Traditionally, telecom networks have been protected by the nature their infrastructure: isolated and governed by numerous and complex standards. But as devices become networked and more prolific, the existing protection is no longer enough.
Security assurance is not – yet – part of the 3GPP standards. But work is well underway within 3GPP to establish a methodology that can provide security assurance in the new world of ubiquitous connectivity. Ericsson has been involved in this initiative that will not only establish security assurance for products but also for the development process used to manufacture them.
Security assurance has long been a vital part of product development at Ericsson. Our security reliability model (SRM) includes set of security assurance activities – including risk assessment – to secure for example design rule compliance, adherence and vulnerability analysis, and configuration and patch management.
This Ericsson Review article describes the concepts of the 3GPP security assurance methodology, how Ericsson’s experience with SRM has provided input to the 3GPP work and how Ericsson will continue to develop its model to combat constantly evolving threats.