Huawei: Australia Needs More 5G Competition for Cyber Security
David Soldani, Huawei Australia Chief Technology and Cyber Security Officer
In the Huawei Australia submission to the Department of Home Affairs Australia’s 2020 Cyber Security Strategy review Soldani said that it was now accepted global best practice that competition between multiple suppliers of 5G equipment - which ensured a diverse supply chain - was critical in delivering a secure network.
A failure to create a fully diverse supply chain reduces system resiliency by relying too heavily on one or two vendors, dis-incentivizes investment in Cyber Security and also increases the likelihood of systemic failure and hostile exploitation.
“Both the European Union and two separate UK Parliamentary committees have now acknowledged that the most important vulnerability of telecoms networks is a lack of diversity in technology suppliers,” Soldani said.
The last couple of years has seen the opening of the Australian Cyber Security Centre (ACSC), the creation of Joint Cyber Security Centres (JCSCs) in five capital cities and the AU$50 million investment in the Cyber Security Cooperative Research Centre (CSCRC).
However, Huawei Australia argued it was now time for a collaborative approach that “puts flesh on the bones” of the Cyber Security infrastructure the Federal Government has already put in place.
“Now is the time to take the next steps and define the standards that are required for 5G networks and national programs to ensure that there is compliance, and enforce tailored and risk-based certification schemes to improve cyber security standards,” Soldani said.
“At present there is no effective assurance testing for equipment, systems and software, or support of specific evaluation arrangements or evidence of compliance with commonly known standards and best practices.
“The Federal Government needs to invest in 5G Testbeds and trial programs with the industry, looking at end-to-end cybersecurity system assurance; new architecture and business models; tools for risk mitigation and transparency, and greater interoperability and more open interfaces; and share results.”
Key Huawei Australia recommendations to Australia’s 2020 Cyber Security Strategy.
- Introduce a new set of network security and resilience requirements on 5G and fibre networks for telecoms operators - overseen by ACMA and Government.
- Engage industry to understand telecoms supply chain risks and the arrangements adopted by operators to mitigate them, and gain regular updates on operators’ major supplier arrangements.
- Encourage providers to participate in threat intelligence-led penetration testing scheme and, subject to third party contract arrangements, test operators’ vendor specific arrangements.
- Require operators to work closely with vendors, supported by Government, to ensure compliance and effective assurance testing for equipment, systems and software.
- Develop a targeted diversification strategy in order to reduce the over-dependence from 1-2 vendors, and ensure there is a more competitive, sustainable and diverse supply chain.
- Incentivise entry and growth, including market design and R&D support, cybersecurity evaluation and innovation centres; promoting interoperability and demand stimulation.
- The Government should support market expansion in 5G – including improving access to spectrum, removing barriers to roll-out and promoting new infrastructure models.
- Invest in a 5G Testbeds and Trials Programme, in partnership with the industry, looking at end-to-end cybersecurity assurance and compliance to law, standards and regulations.
- Explore the need for a new national telecommunications lab, with the support of industry and academia. The lab should bring together operators, vendors, industry ‘verticals’ (e.g. manufacturing, healthcare and logistics) and universities, to explore new applications and business models for 5G and beyond.
The full submission can be viewed here: Huawei Technologies (Australia) submission to the Department of Home Affairs Discussion Paper Australia's 2020 Cyber Security Strategy