Cyber security has become very important to everybody in recent years thanks to IT departments and telecommunication specialists, who had been asking for better security measures for a long time. “I could say that we are the victims of our own success,” said Sergiu Zaharia, Chief Security Officer at Huawei, during a new Call for Leaders video conference hosted by Business Review.
Missed the live stream? WatchCall4Leaders Video Talks #3 | Cyber security and 5G regulations | Powered by Huawei here.
”10 or 15 years ago, the message from IT security departments was that security should be on the management’s agenda. Now it is on their agenda. And, of course, there is also a boomerang effect, since now there is a lot of pressure on IT security teams,” Zaharia noted.
But this change is normal, as all business processes need to be secured. “Security has migrated from the IT and network area to the business resilience area. We have all managed to get to the same message about the importance of security, and not just in the private sector, but also in public institutions. There is obviously a lot of work to do, with tasks coming directly from management,” he added.
4G technology benefitted from the work of researchers and specialists who tried to discover its vulnerabilities, including people in the defence sector, who looked for solutions to every security issue. But 4G came with good security features compared to previous versions. Now, 5G comes with even more security, with a standard level of security. “When we talk about 5G, we don’t think about today’s attacks, but about future attacks. The encryption algorithms implemented in 4G were on 128 bits. Today, the quantum computers that will soon appear will reduce the scope of a 128-bit cryptographic system to a 64-bit one. A 64-bit crypto can be broken very quickly now. That is why one of the measures was to increase to a standard of 256 bits, so that when quantum systems appear, it will still be secure,” Sergiu Zaharia explained.
Huawei’s Chief Security Officer highlights the fact that there are some issues with asymmetric security systems, identification through third-party devices, but those issues are not specific to 5G technology. “5G has already thought about implementation and enough measures have already been developed to protect communications, which are the standard for the entire industry. The problem occurs in vertical industries; there we each must come up with specific solutions. There will be a lot of work to adapt solutions to industries such as healthcare,” he noted.
“From very small systems like the ones we have at home (phones, TVs, etc.) to complex systems like connected car infrastructures, which Germany is looking to implement, they all have vulnerabilities that need to be addressed. Maybe I’m less interested in the home, but if I’m managing a military system, I have to ensure maximum security. If we talk about connected cars, we first have the car’s own system, then the system that allows the car to connect to streets and cities, then the cloud system through which it works,” the Huawei official added.
All these systems must follow technical standards at the product level to meet safety requirements, and then an industry standard will be required. “For example, in the connected car there are standards for each part of the car. It’s all based on the concept of zero trust, meaning I don’t need to trust the security of a light bulb or another car part that connects to the cloud. Products must have their own security and communication to any other device must be encrypted. Standards and solutions exist, now all we need is implementation,” said Zaharia.
There are also security solutions for the “technologies of the future”, like AI, cloud, virtual reality, augmented reality. “Even in the machine learning area, there has been research that showed that you can build a system using a malicious “teacher” or tamper with the programme database so that it works incorrectly. There are protection solutions for these systems as well. There will certainly be new things to implement, but mixed teams of specialists from each field will be needed to find effective solutions,” he argued.
“Unfortunately, there will always be attacks; a new type of attack appears every week, and specialists must keep up with new threats,” Zaharia concluded.