Cyber security has become very important in the last years thanks to IT departments and telecommunication specialists, who have asked over and over again for more security. ”I could say that we are the victims of our own success,” says Sergiu Zaharia, Chief Security Officer at Huawei, during a new Call for Leaders video conference organized by Business Review.
Missed the live stream? WatchCall4Leaders Video Talks #3 | Cyber security and 5G regulations | Powered by Huawei here.
”10 to 15 years ago the message from the IT security department was that security should be on the management agenda. Now it is on their agenda. And, of course, there is also a boomerang effect, since now there is a lot of pressure on IT security teams,” says Sergiu Zaharia.
But, this change it is normal since all business processes need to be secured. ”Security has migrated from the IT and network area to the business resilience area. We all managed, and not only in the private area, but also in public institutions, to have the same message about the importance of security. Obviously, there is a lot of work to do, with tasks that come directly from the management,” says Zaharia.
The 4G technology benefitted from the work of researchers and specialists that are trying to discover the vulnerabilities of the technology. Also, from the people in the defense area, who are looking for solutions to close all vulnerabilities. But 4G came with a good security package compared to previous versions. Now, 5G comes with more security, with a standard level of security. ”When we talk about 5G, we don’t think about today’s attacks, but about future attacks. The encryption algorithms implemented in 4G were on 128 bits. Today, the quantum computers that will appear soon will reduce the scope of a 128-bit cryptographic system to a 64-bit one. A 64-bit crypto can be broken very quickly now. That is why one of the measures is to increase to a standard of 256 bits, so that when quantum systems appear to be still secure,” says Sergiu Zaharia.
Huawei’s Chief Security Officer shows that there are some problems on asymmetric security systems, like banking and identifying through third-party devices, but those are not related to 5G technology. “5G has already thought about implementation and there are enough measures already developed to protect communications. Measures that are standard for all industry. The problem occurs in vertical industries, there we must each come up with specific solutions. There will be a lot of work to adapt solutions to each industry, such as healthcare,” says Zaharia.
“From very small systems, such as the ones we have at home (phones, TVs, etc.) to complicated systems, ie connected car infrastructures, as Germany wants to implement, all these systems have vulnerabilities that need to be addressed. Maybe I’m less interested in home, but if I have a military system, I have to ensure maximum security. If we talk about connected cars, we first have the car with its system, then the system to which the car connect to the street and the city, then the cloud system through which it works,” explains Sergiu Zaharia.
All of these systems must follow technical standards at the product level in order to meet safety standards, and then an industry standard will be required. “For example, in the connected car there are standards for each part of the car. It’s all based on the concept of zero trust, meaning I don’t trust any light bulbs or other products that connects to the cloud. Products must have their own security and encrypted communication with any other device. There are these standards and solutions, now only implementation is needed,” says Zaharia.
There are also security solutions for the technologies of the “future”, like AI, cloud, virtual reality, augmented reality. “Including for the machine learning area, research has been done that shows that you can make a system with a malicious “teacher” or modify the program database so that it works incorrectly. There are protection solutions for these systems as well. There will certainly be new things to be implemented, but mixed teams will be needed, with specialists from each field to find effective solutions,” says Zaharia.
“Unfortunately, there will always be attacks, a new type of attack appears every week, and specialists are obliged to keep up to date with new threats,” concludes Sergiu Zaharia.