Building a Secure and Trustworthy 5G World

Zhong Hong, Chief Security Officer, ZTE Corporation

ZTE is an Industry Sponsor of Mobile 360 – Security for 5G, which will be held in the Hague, 28-29 May 2019.

In April of this year, ZTE released a Cybersecurity White Paper. It can be seen that ZTE has made efforts to advance cybersecurity governance. What is the motivation behind this?

The Cybersecurity White Paper has expressed ZTE’s security vision “Security in DNA, trust through transparency.” On the one hand, we hope that customers and stakeholders will see the progress that ZTE has made. On the other hand, we hope to have a common expectation with our customers and stakeholders for the future.

All along, how to resist security threats has been a very broad topic. However, we always believe that it is a must-have for ICT vendors to provide secured and trustworthy delivery. Because whether ICT suppliers have the security assurance capability will directly impact the security status of the running network, that’s the reason cybersecurity governance capability is an important topic that draws close attention worldwide.

What do ICT vendors need to prepare in order to provide secured and trustworthy delivery?

Simply put, there is a need for both technical and managerial preparation. Because the method of resisting security threats not only depends on the inherent security attributes of ICT network products, but also requires ICT suppliers to have security and support systems at the management level. In this way, products and services are guaranteed to have a level of security risk resistance and can operate in the network in a desired manner.

After years of cybersecurity governance practices, ZTE has established a set of end-to-end security assurance system that is controllable, visible and smooth in communication. Our mission is to provide end-to-end security delivery of products and services to ensure consistent, secure, and sustainable delivery and running of products and services.

The 5G era has arrived. What is ZTE’s conception for the 5G era for cybersecurity?

The 5G world has built a wider range of connections, and the security industry needs to increase cooperation to fully realize its own value through mutual assistance across the industry to obtain common interests and an expected future.

The primary appeal of cooperation is a common goal. ZTE has always believed that the cooperation, integration and symbiosis of the ICT industry value chain are the directions that all parties recognize and expect. In a dynamic evolution era, there is a broad consensus that all parties should bring innovation and value through collaboration and cooperation.

In March of this year, the European Parliament introduced the EU Cybersecurity Act, advocating the formation of an EU-wide cybersecurity certification scheme. For European cybersecurity regulators, assessment and audit institutions, professional security companies, ICT operators and suppliers, it is a key opportunity for the ICT industry to strengthen communication, cooperation and integration. ZTE is willing to be an important player and promoter of this program.

What is the status of ZTE’s standard contribution and what is the future plan?
ZTE is an active participant in standards organizations and industry associations such as 3GPP, ETSI, GTI, etc. In 2018, ZTE’s contribution to 3GPP SA3 5G security standards is above average of the list. We will continue to maintain and expand the participation of security standards. give full play to the R&D strengths that ZTE has always maintained, and work with world-class standards organizations to jointly promote, develop and guide today’s and tomorrow’s 5G security standards.

In the face of the future, we need to envision the common goals and challenges foreseen under the unified cybersecurity certification scheme. Communication, interaction and cooperation are the processes that must be followed to achieve the common interests. ZTE is actively communicating with all parties to enhance mutual trust. Among them, the establishment of open and transparent cybersecurity labs in Europe is the first step of the journey.

Could you talk about ZTE Europe Cybersecurity Labs in more detail?
Yes. The establishment of the cybersecurity labs in Europe represents a milestone for ZTE to increase transparency and enhance trust with all third parties. The cybersecurity labs aim to provide global customers, regulators and other stakeholders with security assessment and audit services, such as source code review on ZTE products including 4G and 5G, security design audit, procedural document review, black box testing and penetration testing.

Furthermore, the cybersecurity lab, functioning as an industry cooperation and research platform, will also facilitate in-depth researches and explorations in the security field.

The main functions of the security lab are:

  1. To review the source code of all ZTE products including 4G and 5G automatically and manually in a secure environment;
  2. To review critical technical and procedural documentation of ZTE products and services;
  3. To perform black box security testing of ZTE products via remote access or locally;
  4. To perform remote or local penetration testing in the scenario of network-wide deployment;
  5. To inspect the end-to-end integrity and security in delivery of the product versions.
  6. A platform for ZTE to communicate with customers and third-party organizations to research and develop security skills.

The customer value of the cybersecurity labs is to make the secured delivery transparent and is a window for customers to review the security of ZTE products, services and processes. The labs will show the security delivery capability of ZTE products to customers in real time visually, and demonstrate the security defense capabilities of network products in 5G application scenarios in a touchable manner.

With the help of the cybersecurity lab as a platform, what is the future vision of ZTE for cooperation?
The security lab is an open and cooperative platform. ZTE plans to gradually achieve the cybersecurity goals through three stages: first, meeting the requirements of cybersecurity laws, regulations and industry standards as well as the certification scheme; second, conducting an open dialogue to enhance transparency, and establishing cooperation with customers, EU, EU member state regulatory agencies as well as governments; and third, sustaining the open cooperation mechanism to contribute to cybersecurity standardization and ICT industry.

ZTE will pay attention to the security requirements of customers and regulators, and considers to establish new security labs locally based on business development to play the role as a platform for transparency, cooperation and communication. At present, ZTE has cooperated with a number of world class security professional organizations to conduct security assessment, certification and audit. In the future, by cooperating more with customers and third-party professional organizations, ZTE will uphold the company vision of “To enable connectivity and trust everywhere” and continue to provide trustworthy cybersecurity capabilities in Europe and worldwide.

The views and opinions expressed in this piece belong to the author and do not necessarily reflect those of the GSMA.