Cyber security is hard. GSMA T-ISAC wants to help.

The GSMA Telecommunication Information Sharing and Analysis Center (T-ISAC) is the central hub of information sharing for the Telecommunication Industry.​ We believe information sharing is essential for the protection of the mobile ecosystem, and the advancement of cybersecurity for the telecommunication sector.​

As cyber-attacks continue to increase in sophistication and volume, the GSMA T-ISAC is evolving and advancing its services. This is the perfect time to get sharing with your peers.​

If you are a GSMA member, you can join T-ISAC by completing the short form here and get involved in our upcoming activities.

One organisation’s detection is another’s prevention.

Drawing on the collective knowledge of mobile operators, vendors and security professionals, the T-ISAC collects, disseminates information and advice on security incidents within the mobile community – in a trusted and anonymised way.​

Our latest addition to the GSMA T-ISAC tool suite is the GSMA Fraud Intelligence Service which is a global resource for accurate roaming and interconnect fraud intelligence, including high-risk range and hot numbers. Furthermore, operators can analyse and exchange data in real time and in confidence. Access to the High Risk Numbers is free for GSMA operator members and is a significant upgrade to the existing method of sharing fraudulent numbers.

FAQs

How will my company benefit from being part of the T-ISAC Community?

Information sharing in the T-ISAC is all about building a global community with the same ethos, “One organisations’ detection is another’s prevention”. We are member-driven and working together to address and increase our resilience in the telecommunication industry against the cyber threats we all face.   T-ISAC enables its members, with a variety of services and products, to share important cyber threat information in real-time, as well as best practice solutions.

How do I join T-ISAC?

If you are a GSMA member, submit your details to join. Once received and verified you will be sent a welcome email with information on the products and services available to you, and access to the sharing platforms will also be set up.

If I am not a GSMA member, can I still join T-ISAC?

To join the T-ISAC you must be a GSMA member. Email us at T-ISAC@gsma.com to learn more.

Where do I find more information about T-ISAC?

See our document, T-ISAC Service Offering which outlines the policy, process and functionality of the GSMA T-ISAC, ensuring the rights and responsibilities are clearly understood and delivered correctly.

This document, and its associated components, has been built around best practice recommendations contained within the Forum of Incident Response Teams (FIRST), Requests for Comment (RFC), and the National Institute of Standards and technology (NIST) detailing expectations regarding Computer Security Incident Response Teams (CSIRT) functions.

T-ISAC Contact

t-isac@gsma.com

 

GSMA regards the security of mobile network infrastructure and customer equipment such as devices, as essential to the provision of secure and trustworthy services by its members.

The GSMA Coordinated Vulnerability Disclosure (CVD) programme gives security researchers a route to disclose a vulnerability impacting the mobile ecosystem meaning the impact can be mitigated before it enters the public domain. We work with mobile operators, suppliers and standards bodies to develop fixes and mitigating actions to protect customers’ security and trust in the mobile communications industry.

The GSMA encourages disclosure of security research which enhances security levels and better protects assets and customers, and our Coordinated Vulnerability Disclosure programme is designed to support the reporting and remediation of security vulnerabilities at industry level.

We invite both private individuals and organisations to report vulnerabilities to the GSMA in a responsible manner in line with our programme scope.

You can find out more about submitting a vulnerability to the programme here.

Hear from a researcher who has previously submitted a vulnerability to the CVD Programme:

Impact of the GSMA CVD Programme

Since our CVD Programme started in 2017 we have considered over 50 vulnerability disclosures, many encapsulating multiple linked vulnerabilities. The technologies have included:

  • 2G, 3G, 4G and 5G radio and core networks including Circuit Switched Fallback, IP Multimedia Subsystem, authentication, encryption & unique identifiers
  • SIM cards and SIM applets
  • Roaming and interconnect
  • VoLTE
  • Wireless Emergency Alerts

The GSMA CVD programme has allowed the industry to improve security in a number of ways thanks to researchers bringing their research on vulnerabilities to the programme prior to public release.

Recent examples include:

  • Removal of weak GPRS encryption algorithms from devices and adding respective device test-cases for new devices, prior to the public release of research identifying the weakness. Update of 3GPP specifications within a week of the release of the research (usually takes several months) – research.
  • Mandatory inclusion of full-rate user-plane integrity protection for 5G from 3GPP Rel-16, providing protection for an estimated 395 million additional 5G devices – research.
  • Issuing of patches to prevent keystream reuse by network equipment that did not follow the standards, prior to public presentation of the research. Also included a new SCAS test for this behaviour during NESAS audits – research.
  • Inform MNOs about the exploitation of SIM cards with a vulnerable applet installed and issue guidance to prevent misuse – research.

Where appropriate, CVD submissions and countermeasures are also added to the relevant GSMA reference document.

GSMA Coordinated Vulnerability Disclosure Programme – Disclaimer

The GSMA responsibilities and any other activities carried out as part of the GSMA Coordinated Vulnerability Disclosure programme are provided “as is”, without any warranty of any kind. All warranties, whether expressed or implied, or statutory, including without limitation any implied or other warranties of merchantability, fitness for a particular purpose, non-infringement, quality, accuracy, completeness, title or quite enjoyment are expressly disclaimed and excluded.

As this programme is designed to benefit the safety of mobile networks and users, the CVD Governance Team, the GSMA, its staff and members do not warrant or assume any liability for the responsibilities of this programme, or ”Validation of Submissions” and any other activities or milestones set forth by the GSMA. Each beneficiary of this activity will engage in this offering without reliance or any representation and /or warranty of the other parties and all such representations and/or warranties are, to the greatest extent permitted by applicable law, hereby disclaimed.

Owners or providers of an offering that has been identified by a Finder as having a vulnerability will only be given details of such vulnerability under this programme. The vulnerability must be validated in accordance with the GSMA Coordinated Vulnerability Disclosure process.

GSMA Operator, Associate and Rapporteur members interested in applying to join the CVD Panel of Experts can find out more details here.

Contact us for information about the GSMA CVD Programme

security@gsma.com