The changing landscape of UK telecommunication regulations in 2021
Written by Rob Fitzsimons, Field Applications Engineer, Telesoft-Technologies
The mobile telecommunications landscape has existed for several decades, seeing many new iterations of technology and protocols come and go, with many standing the test of time and continuing to support our day-to-day communications.
Considered to be Critical National Infrastructure (CNI), network operators have continued to support communications across the globe for many years. 2020 highlighted the importance of their quiet presence as they enabled organisations to continue to work from home around the globe. And as we move towards the next technological revolution with Industry 4.0, the widespread deployment of 5G is on the horizon, bringing with it more opportunity to enable smart cities, autonomous vehicles, industrial internet of things and the convergence of the industrial and operational technological environments, whilst also introducing more secure means of communication in a world where threat actors continue to seek to exploit every connected device.
However, the bedrock of these communications remains generally unchanged. Communication devices still operate across 2G and 3G networks which utilise legacy protocols such as SS7, GTP-C, BGP and Diameter, protocols recognised by the GSMA as a potential threat to telecommunications networks. The threats facing the industry through exploitation of these protocols can include location tracking, digital identity theft, financial fraud and theft and data/call intercept, to name a few. Whilst the industry understands that these threat vectors exist and the potential impact caused as a result of exploitation, they are also faced with the reality that significant changes would be required to fix the core protocols to increase security. Understandably, this would likely be very challenging, time consuming and complex, particularly when deploying across large scale networks. This will inevitably result in these protocols, and the associated risks, remaining within the networks as we move forward.
So, how can these challenges be addressed?
Network operators are already likely utilising technology across their networks to capture network metadata, which can be extracted, normalised and stored within data lakes for up to and beyond one year. Whilst many platforms can provide alerts to end users informing them of anomalous activity which should be investigated, this relies on known knowns, for example indicators of compromise such as malicious IPs or domain names. However, the network metadata retained in the data lake, when interrogated correctly, can enable forensic investigations and threat hunting teams to identify previously unidentified malicious activity within their networks, referred to as the unknown unknowns, which are new attack techniques and behaviours which are currently evading existing security platforms.
Telesoft-Technologies have developed this technology to extend the existing communications network visibility solutions to support monitoring within telephony networks. The TDAC Ecosystem can be integrated with existing infrastructure to enable monitoring and analysis of signals entering, transiting, or leaving the electronic communications network. Unique information within the extracted data is cross-referenced against industry standard threat information, such as the GSMA FS.11 (for SS7) and FS.20 (for GTP), enabling identification and alerting to anomalous activity. Additionally, the data retention offered by the TDAC enables the same threat hunting capabilities utilised by network operators to hunt for unknown unknowns within their network, creating a more proactive defensive capability and therefore increasing the security posture of the network and reducing the potential impact of an attack. The TDAC Ecosystem enables network operators to gain total, uncompromised coverage across all elements of their network, enabling the identification and removal of threats within the network, therefore ensuring a better quality of service to the end users.
Do I need to deploy these solutions?
With communications networks considered to be CNI, there is a significant interest in maintaining the operational capability from a strategic perspective. Conversations around the globe continue to discuss the evolution of network security and continue to put more emphasis on the importance of this security. This has resulted in countries implementing legislation which defines exactly what organisations need to do in order to maintain a foundational level of protection, with organisations being incentivised to conform to the legislation through the introduction of monetary fines should they not comply. And with the additional focus on securing the supply chain following a number of high-profile attacks, having solutions designed and manufactured in house, within the UK, further reduces the risk to operators and further increases an organisations’ security posture.
Additionally, network operators need to consider the reputational damage that can be caused should their networks come under attack following the exploitation of known vulnerabilities in the legacy protocols deployed. As is often the case, news such as this travel fast through social media and can have an significant impact against an organisations reputation, which has consequential effects against revenue.
Therefore, whilst network monitoring is not currently enforced across signalling networks, it should certainly be considered by network operators, particularly as we migrate more towards 5G. Threat actors continue to seek new attack vectors and if there is an opportunity for financial gain, they will exploit it. Network operators need to consider the risk posed to them should they have their network targeted and weigh up the investment to protect their infrastructure and customers against the potential damage caused by a successful attack, and the possibility of financial penalties which could be imposed in future.
However, in an era where security solutions are generally operating in a reactive manner, an opportunity for network operators to become proactive and shift the advantage in favour of the defenders is certainly worth considering. These networks will remain with us for many years to come and if they aren’t protected, they will be exploited.
About the author
Rob is a Field Applications Engineer, liaising between customers and our engineering departments to ensure that products are satisfying their needs and understand where they can be improved. Supported by his background in Military Operational Intelligence and his passion for cyber security, he has a good knowledge of the industry and is always interested in new technologies.