If anyone still needs convincing that cybersecurity is a critical issue in our increasingly connected world, consider the recent reports that hackers have been attacking the cold chain facilities that will be used to distribute COVID-19 vaccines. What’s more, these hackers are no mere ‘script kiddies’. Investigators believe the attacks carry all the hallmarks of a nation state.
While rogue nations attack critical infrastructure, organised cybercriminals look to extort money or steal valuable data and hacktivists and terrorist groups aim to advance their political agenda. With this motley crew of adversaries ranged against us, government agencies and NGOs, businesses and consumers alike face an evolving threat landscape.
Telcos are on the front line in this fight, since they provide the connectivity that all these subscribers rely on. Telco networks also provide access to the ‘attack surface’ through which hackers target their campaigns which are an attractive stepping-stone to other targets. The size and vulnerability of that attack surface is growing exponentially, with the arrival of 5G and the Internet of Things driving up the number of connected global devices from millions to billions.
These vulnerabilities have not gone unnoticed, with significant increases in cyber-attacks based on the weaponisation of IoT devices identified in the NTT 2020 Global Threat Intelligence Report.
Each logical portion of a telco network can be evaluated based on the different classes of traffic: user payload traffic, management traffic and signalling traffic.
User payload traffic contains the actual user data – which can be considered the ‘crown jewels’ from a client or subscriber perspective. The General Data Protection Regulation (GDPR) has provided a focus for Data Protection and Data Governance professionals to ensure appropriate security controls are in place to support the confidentiality, privacy and integrity of client data.
However, the management and signalling traffic is also of interest to threat actors and of significant importance when considered in the context of Critical National Infrastructure (CNI).
The management plane is an attractive target for hackers to gain access to network resources from which control to manipulate network traffic and data would be available as recently experienced by a number of enterprise users following the SolarWinds Orion Sunburst incident.
Compromise of the signalling plane could lead to the intercept and rerouting of calls for the purpose of eavesdropping or denying service availability. 5G standards provide a number of enhancements that offer additional capabilities that can be leveraged.
Fines and immediate financial losses are obviously unwelcome, but long-term damage to a company’s reputation can far outstrip such short-term problems. For example, it’s been five years since hackers accessed the payment data of millions of TalkTalk customers, yet this remains the most notorious hacking case in UK telecoms to date.
The security response of British telcos has been patchy until now, without strong regulation to force everyone to optimise their security systems to a similar level. The government has therefore decided to step in.
The imminent arrival of the Telecommunications Security Bill (TSB) will transform the legal obligations for telcos operating in the UK. The bill seeks to level up the industry’s security response and transform good practice into common practice across the sector. For some telcos, the TSB may mean delivering a step change in their security posture.
The UK National Cybersecurity Centre (NCSC) advised on the technical recommendations for building the new security framework, which aims to provide a consistent, measurable and achievable set of controls and procedures. The underlying principles are intended to be sufficiently flexible to adapt as the arms race between the telcos and the cybercriminals continues.
Competitive pressure resulting from increasing customer expectations lead telco providers to adopt Automation, Artificial Intelligence (AI) and Machine Learning (ML) to support digital transformation and efficiently expand their service portfolios. Such technologies can also be leveraged to spot threats more quickly and respond in a co-ordinated way using standardised procedures. In other words, orchestration and automation hold the key to mounting an effective – and cost-effective response.
Remember too that hackers will naturally be exploring the same smart technologies, so adopting the new generation of digital, data-based tools is the only realistic way of mitigating the evolving business risks if these cannot be transferred away from the organisation.
The Zero Trust network security framework has been widely adopted across many enterprises. A key aspect of zero trust is least-privileged access which means it eliminates the implicit trust users have historically received once inside a traditional network with verified explicit permissions. . With a zero trust approach, least privilege is not only applied to access requests, but also to use of data based on continuous dynamic validation of usage against business policy.
For the telco industry, historically designed to deliver frictionless services, adoption of a Zero Trust approach is likely to be a challenge due to the complexities associated with scalability and the implications of continuous monitoring and analysis. Adopting a proven methodology to focus on the Protect Surface; groups of the most critical and valuable Data, Assets, Applications and Services (DAAS) provides a structured approach. Once legitimate interactions are identified, appropriate controls can be enforced - subject to continuous validation – informed by analytics and automation technologies.
Some telcos may find it a challenge to turn their good intentions into a systematic and wide-ranging action plan for security. NTT DATA can support telco clients as they tackle the new security situation.
Our extensive experience of working with telcos around the world enables us to take a step back and assess each organisation from a security perspective. We can identify assets, map transaction flows and undertake data discovery. The good news is that the telcos who did all their homework in preparation for GDPR will already have a head start on this.
We can then work together to establish a range of preventive measures to suit your business priorities. And since cybersecurity is a battle that can never be fully won, we can stick around to help telco clients monitor their networks, learn lessons and improve their security performance on an ongoing basis.