Key principles for network security and device integrity
In a new report, we highlight factors that can affect the security and integrity of the mobile ecosystem. And, importantly, how governments can help improve the protection offered to their citizens.
Digital services, powered by high-performance mobile networks, have become an increasingly vital part of how people live and businesses operate. Protection against all types of threats to mobile networks and devices is, therefore, absolutely crucial. Also, as with any new generation, the security challenge will evolve with the arrival of 5G. But the growth of 5G creates an opportunity to rethink security and how it is offered.
Today, operators are protecting the underlying infrastructure to ensure that they provide consumers with the most secure and reliable communication service possible.
- Sourcing network equipment that is securely designed, developed and supported to secure the network infrastructure that we operate and control.
- Promoting public-private partnership to minimise the risk of either hacking or use of the network for malicious means through global and coordinated approaches.
However, while mobile operators continually invest in protecting everything from false base stations to SIM swap frauds and DDoS (distributed denial of service) attacks, there is also a need for government and regulator support.
What can policy makers do to help increase mobile device integrity and network security?
- Regulations, where necessary, should be applied consistently across all providers within the value-chain in a service- and technology-neutral manner while preserving the multi-stakeholder model for internet governance and allowing it to evolve.
- It is important that the mobile industry ensures adequate mechanisms, tools and opportunities are in place to share threat and attack information. Such an initiative could include regulators or other government authorities such as national Computer Security Incident Response Teams (CSIRTs).
- Promoting public-private partnerships to minimise the risk of either hacking or use of the network for malicious means through global and coordinated approaches.
The GSMA also aims to play a key role in improving the protection of networks and users. We lead a range of industry initiatives to make operators aware of the risks and mitigation options available. Regulators worldwide acknowledge the work as sufficient to eliminate the need to regulate a range of security matters. The GSMA-led initiatives include:
- Coordinated Vulnerability Disclosure (CVD) – A way for researchers to disclose vulnerabilities that could impact the mobile ecosystem.
- Network Equipment Security Assurance Scheme (NESAS) – Security assessment of vendors’ product development/lifecycle processes and infrastructure products.
- Security Accreditation Scheme (SAS) – Security audit and certification of SIM/eSIM production and subscription management sites.
- To learn more, download the “Securing the mobile ecosystem” report here.