Standardization is always the key to the development of an industry. Telecommunication industry is no exception. The rapid development of 5G technologies has created new network security problems and challenges. But the industry security standard for 5G network remains unlocked. Global telecom leaders have been making efforts to construct industry standards and principles. Industry insiders believe ZTE corporation has fueled the development of telecom industry security standards with its effective security policies and measures.
ZTE Security Policy
With its vision of “Security in DNA, Trust through Transparency”, ZTE adheres to industry-recognized standards and best practices to continuously improve security with three core pillars:
To reduce risk, ZTE has implemented a comprehensive cybersecurity governance framework. The CEO chairs ZTE’s Cybersecurity Committee, which ensures that industry-recognized cybersecurity standards are implemented and integrated across all business units. ZTE uses the “three lines” model for cybersecurity governance: the first line is business units that implement controls over product cybersecurity; the second line is the Product Security Department, which has three cybersecurity labs and conducts internal and external independent security assessments and supervision; and the third line is the Internal Control & Audit Department, which audits the first and second lines’ effectiveness.
ZTE adheres to the philosophy of “secure by design and by default,” adopting industry-recognized standards and best practices and embedding security controls across all business areas, including R&D, supply chain, delivery, and incident response. ZTE, for example, uses the GSMA Network Equipment Security Assurance Scheme (NESAS) as a benchmark in its product development and lifecycle process, and has passed the NESAS audit completed by atsec in July 2020. ZTE uses the Building Security in Maturity Model (BSIMM) to strengthen software security activities and has received high ratings from Synopsys’ BSIMM assessment. Furthermore, ZTE assesses its risk management in supply chain and delivery operations against the National Institute of Standards and Technology (NIST) Cybersecurity Framework and strives for continual development.
ZTE designs its products in accordance with industry standards and requirements, including 3GPP security specifications, ITU X.805, and Software Engineering Institute (SEI) CERT safe coding standards. ZTE 5G solutions, for example, have passed the NESAS network equipment evaluation against the 3GPP Security Assurance Specification (SCAS), and the ZTE 5G RAN solution has received the Common Criteria evaluation assurance level (EAL) 3+ accreditation. ZTE also uses a second-line independent security assessment that is conducted by professional cybersecurity experts (Cybersecurity Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information System Auditor (CISA), Offensive Security Certified Professional (OSCP), and so on). ZTE also adheres to industry security assessment standards such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), and NIST SP800-115, and employs professional security assessment tools for source code review, vulnerability scanning, protocol robustness, and other requirements.
ZTE values privacy protection, which entails adhering to worldwide privacy laws and regulations. ZTE has built a well-designed privacy protection management system and has undertaken systematic risk controls on workers’, customers’, suppliers’, and partners’ privacy. Privacy protection is not only a legal necessity for ZTE, but it is also the foundation of trustworthy and ethical business practices.
5G (5th generation mobile networks) technological breakthroughs are pushing the development of the business and society toward digital, networking, and intelligence, giving boundless creativity for the Internet of Things. Personal privacy protection has become the responsibility of technology corporations in the digital age. Respect for individuals and their freedom to choose what information they reveal is at the heart of privacy. This should not be considered a burden for businesses, but rather an opportunity to better serve users and consumers.
As a major global communications firm, ZTE promotes privacy ethics in the digital economy by incorporating privacy safeguards for customers, users, employees, and other stakeholders into its fundamental values. In China and around the world, ZTE has emerged as an industry leader in privacy protection. ZTE hopes that additional corporations and organizations will follow its lead in privacy protection.
To ensure privacy management and control points, ZTE has implanted privacy protection criteria into numerous business processes. ZTE has designed user data privacy security into the end-to-end product development process to ensure that the products fulfill internationally recognised data protection standards. To assist and ensure the design and execution of privacy management processes, ZTE has created Data Breach Response Processes and Data Subject Request Procedures in IT systems.
ZTE prioritizes security in product R&D and service delivery activities and is committed to offering dependable, end-to-end, whole lifecycle security assurance. Since 2005, ZTE has held the ISO/IEC 27001 Information Security Management System accreditation, which is updated annually and includes all of ZTE’s services.
ZTE introduced and built the Personal Information Management System (PIMS) for the core product line in 2020, in compliance with the international standard ISO/IEC 27701: 2019 Privacy Information Management System and industry best practices. ZTE received ISO/IEC 27701 certification. Furthermore, ZTE has made ongoing efforts to research the industry’s authoritative privacy authentication method, develop its privacy protection system, and create a sustainable, transparent, open, and sound privacy protection environment.
Standardization is the bedrock of network security. All telecommunications firms and organizations should collaborate to develop 5G security industry standards that will empower reliable and secure 5G goods and services. ZTE will carry on with innovation in order to strengthen its security procedures and guarantee secure products and services in the future.