Allan S Cabanlong, ASEAN Eng.
Cybersecurity has been a global buzzword since economies and industries have embraced digital transformation. It has continued to gain attention and support as a specialized field in information technology and as a business and economic enabler. As technology continues to evolve rapidly, challenges in cybersecurity lie heavily on the establishment, adoption, and application of standards.
The 5G equipment security has been one of the most pressing issues in the telecommunications industry because it is often politicized and influenced by dynamics in the global market. However, 5G equipment manufacturers that complied with the ITU IMT-2020 5G reference standard have shown and opened their security processes to the regulators. Thus, eliminating all unfounded speculations and hesitancy in its adoption. Many countries in Europe and Asia have adopted and used type-approved 5G equipment by their respective regulators, which translates into openness and support for these standards.
The Network Equipment Security Assurance Scheme (NESAS), jointly initiated by 3GPP and GSMA and developed together with major operators and vendors, defines cyber security specifications and evaluation mechanisms for the mobile industry, has been widely adopted globally. In 2020, Germany Security Catalogue 2.0 recognized NESAS as a 5G security certification standard and worked with all parties to promote the development of a unified 5G certification standard in the EU. Earlier this year, particularly in the ASEAN, Malaysia, through CyberSecurity Malaysia, began to introduce the NESAS into Malaysia’s 5G network industry. In July 2021, the Singapore government acknowledged NESAS through the IMDA 21 GHz Public Consultation Document. Finally, in November 2021, the Thailand Office of the National Broadcasting and Telecommunications Commission (NBTC) officially released the national 5G security guideline to call for stakeholders of the Thailand telecom industry to comply with NESAS standards.
As always left behind by our neighboring ASEAN member states in the adoption of standards, the Philippines Department of Information and Communications Technology has been conducting stakeholder engagement activities to adopt NESAS. Although voluntary, importantly, the acknowledgment of the government and stakeholders that equipment security standard is one of the essential steps towards achieving cyber resiliency.
The best time to adopt a unified cybersecurity standard, like the NESAS in 5G, is now. Waiting any longer would only mean an increase in risk and exposure to imminent threats to our cyberspace, our people, and our nation.