Industry Thought Leadership

Trust is a Cybersecurity Ecosystem; Not Just a Value

June, 2023
Nora Cao
Vice President of Global Government Affairs

Huawei Technologies

According to research by GSMA Intelligence, there will be 9.8 billion mobile connections by 2030 of which 5.3 billion will be 5G. The research suggests that if mobile adoption increases by 10%, the impact on GDP can be 1%. So connectivity can offer clear economic and social benefits.

Telecoms infrastructure serves as part of the core foundation of modern digital economies. It plays a crucial role in helping governments, at both national and transnational levels, to achieve economic growth, digital inclusion and affordable access, social mobility and environmental objectives through communication. The benefits of a digital economy for the Middle East and North Africa were highlighted in a World Bank report last year that this year predicted that Africa will have the largest share of the global workforce by 2100 making it crucial to have uptake of digital technology. In addition, as emphasized by the Open-Ended Working Group (OEWG) and the United Nations Group of Governmental Experts (GGE), security, trust and stability are essential for building and creating an inclusive cyber ecosystem.

Trust in connectivity is essential for economic development
Without cybersecurity measures in place, trust in connectivity will remain low affecting development of economies and willingness of consumers to engage in a digital connected economy. However, trust cannot be just based on certain values or principles because in a multi-cultural world, these are just too diverse and can never by unified.

Therefore, a framework is essential for accommodating the dynamic nature of cybersecurity – newly emerging threats, policy evolution, technology developments plus changing economic and social factors. A framework must factor in policies, practices and procedures and support all organizations with protecting their assets via a process that includes identifying, assessing and managing potential disruptions.

Creating trust is actually a process and must be done in a structured manner which brings together all representative stakeholder voices who are committed to unified standards and also willing to take part of the responsibility for establishing a cybersecurity ecosystem.

For example, regarding critical infrastructure (CI), between 2020 to 2022, more than 200 cyber security legislations were proposed, passed, or took effect globally. These legislations were primarily focused in Europe regions and the Asia-Pacific region. Most developing countries have incorporated CI protection legislation into general cybersecurity legislation. However, a challenge remains in that legislation should be reasonably designed in alignment with the ability to implement. This includes making legislation affordable so that a country can enforce, comply with and maintain the legislation.

What kind of framework is needed to build trust?
In the development of legislation or framework the resources of a country must be considered including financial, human, technical, infrastructural, and or institutional resources as well as political, and social circumstances in order to ensure that there isn’t a ‘policy implementation gap’ meaning that there is a difference between the expected outcome during the policy design stage and the actual result after implementation. This tends to be a caused by two factors including an unrealistic assessment of the implementation ability of a country, and fundamentally, a lack of multi-stakeholder collaboration.

Multi-Stakeholder Partnerships (MSP) bring together different societal players (public sector, private sector, civil society, academia) working together as equals, sharing risks, and combining unique resources and competencies to address challenges or exploit opportunities in ways that one cannot achieve alone to facilitate the development of sustainable frameworks. Based on fruitful outcomes from WSIS Panel in SAMENA Leaders’ Summit and best industrial knowledge above, we developed the TRUST framework, to help build the cybersecurity ecosystem holistically:

T-Technical Base: Cybersecurity is rooted in technology. Cybersecurity risk can be appropriately governed by technical measures and mitigated by technical innovation. For example, with 4G authentication, telecommunications operators authenticate users using a SIM card placed inside a smartphone or another device. However, because internet of things (IoT) connections vary in size and power consumption, as well as in the type and quantity of data they can send and receive. With the diverse range of devices and requirements required by IoT, a single SIM from a single telecommunications operator is unable to cope. 5G eliminates the need for a SIM card by assigning unique identities to each individual device, so the responsibility for authentication is shifted from the operator to individual service providers.

R-Responsibilities: 5G cybersecurity is a shared responsibility that involves key stakeholders including MNOs, interconnection providers, vendors, application developers, service providers and governments, each with a clearly defined set of responsibilities which (when fully met) can enable the deployment and operation of 5G systems in a secure manner. This means that only with appropriate different roles’ can responsibilities be taken in a way that the ecosystem can enter a ‘virtuous circle’ and develop rapidly as seen in the development of the GMSA’s 5G cybersecurity knowledge base ‘shared responsibility model’ (GSMA - 5G Cybersecurity Knowledge Base).

U-Unified Multi-stakeholders’ Collaboration: Collaboration between all stakeholders is essential. Users, regulators, industry experts, governments need to leverage the collective knowledge of industry. Without this shared knowledge of the stakeholders such as the ITU, local governments, academics, ETSI, ENISA other ICT corporations and players. innovation will be stifled within the industry and risks will not be highlighted at an early stage. As Mr. Adel Mohamed Darwish, Director, Regional Offices of the International Telecommunications Union (ITU) for Arab States said “We are now faced with a global space, not only a local market. The input of private sectors and industry organizations is helpful, cybersecurity and digital transformation needs multi-stakeholder cooperation.”

S-Standardized Baseline and International Common Standard to follow: As the global market grows, a standardized baseline for both ICT development and cybersecurity together is essential to avoid fragmentation. As his Excellency Sheikh Nahayan Mabarak Al Nahyan, UAE Cabinet Member and Minister for Tolerance and Coexistence called for responsibility within the ICT industry as the industry develops and said in the opening ceremony of SAMENA Leaders’ Summit: “In UAE, we share the aspiration of having a digital world that is sustainable, secure and meets present and future needs, committed to satisfying best international standards and ready to promote community engagement and support in all countries around the world.” This is also demonstrated by GSMA, ‘5G security risks can be addressed through the deployment of coordinated and verifiable security measures based on common standards.’ Developing standards for cybersecurity by aligning standards is similar to the C2C-CC and W3C consortia that have guided the development of the world wide web making it accessible to all. Developing standard processes and policies will facilitate clarity.

T-Transparency and Fairness – Governance and policy development: Policy and governance is necessary for orderly operation of markets across borders and jurisdictions, and potentially even intervention when faced with market failure. Therefore, market structures must be transparent avoiding unnecessary costs that may impede implementation but rather encourage and foster vitality. This ultimately protects consumers and users. For example, the World Trade Organisation faced the challenge of maintaining a multilateral trading system when more developed member countries have access to better quality and more timely trade information then less developed countries. The question of how to create real-time sharing of information including supply chain disruptions became a digital divide transparency challenge.

Now, just as it is important to communicate when technology is being applied such as the use of AI for checking credit ratings or resolving trade problems, it is equally important to share intelligence on security breaches, prevent cyberattacks and promote cyber resilience.

Trust requires an ecosystem
Trust cannot be an assumption of shared values and behavior but needs to be a tangible process that reflects the diverse expertise and voices of all stakeholders. Only in this way will standards be agreed and implemented.

With 5G facilitating more data exchange and opportunities it is essential that we are able to enjoy the benefits in a secure, sustainable way that protects all assets from the dangers of cyber-attacks.

According to the UN’s Secretary-General's Roadmap for Digital Cooperation by 2030, every person should have safe and affordable access to the internet. Keeping society safe whether in the delivery of education, manufacturing or food delivery is essential. Connectivity is a right and all users in society deserve to be safe – whether corporations, governments or individuals. Trust is much more than just a value, it is an ecosystem.