The Security Sub-Group (SSG) to the Testbeds and Trials Working Group (T&T WG) has been initiated to help address 5G security challenges. This should be read in conjunction with the T&T WG ToR.
One of the key learnings from Phase 1 activities was the identification of a range of 5G security challenges, these were captured in the 5G Network Architecture and Security report in December 2018. Since then, DCMS has delivered the Telecoms Supply Chain Review (SCR) which highlighted further 5G security challenges and made recommendations for a strategic policy response in the form of a new telecoms security framework. This is currently been developed collaboratively with DCMS, NCSC, Ofcom and industry.
Good security is one of the key enablers for delivering the economic benefits of 5G, ensuring that potential users of these networks trust and have confidence in them. The security landscape is complex and evolving, so to deliver a safe, secure and resilient 5G ecosystem even greater coordination across industry and government will be needed.
Our UK testbeds will continue to be important proving grounds for developing 5G business models and carrying out research on 5G technologies. Testbeds therefore present a fantastic opportunity to develop and test security principles and policies, at scale, across a range of use cases, as well as to identify security gaps, solve security problems and showcase good end to end security practices. This will lead to higher confidence in 5G networks and support the roll out of 5G in the UK.
Purpose of the Working Group
Aligned to the coordination and influencing activities of the parent T&T WG, the security sub-group will have four key responsibilities:
- Encourage and facilitate secure testbeds through the sign-posting to, and co-ordination of, best practice security approaches which are appropriate and proportionate for research testbeds and their stakeholders.
- Supporting our testbeds to capitalise on the opportunity to carry out 5G security research in representative environments, at scale. This will lead to identification of security gaps and potential solutions, both generally and focussed on specific use cases and industry verticals.
Encouraging our testbeds to showcase good 5G security approaches. This will increase confidence in 5G technologies and lead to the development of a safe, secure and resilient 5G ecosystem.
- Coordinate learning on security topics between testbeds and act as a conduit between industry and government via the UK5G governance mechanisms to influence policy, standards and industry best practice.
These are likely to evolve over time, but in the short/medium term, they will be:
- Support wider UK telecoms security initiatives by ensuring testbeds operate coherently with developing polices and guidelines. (This should be implemented proportionately for an R&D environment and based on an assessment of risks).
- Disseminate updates on 5G security policy to testbeds and support them to implement changes where appropriate.
- Identify and define best security practices across different 5G use cases, especially where no clear guidance exists, making recommendations to testbeds.
- Disseminate threat reporting and support testbeds on risk management approaches.
Provide advice and support testbeds on supply chain management, encourage supply chain diversity.
- Support security innovation and research by identifying opportunities within testbeds or across testbeds.
- Support the development of UK cyber security skills cadre by encouraging testbeds to train staff and develop security expertise.
- Support and promote the cyber security industry’s 5G expertise to help grow a UK market and export opportunities.
- Support DCMS 5GTT security projects by providing advice, guidance and assurance of outputs.
- Identify security gaps in the 5G ecosystem, prioritise issues and identify vehicles to resolve them.
- Interact with other industry and government forums on telecoms security topics, presenting a coherent message from UK5G.
- Organise and coordinate monthly SSG meetings or conference calls.
- Engage on security issues with the DCMS 5GTT project teams from the current trials. This may be through regular conference calls, or via the parent T&T WG.
- The SSG will engage where appropriate with events organised by other WGs to ensure that progress and outcomes from the trials are made available to all interested parties engaged with those WGs.
- Deliver security recommendations (via UK5G T&T WG, UK5G Advisory Group (AG) biyearly meetings, WhatsApp group) into UK5G for the purpose of helping it to inform DCMS policy on the roll-out and adoption of 5G in the UK, to inform Ofcom’s regulatory approach, and for wider dissemination to the UK 5G ecosystem.
- Provide recommendations to the UK5G Steering Group on how best to improve security across the UK 5G ecosystem, especially DCMS testbeds.
- Publicise security best practice and recommendations via the UK5G website, and directly to DCMS testbeds via direct engagement.
Structure of the Security Sub-Group
The Testbeds and Trials Security Sub-Group will have a Chair, taken from the UK5G Testbed and Trials Working Group. In this case the chair will be Mark Hawkins (QinetiQ). Following formation of the group, a deputy chair (or co-chair) will be appointed from the SSG membership.
The chair (or one of the co-chairs) of the T&T WG (a UK5G Strategic Advisory Board Member) will automatically be a member of the Security Sub-Group.
We envisage a working group made up of up to 20 interested and relevant individuals, including a few from UK5G’s Advisory Group (AG).
Membership selection criteria
It is imperative that the SSG gets an optimal, wide-ranging selection of members. We envisage that members will have a range of experience, skills and insight derived both from the supply (telecoms) and demand (potential customers of 5G) side of industry. This working group will also benefit from HMG representatives involved in developing telecoms security standards, policy and guidance.
Representatives from the following departments should be members of the SSG: DCMS (policy lead on telecoms), NCSC (government technical authority and centre of excellence on cyber security) and Ofcom (the UK regulator for communications services). It is also anticipated that a number of current DCMS testbed projects will be represented.
In addition, required capabilities might also include:
- Relevant understanding of mobile technology development at national/global scale
- Senior security R&D responsibility in industry or academia
- Senior cybersecurity policy expertise in industry, government or academia
- Operational expertise in telecoms safety, security and resilience
- Expertise in 5G security approaches and its application across key vertical markets
- Links to local, relevant research bases and testbeds
- A tangible passion for the creative application of engineering and technology
- Once agreed, this document will be posted up on WG’s page on www.uk5g.org and registered users will be invited to apply to sit on the WG.
- The Chair, in conjunction with UK5G, chair or co-chairs of the T&T WG and interested AG members, will choose a list of relevant applicants
- WGs will be organised routinely, at the discretion of the Chair and Deputy Chair
- An action plan will be developed after the inaugural meeting
- The progress of the SSG will be reviewed at the regular Testbeds & Trials working group and at the twice-yearly UK5G Advisory Group meetings (normally July, January)