{"id":13132,"date":"2025-08-13T14:17:59","date_gmt":"2025-08-13T13:17:59","guid":{"rendered":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?p=13132"},"modified":"2026-02-23T12:55:10","modified_gmt":"2026-02-23T12:55:10","slug":"mobile-telecom-security-landscape-blog-august-25","status":"publish","type":"post","link":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/","title":{"rendered":"Mobile Telecom Security Landscape Blog: August 25"},"content":{"rendered":"\n<p>Welcome to the August blog.&nbsp; This month we examine <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/supply-chain-toolbox\/\">supply chain security<\/a> within the context of the recently updated and re-issued <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/supply-chain-toolbox\/\">GSMA Supply Chain Toolbox<\/a>.&nbsp; The new Supply Chain Toolbox uses a lifecycle model to describe a number of guidelines (\u2018tools\u2019 in the \u2018toolbox\u2019). Supply chain attacks continue at pace.&nbsp; The classification of mobile infrastructure as critical national infrastructure in many jurisdictions and concerns about national security have increased the focus on the security posture of network equipment and the providers of it.<\/p>\n\n\n\n<p>The mobile industry has long aimed to deliver robust security arrangements to protect its assets, customers and services.&nbsp; This security objective is delivered through a lifecycle approach starting even before a service goes live.&nbsp; The foundations of security are built through architectural design choices, choosing to adopt solutions utilising internationally recognised standards and shortlisting vendor solutions that already have a strong baseline security level built-in. To understand and strengthen supply chain arrangements, it is important to understand how products and services are developed, built, procured, operated and decommissioned.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-supply-chain-interventions-throughout-the-lifecycle-can\">Supply chain interventions throughout the lifecycle can:<\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Inform of the strength of development processes<\/li>\n\n\n\n<li>Understand the adequacy of in-built security controls and assurances<\/li>\n\n\n\n<li>Be clear on the security of in-life security maintenance arrangements<\/li>\n\n\n\n<li>Improve the speed of response to mitigate new security vulnerabilities<\/li>\n\n\n\n<li>Ensure de-commissioning is undertaken in a controlled and secure manner<\/li>\n<\/ul>\n\n\n\n<p>The <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/supply-chain-toolbox\/\">GSMA Supply Chain Toolbox<\/a> has recently been revised and refreshed. This includes different accreditation and assurance schemes and guidelines pertaining to specific areas of mobile technology. The different resources in the toolbox are organised to illustrate tools appropriate before and during procurement on services and products and during their in-life operation.&nbsp; The toolbox first focuses on product and service <em>selection<\/em> and finally identifies considerations for products and services <em>in-life<\/em>.<\/p>\n\n\n\n<p>The opportunity for indirect attacks through supplier or third-party tooling and services should not be underestimated and requires vigilance about which third-party tools to use, as well as awareness of the security posture of the various third parties.<\/p>\n\n\n\n<p>As part of supply chain assurance, <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/industry-services\/\">GSMA Network Equipment Security Assessment Scheme<\/a> exists to facilitate improvements in network equipment security levels, across the mobile industry by providing a baseline security assurance. Providing one universal and global security assurance framework that can raise confidence and trust in mobile network equipment.\u00a0 The purpose of the scheme is to audit and test network equipment vendors, and their products, against a security baseline, so they can demonstrate to network operators (or regulators) that they are conforming to the desired standard. The scheme has been defined by industry experts through GSMA and 3GPP. Therefore, it represents a key pillar in securing the whole eco-system, including the needs governments, mobile network operators and regulators.\u00a0 NESAS only plays one part of the security strategy.\u00a0NESAS only tests products and processes at a point in time. It is important to guarantee that the actual deployed code is actually the same code that was tested through NESAS and that secure configurations are used.\u00a0Additional layers of security are required to deliver a robust deployment for in-service use.\u00a0\u00a0<\/p>\n\n\n\n<p>As architectures continue to move towards disaggregated components, leverage cloud and virtualisation architectures as well as increase in third party tools for monitoring, management and security, it is clear that the available supply chain \u2018surface area\u2019 for an attacker to exploit is becoming broader. Active and in-depth knowledge of direct, indirect and open-source supply routes are all needed.<\/p>\n\n\n\n<p>The force multiplier effect for an attacker of a single successful attack providing access across all the target supplier\u2019s customers makes using a compromised vendor an attractive proposition.&nbsp;The potential attack force-multiplier enabled through a supply chain attack means building skills, processes, tools and experience will present an enduring benefit &#8211; supply chain security will remain a key security area.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-we-invite-you-to-download-the-new-gsma-supply-chain-toolbox-and-consider-how-their-own-supply-chain-security-practices-align-to-those-presented-and-review-any-gaps-or-variances\">We invite you to download the new GSMA Supply Chain Toolbox and consider how their own supply chain security practices align to those presented and review any gaps or variances.<\/h5>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/supply-chain-toolbox-report-2025\/\">Download toolbox<\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to the August blog.&nbsp; This month we examine supply chain security within the context of the recently updated and re-issued GSMA Supply Chain Toolbox.&nbsp; The new Supply Chain Toolbox uses a lifecycle model to describe a number of guidelines (\u2018tools\u2019 in the \u2018toolbox\u2019). Supply chain attacks continue at pace.&nbsp; The classification of mobile infrastructure [&hellip;]<\/p>\n","protected":false},"author":66,"featured_media":13140,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","footnotes":""},"categories":[1505],"tags":[],"algolia_discover_type":[1549],"class_list":["post-13132","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest-news","algolia_discover_type-article"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.3 (Yoast SEO v24.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mobile Telecom Security Landscape Blog: August 25 - Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mobile Telecom Security Landscape Blog: August 25 - Security\" \/>\n<meta property=\"og:description\" content=\"Welcome to the August blog.&nbsp; This month we examine supply chain security within the context of the recently updated and re-issued GSMA Supply Chain Toolbox.&nbsp; The new Supply Chain Toolbox uses a lifecycle model to describe a number of guidelines (\u2018tools\u2019 in the \u2018toolbox\u2019). Supply chain attacks continue at pace.&nbsp; The classification of mobile infrastructure [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/\" \/>\n<meta property=\"og:site_name\" content=\"Security\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-13T13:17:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-23T12:55:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/08\/GettyImages-1494104760.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2309\" \/>\n\t<meta property=\"og:image:height\" content=\"1299\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ehenderson@gsma.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ehenderson@gsma.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Mobile Telecom Security Landscape Blog: August 25 - Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/","og_locale":"en_GB","og_type":"article","og_title":"Mobile Telecom Security Landscape Blog: August 25 - Security","og_description":"Welcome to the August blog.&nbsp; This month we examine supply chain security within the context of the recently updated and re-issued GSMA Supply Chain Toolbox.&nbsp; The new Supply Chain Toolbox uses a lifecycle model to describe a number of guidelines (\u2018tools\u2019 in the \u2018toolbox\u2019). Supply chain attacks continue at pace.&nbsp; The classification of mobile infrastructure [&hellip;]","og_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/","og_site_name":"Security","article_published_time":"2025-08-13T13:17:59+00:00","article_modified_time":"2026-02-23T12:55:10+00:00","og_image":[{"width":2309,"height":1299,"url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/08\/GettyImages-1494104760.jpg","type":"image\/jpeg"}],"author":"ehenderson@gsma.com","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ehenderson@gsma.com","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/","name":"Mobile Telecom Security Landscape Blog: August 25 - Security","isPartOf":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/#primaryimage"},"image":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/#primaryimage"},"thumbnailUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/08\/GettyImages-1494104760.jpg","datePublished":"2025-08-13T13:17:59+00:00","dateModified":"2026-02-23T12:55:10+00:00","author":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/06397f185befa1985d4ee28109cc2759"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-august-25\/#primaryimage","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/08\/GettyImages-1494104760.jpg","contentUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/08\/GettyImages-1494104760.jpg","width":2309,"height":1299,"caption":"AI chatbot usage and concepts"},{"@type":"WebSite","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/","name":"Security","description":"GSMA Security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/06397f185befa1985d4ee28109cc2759","name":"ehenderson@gsma.com","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5174b854e8868f2475d4b9d5d155fc08?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5174b854e8868f2475d4b9d5d155fc08?s=96&d=mm&r=g","caption":"ehenderson@gsma.com"}}]}},"featured_image_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/08\/GettyImages-1494104760.jpg","_links":{"self":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/13132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/users\/66"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/comments?post=13132"}],"version-history":[{"count":5,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/13132\/revisions"}],"predecessor-version":[{"id":14097,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/13132\/revisions\/14097"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media\/13140"}],"wp:attachment":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media?parent=13132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/categories?post=13132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/tags?post=13132"},{"taxonomy":"algolia_discover_type","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/algolia_discover_type?post=13132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}