Exploring ETSI’s work on network & user security

As we move towards a world of “everything connected”, the security threats facing both users and telcos are growing rapidly. As devices and apps continue to proliferate, highly dynamic and sophisticated cyber threats are evolving.

Against a backdrop of advancing technologies and security legislation, service providers from across the ecosystem are working to ensure security of networks and product and service development.

Standards are being developed but systems do not always fully conform and operators need to stay up to date with the latest standards to stay one step ahead of any security breach.  As part of their standard work ETSI released their latest white paper for security ICT this June 2015, it offers a great  overview of ETSI’s latest work and of particular interest are the areas of IoT, NFV and of course TC Cyber.

security

IoT Security

In the world of IoT the ETSI TC SmartM2M group is focusing on the security of energy infrastructures and the interoperability of smart appliances, while responsibility for the development of new features to support M2M and IoT lies with oneM2M. The oneM2M specifications are developing mechanisms for mutual authentication, key agreement and optional secure connection establishment between the Service layers of the Devices/Gateways and the supporting M2M network infrastructure.

Of key focus at the moment are the complex challenges arising from distributed “many to many” dynamic IoT security scenarios. This will be among the issues touched by Christopher Peylo, VP Cross Domain Middleware, Deutsche Telecom at the Broadband World Forum, as he discuss the paradigm shift required to  address the security challenges represented by IoT and how operators are preparing themselves.

Virtualization Security Implications

 Another key area of focus are the security challenges of moving to a virtualised, software network and ETSI’S ISG NFV-SEC group are currently working to quantify and qualify the risks of NFV and to identify strategies and models for giving assured security to the future.

The standard body’s aim is to work with open source groups to drive both standards and open source closer together without losing the strengths of either approach. Roshan Daluwakgoda, Senior Director – Managed Services Design, Du will be addressing these very issues as he discusses the security challenges as telecoms move towards virtualized and cloud based infrastructure.

Cyber Security

 Virtualization also directly impacts cyber security with virtualised functions presenting a new challenge as the conventional thinking of function mapped to specific hardware is broken.  ETSI’s TC CYBER group are looking at the implications of virtualization along-side their work to develop appropriate standards to increase privacy and security for organizations and citizens across Europe.

Marc van Kasteren, Team Lead Strategy & Policy, KPN,  Claudia Selli, E.U. Affairs Director, AT&T and David Rogers, Mobile Technology, Cyber Security & Standards, Copper Horse Solutions will be leading a debate on how these standards will impact user security and on where responsibility for user security lies.

Mobile Security

And of course, outside of ETSI’s remit, we must not forget the specific challenges of mobile networks. There are issues around the physical security of the LTE infrastructure as a lot more of the intelligence is with the eNode(B). There is also the difficulty in managing a mixed network from different vendors, which produce security and certificate management challenges.

And small cells represent a challenge as their security levels are open to hackers.

Planning for the Future

As the telecom networks are undergoing so much change it is imperative that security thinking evolves with them. Network and user security is shooting up operators’ priority lists which is why for the first time, we have dedicated a whole day of Broadband World Forum to the new security challenges and how are they being addressed by service providers

Full details of the ETSI 2015 white paper can be found at:
http://www.etsi.org/images/files/ETSIWhitePapers/etsi_wp1_security-201506.pdf

3GPP Security specifications can be found at
http://www.3gpp.org/specifications-groups/sa-plenary/sa3-security

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s