Arts & Architecture

+Adaptive Mobile Security! Un nuevo amanecer para la Ciberseguridad

Description
"Para Dios es muy importante que nosotros funcionemos como personas y según Adaptive Mobile Security una empresa dedicada en cuerpo y alma a los temas actuales relacionados con la Ciberseguridad, nos explica que es muy importante que se aseguren
Published
of 9
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  A New Dawn in Security:  Who is Responsible for the Protection of a Nation’s Critical Communications Infrastructure? WHITE PAPER  Setting A New Stage There has been much discussion about the advent of new technologies, the rst 5G deployments 1  and the increasing possibility of connected cities. As a society we are swiftly moving to an interconnected world – one that thrives on speed, connectivity and innovation. A world where new guidelines and regulations are being driven by serious privacy concerns, coupled with the ingenuity of hackers’ and attackers’ determination to circumvent defences currently in place across a multitude of industries.In recent years we’ve witnessed the interception of a heart monitor 2 , the intentional crashing of a self-driving car 3 , children’s toys being turned into remote surveillance devices 4  and millions of people have had their personal identiable information stolen 5 . While we face this new era of connectivity and the endless possibilities that come from humankind’s innovation, we must also address the underlying security concerns and ensure that our privacy and in turn our well-being are protected from the offset. Telecommunications infrastructure is a vital part of the discussion when it comes to reviewing how to best secure National Critical Infrastructure (NCI). In fact, the US Department of Homeland Security outlines the Communication sector as “so vital […] that [it’s] incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” The Energy Sector relies on communications to aid in monitoring and controlling the delivery of electricity; the Financial Services Sector relies on communications for the transmission of transactions and operations of nancial markets; and, the Transportation Systems Sector relies on working communications to monitor and control the flow of ground, sea and air trafc. Mobile networks are considered critical infrastructure and their ensured security is vital to the success of new deployments for years to come. A New Dawn in Security: Who is Responsible for the Protection of a Nation’s Critical Communications Infrastructure? 2 Relies on communications to aid in monitoring and controlling the delivery of electricityReplies on communications to deliver and distribute applications and servicesRelies on communications and transmission of transactions and operations of nancial markets Relies on communications for directing resources, coordinating response, operating public alert and warning systems, and receiving 911 callsRelies on communications to monitor and control the flow of ground, sea and air trafc Critical Infrastructure - At Risk from Cyber Attacks Communications SectorEnergy Sector   Information Technology Sector   Financial Services Sector   Emergency Services Sector   Transportation Systems Sector 1 https://www.adaptivemobile.com/downloads/5g-security-of- things-to-come2 https://money.cnn.com/2017/01/09/technology/fda-st-jude-cardiac-hack/3 https://www.kaspersky.com/blog/blackhat-jeep-cherokee-hack-explained/9493/4 https://www.cnet.com/news/cloudpets-iot-smart-toy-flaws-hacking-kids-info-children-cybersecurity/ 5 https://abcnews.go.com/US/exclusive-25-million-affected- opm-hack-sources/story?id=32332731  AdaptiveMobile Security is the leader in the cyber-telecoms space, working with mobile operators and governments across the globe to protect over 2.2 billion mobile subscribers against increasingly sophisticated cyber-attacks against telecom networks and national critical infrastructure. With unparalleled global scale and visibility through a signicant global footprint, specialising in cloud and in-network security, and with deep expertise in unique threat intelligence extracted through messaging bearers and all signalling protocols, the company has unrivalled experience in addressing the cyber-threat landscape on communications infrastructure. Working with national regulators and mobile operators, AdaptiveMobile Security is strongly qualied to evaluate where the responsibility lies in securing critical infrastructure. This paper will evaluate the importance of identifying key ownership and provide a view on where the responsibility lies for ensuring protection. Ultimately, there are many moving parts and the stage is yet to be set for ensuring the security of the connected future. Cyber-Security and Protecting Against the Future of Warfare Media headlines the world over have been prophesising devastating scenarios from cyber-attacks, and the conversation has turned from what could happen, to real- life updates – ‘Global Hacking Campaign Targets Critical Infrastructure’ 6 ; ‘Critical Infrastructure Still at Risk from Devastating Cyber-Attack’ 7 .This is compounded by industry predictions that the next war will be a cyber-based one – to be waged via “computers, servers and digital weapons”. Dened as “the use of computer technology to disrupt the activities of a state or an organisation, especially the deliberate attacking of information systems for strategic or military purpose”, cyber-warfare threatens our connected future and becomes exceptionally relevant when it’s realised that the underlying telecommunication infrastructure has been vulnerable to attacks for a number of years. As is well-researched and documented, signalling networks using protocols such as SS7, Diameter and GTP are under attack 8, 9, 10, 11, 12  from adversaries and fraudsters, exploiting loopholes in the protocols to breach subscriber privacy, intercept communications, deny access to key services and to directly defraud mobile operators. These signalling attacks have risen to global attention since 2014, and are continuing to increase in sophistication, for example, we’ve recently seen Chinese telecom equipment hacked by another nation state’s security agency to attack the US. In this attack, 3 African countries were used as proxies to hide the true identity of the hacker but also to attempt to lay the blame at another country’s door. The concept of “ trust” on which telecommunications signalling is historically based, is now long redundant.The global interconnected nature of telecommunications networks has undeniably contributed to the rapid development of society overall by enabling cheap, easy, global collaboration and access to shared knowledge resources. At the same time it has provided a headache for some governments whose motivations may be to stifle those who are perceived as a threat to their own political views and agendas, e.g. The “Great Firewall of China.” 13 A New Dawn in Security: Who is Responsible for the Protection of a Nation’s Critical Communications Infrastructure? 3 6 https://www.cnet.com/news/global-hacking-campaign-targets-critical-infrastructure/7 https://www.zdnet.com/article/uk-critical-national-infrastructure-at-risk-from-devastating-cyber-attacks-says-government-report/8 https://www.adaptivemobile.com/blog/measuring-the-diameter-protecting-4g-networks9 https://www.adaptivemobile.com/blog/the-flash-around-the-world-in-0.8-seconds10 https://www.adaptivemobile.com/blog/malicious-data-interception-via-ss711 https://www.adaptivemobile.com/blog/ss7-security-putting-pieces-together12 https://www.adaptivemobile.com/blog/tracking-the-trackers13 https://www.theguardian.com/news/2018/jun/29/the-great- rewall-of-china-xi-jinpings-internet-shutdown  Throughout the course of AdaptiveMobile Security’s experience with working with mobile operators across the world, we continue to see evidence 14  of state-sponsored security probing, intelligence gathering, location tracking, and voice / messaging / data interception against individuals. Telecommunications is an entirely different paradigm now, with vast services running across the networks adding a layer of complexity and complication most governments to date have chosen to overlook. Despite this, a signicant number of telecommunication providers remain relatively open to attack today. In the European Union, the Agency for Network and Information Security (ENISA) published an evaluative report on the state of signalling security in telecoms SS7/Diameter/5G, “EU level assessment of the current situation”, in March 2018. This highlighted that at the time of the report, only 28.21% of responding networks had implemented a signalling rewall to guard against malicious attacks srcinating from the international interconnect points. Our own view of this suggests that national interconnect coverage is signicantly lower in this regard, despite there being irrefutable evidence of security related events occurring on this channel, particularly when robust international link coverage is applied. The report also states that 75% of the responding operators cited complexity and cost as the main issues blocking implementation of advanced countermeasures to signalling exploits – this indicates that there is potentially still a lack of understanding regarding the potential severity of attacks against the network, with losses on a total outage running into the millions, or that there remains scepticism around the actual need for defences/the likelihood of attack. 33% of the respondents also highlighted concerns around legal constraints in implementing security measures and their potential impact on data storage and retention. In contrast however, “not applying proper security measures to protect subscribers against known (sic) signalling attacks might be considered a violation of the Telecom Framework” indicates there is ambiguity in current legislation in this area which is further contributing to the lack of protection beyond the “basic” measures adopted thus far in most european/global operators. The report also states that 75% of the responding operators cited complexity and cost as the main issues blocking implementation of advanced countermeasures to signalling exploits. This undeniably conrms that there is potentially still a lack of understanding regarding the potential severity of attacks against the network, with losses on a total outage running into the tens of millions, or that there remains scepticism around the actual need for defences, or the likelihood of attack.In order to ensure nation’s critical communications infrastructure is protected from continuing cyber-attacks, it is essential to deploy adequate security measures. However, rst we must work out who your enemy is. We know what the challenge is, and we know how to protect against these increasingly sophisticated vulnerabilities; yet, who decides where the protection comes from? Who has the responsibility to ensure a nation’s critical communications infrastructure is secured? 4 14 https://www.itproportal.com/2016/06/13/ss7-protocol-critical-mobile-network-security/ A New Dawn in Security: Who is Responsible for the Protection of a Nation’s Critical Communications Infrastructure?  Proper National Security Strategy There are multiple players who are working to secure critical communications infrastructure through regulation, government mandates and operator’s security measures.It should be noted that the majority of a nation’s key telecommunication infrastructure is essentially divested to private/public companies. Under GDPR, operators now own the subscriber’s data security responsibility, but it’s an open question as to whether they have any responsibility in protecting the actual country in which they operate. An example of this is the United Kingdom, a country in which numerous carriers operate under British but also Spanish and Hong Kong ownership. Spanish telecommunication company, Telefonica, is the owner of O2 in the UK, yet, are they responsible for the security of the national critical communications infrastructure within Great Britain? The issue of national telecommunications infrastructure security is further complicated by the fact that regulators across the globe are often funded or part-funded by mobile operator levies or fees – the very entities that they are supposedly regulating. As recently witnessed in Germany where Deutsche Telekom sued the German Regulator over the 5G auction rules, operators tend to resort quickly to legal action should their protability or influence be in any way challenged.One of the most signicant concerns, both from a national security perspective and for the normal running of an operator’s day-to-day business comes from the potential effects of security weaknesses or defects in the core components that a network is made up from. In a previous intelligence report 15 , we highlighted the case of an unauthorised penetration test which caused total loss of service for subscribers in Norway after one of the tests inadvertently revealed a previously unknown flaw in one of the core network infrastructure components. These types of issues are of particular relevance if the equipment vendor is based in a foreign country (as is most often the case), and where the nation state of that vendors home may be at odds with the nation hosting the communications network. A New Dawn in Security: Who is Responsible for the Protection of a Nation’s Critical Communications Infrastructure? 5 15 https://www.adaptivemobile.com/downloads/shielding- the-core
Search
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x