A minimal checklist for hardening (securely configuring) and optimization of a WordPress…
Telco Network Elements Security
The telco network elements security, particularly the new 5G networks, is a major concern for European institutions and the rest of the world. It is critical to evaluate and ensure the integrity of Public Communications Networks or Publicly Available Electronic Communications Services. This article provides an overview of the relevant European regulations, as well as some recommendations for securing these devices and complying with these regulations. Keywords: 5G, 4G, Network Elements, Security, Privacy, Embedded Systems, Telecommunication. This article is also available on my LinkedIn profile, which you can find here.
European Regulation and Recommendations
With Directive 2009/140/EC [1], the European Parliament and Council updated the previous Common Regulatory Framework for Electronic Communications Networks and Services, requiring Member States to take appropriate technical and organizational measures to manage the risks posed to the security of public communications networks or publicly available electronic communications. Member States transpose and implement directives into national legislation, and in the event of violations of national provisions implemented in accordance with these and other specific directives, dissuasive sanctions and sanctions are applied. The directive focused on two main goals that Member States were to achieve through their Telecommunications Operators and the National Regulatory Authority:
- Ensure the integrity of their telecommunications networks.
- Notify the competent national regulatory authority and ENISA of breaches of security or loss of integrity that have had a significant impact on the operation of telecommunications networks or services.
- Ensure the integrity of their telecommunications networks.
- Notify the competent national regulatory authority and ENISA of breaches of security or loss of integrity that have had a significant impact on the operation of telecommunications networks or services.
In line with the directive, the European Commission recognized on 26 March 2019 that:
- 5G network technologies are a major enabler for future digital services and will form the backbone for a wide range of services essential for the functioning of the internal market and the maintenance and operation of vital societal and economic functions – such as energy, transport, banking, voting, health, and industrial control systems.
- The dependence of many critical services on 5G networks would have particularly serious consequences for systemic and widespread disruption. As a result, ensuring cyber-security for 5G networks is a strategic issue for the Union at a time when cyber-attacks are on the rise and are more sophisticated than ever.
- Any significant vulnerabilities and/or cyber-security incidents involving 5G networks occurring in one Member State would have an impact on the Union as a whole due to the interconnected and transnational nature of the infrastructures.
- Ensuring European sovereignty should be a key objective, with full respect for Europe’s values of openness and tolerance and an increasing extra-European technological presence in the Union as a security threat.
- Addressing cyber-security risks in 5G networks should take into account technical factors such as vulnerabilities that may be exploited to gain unauthorized access to information (cyber espionage, whether for economic or political reasons) or for other malicious purposes (cyber attacks aimed at disrupting or destroying systems and data). Important aspects to be considered should be the need to protect networks throughout their entire life cycle and the need to cover all relevant equipment, including in the design, development, procurement, deployment, operation, and maintenance phases of 5G networks.
The European Commission has also adopted recommendation No. EU/2019/534 for cyber-security of 5G networks, which oblige Member States and telecommunications operators to:
- Conduct a risk assessment of the 5G network infrastructure, including the identification of the most sensitive elements where security breaches would have a significant negative impact.
- Update the security requirements and risk management methods applied to 5G networks.
- Ensure the security of sensitive parts of the networks and provide relevant information to the competent national authorities on planned changes to the electronic communications networks and requirements.
Network infrastructure devices and elements are ideal targets for malicious cyber players because most or all of the organizational and customer traffic needs to pass through them and because they are often easy targets since:
- Antivirus, integrity-maintenance, and other security tools that help protect general-purpose hosts are either unavailable or not easy to run.
- Manufacturers build and distribute these network devices with usable firmware and services for ease of installation, operation, and maintenance.
- Telecommunications Operators often do not change vendor default settings, harden them for operations, or perform regular patching.
- Telecommunications operators often overlook network devices when they investigate, search for intruders, and restore general-purpose hosts after cyber intrusions.
Conclusions
The security of telecommunication networks, particularly the new 5G networks, is a major concern for European institutions and the rest of the world. It is critical to evaluate and ensure the integrity of Public Communications Networks or Publicly Available Electronic Communications Services. This article provides an overview of the relevant European regulations, as well as some recommendations for securing these devices and complying with these regulations.
References
[1] Directive 2009/140/EC, European Parliament and of the Council, 2009.
[2] Embedded Systems Security, Andrea Desantis, 2020.
Related Posts
This article discusses the role of Business in Cybersecurity and how they…
Security vulnerabilities can provide valuable knowledge for business, technical and operational decision-making…
Comments (0)