CTIA Highlights Wireless Cybersecurity at MWC

Wiley Rein LLP
Contact

On day two of Mobile World Congress (MWC), CTIA hosted a panel on “Promoting Security in a 5G World.” The panel discussed ongoing efforts by regulators and the ways that the wireless industry is responding to a changing cybersecurity ecosystem. Panelists from Ericsson, AT&T, Qualcomm, and SecureG provided expert insights into the complex cybersecurity regulatory environment.

When it comes to cybersecurity, the wireless industry is hard at work. The panel highlighted that the sector “works well with others,” with several panelists stressing the importance of collaboration and public-private partnerships as particularly important. The industry has collaborated closely with the National Institute of Standards and Technology (NIST) on developing and updating the Cybersecurity Framework (CSF), with the Federal Communications Commission (FCC) regarding its customer proprietary network information (CPNI) rules, and the Cybersecurity and Infrastructure Security Agency (CISA) on its Cybersecurity Performance Goals (CPGs), among other things. As for public-private partnerships, panelists highlighted the important work of CISA’s ICT Supply Chain Risk Management Task Force and the FCC’s Communications Security, Reliability, and Interoperability Council (CSRIC).

Panelists also highlighted the security enhancements of 5G as a prime example of industry’s work in action. Security is built into 5G from the start—it is not a “bolt on” concept or afterthought. And wireless stakeholders continue to focus on 5G security, such as CTIA’s recently launched 5G Security Test Bed, where recommendations from the CSRIC can be tested and validated.

One major theme of the panel was the need for harmonization of cybersecurity requirements. Panelists praised the Office of the National Cyber Director’s (ONCD) recent Request for Information (RFI) on cybersecurity regulatory harmonization, as well as the Department of Homeland Security’s (DHS) recently released report on harmonizing incident reporting, which will inform CISA’s ongoing cyber incident notification rulemaking under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). One panelist called for “regulatory humility,” and another panelist explained that while harmonization is important, we need to ensure that any policymakers harmonize around the right security approach.

Another key theme from the panel was the need for emerging frameworks and approaches—including CISA’s CPGs and forthcoming sector-specific goals—to remain voluntary, in line with NIST’s CSF. Panelists agreed that it’s generally best to leverage public-private partnerships around voluntary norms and practices on security issues.

Finally, the panel also discussed emerging technologies, such as Internet of Things (IoT) device cybersecurity, post-quantum cryptography (PQC), artificial intelligence (AI), and open radio access networks (Open RAN). Panelists explained these technologies can bring a lot of positive benefits, but can also be exploited and raise new risks. Of note, panelists praised NIST’s publication of the AI Risk Management Framework earlier this year.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Wiley Rein LLP

Written by:

Wiley Rein LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Wiley Rein LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide