By Allan Cabanlong
The world that we know ten years ago has been greatly altered by the entrance of the Fourth Industrial Revolution. From the steady rise of electronics and information technology in the Third Industrial Revolution, Industry 4.0 came speeding in, with technological breakthroughs after breakthroughs. As Klaus Schwab, Founder and Executive Chairman of the World Economic Forum wrote in 2016, in scale, scope, and complexity, the transformation in this technological revolution we are in “will be unlike anything humankind has experienced before.”
On one end of the spectrum, we have a big increase in productivity because of increased automation and an easier way of life because of new and more efficient products and services. Add to these the opening of new markets with the various innovations brought about by the revolution. On the other end, the unprecedented development and transformation also create uncertainties as we are now faced with a “fusion of technologies that is blurring the lines between the physical, digital, and biological spheres.” (Schwab, 2016) We are already confronted and will continue living with artificial intelligence (AI), the internet of things (IoT), big data, augmented reality and augmented reality, and various other disruptive technologies.
Among the disruptive technologies brought about by Industry 4.0 is 5G technology in telecommunications which has been a source of alarm for cybersecurity experts. There are several reasons why 5G is considered a cybersecurity risk. Among these, unlike 4G, 5G has software-based systems which have more traffic routing points, increasing the attack surface for hackers. These security concerns could be managed through security risk testing. And because there are possibilities that attack vectors would come up in 5G’s lifecycle, there is a need for it to be assessed in various domains and use cases.
This is the importance of the 5G Standards. These standards are developed by several standards bodies that include the 3rd Generation Partnership Project (3GPP), the Internet Engineering Task Force (IETF), and the International Telecommunication Union (ITU), among others. In the case of the Network Equipment Security Assurance Scheme or NESAS, its cross-industry security scheme is defined by 3GPP and Groupe Spécial Mobile Association (GSMA). In this nexus, GSMA assesses and audits the telecoms while 3GPP formulates the standards, assessment, and audit requirements.
The release of the Department of Information and Communications Technology (DICT) of a white paper on “The Need for Philippines Security Standards and Framework in 5G Equipment” is a step in the right direction. DICT cited the complexity of the 5G infrastructure which makes its architecture network vulnerable to many cyber threats as a major reason why a globally accepted standard for 5G is essential. With 5G now being widely used in the country, including critical information infrastructures (CIIs), its protection is non-negotiable as this also means the protection of CIIs and government assets. DICT also shared that it conducted industry consultations to ensure the agreement of industry players on the matter.
In this age where cybercriminals are working at the speed of light, the government should not be restrained in pushing for policies and standards that would ensure security in the use of ICT.
The adoption of cybersecurity standards is one of the key strategic imperatives for the protection of the business and supply chain of the National Cybersecurity Plan 2022. The idea of adopting standards is for the Philippines to have a technical reference document that has been created and consented by a group of experts in internationally-recognized organizations that would serve as the country’s guideline in ensuring uniformity to certain practices within the cybersecurity industry.
In the 2020 Global Cybersecurity Index (GCI), the Philippines ranked 61st with an index score of 77 out of 100. Although the score is a bit higher than the scores in the previous iterations of GCI, it has only placed the country at number 6 in ASEAN. One of the pillars where the Philippines scored low is “Technical Measures” where the presence of a national framework for implementation of cybersecurity standards is given prime. For GCI, a measure of a cyber resilient country is its adoption of a national framework for the implementation of internationally recognized cybersecurity standards within the government and CIIs. If the DICT is serious about advancing in the next edition of the GCI, then it has to work on materializing the plans indicated in its white paper.
The work in cybersecurity never stops but a delay in the implementation of critical cybersecurity strategies would be fatal.