The Ministry of Industry and Information Technology recently announced the selection results of the first batch of 5G application security innovation demonstration centers. Twelve applicants from nine provinces (autonomous regions and municipalities) were selected as the first batch of nine "5G application security innovation demonstration centers". Seven applicants who have not yet been selected but have a good foundation and great development potential have been included in the "5G application security innovation demonstration center cultivation list".
The development of 5G brings new challenges to the security of 5G applications.
Ouyang Rihui, Vice Dean of the China Internet Economy Research Institute at the Central University of Finance and Economics, stated in an interview with the China Economic Times that the 5G industry chain is long and its applications are wide-ranging. Vertical industries will experience changes in production, management, and operational processes, leading to numerous challenges in its application. Among these, security challenges are mainly reflected in four aspects: First, the Internet of Things (IoT) presents entirely new challenges to network security. Second, it places a more urgent demand on the independent controllability of core technologies, core products, and core code. Third, it poses challenges to the trustworthiness and security of data flows in application scenarios. Fourth, it places higher demands on the government's risk prevention capabilities, including security risk assessment and security testing and certification.
Li Jialu, a researcher at the China Mobile Research Institute, told our reporter that compared to traditional communication networks, the wider and more diversified applications of 5G networks also mean more risks and unknowns. First, 5G networks place greater emphasis on resource sharing, increasing data and information security risks. Second, 5G networks are more open, making vulnerabilities easier for attackers to discover and viruses easier to spread rapidly. Third, the richer application scenarios of 5G, and the massive number of heterogeneous terminals, may create more new attack targets.
Strengthen the security supply support services for 5G applications
Regarding the specific operational aspects of building 5G security capabilities, Ouyang Rihui suggested the following: First, a cybersecurity plan should be formulated to establish a nationwide security immune system as soon as possible, safeguarding critical information infrastructure. Second, the supply and support services for 5G application security should be strengthened, forming a multi-level service supply system involving the national government, local governments, and industrial parks. Third, 5G application security demonstration and promotion work should be carried out. In the process of encouraging local governments and enterprises to build 5G application security innovation demonstration centers, experience should be accumulated, problems identified, and 5G application security solutions continuously optimized. The focus should be on identifying replicable and scalable security application scenarios in leading enterprises in industries such as manufacturing, energy, transportation, and healthcare, strengthening application security assessments and improving security prevention capabilities. Fourth, as 5G networks shift from "To C" to "To B," the security of 5G application scenarios should shift from "general security" to "on-demand security." All industries and organizations need to continuously iterate and upgrade security measures based on their business characteristics.
"Based on the assessment that future 5G application scenarios will be more diverse, it is necessary to build a security architecture based on the virtualization and openness characteristics of 5G networks. This architecture should take into account the security needs of different layers, including terminals, interfaces, networks, and services. This can be achieved by encrypting user information, implementing unified management of different interfaces, establishing network slicing isolation mechanisms, and setting slice templates with different security configurations for different service scenarios, thereby improving the applicability of the entire security architecture. At the same time, when the time is right, more standardized and authoritative 5G network security standards should be introduced to provide more unified regulatory channels and means for different 5G application scenarios, urging relevant industries to improve their 5G network security management capabilities," said Li Jialu.
