The Report has released the Mobile Telecommunications Security Landscape Report with an overview of significant security issues. 2020 saw a number of changes in the security landscape, while traditional threat actors and areas continue to be present and pressure on networks remains.
Table of Contents
SOFTWARE AND VIRTUALIZATION
There are many industry initiatives that drive more open architectures and virtualized telecommunications infrastructures, such as TIP, O-RAN Alliance, Linux Networking Foundation, and the Open Networking Forum. The telecommunications industry uses open-source community software in a number of architectural deployments.
The software implements the functionality of the unit. The code may be proprietary and contain open source components and may contain commercially supported open-source virtualization software to enable the interface between the code and the supporting open hardware or cloud infrastructure. Different architectural decisions result in variations in the levels of abstraction and separation between workloads within virtualization fabrics.
Security must be considered when selecting the network and virtualization software layers. Therefore, strong code support is essential to ensure that malware and compromised code are fixed before attackers can exploit them.
CYBER AND OPERATIONAL SECURITY
Several attack vectors are presented, each requiring strong security controls and processes to minimize the threat of an attack:
- Phishing attacks: Well-designed and stylish phishing attacks continue to have a finite success rate in penetrating perimeter defenses.
- Malicious Insider / Compromised Access: Similarly, internal controls, least privileges, and strong authentication make it harder for a malicious insider to gain traction.
- Attack on managed service providers: Remote compromise of a managed service provider offers a potential attack vector.
- Attack on the Internet and DDOS interconnection/roaming/signaling: The exploitation of control signaling is a well-known attack vector that is widely documented and receives significant coverage.
- Exposed routers and servers: A network operator will have a significant heritage of vendor equipment, routers, and servers. It is important to know the equipment inventory well to be able to manage and protect it.
- Attack on devices: With increasing access bandwidth and a number of malware attacks on devices, protection against device-based network attacks on the network should be considered.
- Supply chain where equipment or software experiences interference in the supply or deployment process.
The supply chain can be broken down into a number of distinct but related areas: the components of a network that come together to provide a resilient operational service, where those components are sourced, and the parties involved in making products and services that contribute to the preservation and maintenance of a network.
The GSMA recommends the following in relation to supply chain security:
- Understand with whom you do business.
- Trace and evaluate the criticality of any component or service offering within the supply chain.
- Prepare business continuity plans that take into account the elimination of critical suppliers.
- Apply the range of security considerations identified in the GSMA White Paper.
- Consider testing open network solutions to reduce the risk of new vendor selection.
- Work with local legislators and regulators.
- Participate in and support the development of international standards.
In the era of 5G, in which Mobile Edge Computing (MEC), big data, and IoT devices become synonymous with mobile network operations, the volumes of data created, stored, and processed to meet the demands of the business increase, and as such, so does the need for a free flow of data.
The personal data of customers of mobile phone operators remains a prized target for would-be attackers. Customer data can be exploited to target individuals directly through phishing, malware, or other attacks or indirectly through the sale of data to third parties.
Cloud infrastructure is increasingly being deployed on mobile networks to take advantage of a lower infrastructure cost base, benefit from economies of scale, and increase flexibility. Technical solutions range from a private cloud, public cloud, and even hybrid cloud.
DEVICE AND IOT SECURITY
The number of devices connected to mobile networks exceeds the world population and the number of unique subscribers is 65% of the world population. With the rapid adoption of IoT devices, connections are expected to exceed 25 billion by 2025.
Devices are becoming more powerful and feature-rich, and will increasingly depend on network features and functions in the 5G era. There are more than 5 billion unique subscribers to the mobile network and the use of mobile devices represents a large volume of Internet traffic. Consumers hope to be able to run their lives from their devices, but growing awareness of inappropriate privacy controls and unauthorized use of data is lowering consumer confidence.
SIGNALING AND INTERCONNECTION
With the arrival of 5G, important advances have been made in terms of interconnection security, for which new controls have been defined between networks, such as the Security Edge Protection Proxy (SEPP). SEPP is a new network function that protects the edge of the home network, acting as a security gateway in the interconnections between the home network and visited networks.
The SEPP is designed to:
- Provide application layer security and protect it.
- Provide end-to-end authentication.
- Offer key management mechanisms to establish cryptographic keys.
- Perform filtering and monitoring of messages.
5G represents an opportunity for the mobile telephony industry to improve the security of networks and services, both due to its inherent design in network functions and due to its deployment strategies. New authentication capabilities, greater protection of subscriber identity, and additional security mechanisms will lead to significant security improvements over previous generations.
Much attention has been paid to identifying the main threats in 5G networks. There are a number of functions identified as critically sensitive. These include: virtualization infrastructure, controllers, orchestrators, Internet gateways, network outage, mobile edge computing, routing and switching of IP traffic at the core, database functions, authentication, access control and other security features
SECURITY SKILLS SHORTAGE
The shortage of specialized personnel in mobile network security has made it difficult for network operators to create and maintain their own knowledge. The breadth of knowledge that will be needed in 5G-era networks is likely to be much broader (including Intelligence Artificial, big data, IT, Cloud) and will also require the fundamentals of security skills in the traditional core of telecommunications.
To limit the impact of skills shortages, the industry should:
- Model and define current and future threats.
- Consider the advantage it represents for the development of competencies.
- Define formal and informal training mechanisms.
- Have a structured skills management capacity.
- Annually reassess cybersecurity functions.
- Automate whenever possible.