Certification and Assuring the 5G Supply Chain
Mobile operators rely on numerous external suppliers to deliver 5G infrastructure, software, products and services. In turn operators’ customers, enterprise or consumer, rely on the operator provided services to manage and enable their lives and businesses. This represents a complex supply chain where downstream links inherit risks and vulnerabilities from suppliers if they are not properly mitigated. One of the ways to manage the supply chain is to certify or assure products, services and stakeholders within that supply chain. Security assurance is a means to ensure that network equipment meets security requirements and is implemented following adherence to secure development and product lifecycle processes by suppliers. This assurance is especially important for mobile systems, as they are classified as critical infrastructure in some jurisdictions. The recently mandated EU Cybersecurity Act establishes an EU framework for cybersecurity certification, potentially boosting the cybersecurity of online services and consumer devices. The certification framework will be a one-stop shop for cybersecurity certification, resulting in significant cost saving for enterprises, especially SMEs that would have otherwise had to apply for several certificates in several countries. Moreover, companies are incentivised to invest in the cybersecurity of their products and turn this into a competitive advantage. This session will highlight the importance of understanding how products are developed and introduced into the 5G ecosystem as well as how they are how certification is likely to impact and benefit 5G.