Attacks and Vulnerabilities
Critical infrastructure
Identity and Access Management (IAM)
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
System Design & Architecture
Technology & Solutions
Vulnerabilities

OIC-CERT launches new Harmonized And Unified Cybersecurity Certification System for 5G environments

November 07, 2023
OIC-CERT launches new Harmonized And Unified Cybersecurity Certification System for 5G environments

The Organization of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) has recently published a guidance document on the Harmonized and Unified Cybersecurity Certification System (HUCCS). The system aims to establish an assurance mechanism that enables a security certification obtained in one region to be recognized and accepted by other member states of OIC-CERT. It can also increase the efficiency of deploying common cybersecurity certifications in OIC-CERT member states. As a result, HUCCS can help to improve the overall level of cybersecurity for the OIC-CERT member states.

HUCCS promotes the cross-recognition of cybersecurity certifications, increasing the efficiency and effectiveness of deploying 5G solutions and helping improve the overall cybersecurity level for OIC member states and their stakeholders. It is based on four basic principles and a documentary system that guides the OIC member countries to design, implement, improve, and continuously optimize cybersecurity certifications. 

The OIC-CERT 5G Security Framework is an advanced control agreement that establishes the global norms for the safe and secure operation of the next-generation network. The framework includes international cooperation, risk assessment and management, cybersecurity maturity, authentication and identity management, privacy protection, and compliance with international laws. With the emergence of the 5G, members felt the need to prioritize the security aspect of this upcoming technology; thus, the OIC-CERT 5G Security WG was formed.  

“HUCCS and the OIC-CERT 5G Security Framework set a new benchmark for 5G cybersecurity in the global arena and demonstrate the leadership and vision of the Islamic world in embracing the opportunities and challenges of the digital transformation,” Mohd Shamir Hashim, senior vice president of CyberSecurity Malaysia and the co-chair of the OIC-CERT 5G Security WG, said in a media statement last week. “We are confident that HUCCS will foster a culture of collaboration and innovation among OIC member states and contribute to the social and economic development of the Islamic world through 5G technology.”

“HUCCS is a milestone achievement for the OIC-CERT 5G Security WG. It demonstrates broad international commitment and capability to advance the cybersecurity of 5G networks and services in the Islamic world,” Dr. Aloysius Cheang, Huawei’s chief security officer for Middle East and Central Asia and co-chair of the 5G Security WG, commented. “We are hopeful this system will foster trust and collaboration among OIC member states and accelerate the adoption of 5G technology for social development and economic prosperity as 5G together with cloud computing are the 2 key pillars towards embracing digital transformation and the various applications and computing paradigms such as metaverse and AI, where data is the new oil.”

HUCCS is an updated version of the OIC-CERT 5G Security Framework, which was released in early 2022. The proposal and contents of HUCCS were agreed upon by the OIC-CERT Board Members during a meeting held on October 8, 2023, in Abu Dhabi. It is recognized as a work item under the OIC-CERT 5G Security Working Group (WG) and is part of the ongoing efforts to maintain the relevance of the OIC-CERT 5G Security Framework. The WG is jointly led by Cybersecurity Malaysia, an agency under the Ministry of Communications and Digital Malaysia, and the OIC-CERT Permanent Secretariat, along with Huawei UAE, an OIC-CERT commercial member.

The principles are voluntary, impartiality, transparency, and confidentiality. Voluntary means that each OIC-CERT member state voluntarily participates in the HUCCS or terminates its membership. Also, voluntary participation in the HUCCS is subject to national circumstances and demands, without creating additional rights, liabilities, or obligations for non-signatory OIC-CERT member states.

Impartiality covers non-discrimination and the exclusion of conflicts of interest. It means no discrimination based on economic, geographic, or religious factors for member states. Eligible applicants should not face unnecessary obstacles, and accredited bodies must maintain independence and avoid conflicts of interest, ensuring reliability and confidence in the certification process.

Transparency means that practitioners should ensure transparency in the specific operation of HUCCS and certification activities. For example, documents such as the Accredited CB and EB List should be accessible to the public. Before the certification activities, applicants should be fully informed of not only relevant rights and obligations but also information on complaints and appeals procedures. 

Confidentiality covers practitioners and their personnel who have the responsibility to maintain the confidentiality of confidential information obtained from applicants during certification activities under local regulation or any provision of national law, except for legal requirements. This information generally includes personal information, commercially confidential information, trade secrets of the applicant, and other information claimed to be used for the certification only. In practice, it is essential to reach non-disclosure agreements between applicants and relevant practitioners to confirm the scope of confidential information.

To ensure the operation of the HUCCS, it is necessary to establish a fundamental documentary system to stipulate the principles, the roles and responsibilities, operational rules, etc. The documentary system is divided into three levels, including the HUCCS policies, the HUCCS operation specifications, and certificate basis and records. 

At Level 1, the HUCCS policies are the top-level documents that serve as a foundation for all practitioners in terms of decision-making, commitment, and the overall direction and objective of the HUCCS. For Level 2, the HUCCS operation specifications provide specific requirements and operation rules for all practitioners to implement specific activities under the HUCCS.

At Level 3, the certificate basis and records include referenced documents as well as working documents created during the operation of HUCCS for recording purposes. Throughout the operation of HUCCS, various working documents are generated at Level 3, including records, forms, and draft versions such as the First Draft of Work Proposal, Meeting Minutes, Accreditation Letter, and Security and Technical Evaluation Report.

In June, the EU member states, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published a second progress report on the implementation of the EU Toolbox on 5G cybersecurity, which aims to address risks related to the cybersecurity of 5G networks. The report provides an updated overview of the state of play of the implementation of the Toolbox by member states and covers the implementation of the strategic and technical measures of the EU Toolbox. Additionally, the report addresses some of the recommendations of the European Court of Auditors’ Special Report of January 2022.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure