Skip to main content
chains

Security standards

Strengthening network security postures

How to elevate a network’s security posture?

Networks are the backbone of a more inclusive and sustainable growth of the global economy. Achieving this goal requires networks that are trustworthy, secure and resilient. The security of networks is realized through a comprehensive approach that involves four major stages.

trust image

Security research and standardization

Central to the framework is a foundation that begins with thorough research and meticulous standardization. Our security research and standardization efforts directly influence the development and deployment of products, and the associated services that Nokia offers. The lessons learned from the market continuously inform and enhance our research and standardization efforts.

Network product security

Second, for the development of network products and solutions, Nokia follows its “design for security” process (DFSEC). DFSEC focuses not only on the security of the product but also on the security of the product design environment to prevent so-called supply chain attacks. Supply chain attacks involve compromising a trusted product by inserting malware or backdoors during its development or distribution process Nokia products are tested and audited on security levels in line with the GSMA Network Equipment Security Assurance Scheme (NESAS) standard, ensuring product security.

Security operations

Third, Nokia also offers a comprehensive and unique portfolio of network security products and solutions to protect networks from attacks. Nokia’s product portfolio, including NetGuard Cybersecurity Dome and Deepfield, provides security monitoring, threat incident response, identity access management and DDoS detection and mitigation and more. These products play a crucial role in security operations.

Cybersecurity services

Fourth, the actual network deployment leverages state-of-the-art secure configuration designs and secure operations and maintenance (OAM), which ensure resilience against cyber-attacks. To guarantee secure deployment and operation of networks, the security framework of the Nokia services and supply chain are aligned with information security standards such as ISO/IEC 27001. Nokia consultants and our dedicated cybersecurity testing lab, ASTaR lab, provide the expertise, tools and best practices needed to prepare customers for worst-case scenarios. Nokia threat intelligence reports provide unique insights for all our stakeholders. These cybersecurity services help organizations safeguard their network, maintain the confidentiality, integrity, and availability of their data, and reduce the risk of cyber-attacks.

“The Nokia Advanced Security Testing and Research (ASTaR) lab is located in Dallas, Texas. It offers multiple services including a security assessment method called penetration or pen testing, where ethical hackers simulate cyberattacks on a wireless network to identify and exploit vulnerabilities. This helps Nokia and other organizations strengthen their defenses against real threats. Robust product integrity verification processes are performed to safeguard systems by ensuring that only trusted, unaltered software modules are deployed. And the lab looks proactively for new ways to avoid or mitigate cyberattacks.”

Why are network security standards needed?

Nokia is a strong advocate of open and global security standards as they contribute to the reliability of the specified security features. For many years, Nokia has been at the forefront of researching and standardizing novel secure and resilient algorithms and protocols. Our work covers aspects such as authentication, encryption, network access control, secure communication protocols, certification and compliance with regulatory requirements. We actively participate in the most relevant global and regional organizations, councils and fora such as 3GPP, IETF, ORAN Alliance, GSMA, NIST, ETSI, ENISA, FCC CSRIC, ATIS, TSDSI and others. Being actively engaged in these organizations, we possess the expertise to integrate various standards cohesively, ensuring an all-encompassing defense-in-depth approach to the end-to-end network.

Network security cannot be approached as a standalone solution. Today's networks are highly interconnected, and they encompass AI and cloud technologies. They are becoming more programmable, allowing for third-party control over network capabilities and exposure of valuable data and services to applications and developers. Resources are shared across multiple stakeholders and extend beyond national boundaries. This open interconnectedness necessitates a holistic and continuous security strategy that encompasses the entire network.

“Security for networks requires more than just adherence to compliance and regulation; it demands a top-notch research and holistic standardization approach to ensure the safety of our modern, globalized digital world”
Peter
Peter Merz
Head of Nokia Standards

3GPP

3GPP

3rd Generation Partnership Project (3GPP) is responsible for the creation and maintenance of standards for mobile access technologies, system and services, including 5G and the, in-development, 6G. Since 2021, Nokia’s Suresh Nair has been the chair of the Service & System Aspect Working Group 3 (SA3). SA3 is responsible for security in the 5G system. The primary objectives of SA3 includes defining the requirements and specifying the architectures and protocols for security and privacy. SA3 is also responsible for ensuring the availability of cryptographic algorithms that are part of the specifications.

Since the introduction of 5G, SA3 has been responsible for security requirements for the whole 3GPP system including devices, RAN and network, protecting the network from fake devices, protecting the devices from fake networks, and for network domain security.  Within his role as chair, Suresh Nair has published multiple articles in recent 3GPP newsletters to share some of the latest standards as defined in SA3 (Security Assurance Specifications, Rel-18 security feature summary and Authentication and Key Management for Applications (AKMA) in 5G).

Nokia has been an active contributor in the past to many new security standards within 3GPP. The non-exhaustive list includes the authentication procedures for 4G and 5G, end-to-end network slicing security, security for private networks (5G NPN), and the smooth migration of Diameter to the 5G service-based architecture (SBA) to, for instance, roaming networks.

Today, Nokia is actively involved in many security studies and making many contributions to SA3. Some examples are the focus on 256-bit confidentiality and integrity algorithms for the air interface, the zero-trust study, authentication and key management for applications, bidding down attacks, and many other security studies and items coming from other working groups' studies. 

Nokia has been leading the 3GPP standardization of public key infrastructure (PKI), which is now the baseline for the GSMA PKI work. Asymmetrical key encryption will be vulnerable, to being broken by quantum computers, hence our work to standardize post-quantum security.  Nokia is also leading other areas of security standardization work, for example, non-3GPP access, non-seamless WLAN offload (NSWO), satellite, and energy saving.

Fewer than ten individuals globally have received the 3GPP Lifetime Achievement Award. Nokia’s security expert Günther Horn won the award in 2018, recognizing how he has underpinned the expertise and contributions that Nokia has made and continues to bring to SA3.

3gpp

GSMA

O-RAN Alliance

IETF

North American fora

European fora

Indian fora