RCR Wireless
  • News
  • Channels
    • 5G
    • 6G
    • BSS OSS
    • Carriers
    • IoT
    • Network Infrastructure
    • Open RAN
    • Private 5G
    • Telco AI
    • Telco Cloud
    • Test & Measurement
  • Resources
    • Reports
    • Webinars
    • White papers
    • AI Fundamentals
    • Analyst Angle
    • Editorial Calendar
    • Fundamentals
      • 5G NR Release 17
      • AI
        • Telco AI in 2025
    • Podcasts
      • Let’s Get Digital with Carrie Charles
      • Wireless Connectivity to Enable Industry 4.0 for the Middleprise
      • Well Technically…
      • Will 5G Change the World
      • Accelerating Industry 4.0 Digitalization
  • AI Infrastructure
  • Programs
  • Events
  • RCRtv
  • Advertise
  • Subscribe
Wednesday, July 8, 2026
RCR Wireless
  • News
  • Channels
    • 5G
    • 6G
    • BSS OSS
    • Carriers
    • IoT
    • Network Infrastructure
    • Open RAN
    • Private 5G
    • Telco AI
    • Telco Cloud
    • Test & Measurement
  • Resources
    • Reports
    • Webinars
    • White papers
    • AI Fundamentals
    • Analyst Angle
    • Editorial Calendar
    • Fundamentals
      • 5G NR Release 17
      • AI
        • Telco AI in 2025
    • Podcasts
      • Let’s Get Digital with Carrie Charles
      • Wireless Connectivity to Enable Industry 4.0 for the Middleprise
      • Well Technically…
      • Will 5G Change the World
      • Accelerating Industry 4.0 Digitalization
  • AI Infrastructure
  • Programs
  • Events
  • RCRtv
  • Advertise
  • Subscribe
Add RCR Wireless as a preferred source on Google
  • Qualcomm 6G Insights
  • Huawei Content Hub
  • Qualcomm – 6G Vision
  • OSS/BSS Channel
RCR Wireless
RCR Wireless
  • Advanced Mimo
  • Mobile mmWave
  • 5G Positioning
  • Green Networks
  • Metaverse
  • Automotive
  • Industrial and Wide-area IoT
Copyright 2021 - All Right Reserved
Home - In telecom cyber security, wicked problems require wicked solutions (Reader Forum)
BusinessOpinionReader Forum

In telecom cyber security, wicked problems require wicked solutions (Reader Forum)

by Andy Purdy, Chief Security Officer, Huawei  August 3, 2022
written by Andy Purdy, Chief Security Officer, Huawei  August 3, 2022 Share
LinkedinEmail
Share 0LinkedinEmail
5g sd wan sase cybersecurity privileged access iot zero trust
Image: 123rf
119

A new report by Darkhorse Global, a geo-economic and national security consultancy, makes some good points about the convergence of national security and industrial policy frameworks for telecommunications infrastructure. It outlines three “wicked problems” confronting today’s global ICT ecosystem. 

First, vulnerabilities exist in all networks, hardware and software. Second, it’s easy to confuse national security issues with concerns about economic competitiveness. Third, the intent of actors is often largely unknown, even if their capabilities are clear.

Today’s telecommunications ecosystem is beset by what political scientists call wicked problems — those that are difficult to define due to incomplete, inconsistent or changing criteria, and rely on judgment and advocacy for resolution.

Although these wicked problems may seem intractable, they can be ameliorated by “wicked solutions” — necessarily imperfect measures that are less a cure and more like medicine that helps manage a chronic condition.  

A handful of solutions could improve overall ICT and network security in a more holistic way than some of the approaches being used now. 

Solution #1: Apply universal standards to the telecommunications industry. The key word here is universal. We already have standards for 5G and standards and related conformance programs geared toward risk stemming from telecom equipment. These standards, together with recommended risk-mitigative measures, can be used to evaluate equipment (and software updates) before they are deployed, and to guide operators in risk management.  

The Cybersecurity Framework, developed by the National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, in collaboration with the private sector and other government experts, provides what is essentially a risk-analytic tool for organizations that can be customized to align with an organization’s mission and risk posture.  

Unfortunately, there is not yet widespread support for universal, independent testing of critical components from all telecom equipment suppliers.  Given the capability of today’s malicious cyber actors, such independent testing is essential.  

Solution #2: Implement technical risk assessments and risk mitigation. As with standards, models for mitigating telecom-related national security risk already exist. For example, the Foreign Investment Risk Review Modernization Act (FIRRMA) modernized and strengthened CFIUS, a U.S. government body that reviews (and can block) foreign investments in U.S. companies and prescribe specific technical risk-mitigative measures set forth in a customized national security agreement that can be a condition precedent for a transaction to proceed. 

We can also build on the foundation provided by NESAS, an industry-driven set of standard and risk-management criteria for telecom equipment. Although it still has room to provide even higher assurance levels, NESAS is a globally recognized system that tests not only products, but also how they are developed and maintained (including the installation of firmware updates). NESAS also features a dispute resolution mechanism to deal with grievances from companies that believe their products, or those of competitors, were not fairly evaluated. 

In addition, last year the Federal Communications Commission (FCC) standardized its interagency review process for the consideration of national security, foreign policy and trade policy issues. This is being done under the new Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (formerly known as “Team Telecom”). 

Using these and other existing measures as a guide, technical risk mitigation could be expanded into a comprehensive framework to address threats to hardware, software and supply chain security facing the telecommunications industry. 

Risk can be assessed and mitigated with various models. For example, security by design is a well-known practice that incorporates security features into software throughout the development process, rather than at the end (often referred to disparagingly as having security “bolted on”). It includes regular testing of maintenance procedures to ensure that nothing malicious gets inserted into software solutions, either at the point of initial delivery or in subsequent software updates or operations and maintenance.

Another example is trusted delivery mechanisms. These can support the reliability of independent third-party reviews of hardware, software and firmware. Such reviews can give mobile network operators a reasonable guarantee that software and hardware delivered by a vendor matches what was checked by the third-party evaluator. They can also prevent vendors from delivering software updates directly to wireless carriers without also going through the independent review and testing process. Taking such steps can reduce supply chain risk. 

Solution #3: Participation in global standards-setting organizations. The U.S. can, and should, get more involved in 5G standards-setting, as well as the technical standards governing network performance and network security.  

As the U.S. Commerce Department has noted, international standards help ensure the interoperability and security of products used in 5G networks, autonomous vehicles, artificial intelligence and other cutting-edge technologies. Greater participation by U.S government and private experts in telecom standards-setting organizations would be a step in the right direction. 

More fundamentally, the U.S. — and indeed, governments around the world — must fully commit to a “zero-trust” strategy. A zero-trust approach recognizes that, given the capabilities of malicious cyber actors, trusted suppliers should be scrutinized just as closely as untrusted ones. As the cyber security company, Domain5, wrote in a paper for the Rural Broadband Association:“To assume that the threat is limited to Chinese vendors creates a framework wherein all other vendors are to some extent more trusted, leaving unabated a wide array of potentially dangerous risks.”

At what cost?

Intelligent policies weigh risks against benefits. To meet the goals of 5G specific to security, reliability and resilience, it is important to use a risk-benefit analysis that considers both the risk environment and the cost of government or private intervention to adequately manage risk.

Policymakers should employ both collaborative and competitive methods to ensure security, reliability, resilience and cost effectiveness in telecommunications infrastructure, while recognizing the potential negative externalities of regulatory barriers. Building the foundation for a secure future requires an understanding of the interconnectedness of the telecommunications industry, the market-driven realities and the geopolitical considerations that underpin national security in a multipolar world.

*Note: The Darkhorse report was funded by Huawei Technologies U.S.A. to explore ways of assessing and mitigating national security risk in telecom. Based on interviews with two dozen experts in the US, the EU and China, it was written independently by DarkHorse CEO John Lash, Ph.D., who retained editorial control over the content.

You Might Also Like
  • Wednesday | Telco agents and smash hits (Editorial Diary)
  • Trust you can see – the convergence of voice, messaging, and identity (Reader Forum)
  • Tuesday | Vertical build-outs, horizontal break-ups (Editorial Diary)
  • Monday | Global enterprise reset (Editorial Diary)
  • Friday | Starlink raises the stakes (Editorial Diary)
  • Thursday | Tokenomics is not new telco economics (Editorial Diary)
Share 0 LinkedinEmail
Andy Purdy, Chief Security Officer, Huawei 

previous post
Semtech/Sierra, Telit/Thales set ground for new east-west IoT clash (Analyst Angle)
next post
The keys to electromagnetic testing for product development, compatibility, and safety

White Papers

  • Enea White Paper: Why Intelligent AAA is the Swiss Army Knife of Telecom

  • CSG White Paper: Telco AI Enabler: Mediation’s Defining Role

  • Enea White Paper: Scalable Database Design for 5G and Beyond

  • Supermicro and NVIDIA Whitepaper: Powering sovereign AI at scale

  • VIAVI Whitepaper: RAN scenario generators and their critical role for future-proofing AI-native RAN in Advanced 5G and 6G networks

Editorial Reports

  • Report: Scaling Optical Networks For The Hyperscale And AI Era

  • Test And Measurement Market Pulse Report

  • Editorial Report: Securing telecom infrastructure for the quantum era

Webinars

  • Webinar: Rethinking the RAN as AI, cloud and openness converge

  • Webinar: Scale-Up, Scale-Out, Scale-Across – Building AI-Era Network Fabrics

  • Webinar: NTN in motion – evolving standards, expanding services

  • Webinar: Noise-Figure Measurements with RFmx and PXI VSTs

  • Qualcomm Webinar – Building the 6G Standard: Key developments to know

Since 1982, RCR Wireless News has been providing wireless and mobile industry news, insights, and analysis to mobile and wireless industry professionals, decision makers, policy makers, analysts and investors.

Facebook Twitter Youtube Linkedin Envelope Rss

Useful Links

  • Subscribe
  • About RCR Wireless News
  • Contact Us
  • Advertise
  • Editorial Calendar
  • Archive
  • RSS
  • Wireless News Archive
  • Subscribe
  • About RCR Wireless News
  • Contact Us
  • Advertise
  • Editorial Calendar
  • Archive
  • RSS
  • Wireless News Archive

Edtior's Picks

What defines network performance in 5G and beyond? A CTO Perspective
Elisa says AI automation has cut network incidents by over 80%
“We’re going after the operator channel” – Druid bets on simplicity to scale...

Latest Articles

What defines network performance in 5G and beyond? A CTO Perspective
Elisa says AI automation has cut network incidents by over 80%
“We’re going after the operator channel” – Druid bets on simplicity to scale private 5G
Enea White Paper: Why Intelligent AAA is the Swiss Army Knife of Telecom

© 2026 RCR Wireless News All Right Reserved. Developed by Eight Hats.

Cookie Policy | Privacy Policy

RCR Wireless
  • News
  • Channels
    • 5G
    • 6G
    • BSS OSS
    • Carriers
    • IoT
    • Network Infrastructure
    • Open RAN
    • Private 5G
    • Telco AI
    • Telco Cloud
    • Test & Measurement
  • Resources
    • Reports
    • Webinars
    • White papers
    • AI Fundamentals
    • Analyst Angle
    • Editorial Calendar
    • Fundamentals
      • 5G NR Release 17
      • AI
        • Telco AI in 2025
    • Podcasts
      • Let’s Get Digital with Carrie Charles
      • Wireless Connectivity to Enable Industry 4.0 for the Middleprise
      • Well Technically…
      • Will 5G Change the World
      • Accelerating Industry 4.0 Digitalization
  • AI Infrastructure
  • Programs
  • Events
  • RCRtv
  • Advertise
  • Subscribe
RCR Wireless
  • News
  • Channels
    • 5G
    • 6G
    • BSS OSS
    • Carriers
    • IoT
    • Network Infrastructure
    • Open RAN
    • Private 5G
    • Telco AI
    • Telco Cloud
    • Test & Measurement
  • Resources
    • Reports
    • Webinars
    • White papers
    • AI Fundamentals
    • Analyst Angle
    • Editorial Calendar
    • Fundamentals
      • 5G NR Release 17
      • AI
        • Telco AI in 2025
    • Podcasts
      • Let’s Get Digital with Carrie Charles
      • Wireless Connectivity to Enable Industry 4.0 for the Middleprise
      • Well Technically…
      • Will 5G Change the World
      • Accelerating Industry 4.0 Digitalization
  • AI Infrastructure
  • Programs
  • Events
  • RCRtv
  • Advertise
  • Subscribe
@2020 - All Right Reserved. Designed and Developed by PenciDesign