The GSM Association (GSMA) has announced that the world’s leading mobile network equipment vendors, Huawei, ZTE, Ericsson and Nokia have successfully completed an assessment of their product development and lifecycle management processes using the GSMA’s Network Equipment Security Assurance Scheme (NESAS).
In a statement on its website, Chief Technology Officer of GSMA, Alex Sinclair was quoted as saying “The GSMA recognizes the support and participation of Ericsson, Huawei, Nokia and ZTE who have satisfied the scheme’s security requirements via an independent security audit and we congratulate them on achieving this important first step.”
This comes at the time when United States of America, United Kingdom, India, Singapore and other countries have raised security concerns about Huawei equipment in particular, and are actually in the process of kicking Huawei either out of 5G network and or out of their countries completely.
The NESAS scheme is a collaboration and jointly led by 3GPP and the GSMA, and is open to all vendors of network equipment products that support 3GPP defined functions.
NESAS, which is focused on the vendor aspects of the supply chain, provides a security assurance framework to improve security levels across the mobile industry. it has been developed following established practices and schemes that provide security assurance.
According to Alex Sinclair, “By committing to NESAS, vendors are helping network operators, and other stakeholders make informed decisions about secure product development.”
He said the GSMA looks forward to others participating in the scheme, evidencing their commitment to good security practice by promoting a security-by-design culture within the industry.
During the second stage of NESAS, vendors will submit network equipment products to qualified test laboratories for evaluation. This stage involves laboratories running security tests, defined by 3GPP, and checking that the products undergoing evaluation have been developed under the assessed development and lifecycle management processes.
The evaluation concludes with the production, by the test laboratory, of a valuation report that records the test results. The report is provided to the vendor who can make it available to its customers and other stakeholders at its discretion.
The statement said the GSMA is actively supporting the latest developments and the efforts being made within the industry to increase network infrastructure security levels, adding that NESAS represents a critical industry initiative that increases transparency and incentivizes vendors to develop and support network equipment in a way that protects operators and their customers and can underpin national security requirements.
“The GSMA looks forward to the participation and support of the mobile industry and other stakeholders,” it said.
It said test laboratories need to be ISO/IEC 17025 accredited, and the GSMA welcomes requests from qualified laboratories to be listed as a NESAS security test laboratories.
“Expressions of interest in being recognized by the GSMA as being competent to undertake security evaluations of network products against 3GPP defined Security Assurance Specification documents can be directed to firstname.lastname@example.org,” it added
The GSMA represents the interests of mobile operators worldwide, uniting more than 750 operators with almost 400 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organisations in adjacent industry sectors. The GSMA also produces the industry-leading MWC events held annually in Barcelona, Los Angeles and Shanghai, as well as the Mobile 360 Series of regional conferences.