystem, including people, processes and technology. The common policy/protocol has been agreed. For the next step, the real actions in each country and international cooperation should be taken place and supported," said Dr. Pongpisit Wuttidittachotti, Ph.D., Thailand Information Security Association (TISA) committee, ISACA-Bangkok Chapter committee, King Mongkut's University of Technology North Bangkok.
In the journey to a digital world, trust must be based on verifiable facts, which should in turn be based on shared standards. Authoritative, customized, efficient, unified, open, global and constantly evolving cyber security assessment standards in the communications industry are needed. The industry should work together to make positive contributions to the sustainable development of the global unified security assessment and certification system for 5G.