The rollout of 5G networks has already started, opening the door for large-scale IoT connectivity, autonomous vehicles, remote surgery, and smart cities. However, the rapid development of 5G technologies has brought new security challenges and concerns. Industry leaders are collaborating to provide a solution by standardization. What will the future 5G security industry standards look like? The global telecommunication leader, ZTE Corporation, gives an answer with its security policy and standards.
As a market leader in integrated communications solutions, ZTE is committed to network equipment security, providing customers with secure and trustworthy products, improving global users’ experiences through secure and reliable network connections, and fostering industry digital transformation.
ZTE endeavors to produce secure products by incorporating security throughout the entire business process. ZTE prioritizes supplier reputation, material, component, and manufacturing security, and supply continuity and resilience in the supply chain. ZTE applies the security by design philosophy in R&D to ensure that the product development process is secure and controllable through continual improvement. ZTE maintains standardized practices for engineering services to ensure the secure supply of products and services.
ZTE Security Awareness and Capability Construction
ZTE values the acquisition of security-related knowledge and abilities highly. It has established a talent training mechanism for specialized cybersecurity personnel that combines career development and training in areas like security standards, security planning, security design, secure coding, security tools, penetration testing, security operation and maintenance (O&M), and so forth.
Assurance of Cybersecurity Throughout the Entire Product Life Cycle
Each component of a system affects system security, and the weakest link determines total security strength. ZTE’s security assurance covers the entire product lifecycle, including supply chain, R&D, engineering services, incident management, and supporting operations, and is constantly optimized against industry standards and best practices.
To build a secure, reliable and resilient supply chain, ZTE analyzes risks and challenges faced by supply chain and establishes a robust supply chain security assurance system. It ensures supply chain security from three aspects: supply security (including third-party components), production security, and delivery security.
Meanwhile, ZTE views security as a fundamental quality that must be included in every stage of the product development process by adhering to the rules of security by design and security by default. After years of development, ZTE has integrated industry best practices and incorporated security control measures at various stages.
ZTE also incorporates mid- and long-term security requirements into product roadmap planning, and short-term security requirements into product version planning. The firm publishes technical standards and technology stack catalogs for security design, develops tools for threat modeling, creates a knowledge base for security design, and mentors product teams in the analysis of security needs and the creation of security architecture and features.
Security Incident Management
The security risks of networks cannot be totally removed because attacks and vulnerabilities are always evolving. To lessen the negative effects, a security risk that develops into an incident must be quickly managed. Therefore, ZTE has established strong security incident response and vulnerability handling mechanisms.
The engineering, R&D, and supply chain sectors are all covered by ZTE’s incident response system. For security incidents and data breaches, a hierarchical response framework is set up to guarantee unified cooperation, quick repair, and quick business recovery.
In order to iterate a closed-loop solution for confirmed vulnerabilities, ZTE offers mitigation measures and solutions, evaluates the outcome after the customer implements the remedies, and so on.
ZTE has built an Information Security Management System (ISMS), which outlines the management procedures, such as Information Security General Policy, Information Classification, Risk Assessment, and Security Audit, with embedded information security red lines as control points. The information security department uses red lines to monitor, look into, and address any breaches of the company’s information security and business secrets. All personnel will go through security training and tests every year to improve their security awareness. Employees can immediately report information security breaches and other problems, such as risks and vulnerabilities, to the information security organization via email, phone, and the company’s official website in order to reduce security risks, address vulnerabilities, and improve security rules as soon as possible.
ZTE places a high value on privacy protection and considers it to be one of the fundamental components of its compliance approach. ZTE believes privacy protection to be not only strict adherence to legal standards but also a crucial pillar for establishing shared industry trust and upholding moral principles.
ZTE is dedicated to building an industry-leading, appropriate privacy protection system and is risk-oriented, implementing a complete system from the organization, human, system, and technology dimensions.
To safeguard user, client, and staff data and privacy in a variety of high-risk situations, ZTE has built a thorough management and control mechanism.
ZTE aggressively implements privacy protection advances and investigates secure and ethical solutions for services and products.
The foundation of network security is standardization. All the telecommunication companies and organizations should work together to build 5G security industry standards, enabling reliable and secure 5G products and services. In the future, ZTE will keep innovating to reinforce its security mechanisms and deliver safe products and services.