The European Commission calls for a standardized approach to network implementation in the Member States. Currently, regulations differ significantly depending on the country, which may affect the security of critical infrastructure based on 5G. Poland is at the stage of implementing appropriate standards, but the proposed amendment to the act on the national cybersecurity system focuses more on political than technical aspects. The solution could be an international safety standard that checks the entire life cycle of products as well as certifies the equipment itself for safety. Major 5G equipment suppliers have already passed NESAS certification.
In a statement published in September, the European Commission calls for a harmonized approach to 5G implementation. As one of the solutions that may become the basis of the EU Cybersecurity Act, the second, after the NIS Directive, the pan-European cybersecurity law, the NESAS standard, i.e. the Network Equipment Security Scheme, is considered. This is a cybersecurity test for telecommunications equipment and mobile networks.
“NESAS includes certification of the entire process of creating telecommunications products, such as 4G, LTE or 5G telecommunications networks,” Jordi Mongay Batalla, PhD, DSc., professor from the Faculty of Electronics and Information Technology of the Warsaw University of Technology, said.
The standard was created by the international association GSMA (Global System for Mobile Communications Association), associating over 700 mobile operators, and is the first widely recognized worldwide standard in the telecommunications industry. NESAS includes 20 assessment categories that verify product life cycle development and safety. In addition, it uses the SCAS security test cases defined by 3GPP to assess the security of network equipment.
A unified cybersecurity certification standard is necessary, especially in the context of the 5G network, around which there is a whole range of legal and ethical doubts.
“To secure the 5G infrastructure in Poland, each element of this network must comply with the SCAS standard. Then, of course, the certification laboratories check the various functionalities of this equipment. There are, for example, various security certificates that can be added to check if it works correctly,” Batalla explained.