Addressing Cybersecurity Challenges in the Mobile Industry
It seems that we see a never-ending wave of reports detailing the latest security breaches or denial of service (DoS) attacks; just looking at last year, 2017 was dominated by ransomware variants like WannaCry and organisations such as Equifax declaring massive data breaches. Events like these are among the many challenges businesses face as they look to control an increasing number of threats against their IT networks and this issue will only grow. According to GSMA Intelligence, there will be 25 billion IoT connections by 20251 – digital opportunities and associated cyber security challenges will expand as billions of “things” and humans are connected.
Every one of these new connections requires a comprehensive security approach across business models, technologies, standards and regulations. The traditional approach of risk and security management, such as check-box compliance and access control are now being challenged.
Mobile network security becomes an even more critical issue for operators as they transform their mobile networks to 4G/LTE and now 5G; this progress brings with it a new set of cybersecurity challenges. New services will include remote control and monitoring of industrial systems, utility networks, self-driving vehicles and so much more. The availability, performance and critically reliability of these services depends on the underlying infrastructure. Cyber-attacks with safety implications are unfortunately becoming a reality.
The communications world is expanding – all-IP networks and WiFi access from unsecured hotspots and access points subject mobile networks to further threats. As cloud storage becomes more common, data security is a mounting concern; when data flows across organisational and geographical boundaries, it has to be protected at all stages.
The mobile industry has a long history of providing secure, reliable security solutions and network operators are the established, trusted providers of these services. Network operators continue to investigate, improve and roll out measures that add new and additional layers of security whilst meeting the pressures of the next generation of mobile networks.
The GSMA plays a central role in coordinating activity and leading on industry-wide initiatives, including programmes to support increased security throughout the entire mobile ecosystem, such as:
- Fraud and Security Group – established to drive the industry’s management of fraud and security matters with the objective to maintain or increase the protection of mobile operator technology and infrastructure and, security and privacy;
- The Network Equipment Security Assurance Scheme– a voluntary scheme providing a security baseline to show that network equipment satisfies a list of security requirements; and
- The Security Accreditation Scheme – enables mobile operators, regardless of their resources or experience, to assess the security of their UICC and Embedded SIM suppliers, and of their Embedded SIM subscription management service providers.
To complement these and facilitate broader industry collaboration, the GSMA today launched the GSMA Warning, Advice and Reporting Point (WARP) at the Mobile 360 Series Privacy & Security event in The Hague. Jaya Baloo, Chief Information Security Officer of KPN Telecom and an active member of GSMA WARP, formally unveiled the initiative as part of the “Securing IoT Tech in Society” keynote.
The WARP is the official point of coordination for the broad mobile ecosystem to provide crucial support around security challenges. Drawing on the collective knowledge of mobile operators, vendors and security professionals, the GSMA WARP collects, disseminates information and advice on security incidents within the mobile community – in a trusted and anonymised way. Information is disseminated to the appropriate group of stakeholders based on the type of threat, based on the priority level, so that action can be taken as necessary.
We encourage companies from across the mobile ecosystem to join WARP to collectively address the critical security issues facing us. The WARP service is open to Members as well as the wider ecosystem and security professionals. To find out more and join the GSMA WARP, please email your interest to firstname.lastname@example.org or go to www.gsma.com/warp.Back