The Organization of the Islamic Cooperation-Computer Emergency Response Team (OIC-CERT) recognises that the 5G is another disruptive technology bringing in new cybersecurity challenges while undergoing the digital transformation. Just like any other IT entities and cybersecurity objectives, the OIC-CERT strive towards preventing the loss of information availability and integrity in the 5G networks and related services and applications. The main focus is to maintain the confidentiality of the users’ information and prevent data leakage that are being transmitted through the network or being stored in the devices being connected. To address some of the challenges, the OIC-CERT has developed the OIC-CERT 5G Security Framework, which among others, clarifies the different 5G cybersecurity related threats, areas, roles, and responsibilities.
The OIC-CERT is an international cybersecurity platform for information sharing and developing capabilities for the members mainly among the Organization of the Islamic Cooperation (OIC) community. Established in 2009, the OIC-CERT is to provide a venue for member countries to explore and to develop collaborative initiatives and possible partnerships in matters pertaining to cybersecurity to strengthen self-reliant in the cyberspace. To date, the OIC-CERT has 59 members from 27 OIC countries and is an affiliate institution of the Organisation of Islamic Cooperation (OIC).
With the emergence of the 5G, the members are in the opinion that there is a need to look into the security aspect of this upcoming technology thus the OIC-CERT 5G Security Working Group (WG) is formed. This WG is jointly led by Cybersecurity Malaysia, an agency under the Ministry of Communications and Multimedia Malaysia and also the OIC-CERT Permanent Secretariat; and Huawei UAE, an OIC-CERT commercial member. Currently, the WG consists of members from 10 countries which are Bangladesh, Brunei Darussalam, Indonesia, Pakistan, Somalia, Tunisia, Malaysia, Morocco, Oman, and the United Arab Emirates.
The OIC-CERT Board Meeting No. 02/2021 has endorsed the establishment of the OIC-CERT 5G Security WG having the following objectives:
Attachment: OIC-CERT 5G Security Framework Project Write Up
The OIC-CERT 5G Security Framework is an advanced control agreement that establishes the global norms for a safe and secure operation of the next-generation networks. This framework includes subject such as international cooperation, risk assessment and management, cybersecurity maturity, authentication and identity management, privacy protection and compliance with international laws.
The OIC-CERT 5G WG has developed a framework consisting of three major documentation. The first document focuses on sufficiently identifying existing 5G cybersecurity threats while the second constructs a 5G cybersecurity baseline technical specification to provide the fundamental requirements and references for the purpose of effectively mitigating identified and upcoming risks. Since this is a framework developed for the use of various OIC-CERT and OIC countries, the third document defines a cross-recognition assurance methodology, to guarantee harmonized 5G cybersecurity certification schemes and cross-recognised certification results among the member countries. This document also specifies roles and responsibilities of implementing 5G cybersecurity for all stakeholders, basic requirements, references, and certification mechanism. Furthermore, the cross-recognition assurance methodology shows how to harmonize the designing, implementing, maintaining, and optimizing cybersecurity conformity assessment among the member, so that individually certified security assurance will be mutually recognized by other members.
*For the details, member shall log in at OIC-CERT members portal area (which is exclusive for OIC-CERT members only).
The OIC-CERT believes that no parties should be left behind and connectivity based on a secure robust infrastructure is critical for the community and businesses. The cooperative and shared approach of the OIC-CERT 5G Security Framework will enable the path to a greater digitalisation, trusted online services, and digital economic growth. This will allow the OIC community at large to have the same levels of trust among the countries in a volatile global environment.
The OIC-CERT 5G Security Framework provides the necessary mechanism for the members to strategize and plan for the adoption of 5G technology. It will imbue the agility and provisions for localised security requirements to be incorporated to address the fast pace, ever rapidly changing and challenging global environment that are intertwined today in the digital era.
The OIC-CERT 5G Security WG is starting the roll out of the framework for adoption this year. Starting with Malaysia, a workshop session, hosted by CyberSecurity Malaysia and supported by the Malaysian Communications and Multimedia Commission, was held in February 2020 involving the country’s telecommunication operators. It aimed to provide awareness on the importance of 5G security, to develop a common 5G security framework for risk assessment and management, and to develop a common standard among the OIC member countries that can be used to mitigate any technical difficulties in rolling out the 5G technology. The event marks the beginning of the framework adoption rollout, with a series of similar workshops to be held in various OIC-CERT member countries. The parties involved will be the regulators and major local telecommunication operators, whom will be given an overview of the OIC-CERT 5G Security Framework, developed exclusively for the OIC community for heralding a new Islamic Golden Age. The expected outcomes are gauged by the feedback and acceptance of the framework as a reference document and the formation of task forces to make modifications the framework for local use.
The rolling-out continued at GISEC 2022, the Middle East and Africa’s most influential and connected cybersecurity event, held in Dubai, United Arab Emirates in March 2022. Two (2) major entities was introduced to the framework which are the National Agency for Computer Security of Tunisia and the National Telecom Regulatory Authority of Egypt. Both organizations has shown positive respond towards the framework and will study in accordingly.
The roll out activities will continue throughout the year covering Africa and Asia region before going back to the middle east.
Attachment:
Attachment:
POWERED BY
PARTNERS
