Martín Portillo
CISO
Huawei Technologies Mexico
/
Expert Contributor

Is Mexico Prepared for Secure, Mass Digital Transactions?

By Martín Portillo | Fri, 09/10/2021 - 08:51

We are in the midst of a global transition from what we could call passive, unconscious transactions to active, very conscious transactions. In the National Survey of ICT Usage (INEGI, 2020) in Mexico there are:

  • 84 million internet users
  • 88.2 million cellular users

In both cases, more than 70 percent of the whole Mexican population has direct contact and eventually digital or internet transactions.

According to Mexican Scientific Police, only in 2019 more than 20,000 complaints were documented with some sort of vulnerability, from minor offenses to huge cybercrimes, either related to network or private data (Trasvina, 2021 p.9).

When we talk about cybersecurity, it means not only the ability to have bullet-proof technological infrastructure, it implies a whole ecosystem that includes all players in our society. From a young kid using a smartphone or personal computer, to a high-level executive making a decision using the same kind of device used by our young kids at home. From the humble family business to a huge global corporation, protocols and standards of cybersecurity and privacy protection standards should be observed. National telecommunications operators, who are freely making decisions on what type of technology they will use to offer voice and data services to the Mexican population, should also make sure to implement and include internationally recommended standards and best practices for cybersecurity and privacy protection.

National regulator IFETEL, which provides and applies policies for the better use of telecommunication resources, should definitely take the leadership in recommending the use of the aforementioned standards. Why? To avoid sterile discussions on how secure a national telecom network should be.

International Cybersecurity Standards

The good news is that we now have those standards and protocols developed by two recognized international organizations, 3GPP and GSMA.

Current wireless networks are being operated and designed following such standards. For new emergent networks such as 5G in Latin America and Mexico, 3GPP and GSMA proposed NESAS/SCAS, which is a mobile network security test specification and assessment mechanism jointly developed by major global operators, suppliers, industry partners and regulators. The network equipment of vendors is audited and tested by independent and authoritative third-party organizations.

NESAS (Network Equipment Security Assurance Scheme) Ecosystem. - A four in one ecosystem has been formed:

  • Operators. 10 Tier 1 carriers are included, five of which are from Europe.
  • Equipment suppliers. All four major vendors participate in the assessment (Ericsson, Huawei, Nokia and ZTE).
  • Audit institutions and laboratories. Eight assessment institutions are authorized, including two audit institutions and six labs, of which two are in Europe.
  • Government and government agencies. The EU members unanimously agree that NESAS was widely recognized by ECCG (The European Consumer Consultative Group) representatives as the basis for the basic level solution for EU 5G security certification.

Equipment Manufacturers Adopting NESAS/SCAS

Trust should be based on verifiable facts, which should in turn be based on international standards. Authoritative, customized, efficient, unified, open, global and constantly evolving cybersecurity assessment standards in the telecommunication industries are needed.

The NESAS/SCAS tests include network product general security, air interface security, and basic vulnerability testing, such as data and information protection, air interface ciphering, integrity protection and robustness. Among others, Huawei has passed these tests for its technologies, including the security assessment for 5G network devices.

Concerning the use of technology, we are prepared to continue preserving a high level of cybersecurity as we have had in the past, regardless of the generation of technology in place. International organizations as well as industry and research institutions are developing in parallel to new emergent technologies (5G, IoT, AI) standards and protocols that will support a secure TIC infrastructure. It’s now in the hands of regulators, investors, and users to close the loop to really achieve an ecosystem that can mitigate the risks associated with our modern soon-to-be digitalized Mexico.

We identify two top priorities: one is to provide, and urgently, a digital education for young users as well as training mechanisms for active working individuals in the use of current and new technology. Second is the quick adoption of international standards and regulations (customized if needed) to efficiently and ethically perform our new profile as digital workers.

Photo by:   Martín Portillo