Home / Blogs

5G Security – Metrics of the Engaged

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

This past month on 03-06 March, the global industry sub-group that exists at the center of 5G security met virtually. It is known as SA3 within the 3GPP organization, and it met over a period of five days to deal with some of the most important 5G security requirements.

3GPP is a “partnership” created among all the world’s major standards bodies, which over several decades has cooperatively developed and evolved by far the largest and most successful global electronic communications network. Its secretariat services are provided by the largest of the global standards organizations known as ETSI—based in Sophia Antipolis, France. The meeting was given the designation of #98bis-e—the second part of the 98th meeting done electronically.

Like all the 3GPP global industry meetings, the participation, documents, and meeting information are open, and participation is driven by the level of interest in the technology and marketplace. Participants contribute their innovations and intellectual property royalty-free. The resulting plans, studies and specifications are freely available to the public on-line.

The work is intense—occurring almost constantly with meetings almost every month. The 3GPP specifications are designated by Releases—similar to computer operating systems—and essentially obligatory for anyone in the 5G business. Release 16 is full “stand-alone” 5G. The most engaged companies have memberships resulting from their different subsidiaries. Because the work is actually spread across numerous other global industry standards bodies that are regularly meeting, a considerable effort is spent in constantly engaging in outreach liaison communications with those other bodies. The 3GPP has remained a proven, successful engine of global innovation and marketplace success for everyone worldwide.

So, a relevant question today—given the alt-truth rhetoric that swirls around some political realms about 5G security—who is actually engaged in the work? The engagement metrics help reveal what is occurring.

5G Security Engagement Metrics in SA3#98bis-e

At the outset, it should be underscored that metrics do not always equate to substance or measure innovation. On the other hand, what is patent is that if a company or agency is not present, they are, by definition, not engaged at all. If it doesn’t submit contributions or speak, it has no say in any of the work or the resulting security platforms and specifications—the work proceeds by consensus.

What is especially useful about the current 5G security meetings is that because they don’t involve travel, and the level of effort to minimally engage is so low, there are effectively no barriers.

The basic metrics of the SA3#98bis-e meeting are:

213 documents treating 11 important 5G Rel. 16 platforms, submitted by 31 organizations. 85 people registered as participants from 49 different organizations. Over the period of the meeting, there were 1012 meeting emails generated by 63 people from 36 different organizations.

The organizations involved are attributable to 12 different countries, plus Hong Kong.

CountryOrganisations
CABell Mobility
CNCATT, China Telecom, Futurewei, HuaWei, Nanjing Ericsson, UNISOC, ZTE
DEBMWi, Deutsche Telekom
FINokia
FRMinistère Economie Finances, Thales
HKTD Tech Ltd
ITTelecom Italia
JPNTT DOCOMO
KRLG Electronics, Samsung
NLPhilips International, TNO
SEEricsson
UKBT, NCSC, Tencastle, Vodafone
USApple, AT&T, Broadcom, CIS, Hewlett-Packard, Intel, InterDigital, Juniper, Mavenir, Motorola , PCCW Global, Perspecta Labs, Qualcomm, Sectra, Sprint, T-Mobile, US CISA ECD, US DOD, US LTS, US NIST, US NTIA, Verizon,

Additionally, Airbus, CableLabs, GSMA, and ETSI itself were present and substantively participating.

A sum of all the different metrics by country/zone is reflected in the following table.

CountryDocumentsEmailsOrganizationsRegistrations
CA--11
CN109311718
DE-2233
FI175413
FR5722
HK--11
IT-1411
JP1---
KR1513223
NL1323
SE25180110
UK-4547
US611812230

The contributions by subject matter are reflected in the following table.

Agenda item description
48Authentication and key management for applications based on 3GPP credential in 5G (Rel-16)
40Security Aspects of 3GPP support for Advanced V2X Services (Rel-16)
29Study on User Plane Integrity Protection (Rel-16)
23Security Aspects of the 5G Service Based Architecture (Rel-16)
18Evolution of Cellular IoT security for the 5G System (Rel-16)
15Security aspects of Enhancement of Network Slicing (Rel-16)
11Security of the enhancement to the 5GC location services
11Mission Critical security (Rel-16)
7Security for NR Integrated Access and Backhaul (Rel-16)
6Security of the Wireless and Wireline Convergence for the 5G system architecture (Rel-16)
2Security aspects of SEAL (Rel-16)

The top ten contributors of documents were:

Source
43Huawei/Hisilicon
25Ericsson
18Qualcomm
18ZTE
17Nokia
17Nokia Shanghai Bell
14Motorola
12Apple
12Vodafone
11Samsung

Clearly, some participants contribute far more than others and account for the preponderance of the work.

Among the government agencies engaged, the UK’s NCSC—which has been consistently, broadly engaged in the activities—generated 4 emails, and the US NIST one. The US government agencies finally demonstrated sufficient cognizance to register, if rather lacking in substantive engagement. The FCC embarrassingly remains inert without even minimal cognizance.

The U.S. government wasn’t always in such a pathetic state of dis-engagement in industry network security activities. Thirty-five years ago, during the Reagan Administration, NSA led the global industry community by creating and implementing the most innovative and comprehensive cybersecurity initiatives ever undertaken. The FCC had dedicated staff and even Commissioners who participated in the ongoing standards activities and led some of the work—specifying in its rulemaking proceedings the required standards. The National Communications System (NCS) was located in the White House under the National Security Council and provided an umbrella for very active engagement in global standards activities among 23 different federal agencies. NCS leaders published annual reports on its strategic international initiatives and activities—while chairing the Federal Telecommunication Standards Committee. The CIA’s DDS&T and DDI provided extensive, politically-neutral assistance to other agencies in understanding the most important strategic technology developments and states-of-the-art. Many of the US Federal agencies also pro-actively facilitated private-sector engagement in strategically important global cybersecurity standards activities.

The plain facts today of 5G security engagement speak for themselves for everyone to see. If the U.S. government wants to see any desired 5G capabilities or more U.S. company engagement, it needs to do more than just register for meetings. It also needs to remove senseless barriers to participation by U.S. companies. Post COVID-19, this has become more important.

By Anthony Rutkowski, Principal, Netmagic Associates LLC

The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign