Over the past decade, the number of security attacks on IT and communications systems has risen drastically and as a result, security assurance has become a central issue for network operators and the telecommunications industry. Using a security assurance methodology at every stage of product development, vendors can show that the implementation of security assurance protocols in their products is accordance with agreed guidelines.

Traditionally, telecom networks have been protected by the nature their infrastructure: isolated and governed by numerous and complex standards. But as devices become networked and more prolific, the existing protection is no longer enough.

Security assurance is not – yet – part of the 3GPP standards. But work is well underway within 3GPP to establish a methodology that can provide security assurance in the new world of ubiquitous connectivity. Ericsson has been involved in this initiative that will not only establish security assurance for products but also for the development process used to manufacture them.

Security assurance has long been a vital part of product development at Ericsson. Our security reliability model (SRM) includes set of security assurance activities – including risk assessment – to secure for example design rule compliance, adherence and vulnerability analysis, and configuration and patch management.

This Ericsson Review article describes the concepts of the 3GPP security assurance methodology, how Ericsson’s experience with SRM has provided input to the 3GPP work and how Ericsson will continue to develop its model to combat constantly evolving threats.

Setting the standard: methodology counters security threats

Make sure to get our Ericsson Review articles as soon as they are published
through the Ericsson Technology Insights app:

Download from Google Play

Download from the App Store