Skip to content

Press release

TÜVIT successfully tests ZTE's 5G product according to NESAS

With the 5G NR gNodeB from mobile communications equipment manufacturer ZTE Corporation, TÜV Informationstechnik GmbH (TÜVIT) is testing a 5G product according to the NESAS certification scheme (NESAS CCS-GI) for the first time in a pilot procedure. With the official certification by the BSI, the telecommunications equipment supplier is now able to prove the IT security properties of its 5G components with an independent certificate.

Eine Frau bedient lächelnd ihr Smartphone. | TÜVIT
30/03/2023 | Essen

Lower latency times, higher transmission speeds, better network stability - 5G brings many advantages, but also harbours an increased risk of cyberattacks. This is because the large number of networked devices also increases the number of potential points of attack. The 3rd Generation Partnership Project (3GPP) and the GSM Association (GSMA) have developed the joint Network Equipment Security Assurance Scheme (NESAS) to increase confidence in the IT security of a wide range of 5G mobile communications components. The German Federal Office for Information Security (BSI) has in turn converted this scheme into a national certification scheme for product certification: The NESAS Cybersecurity Certification Scheme - German Implementation (NESAS CCS-GI).1

ZTE Corporation is the first mobile communications equipment supplier to successfully complete the NESAS CCS-GI testing and certification process as part of a pilot project. This basically consists of two areas: The auditing of the development and life cycle processes and the evaluation of the technical capabilities of a network product under consideration. In the case of ZTE, the product was evaluated by TÜVIT as a recognised testing body for NESAS CCS-GI.

As part of the joint pilot project, the developed test methodology was applied in practice for the first time. This was preceded by a complex test setup, which included installing a 5G radio base station (gNodeB) from the manufacturer and simulating a complete 5G core network. In order to create the conditions for the successful execution of the test, heavy goods vehicles delivered equipment weighing several tonnes to the TÜVIT premises on the TÜV NORD CAMPUS in Essen, which was set up in close cooperation with ZTE's technicians. The IT security experts then familiarised themselves with the underlying system and began testing the 5G NR gNodeB in accordance with the NESAS CCS-GI test requirements. This included standardised security tests and various test cases.

During the entire test period, the TÜVIT experts were in continuous dialogue with the BSI to report on how the implementation of the specified tests worked in practice and to provide feedback on defined requirements. "The pilot project with ZTE and the associated experience and findings have made a decisive contribution to further advancing the NESAS CCS-GI certification," says Lisa Jäger, IT security expert at TÜVIT. "This means that the still relatively new certification scheme has officially passed its acid test. The decisive factor for the successful completion of the project was the good interaction between a technically skilled team at TÜVIT and a manufacturer that confidently faced up to the requirements."
 

1 Certification in accordance with NESAS CCS-GI does not replace the testing of critical components in accordance with §9b BSIG with regard to a probable impairment of public order or safety.

Learn more about NESAS

About TÜVIT

TÜV Informationstechnik GmbH (headquartered in Essen, Germany) is a renowned IT security service provider and an independent testing institute and laboratory for IT security and cyber security in digitalisation. TÜVIT has been accredited worldwide since 1995 and creates trust in security measures at the level of business processes, data, applications and technologies through vulnerability analyses, audits and evaluations. TÜVIT is a powerful partner in detecting and responding to cyber attacks and ensures rapid restoration of business capability. In this way, businesses, public authorities and operators of critical infrastructures strengthen their regulatory compliance in the areas of confidentiality, integrity and availability as well as their holistic cyber resilience and IT security in the supply chain.

Together with ALTER TECHNOLOGY, TÜVIT forms the Digital & Semiconductor business unit. The business unit is a key pillar of the TÜV NORD GROUP, a knowledge company that has stood for security and trust worldwide for over 150 years. Engineers and IT security experts in more than 100 countries ensure that companies become even more successful in the networked world.

Presse-Kontakt