Telcos are heavily reliant on IT – and that reliance is growing. What are the most necessary IT security infrastructures would be needed to protect a telco from cyber-attacks?
Vlad Postelnicu: Due to their interconnected nature and the reliance upon international standards, telecommunications is one of the industries that are at the forefront of digitalisation. However, this makes them an unwitting target of cyber-attacks and breaches. Telecom players are expected to integrate artificial intelligence and blockchain technologies, for example, into their systems to not only enhance customer experience and meet the modern demands of tech-savvy population but also to address security vulnerabilities and provide deeper network protection. Machine learning and chatbots will enable effective combination of human and electronic intelligence, while blockchain is expected to help create an environment with tighter security and less anonymity in transactions.
How does a customer know that their app/service from their telco is compliant with in-country regulations on information security and privacy?
Preventive actions can reduce or eliminate any compliance issues, so from our perspective telcos need to have a clear understanding of the regulatory landscape at the early stages of any initiative. This will in turn eliminate risks later down the road when their service/app goes public. To ensure this we would advise telco organisations to consider adopting governance, risk and compliance solutions that will not only enable them to identify the current applicable regulations, but also to adapt to any future regulatory change.
Various stakeholders need to work together to ensure information security, including telecom operators, equipment manufacturers, suppliers and third party service providers. How do you make sure this chain is secure? What compliance certificates are there, or what measures should a telco have in place?
Telecom operators should conduct internal and external audit of their network once a year to protect their system. They should not only keep records of software details, updates and changes, operation and maintenance procedure manuals and command logs, and supply chain of products but they should also monitor and report all security breaches. For this practice to become successful, however, they must foster an environment where employees recognise and prioritise the importance of information security. Additionally, telecom players should follow a structured periodic risk assessment process with third parties to prevent intrusions.
With infinitely more connectivity, an almost limitless possibility for IoT and AI applications, and far more connected verticals, will the implementation of 5G pose a greater security threat to both telcos and consumers?
Admittedly, while cloud computing, Software Defined Networking (SDN), and Network Function Virtualisation (NFV), among others, are maturing towards their use in 5G, security challenges in these technologies remain. As such, we need to analyse the security of the mobile network infrastructure and apply necessary measures to guarantee data protection.
Encryption is one effective measure. Deploying special tools to monitor, analyse, and filter messages is another recommended step.
How can telcos mitigate that threat?
To minimise risks, telcos need to shift to an increasingly IP-based world, which entails regular security testing of their signaling network. We recommend that the testing be done at least quarterly given that introduction of new equipment or configuration changes to existing equipment may affect network security. Additionally, they must also consistently monitor, test, and filter the messages that cross their network boundaries using specially designed attack detection systems and equipment with firewall functionality.
Is there anything else you would like to add?
Our Digital Business Platform, amongst others, is designed to provide full visibility on how the organisation operates, understand and mitigate any potential risk while ensuring the operational agility required by a digitally driven market.
Globally, Software AG is supporting Telco providers for various aspects of their business, including compliance, and we believe that there many experiences and lessons learned that worth sharing.