Page 87 - Cyber Defense eMagazine December 2023
P. 87
locations, intercept calls, and read text messages. While SS7's widespread use in global
telecommunication infrastructure raised concern, today there is a pressing need for more than basic
‘baseline’ security measures. The fact that even Diameter, the more secure successor to SS7 used in
4G and 5G networks, has shown substantial susceptibility to exploitation by attackers, creates a growing
imperative not only for multi-protocol signaling protection but for continuously optimized security
measures in the face of determined and sophisticated threat actors.
Operator blind spots and the need for better regulation
Not only are basic baseline security measures no longer enough, but there is now an urgent need for
evolved incident reporting requirements to incentivize and prompt action by operators. Current regulatory
frameworks often lack the scope and efficacy to capture the societal impacts of signaling-related incidents
and threats. This is because in any single instance, signaling threat events are often comparatively low
in volume and non-disruptive in nature, and yet when executed by state-level threat actors can be
sufficient to jeopardize national security. Moreover, the resultant data breaches can also add up over
time to a very high volume of impacted users yet without any single event meeting the typical reporting
threshold for incident notification by operators. This gap in national frameworks can allow extended attack
campaigns to go undetected, simply not being ‘on the radar’ of operators, regulators, or national cyber
agencies. Accordingly, regulatory frameworks must be updated and informed by a suitably evolved
approach to defining significant impacts and security incidents. This may serve as the catalyst for fit-for-
purpose telecom security and comprehensive cyber resilience.
Where operators find themselves ill-equipped to detect and counteract threats involving mobile signaling
the deficiency isn't merely a result of inadequate protection but also stems from a systemic lack of
awareness and prioritization in the industry as a whole. While compliance is essential, it's equally crucial
for operators to possess the capability to identify and respond to threats proactively. This has the added
potential to facilitate threat information sharing among the telecoms security community, which has been
called for for many years, but which has progressed very little. Since the first line of defense is threat
visibility, regulators and government more broadly have a crucial role to play in enabling operators to
address the security blind spot presented by signaling, by ensuring that control plane threats to data
confidentiality and integrity, as well as availability, are made visible. With the right support for capability
development where needed, countries can close this critical gap and fortify the cyber resilience of their
mobile telecom networks.
What’s next?
The vulnerabilities in telecom signaling are not just technical challenges; a broader call to action
throughout the entire telecommunications ecosystem must be heeded. As digital threats grow in
sophistication, the need for a strategically aligned, mission-oriented response becomes paramount. The
future of telecom security hinges on transcending traditional boundaries and fostering collaboration
among operators, regulators, and the greater cybersecurity stakeholder community. By embracing a
Cyber Defense eMagazine – December 2023 Edition 87
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
