Get your phone network security right, or else | VanillaMore
There has been big news on the telecoms security front over the past week, with mobile and fixed operators now facing hefty daily fines if they continue to be careless with their customers’ data. Enterprise technology journalist Antony Savvas reflects on the growing threat to the bottom line of communications service providers (CSPs).
Under the amended UK Telecommunications (Security) Act (TSA), companies are now liable to fines of up to 10% of their annual turnover or £100,000 (€115,700) per day, if they fail to protect not entirely the networks of their customers. Given that telecom operators are already subject to the GDPR (General Data Protection Regulation) of the European Union, the UK government is obviously concerned that more needs to be done to ensure that telephone networks are properly secured.
It’s a government trend in the phone protection space, given that the US government has taken the initiative to ensure that many developed countries lock down Huawei and other Chinese companies in their 5G telecommunications market, on claimed potential “espionage” threats. The tastes of Nokia, Ericsson, Samsung and NEC benefited from this decision, but when it comes to deploying specific security capabilities, telecom operators cannot simply switch to a government-approved provider, they must pay for it.
The UK’s new security requirements suggest that telecoms operators are not doing enough to properly secure their networks, and other countries may well be considering introducing similar rules.
Telcos used to have to decide on the appropriate network security for their business, much like any other organization. But with telephone networks now seen as a prime means for disbelievers or hostile states to seriously harm a national economy or its political system, the UK’s move is perhaps predictable. Indeed, in the UK Government’s Telecoms Supply Chain Review, published in 2019, it was argued that “providers often have little incentive to adopt security best practices”.
“We know how damaging cyberattacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life,” said Minister for Digital Infrastructure Matt Warman. “We are strengthening the protections of these vital networks by introducing one of the toughest telecommunications security regimes in the world, which secures our communications against current and future threats.”
A deep understanding
The regulations, drawn up by the UK National Cyber Security Center and national regulator Ofcom, will require mobile operators and Internet service providers (ISPs) to protect the data processed by their networks and services, and to secure the critical functions that enable their operation and management; and protect the software and equipment used to monitor and analyze their networks and services.
They must also have a “thorough understanding” of their security risks and the ability to identify malicious activity when it occurs, with regular reporting to internal guidance. Additionally, they must consider supply chain risks, and understand and control who has the ability to access and alter the operation of their networks and services, to help further strengthen security.
You would have thought that most of these tasks were already done, but with the increasing complexity of modern networks and the number of third-party providers used to ensure that services are delivered and continue to be delivered, there is nothing such as hefty fines to try to ensure everything is done correctly.
Dan Middleton, Vice President for UK and Ireland at a cloud data management company Veeamsaid of the new rules: “While telecom operators were previously responsible for their own security standards, these new regulations draw attention to the need for greater investment in cybersecurity by telecom companies and give the ‘Ofcom the right to impose fines on those who do not comply.
“One way to deliver better data protection within the industry is to have a comprehensive business continuity strategy, which will include resiliency measures and backup and disaster recovery plans, to give operators telecommunications companies the ability to recover data and continue operations as usual in the event of an attack.”
TechMarketView Simon Baxter, analyst, adds: “As internet availability is essential for businesses and home workers, any downtime can lead to significant disruption and loss of business. These regulations are an important step in securing our digital supply chains and making organizations more resilient to increasingly sophisticated cyberattacks.
As operators seek to improve their security, satellites are proving increasingly valuable in expanding their customer base. Satellite-based IoT (Internet of Things) specialist, Wild networks has signed a strategic partnership with the Swiss IoT sensor supplier miromico. Miromico will assist Wyld in the design, engineering and manufacturing of its next generation of low-power, low-power, long-range networking (LoRaWAN) terminals and modules designed for IoT applications in areas where there is little or no existing connectivity.
Wyld Connect hybrid devices can transfer data directly to terrestrial networks or via a network of Low Earth Orbit (LEO) satellites. Miromico will resell Wyld Connect devices and satellite services. Wyld will promote and resell Miromico sensors globally and integrate them into complete end-to-end, sensor-to-satellite solutions.
“Wyld is at the forefront of new sensor-to-satellite technology, which is expected to massively transform the IoT market, currently held back by the lack of global connectivity,” said Marcel Wappler, Chief Technology Officer at Miromico.
Wyld is already working on commercial data trials of its sensor-to-satellite service with customers and partners, including Chevron, DFM Technologies, DEWA, Senet and American tower.
The scent of musk
T-Mobile United States also participates in the satellite’s extended footprint act by climbing into bed with the world’s richest man. by Elon Musk SpaceX has signed a LEO satellite constellation connectivity agreement with the telecommunications operator, which promises to fill the mobile coverage gaps in the American continent and its territories.
The agreement will allow T-Mobile customers to receive Stellar Link Internet services directly to their existing devices, from anywhere they can see the sky, whether on land or sea. While SMS and other messaging services will initially be available, the plan is to expand eventually connectivity to full voice and data services, and to other parts of the world through future roaming agreements.
“This is about solving the biggest problem in our industry’s 40+ year history,” said Mike Sievert, CEO of T-Mobile US. “This partnership has a vision that is the end of mobile dead zones.”
While high-speed 5G rollouts and resulting new services will continue to grab headlines, connectivity security and reliability are expected to be persistent issues.
The author is Antony Savvas, a freelance journalist specializing in business technologies.