Get your phone network security right, or else
There’s been big news on the telco security front in the past week, with mobile and fixed operators now facing big daily fines if they continue to be care-free with their customers’ data. Business technology journalist Antony Savvas looks at the growing threat to communications service providers’ (CSPs’) bottom line.
According to the modified UK Telecommunications (Security) Act (TSA), companies are now subject to fines of up to 10% of their annual turnover or £100,000 (€115,700) per day, if they do not fully protect their customer networks. Given that telcos are already subject to the European Union’s GDPR (General Data Protection Regulation) law, the UK government is obviously concerned that more needs to be done to ensure phone networks are properly secured.
It’s a governmental trend in the phone protection space, given the US government’s lead in ensuring that many developed countries lock out Huawei and other Chinese companies from their 5G telecoms market, over claimed potential “spying” threats. The likes of Nokia, Ericsson, Samsung and NEC have benefited from that decision, but when it comes to deploying specific security capabilities, telcos can’t simply change to a government-approved supplier, they have to pay for them.
The new UK security demands suggest telcos aren’t doing enough to properly secure their networks, and other countries could well consider bringing in similar rules.
Telcos have previously been left to decide on what network security is appropriate for their business, pretty much like any other organisation. But with phone networks now seen as a prime way for miscreants or hostile states to severely dent a national economy or its political system, the UK’s move is perhaps predictable. Indeed, in the UK government’s Telecoms Supply Chain Review, published in 2019, it was argued that “providers often have little incentive to adopt the best security practices”.
“We know how damaging cyber attacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life,” says digital infrastructure minister, Matt Warman. “We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes, which secures our communications against current and future threats.”
A deep understanding
The regulations, developed by the UK National Cyber Security Centre and national regulator Ofcom, will oblige mobile operators and internet service providers (ISPs) to protect data processed by their networks and services, and secure the critical functions that allow them to be operated and managed; and protect software and equipment used to monitor and analyse their networks and services.
They must also have a “deep understanding” of their security risks and the ability to identify rogue activity when it is taking place, with regular reporting to internal boards. In addition, they have to take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services, to help enhance security further.
You would have thought most of this was being done already, but with the increasing complexity of modern networks, and the number of third party suppliers being used to make sure services are delivered and continue to be, there’s nothing like hefty fines to try and ensure everything is done properly.
Dan Middleton, vice president for the UK and Ireland at cloud data management firm Veeam, says of the new rules, “While previously telcos were responsible for their own security standards, these new regulations draw attention to the need for more investment into cyber security by telco companies, and gives Ofcom the right to fine those that fail to comply.
“One way to deliver better data protection within the industry is to have a full business continuity strategy, which will include resilience measures and backup and disaster recovery plans, to give telcos the ability to recover data and continue their operations as usual in the event of an attack.”
TechMarketView analyst, Simon Baxter adds, “With internet availability critical to both businesses and home workers, any downtime can cause significant disruption and business loss. Such regulations are an important step in securing our digital supply chains and making organisations more resilient in the face of increasingly sophisticated cyber attacks.”
As operators look at improving their security, satellites are increasingly proving to be invaluable in widening their customer reach. Satellite IoT (Internet of Things) specialist, Wyld Networks has signed a strategic partnership with Swiss-based IoT sensor provider Miromico. Miromico will help Wyld with the design, engineering and manufacture of its next generation of low-power, sensor-to-satellite LoRaWAN (low power, long range network) terminals and modules, designed for IoT applications across areas where there is little or no existing connectivity.
Wyld Connect hybrid devices can transfer data directly to terrestrial networks or through a network of low earth orbiting (LEO) satellites. Miromico will resell Wyld Connect devices and satellite services. Wyld will promote and resell Miromico sensors globally, and integrate them in complete end-to-end, sensor-to-satellite solutions.
“Wyld is at the forefront of new sensor-to-satellite technology, which is set to massively transform the IoT market, currently being held back by the lack of global connectivity,” says Marcel Wappler, chief technology officer at Miromico.
Wyld is already working on commercial data trials of its sensor-to-satellite service with customers and partners, including the likes of Chevron, DFM Technologies, DEWA, Senet and American Tower.
The scent of Musk
T-Mobile US is also getting in on the satellite extended footprint act by climbing into bed with the world’s richest man. Elon Musk’s SpaceX has signed a LEO satellite constellation connectivity deal with the telco, that promises to plug mobile coverage gaps across the US mainland and its territories.
The deal will see T-Mobile customers able to receive Starlink internet services directly to their existing devices, from anywhere where they can see the sky, whether on land or sea. While texts and other messaging services will initially be available, the plan is to eventually extend the connectivity to full voice and data services, and to other areas of the world through future roaming agreements.
“It is about solving the biggest pain point in the over-40-year history of our industry,” says T-Mobile US CEO, Mike Sievert. “This partnership has a vision that is the end of mobile dead zones.”
While high-speed 5G roll-outs and their resulting new services will continue to grab the headlines, security and reliable connectivity are set to be continuing issues.
The author is Antony Savvas, a global freelance business technology journalist.