Telecom Review was invited to attend the Huawei Middle East and Central Asia high-level media roundtable on day two of the GSMA M360 Eurasia 2023 conference in Baku, Azerbaijan. The open and transparent discussion that gathered cybersecurity thought leaders across the Middle East and Central Asia, aimed at aligning strategic priorities for the region, deepening engagement and steering collaborative efforts in the industry to advance collective action for cyber stability in the telecom industry.
Under the theme of “Build more secure and resilient telecom networks to efficiently support the future digital economy,” participants in the panel discussed various topics, including collaborations among network operators and their partners, suppliers and customers in defending against telecom cybersecurity threats, how regulators could promote the local telecom industry’s cybersecurity development, and the role that cybersecurity plays in safeguarding critical information infrastructure and the digital economy, among other topics.
Dr. Tural Mammadov, Director of the Azerbaijan Computer Emergency Response Center (CERT), was joined in the panel by Dr. Mohammad Khaled, Director, Business Development and Strategic Projects, e& enterprise; Dr. Haitham Hilal Al Hajri, Sr. Executive – Cyber Security Projects, Oman National CERT; Dr. Elvin Balajanov, Chairman of the Board, Azerbaijan Cybersecurity Organization Association; and Dr. Aloysius Cheang, Chief Security Officer, Huawei Middle East & Central Asia.
Taking on the role of moderator for the discussion, Dr. Haitham Hilal Al Hajri drove the conversation with the topic of the role of ICT players in cybersecurity. He said, “Today, the progression towards an interconnected cyber world has become a reality. Cybersecurity is a shared responsibility, and national security agencies, telecom providers and ICT industry players should work together to achieve a more robust cybersecurity posture so telecom providers can continue to deliver cutting-edge digital services unimpeded by cyber threats.”
Aligning with his statement, Dr. Hajri sought to understand from the panelists, in a hypothetical situation, the possibility of a one-size-fits-all solution for the current cyber threats.
On this, Dr. Mammadov said that despite some very good measures in place, keeping cyberattackers away remains a constant challenge. “We have several layers of information handling, with each having different security measures and approaches, but as of now, having one solution for all the threats seems impossible,” he said.
Dr. Balajanov opined that the threat landscape was evolving rapidly. “Even if you come up with one solution, it can be outdated quickly. Especially [since] telecommunication architecture is too diverse and they have specific vulnerabilities, and from this perspective, one solution for all the threats sounds unrealistic.”
Responding to the conversation, Dr. Cheang said that in the telecommunications sector, there are already minimum requirements that need to be confirmed. He cited the example of GSMA’s NESAS/SCAS as global collaborative efforts in addressing cybersecurity. “We need to consider how to meet the increasingly strict compliance requirements of regulators on the one hand and how to provide secure and trustworthy products and services that fulfill our commitments to customers on the other. We must also embrace a defense-in-depth approach to provide better security, ensure business continuity and resiliency, and improve efficiency and customer experience while always protecting user privacy,” he added.
Dr. Khaled, joining online, maintained that having one solution for all the problems runs the risk of being compromised and targeted easily by either inside or outside perpetrators and vouched for the importance of having a diversified approach in order to develop an effective threat model infrastructure. He stressed the importance of having a globally compliant integrated management system across multiple domains, but specialized in specific areas of implementation from the perspective of the design and infrastructure of IT and OT networks.
Approaching the conversation from a regulatory standpoint, Dr. Hajri asked the panelists if cybersecurity was the responsibility of a single entity or a shared one among stakeholders.
Dr. Mammadov said attackers were not only targeting the systems, but they were also targeting the end user, and hence the collaboration should come from the telecom companies, end users and other counterparts. He stressed the importance of crowdsourcing in antivirus and threat intelligence solutions for fighting cyber threats across government and private verticals.
“The establishment of multi-stakeholder approach will be helpful in implementing a holistic solution for the threats. The development of cybersecurity laws, policies, regulation and information sharing is important in keeping the holistic solution in place among the different stakeholders,” stressed Dr. Balajanov. From the perspective of Azerbaijan, Dr. Balajanov said that encouraging investment in cybersecurity technologies, especially in the telecom sector, would be an effective step forward.
On this, Dr. Cheang said that Huawei strongly believes in the principles of people, process and technology and in bringing about a seamless synergy among them. He stressed the importance of training people and building capacity for cybersecurity. He cited examples of Huawei initiatives such as Seeds of the Future and Tech4Good that provide ICT skillsets to university students. He also stressed the importance of a defined process to support capacity building and said associations such as the Azerbaijan Cybersecurity Organization Association are key to ensuring the building of communities that support capacity building in collaboration with global bodies such as OIC-CERT, ITU and so on. Regarding the technology aspect, Dr. Cheang said, “We need to ensure that we have a platform that is able to drive the digital initiatives.”
He said that Huawei believes cybersecurity and privacy are common challenges that all stakeholders — including governments, industry and standards organizations, enterprises, technology suppliers and consumers — have a shared responsibility to confront. Huawei actively works with governments, customers, and industry partners to address cybersecurity and privacy challenges, thereby reinforcing the need to treat cybersecurity as a team sport and maintaining an open and collaborative environment that encourages innovation and transparency.
“At Huawei, we really believe in walking our talk. For all our products, we make sure that they are developed and delivered by observing security-by-design and privacy-by-design principles and that they get a third-party certification on its functions. We also have transparent cybersecurity policy whereby we encourage public and private sectors to engage with us,” Dr. Cheang added.
Responding to the conversation, Dr. Khaled said that the safe and secure exchange of information between various public and private entities is the strength of cybersecurity. He said that such best practices at an early and advanced stage can predict and accelerate the response to any cyberattacks. He also stressed the importance of sectorial information sharing for the smooth functioning of cybersecurity and digital transformation strategies.
During the conversation, the advent of artificial intelligence, security breaches, ransomware attacks, phishing techniques, supply chain attacks and the need for national resilience policies were discussed at length.
UAE’s Cybersecurity Practice
Separately, during the M360 Eurasia event, H.E. Dr. Mohamed Al Kuwaiti, UAE’s Head of Cybersecurity, addressed a keynote on cybersecurity practice in the UAE:
“The UAE is at the forefront of creating a state-of-the-art and secure digital infrastructure to help drive the country's digital economy growth. The UAE Cybersecurity Council is thus in charge of establishing and maintaining a cybersecurity system to protect all digital infrastructures and services in the country through world-class standards, cyber innovation, highly skilled workforce, adopting international best practices and continuous cooperation with our partners.
“With the increasing number of cybersecurity attacks over the years, it is critical to not only follow the country’s information security standards and policies to protect the country’s digital sphere but also continuously develop new cybersecurity regulations and guidelines to keep cybersecurity requirements in place to defend against cyber threats and accelerate national cybersecurity capabilities, efficiently.
“In 2022, UAE has published the UAE Telecom Cybersecurity Guidance to strengthen the country's telecommunication cybersecurity. The Guidance defines a defense-in-depth, zero-trust driven multi-layered framework based on the OIC-CERT 5G Security Framework, GSMA 5G Cybersecurity Knowledge Base, and cybersecurity standards from ISO and NIST.
“The UAE Telecom Cybersecurity Guidance is vital to help drive the country's efforts to establish the world-first telecom information security management system (T-ISMS) to efficiently govern, manage, implement and optimize telecom cybersecurity against telecom threats. GSMA/3GPP-defined NESAS/SCAS certifications shall be the baseline requirement for all telecom equipment once our Guidance are effectively enforced. And those T-ISMS based mainly on GSMA 5G Cybersecurity Knowledge Base and other global standards such as ISO 27001 are also mandatory for telecom operators to implement in securing their mobile telecom networks.
“In March this year, together with OIC-CERT and national telecom operator, e&, we have co-organized the first UAE Telecom Cybersecurity Guidance Adoption Workshop as a side event of the GISEC Global 2023. e& has proactively responded to the national cybersecurity initiative, and was officially nominated as the first UAE carrier to do a pilot deployment of the UAE Telecom Cybersecurity Guidance.
“As part of the UAE’s initiative to be a global leader in cybersecurity, the Council has established a cybersecurity ecosystem to create a safe and resilient cyber infrastructure, enabling citizens to fulfill their aspirations and empowering businesses to thrive in an evolving set of related cyber threats. Recently, UAE has hosted the first OIC-CERT Board meeting for 2023 and first in-person Working Groups meeting since 2021. The OIC-CERT 5G Security WG discussed the rollout plan for adopting the framework in the remaining member countries, with the UAE and Malaysia as the implementation reference point. The meetings of both OIC-CERT Cloud Security WG, where I am chairing, and Blockchain Security WG were held for the first time since the groups established during the OIC-CERT 10th General Meeting in 2022,” Dr. Al Kuwaiti concluded.
By Jonathan Pradhan, Senior Journalist, Telecom Review