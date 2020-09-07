Sign In Register
5G
The Edge
Private Networks
Cloud Native/NFV
Security
AI/Automation
Cable/Video
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
6G
Industry Show News
Mobile World Congress Big 5G Event
Events
Securing Next-Gen Streaming VideoEdge Computing Digital SymposiumAsia Tech 2020 Digital SymposiumCable Next Gen-Technologies & StrategiesBig 5G EventLeading Lights AwardsGlobal Telecoms Awards
Events Archives
Cloud Native WorldCable Next-Gen Europe Digital Symposium5G Networking Digital Symposium
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Regions
Asia Africa Europe India Middle East
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
Security

TIA promises to end the Huawei security debate, once and for all

News Analysis Mike Dano, Editorial Director, 5G & Mobile Strategies 7/9/2020
Comment (0)

Is Huawei's equipment secure or not? Right now, the answer to that question depends largely on who you ask.

But the Telecommunications Industry Association (TIA) trade group hopes to provide a definitive, unbiased answer, one backed up with details and specifics – and one that everyone can agree on. To do so, the association is building a global standard and benchmarking tool that can measure the risks present in each vendor's supply chain in real-time, with the goal of testing third-party certifications starting in the middle of 2021.

"I'm not interested in blackballing a particular company," explained Ken Koffman, TIA's CTO and the executive leading the security effort.

Instead, Koffman explained that TIA's goal is to determine whether a given vendor's equipment can be trusted. He said TIA's effort will center on a process-based system, meaning it won't certify specific products but instead focus on a company and its entire product-delivery process, ranging from where it obtains its components to how it assembles and sells finished products. And the decision on whether that process is secure would be made by trained third-party inspectors, similar to the United Nations' International Atomic Energy Agency (IAEA) inspectors charged with overseeing nuclear facilities stretching from Iran to Japan.

"Based on history, Huawei would not be able to conform to these [security] standards," Koffman added, explaining that TIA's security program would determine whether a company was receiving government funding or sharing information with outside parties.

But if Huawei changes those practices, "then I'm happy to have them."

Added Koffman: "Our interest is to say, 'This is how you can be trusted.'"

Standards experience
Koffman argued that he and TIA are uniquely positioned to address the security issue. For more than two decades Koffman worked with the QuEST Forum, which developed the TL-9000 quality-management system for telecommunications products. That effort essentially measures the quality and interoperability of telecom equipment for network operators. TIA merged with the QuEST Forum in 2017.

Koffman said some of TIA's members last year began to ask the association to apply its focus to the supply chain security issue. "Wouldn't it be nice if we had a single standard that comprised or oversaw all aspects of security?" TIA's members asked, according to Koffman. He added that the association is working to create a holistic process that would cover hardware, software and components – an increasingly important task given the global nature of the industry's supply chain and the wide range of devices and applications connecting to all areas of the network, from the core to the edge.

"People said, 'TIA you are uniquely positioned to do this,' " Koffman added. "This is nothing new."

Koffman said the association began its work on the initiative at the start of this year by surveying similar efforts. He said TIA will borrow elements from work already done by agencies and associations ranging from the Department of Homeland Security's Supply Chain Risk Management (SCRM) Task Force for information and communications technology, to the National Institute of Standards and Technology (NIST), the US Commerce Department, the Cybersecurity Maturity Model Certification (CMMC), the recent Prague Proposals on 5G security and the European Network and Information Security Agency (ENISA).

"We are not terribly concerned about being the initial inventor of everything," Koffman said.

After that, the association turned to developing the structure for its security standard, which it is just now finishing. Koffman said he hopes to have the program available for review starting in the early part of 2021 in order to begin providing initial certifications by the third quarter of 2021.

And which companies are supporting TIA's efforts? AT&T and Verizon "are very active," Koffman said. Other companies involved range from Japan's NTT to BT, CommScope, Fujitsu, Spirent, Adtran and Nokia.

He added that TIA is also exploring ways to team up with other associations engaged in similar efforts. For example, the Alliance for Telecommunications Industry Solutions (ATIS) recently opened an investigation into how to enhance security for the 5G supply chain.

"We've talked with ATIS about trying to collaborate. Those discussions are ongoing," Koffman explained, adding that ATIS is leaning toward a self-assessment model whereas TIA is looking at a model that relies on third-party certifications.

Meeting needs
But the benefits to a global, agreed-upon security standard are obvious. "Manufacturers, buyers and suppliers will benefit from the validation of the devices and components that they produce, purchase and supply via analysis against security benchmarks and third-party objective evaluations, reducing the cost of audits and compliance with unnecessary trade restrictions and regulations that can lead to increased prices, decreased competition, and stifled innovation and investment," TIA argued in a recent description of its planned program. "State, local and federal governments can rest assured that the products and services required for the deployment of new networks and technologies have been assessed for risk through standards and programs designed specifically for these complex systems, allowing them to focus their attention on threats that have a direct impact on national security and public health and safety."

Perhaps not surprisingly, the association is also working to get US policymakers on board.

"TIA strongly believes that this program can solve many of the concerns held by industry and the US government when it comes to exposing risks and vulnerabilities present in the ICT [information and communications technology] supply chain," the agency wrote in recent comments to the Trump administration. "TIA would welcome the opportunity to continue working with US government stakeholders to ensure agencies' supply chain risk mitigation concerns are adequately met by our final standard and third-party certification regime."

How TIA's efforts might impact the US government's efforts to block China's Huawei both inside the US and internationally remain unclear. But it's likely that US and international telecom operators and vendors would be keen to put the issue into an industry trade association rather than into the hands of one country's government officials.

Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano

Related Stories
COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
Be the first to post a comment regarding this story.
EDUCATIONAL RESOURCES
FEATURED VIDEO
UPCOMING LIVE EVENTS
Securing Next-Gen Streaming Video
July 15, 2020, Online Seminar
Edge Computing Digital Symposium
July 29, 2020, Online Seminar
Asia Tech 2020 Digital Symposium
August 4-6, 2020, Online Seminar
Cable Next Gen-Technologies & Strategies
August 26-27, 2020, Virtual Event
Big 5G Event
September 22-24, 2020, Virtual Event
Leading Lights Awards
September 22, 2020,
Global Telecoms Awards
November 19, 2020, London, UK
All Upcoming Live Events
UPCOMING WEBINARS
July 14, 2020 Where next for care in the Connected Home?
July 15, 2020 Pioneering in 5G SA: Learnings From China’s Deployments
July 15, 2020 Securing Next-Gen Streaming Video
July 16, 2020 SCTE•ISBE Live Learning Webinar Series: 10G vs. 5G
July 21, 2020 Multi-Vendor 5G Core: Best-in-Breed Subscriber Data Management
July 22, 2020 Red Hat OpenShift’s Road to the Network Edge
July 28, 2020 Putting the Geospatial in 5G
July 29, 2020 Get 5G Ready Today and Modernize Your OSS/BSS With Cloud-Native IT
July 29, 2020 Edge Computing Digital Symposium
July 30, 2020 Accelerating 5G monetization – is Network Slicing Key?
August 3, 2020 Asia Tech Digital Symposium - Day 1
August 5, 2020 Asia Tech Digital Symposium - Day 2
August 20, 2020 SCTE•ISBE Live Learning Webinar Series: Closing the GAP on GAP
September 17, 2020 SCTE•ISBE Live Learning Webinar Series: Getting Ready for DOCSIS 4.0
October 22, 2020 SCTE•ISBE Live Learning Webinar Series: Virtualizing the Cable Access Network
November 19, 2020 SCTE•ISBE Live Learning Webinar Series: Testing the Next-Gen Cable Network
December 10, 2020 SCTE•ISBE Live Learning Webinar Series: Dreaming of Streaming Video
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
Evolving to a Telco Converged Cloud for a Worry-Free 5G SA By Huawei
Building a Secure Hybrid WAN With SD-WAN By Satish Madiraju, for Fortinet
5G Performance – Better Signal With AI By Arne Schaelicke, Nokia
'They Use AI in Storage!' Interop Expert Amazed by Huawei OceanStor Dorado All-Flash Storage By Huawei
The 'Agile Titan' – An Advanced Supplier Model to Meet the Needs of 21st Century Networks By Josh Hirschey, General Manager, Amphenol Broadband Solutions and Mette Brink, General Manager, Amphenol Procom & Amphenol Antenna Solutions EMEA & APAC
All Partner Perspectives
SLIDESHOWS
Aryaka's Ginsburg on COVID-19's impact on enterprise traffic
Scenes from the Satellite Show
Introducing the latest 5G trend: Hiding it
More Slideshows
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE