Under pressure, Huawei has invested $tens of billions in security. It only makes sense that it is tking the lead in conventional security testing. 3GPP, the industry’s standards body, confirms Huawei is the first to pass GPP’s Security Assurance Specifications (SCAS) testing in both LTE and 5G.
While an important symbol, it’s very hard to extrapolate from testing to truly effective security, No one is certain what threats will arise in the 5G era, It’s highly likely many new issues will be discovered for which there is no test plan, 5G will involve many more components, many of them cheap IoT devices. Many experts are fearfulof the enlarged “Attack Surface.”
Nor does testing like this tell us much about the real issue, penetration by a nation-state. The Russians have recently cracked slews of US government systems. The hacking group Cozy Bear penetrated, among others, the US Department of (Nuclear) Energy. Separately, Microsoft was deeply breached.
The real evidence on security is deeply classified and often distorted for political purposes. Neither I nor anyone not a part of the security apparatus can provide real answers.
What I can say is there is absolutely no public evidence of any Huawei isecurity problems.
Huawei 5G & LTE: the First to Pass 3GPP’s SCAS Testing at DEKRA and Officially Passes the GSMA’s NESAS Evaluation
[Shenzhen, China, December 22, 2020] Huawei’s 5G RAN gNodeB and LTE eNodeB has passed 3GPP’s Security Assurance Specifications (SCAS) testing. It was performed by DEKRA, the first security test laboratory in Europe accredited for SCAS testing. The report has been released on the GSMA website (Link). After passed GSMA’s Network Equipment Security Assurance Scheme (NESAS) audit (Link), and 3GPP’s SCAS testing, Huawei becomes the first 5G and LTE vendor to pass the GSMA’s NESAS evaluation officially. NESAS provides the right kind of standards for communications industry, it is authoritative, customized, efficient, unified open, global and constantly evolving.
After the development and product lifecycle processes successfully audited, Huawei’s 5G and LTE products have been evaluated with security tests defined by 3GPP, and the testing against those requirements allows the level of security of network products to be objectively measured. DEKRA, the first accredited NESAS Security Test Laboratory in Europe, performed security testing on Huawei’s 5G RAN gNodeB and LTE eNodeB. The tests include network product general security, air interface security, and basic vulnerability testing, such as data and information protection, air interface ciphering and integrity protection, robustness and fuzz testing. According to the report, all the tests mentioned above are 100% passed.
NESAS/SACS is a standardized cybersecurity assessment mechanism. It was jointly defined by GSMA and 3GPP, the telecom industry’s leading standards-setting organizations. To create NESAS/SACS, they consulted carriers, vendors, regulators, and industry partners around the world. NESAS/SACS was designed specifically for the mobile industry. It delivers threat analysis, definitions for critical assets, security assurance methodology, and general security assurance requirements. The integrated assessment process avoids fragmented assessments and conflicting security assurance requirements in different markets. Meanwhile, it’s always open to feedback from different stakeholders, and it will keep evolving with regular new releases.
Trust is built on facts which must be verifiable，and verification must be based on common standards. For 5G networks, NESAS/SACS provides the right kind of standards: customized, authoritative, global, efficient, unified, open, and constantly evolving. Huawei the active participant supports GSMA and 3GPP in developing a global standardized security evaluation, and urges the industry to widely adopt NESAS/SCAS to promote sustainable development on this global network security standards.
Huawei 5G: Passes GSMA’s Network Equipment Security Assurance Scheme
Aug 24, 2020
[Shenzhen, China, August 24, 2020] Huawei’s 5G wireless and core network equipment (5G RAN gNodeB, 5G Core UDG,UDM,UNC,UPCF) and LTE eNodeB has passed the GSMA’s Network Equipment Security Assurance Scheme (NESAS). GSMA NESAS boosts the industry’s confidence in telecom network equipment, making it a practical choice for the industry and an important consideration for all regional markets, to jointly promote the development of more aligned mobile communications market.
NESAS is a standardized cybersecurity assessment mechanism jointly defined by GSMA and 3GPP, together with major global operators, vendors, industry partners and regulators. It provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry. It is a voluntary scheme through which network equipment vendors subject their product development and lifecycle processes to a comprehensive security audit against the currently active NESAS release and its security requirements. The summary independent audit reports of the NESAS assessment can be found here www.gsma.com/security/nesas-participating-vendors/
GSMA NESAS, which is widely accepted in the industry, ensures that the relevant equipment meets the Scheme’s 5G network security and reliability requirements. The integrated assessment process avoids fragmented assessments and their resulting costs, while improving the transparency of security protection levels in the industry through visual and measurable results. NESAS covers 20 assessment categories, defining security requirements and an assessment framework for 5G product development and product lifecycle processes. Additionally it uses security test cases defined by 3GPP to assess the security of network equipment.
“GSMA NESAS is the latest approach in assessing the network security of mobile communications. In the 5G era, NESAS provides a standardized and effective cyber security assessment, which allows the communications industry to ensure fairness. The Assessment is also a valuable reference for stakeholders, such as operators, equipment vendors, government regulators, and application service providers. Huawei has always focused on technology-driven cyber security. We welcome NESAS with full support and collaboration. We also invite the entire industry to jointly promote the development of a more aligned mobile communications market.” – said Devin Duan, Head of 5G E2E Cybersecurity Marketing, Huawei.
For Huawei, cybersecurity assurance is a shared goal between Huawei, customers, supervisory authorities, and other stakeholders. Trust in cybersecurity has become a major global concern as the world becomes more digital. Huawei believes that trust must be based on verifiable facts, which should in turn be based on shared standards. We believe that this is an effective way to build trust in the digital era. Huawei supports GSMA and 3GPP in developing a global standardized security assessment, an idea that has largely been accepted as an industry consensus. NESAS promotes this concept, and as such, Huawei urges the industry to widely adopt NESAS.
Prior to passing GSMA NESAS, Huawei also passed the 5G cyber security test by China’s IMT-2020 (5G) Promotion Group. These test specifications are based on the 3GPP international standards for 5G security assurance.