{"id":14477,"date":"2026-06-17T11:25:04","date_gmt":"2026-06-17T10:25:04","guid":{"rendered":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?p=14477"},"modified":"2026-06-17T11:26:44","modified_gmt":"2026-06-17T10:26:44","slug":"mobile-network-security-natural-disasters","status":"publish","type":"post","link":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/","title":{"rendered":"Mobile network security in natural disasters"},"content":{"rendered":"\n<p>Mobile network security in natural disasters faces a challenge most operators have not planned for: attackers who treat the recovery window as a staging opportunity. When the <a href=\"https:\/\/science.nasa.gov\/earth\/earth-observatory\/earthquake-lifts-the-noto-peninsula-152350\/\">Noto Peninsula earthquake<\/a> struck Japan in January 2024, <a href=\"https:\/\/global.rakuten.com\/corp\/\">Rakuten Mobile&#8217;s<\/a> network teams found themselves managing physical reconstruction and a wave of cyber threats simultaneously.<\/p>\n\n\n\n<p>\u201cDisasters like an earthquake create the perfect conditions for cyberattacks,\u201d Nagendra Bykampadi, Vice President for Security Research and Standards at Rakuten Mobile, told attendees at the <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/mwc-barcelona-security-summit-highlights\/\">MWC26 Barcelona Security Summit<\/a>. His observation, drawn from direct experience, is a challenge the industry has not yet absorbed. Mobile network security in natural disasters poses a compound risk, yet Rakuten\u2019s Noto experience can help identify what operators need to prepare.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-natural-disasters-compound-mobile-network-security-risks\">How natural disasters compound mobile network security risks<\/h2>\n\n\n\n<p>On a normal day, a mobile network runs under layered defences: authentication systems, monitoring tools, patching schedules, and access controls. A major natural disaster removes most of that scaffolding at once.<\/p>\n\n\n\n<p>Power outages disable backup systems. Damaged fibre forces traffic onto improvised routes. Temporary base stations go up without full hardening. Engineers managing twenty simultaneous tasks start bypassing authentication steps to get equipment online faster. Monitoring gaps open and remain open for days. Underneath all of this, the network\u2019s defenders are exhausted and fielding calls from regulators who want status updates now.<\/p>\n\n\n\n<p>Bykampadi describes each of these factors as manageable in isolation. Together, they create a different problem. Attackers scanning for vulnerable infrastructure during a disaster are not looking for a sophisticated exploit. They are looking for a network in a degraded security posture. The engineers staffing it cannot respond in real time. Mobile network security in natural disasters fails because the conditions make normal security practice temporarily impossible. Defenders do not fail individually. The framework around them does.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-the-noto-earthquake-revealed-about-network-security-during-disasters\">What the Noto earthquake revealed about network security during disasters<\/h2>\n\n\n\n<p>Rakuten restored major network areas within two weeks of the earthquake. That speed reflects the advantages of its software-defined, Open RAN architecture. But two weeks of partial operation meant two weeks of reduced security posture. Parts of the network remained unpatched for almost two months after the event. During that window, the cyber threat landscape was changing fast.<\/p>\n\n\n\n<p>Bykampadi identifies two threat categories that emerged at Noto. The first was what he calls \u201c<a href=\"https:\/\/arxiv.org\/pdf\/2601.15666\">impression zombies<\/a>\u201d: fake bot accounts that flooded social media during the recovery. These accounts amplified misinformation and directed disaster survivors toward fraudulent fundraising appeals and phishing links. The second was infrastructure-level targeting. Attackers planted malware during the restoration window. They aimed to activate ransomware once the network was fully operational.<\/p>\n\n\n\n<p>\u201cOperators fight the war on two fronts,\u201d Bykampadi said. \u201cOn one side you have physical destruction and on the other side attackers probing the weakened defences.\u201d Similar patterns have appeared after other major disasters. Attackers treat recovery periods as <a href=\"https:\/\/cybernews.com\/editorial\/how-cybercriminals-could-take-advantage-of-natural-disasters\/\">attack staging windows<\/a>, not as delays. These patterns confirm that mobile network security in natural disasters requires planning for the recovery phase. Initial impact alone is not the problem.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-software-defined-architecture-changes-the-disaster-resilience-calculus\">Why software-defined architecture changes the disaster resilience calculus<\/h2>\n\n\n\n<p>When Rakuten built its network on a software-defined, Open RAN foundation, the drivers were commercial: cost and agility. The ability to source components from multiple vendors, update remotely, and avoid hardware lock-in was a business argument. The Noto earthquake added a different dimension.<\/p>\n\n\n\n<p>A software-defined network can be reconfigured and brought back faster than one built on proprietary hardware. Engineers do not need physical access to every node to restore services. Remote management means recovery can continue even when roads are blocked and teams cannot reach damaged sites.<\/p>\n\n\n\n<p>For mobile network security in natural disasters, that speed matters. The longer a network runs in degraded mode, the wider the window for attackers. Faster restoration shortens that exposure. There is a counterargument worth acknowledging: Open RAN\u2019s disaggregated interfaces introduce new attack surfaces compared with traditional proprietary architectures. Bykampadi did not minimise this. But his broader point stands: architecture designed for faster restoration also gives security teams cleaner control over the recovery process.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-preparing-mobile-networks-for-disaster-before-the-disaster-strikes\">Preparing mobile networks for disaster before the disaster strikes<\/h2>\n\n\n\n<p>Bykampadi\u2019s most direct instruction was also his most practical: \u201cWhat saves you during a disaster is what you do before the disaster.\u201d Stronger mobile network security in natural disasters breaks into two preparation streams. The first is technical. Operators need alternate communication channels that stay functional when primary systems fail. They also need clear records of which security controls were relaxed by design. Without those records, teams cannot tell planned deviations from ones made under pressure. Recovery procedures should include cybersecurity steps alongside physical restoration tasks, not treat them as separate tracks.<\/p>\n\n\n\n<p>The second stream is organisational. Bykampadi stressed that no operator can manage a major disaster response alone. After Noto, Japan\u2019s eight telecommunications carriers established a <a href=\"https:\/\/corp.mobile.rakuten.co.jp\/english\/news\/press\/2024\/1218_01\/\">formal cooperation framework<\/a>, sharing base-station-equipped ships, network facilities, and recovery assets across networks that would otherwise compete. Cross-operator threat sharing during an active disaster can identify attack patterns faster than any single operator\u2019s monitoring team working alone.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-where-this-leaves-mobile-network-operators\">Where this leaves mobile network operators<\/h2>\n\n\n\n<p>Future mobile networks will carry emergency response traffic, healthcare data, and critical infrastructure signals. Their security posture during a major natural disaster will affect more than subscriber experience. It will affect the societies those networks underpin.<\/p>\n\n\n\n<p>The Noto earthquake was, from a cybersecurity standpoint, a warning with a survivable outcome. Rakuten\u2019s architecture helped. Its engineers\u2019 speed helped. The cooperation framework that Japan\u2019s carriers built afterward may help even more when the next event hits. But the lesson from every case Bykampadi described is consistent: operators who treat cyber resilience as a steady-state problem will find it becomes an acute one at precisely the moment they are least able to handle it.<\/p>\n\n\n\n<p>Mobile network security in natural disasters is not a separate discipline from everyday network security. It is where everyday network security gets tested under the worst conditions, against attackers who planned for that window. For more information on how the industry is coordinating to strengthen cybersecurity, please visit the <a href=\"https:\/\/www.gsma.com\/get-involved\/working-groups\/fraud-security-group\/\">GSMA Fraud and Security Group<\/a>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mobile network security in natural disasters faces a challenge most operators have not planned for: attackers who treat the recovery window as a staging opportunity. When the Noto Peninsula earthquake struck Japan in January 2024, Rakuten Mobile&#8217;s network teams found themselves managing physical reconstruction and a wave of cyber threats simultaneously. \u201cDisasters like an earthquake [&hellip;]<\/p>\n","protected":false},"author":66,"featured_media":14480,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","footnotes":""},"categories":[1],"tags":[],"algolia_discover_type":[1549,1553],"class_list":["post-14477","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","algolia_discover_type-article","algolia_discover_type-resource"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.3 (Yoast SEO v24.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mobile network security in natural disasters - Security<\/title>\n<meta name=\"description\" content=\"Mobile network security in natural disasters: lessons from Rakuten Mobile\u2019s Noto earthquake experience for telecom operators.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mobile network security in natural disasters - Security\" \/>\n<meta property=\"og:description\" content=\"Mobile network security in natural disasters: lessons from Rakuten Mobile\u2019s Noto earthquake experience for telecom operators.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/\" \/>\n<meta property=\"og:site_name\" content=\"Security\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-17T10:25:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-17T10:26:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2026\/06\/Rakuten-blog-thumbnail.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1365\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ehenderson@gsma.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ehenderson@gsma.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Mobile network security in natural disasters - Security","description":"Mobile network security in natural disasters: lessons from Rakuten Mobile\u2019s Noto earthquake experience for telecom operators.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/","og_locale":"en_GB","og_type":"article","og_title":"Mobile network security in natural disasters - Security","og_description":"Mobile network security in natural disasters: lessons from Rakuten Mobile\u2019s Noto earthquake experience for telecom operators.","og_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/","og_site_name":"Security","article_published_time":"2026-06-17T10:25:04+00:00","article_modified_time":"2026-06-17T10:26:44+00:00","og_image":[{"width":2048,"height":1365,"url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2026\/06\/Rakuten-blog-thumbnail.jpeg","type":"image\/jpeg"}],"author":"ehenderson@gsma.com","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ehenderson@gsma.com","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/","name":"Mobile network security in natural disasters - Security","isPartOf":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/#primaryimage"},"image":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/#primaryimage"},"thumbnailUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2026\/06\/Rakuten-blog-thumbnail.jpeg","datePublished":"2026-06-17T10:25:04+00:00","dateModified":"2026-06-17T10:26:44+00:00","author":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/06397f185befa1985d4ee28109cc2759"},"description":"Mobile network security in natural disasters: lessons from Rakuten Mobile\u2019s Noto earthquake experience for telecom operators.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/general\/mobile-network-security-natural-disasters\/#primaryimage","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2026\/06\/Rakuten-blog-thumbnail.jpeg","contentUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2026\/06\/Rakuten-blog-thumbnail.jpeg","width":2048,"height":1365,"caption":"A speaker stands on stage before a seated audience at MWC 2026. A large screen reads, \"RESILIENCE IN THE RUBBLE: NAVIGATING MOBILE NETWORK CYBER RISKS AMID DISASTER\" with conference branding and red graphics."},{"@type":"WebSite","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/","name":"Security","description":"GSMA Security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/06397f185befa1985d4ee28109cc2759","name":"ehenderson@gsma.com","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5174b854e8868f2475d4b9d5d155fc08?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5174b854e8868f2475d4b9d5d155fc08?s=96&d=mm&r=g","caption":"ehenderson@gsma.com"}}]}},"featured_image_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2026\/06\/Rakuten-blog-thumbnail.jpeg","_links":{"self":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/14477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/users\/66"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/comments?post=14477"}],"version-history":[{"count":2,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/14477\/revisions"}],"predecessor-version":[{"id":14479,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/14477\/revisions\/14479"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media\/14480"}],"wp:attachment":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media?parent=14477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/categories?post=14477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/tags?post=14477"},{"taxonomy":"algolia_discover_type","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/algolia_discover_type?post=14477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}