Standards Driven Security Assurance for Mobile Networks

Anew security assurance scheme for mobile network infrastructure equipment is described in this article. In introducing an effective security assurance scheme, constraints need to be considered as the environment in which the scheme is introduced defines some boundaries. Technology is not the only aspect that counts and it is necessary to achieve a real balance between technical and organisational security improvement, visibility of security levels of network equipment, operational feasibility, and market acceptance and participation. The end goal is to involve a range of stakeholders that need to commit to the scheme so the likely effectiveness, cost, effort and complexity are important parameters that need to be taken into consideration. The mobile industry operates worldwide and thrives on the development of open standards by multiple standards development organisations. Solutions that are designed and agreed must meet the needs of all involved stakeholders around the world to secure support for their delivery to market. This paper explains how standardisation works in and for the mobile industry and introduces the objectives, the constraints, the reasons for developing a security assurance scheme, and describes the proposed scheme for mobile network equipment and lifecycle processes. The article illustrates that the new Network Equipment Security Assurance Scheme (NESAS), as it is called, meets the various and different needs of mobile network operators, network equipment vendors, and regulators in a time of ever growing complexity of mobile networks. Journal of ICT, Vol. 3, 105–132. doi: 10.13052/jicts2245-800X.321 c © 2016 River Publishers. All rights reserved. 106 S. Lachmund and J. Moran