Operator network cybersecurity

Operator network cybersecurity is vital for protecting customer data, ensuring uninterrupted service, and preventing unauthorised access. This page provides essential documents related to mobile network cybersecurity, including guidelines for protecting voicemail systems and VoLTE communication. Operators can explore known VoLTE threats and how to implement effective mitigation strategies.

The GSMA offers resources for securing UICC credentials, which are key to safely exchanging sensitive information between mobile network operators and UICC vendors. For those transitioning to virtual infrastructures, the Network Function Virtualization (NFV) guidelines examine the security risks tied to virtual network functions. These documents provide insights into potential risks and steps to protect mobile networks. By staying informed with best practices, operators can minimise the risk of cyberattacks.

Document	Description	Access
Voicemail Security Guidelines (SG.20)	The Voicemail Security Guidelines provide guidance for operators on the management of personal identity numbers (PINs) and passwords used to authenticate users to obtain secure access to voicemail services.	Public
SMS Blasters Briefing Paper (FS.67)	​​This PRD educates MNOs on the threat posed by SMS Blasters, which are false base stations used by fraudsters to bypass network-side SMS filtering and deliver phishing messages directly to mobile users. It describes how the attack works, assesses the impact on customers and operators, and provides actionable recommendations for detection, mitigation and forensic analysis.	Members only
​​Voice over LTE (VoLTE) Security Analysis and Recommendations (FS.22)​	​​This document explains known VoLTE threats and the types of attacks that may target mobile networks. It also outlines mitigation strategies and countermeasures to prevent these attacks, while describing a range of testing scenarios.	Members only
Exchange of Subscriber Credentials (FS.28)	This document provides security guidelines for the protection of UICC credentials exchanged between network operators and UICC vendors.	Public
Network Function Virtualisation (FS.33)	This document provides a comprehensive overview of threats related to NFV, including the underlying infrastructure and platforms.	Public
Micro-Segmentation in 5G Core Network Resource Pool Guidelines: Version 1.0 (FS.61)	This document provides guidelines for MNOs that are evaluating and deploying micro-segmentation to protect east-west traffic in a 5G core network.	Public

Please note, resources marked ‘Members only’ can only be accessed by GSMA members