Supply Chain Toolbox

Operators need to ensure that their supply chain does not compromise security

Consumer and enterprise customers increasingly rely on mobile operators to not only provide basic connectivity but also for a range of other services, including content and managed services. They expect those products and services to be secure. At a government level, many operators provide critical national infrastructure that is typically subject to a number of regulations including assuring the security of their products and services.

As new technologies are introduced by operators, to support the expanding range of digital services, so the complexity of the supporting technology increases. This increases pressure on operators to ensure that those services remain secure; protecting confidentiality, integrity and availability

Mobile operators rely on different suppliers to deliver the necessary infrastructure, components and solutions to create products and services resulting in supply chains being large and complex. Operators need to be able to ensure that its supply chain does not compromise security. However, securing the supply chain can be hard because vulnerabilities can be inherited or introduced and exploited at any point in the supply chain. Attackers do not need to attack an operator’s network directly they can, in many cases, achieve their aims by attacking the weakest point in the supply chain.

The GSMA Supply Chain Toolbox outlines a number of services and guidelines to help operators and their suppliers to better understand security and to access best practice. This includes different accreditation and assurance schemes and guidelines pertaining to specific areas of mobile technology. The different resources in the toolbox are organised by relevance to the different stages of procurement by an operator and to different stages of a vendor’s solution lifecycle.