As we move towards a world of “everything connected”, the security threats facing both users and telcos are growing rapidly. As devices and apps continue to proliferate, highly dynamic and sophisticated cyber threats are evolving.
Against a backdrop of advancing technologies and security legislation, service providers from across the ecosystem are working to ensure security of networks and product and service development.
Standards are being developed but systems do not always fully conform and operators need to stay up to date with the latest standards to stay one step ahead of any security breach. As part of their standard work ETSI released their latest white paper for security ICT this June 2015, it offers a great overview of ETSI’s latest work and of particular interest are the areas of IoT, NFV and of course TC Cyber.
In the world of IoT the ETSI TC SmartM2M group is focusing on the security of energy infrastructures and the interoperability of smart appliances, while responsibility for the development of new features to support M2M and IoT lies with oneM2M. The oneM2M specifications are developing mechanisms for mutual authentication, key agreement and optional secure connection establishment between the Service layers of the Devices/Gateways and the supporting M2M network infrastructure.
Of key focus at the moment are the complex challenges arising from distributed “many to many” dynamic IoT security scenarios. This will be among the issues touched by Christopher Peylo, VP Cross Domain Middleware, Deutsche Telecom at the Broadband World Forum, as he discuss the paradigm shift required to address the security challenges represented by IoT and how operators are preparing themselves.
Virtualization Security Implications
Another key area of focus are the security challenges of moving to a virtualised, software network and ETSI’S ISG NFV-SEC group are currently working to quantify and qualify the risks of NFV and to identify strategies and models for giving assured security to the future.
The standard body’s aim is to work with open source groups to drive both standards and open source closer together without losing the strengths of either approach. Roshan Daluwakgoda, Senior Director – Managed Services Design, Du will be addressing these very issues as he discusses the security challenges as telecoms move towards virtualized and cloud based infrastructure.
Virtualization also directly impacts cyber security with virtualised functions presenting a new challenge as the conventional thinking of function mapped to specific hardware is broken. ETSI’s TC CYBER group are looking at the implications of virtualization along-side their work to develop appropriate standards to increase privacy and security for organizations and citizens across Europe.
Marc van Kasteren, Team Lead Strategy & Policy, KPN, Claudia Selli, E.U. Affairs Director, AT&T and David Rogers, Mobile Technology, Cyber Security & Standards, Copper Horse Solutions will be leading a debate on how these standards will impact user security and on where responsibility for user security lies.
And of course, outside of ETSI’s remit, we must not forget the specific challenges of mobile networks. There are issues around the physical security of the LTE infrastructure as a lot more of the intelligence is with the eNode(B). There is also the difficulty in managing a mixed network from different vendors, which produce security and certificate management challenges.
And small cells represent a challenge as their security levels are open to hackers.
Planning for the Future
As the telecom networks are undergoing so much change it is imperative that security thinking evolves with them. Network and user security is shooting up operators’ priority lists which is why for the first time, we have dedicated a whole day of Broadband World Forum to the new security challenges and how are they being addressed by service providers
Full details of the ETSI 2015 white paper can be found at:
3GPP Security specifications can be found at