Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Guillaume Lavernhe, Senior Product Manager Fraud Prevention & Security at BICS, analyses the evolving telecoms security landscape.
The mobile connectivity and roaming ecosystem has evolved significantly over the past 15 years. People have been travelling more for business and leisure and expecting the same high level of service (at the same price point) wherever they roam. In the EU we’ve seen the introduction of regulations such as Roam Like at Home. In Africa, a similar roaming scheme, One Africa Network, is being developed by the SMART Africa Alliance.
Although international roaming has fallen sharply due to the pandemic, the need for networks to be highly interconnected remains. 5G interworking expectations and the seemingly infinite proliferation of connected ‘things’ mean operators must be ready (and mobile networks future-proofed) for even higher demands just around the corner.
However, mobile interworking, which supports roaming, has become ever-more complex. We’re seeing a growing number of players and business models requiring roaming services, while the networks are opening more and more to corporates and industry verticals. In addition, the coexistence of 2G/3G/4G technologies, now also looking towards interworking with 5G, creates challenges from a security perspective. 2G technology brings a lack of security mechanisms such as authentication, integrity protection and encryptions into the new interworking arena. As a result, operators will need to continue tackling these inherited vulnerabilities in their interworking networks, even as they progress towards 5G.
Security must be implemented on existing and live international connections in mobile networks. It is a retro-implementation which requires very narrow expertise combining roaming experience with cybersecurity techniques. Relying on a trusted security provider in this way will help to avoid service and business disruptions. Security challenges can be addressed in part through operators’ use of IPX. This gives operators greater visibility into international threats as well as enabling them to block attacks before they reach the network and impact end-users.
The mission of IPX and its future
IPX is a framework of services used for interconnect and roaming interworking. In addition to traditional 2G, 3G and LTE roaming traffic, IPX carriers can also offer solutions such as roaming value-added services, business intelligence and fraud prevention. Again, it’s important to partner with a carrier that has both roaming and cybersecurity expertise.
IPX covers data, signalling, voice and messaging, includes transport/proxy and hub services, and ensures an end-to-end quality of service. It has been designed to support the wholesale exchanges between communication service providers (CSPs) and new types of players such as aggregators, fixed networks, and digital service providers.
The aggregation of services on a single interconnection lowers the cost for operators, and facilitates and accelerates the establishment of roaming agreements between members of the global telco community. It’s this kind of streamlined approach that’s at the heart of the international mobility of people and things.
The era of global roaming brings opportunities to operators, but it’s also a complex landscape to navigate. IPX carriers are evolving their offerings in order to best support operators. Carriers are extending their services from simply providing connectivity to offering a one-stop-shop solution or even global outsourcing of wholesale activities. These approaches leverage the carrier’s expertise on international exchanges while being simple to operate and manage for operators.
The wholesale exchanges and communications threats
CSPs are prime targets for criminals as they oversee critical infrastructure – attacks on which can cause significant damage. Distributed Denial of Service (DDoS) attacks, for instance, are a major concern, and one that disproportionately impacts the telecoms industry. A report from last year found that two thirds of such attacks are directed at CSPs.
IPX has been designed to provide a secure alternative to the public internet for wholesale exchanges. However, telecoms infrastructure is now highly interconnected and open to a wide variety of partners and players. As such, it is exposed to a growing number of attacks from hackers using both traditional and more recent means of attack, increasing the risk of infiltration and exploitation.
For example, the telecoms industry has long faced the threat of signalling attacks, which target both networks and consumers, including corporate businesses and institutions. 2G and 3G networks are based on Signalling System 7 (SS7). This is used to exchange information (such as call routing or roaming) between different elements of the same network or between different networks. 4G meanwhile uses Diameter as a replacement for SS7. According to a paper by the European Union Agency for Cybersecurity, researchers have identified vulnerabilities in both SS7 and Diameter. This leaves the door wide open for attacks such as SMS spam/bypass, SMS intercept, subscriber DoS, subscriber account fraud, call intercept, and location tracking.
Despite the move to 5G, SS7 (and its vulnerabilities) will still be in use for the next decade or so. And let’s not forget, many regions still haven’t adopted 4G, meaning 2G is still required for full roaming coverage – including fallback for voice services.
Evolving nature of telecoms highlights security imperative
Telecoms networks – IPX included –support people travelling and talking to friends and family across the world. However, they are also used by a growing number of corporate businesses. These parties rely on networks to authenticate transactions or subscriptions, as well as to enable connected devices that form part of mission-critical industries and applications on a global scale.
Operators must therefore firstly focus their attention on tightly managing and securing traditional telco services. They must protect data privacy and the confidentiality of communication between citizens and institutions.
Secondly, they must provide secure connectivity to support IoT and Industrial IoT use cases, plus services and applications that allow their customers to manage fleets of connected devices. Securing networks and roaming interworking that support these services must be a priority – particularly in light of increasing 5G deployments and the adoption of disruptive architectures. Operators must combine offensive and defensive practices. This approach – leveraging the most advanced solutions available today – will help to reduce the attack surface, and protect subscribers, corporates and institutions, and therefore protect telcos’ business models.
Best practice implementation
Fortunately, security is high on the agenda for much of the telco industry. We have seen, for example, the introduction of the UK’s Telecommunications Security Bill, a proposal to give the government unprecedented powers to ensure mobile operators prioritise security on their networks. This trend in legislation at governmental level is one which we expect to continue, alongside the continuation of community discussion and awareness around guidance on how to tackle vulnerabilities.
Services are now available that combine audit and consultancy with real-time monitoring and protection. These services allow mobile operators to secure network infrastructures against signalling attacks and make the most of an IPX environment. An initial security audit, for instance, helps operators at all levels of the organisation to identify and understand the importance of weak points in a network. They can then create an action plan with the service provider, and benefit from their expertise and consultancy.
This approach can be facilitated on the IPX through pure black box penetration testing of the live production network. This tests the real roaming ecosystem, minimising the time and effort required by the operator, and removes potential bias inherent in testing in a lab environment. As such, the approach allows for corrections and security improvements to be made before they’re discovered by a real hacker.
This can be coupled with threat intelligence and 24/7 support from the service provider, enabling an immediate response to critical security events. This includes the real-time detection of attacks and active screening to protect the operators.
Threat intelligence should involve information on network attacks and suspicious behaviour being provided to operators in a legible manner. This helps to minimise false positives and ensure operators get enriched contextual information and are provided with explanations to facilitate forensic investigations.
Finally, the ability to share intelligence on attacks is of great value to the community. In this way, operators gain complete visibility of their networks, build up a greater understanding of attacker behaviour, and can identify similar patterns of behaviour in the future.
Operators take control
Importantly, this model of greater visibility and knowledge gathering hands the power to operators and allows them to take control of the security of their networks. By leveraging IPX configurations, operators can build an additional layer of security: stopping attacks at the source and making the wholesale ecosystem safer. Telcos will be able to reduce instances of fraud, tracking, interception, SMS spoofing, DDoS, and subscriber impersonation. Subscribers will in turn receive a higher quality and far more secure level of service – which will reduce churn and help boost revenue for operators.
Taking advantage of IPX services enables operators to deliver high quality, next-generation services. Whether it’s people or things that are roaming (and whether they do so on 2G, 4G or 5G), operators can ensure they’re providing a secure network ecosystem – today, and for the next 15 years to come.
Guillaume has over 20 years’ experience in telecommunications, working with operators and enterprises to protect their user experience and safeguard business revenues. He is passionate about helping service providers to address international threats on the voice, messaging and roaming ecosystem, and is a keen advocate for knowledge sharing within the industry to jointly combat fraud. He holds a Telecoms Engineering Degree from Toulouse Technological University Institute, and a Master’s degree in Product Management of Services from NEOMA Business School. He is a regular participant in telecoms industry forums worldwide.