Cybersecurity threats in telecoms require protection of network infrastructure and availability

Telecommunications companies have become an attractive target for attackers, as their networks can be used as a back door to other organizations, thereby making it attractive for cybercriminals to gain unauthorized access. These telecoms networks are also used to build, control and operate other critical infrastructure sectors, including energy, information technology, and transportation systems. Given the interconnected nature of telecom networks between critical infrastructure sectors, organizations need to focus on safeguarding network infrastructure and enabling network availability for critical infrastructure communication.

Telecoms face mounting threats due to various factors, such as the absence of technical knowledge, use of legacy systems, presence of sensitive information, inadequate password security, and increasing threat landscape. Operators are also transforming themselves from network infrastructure companies to cloud service companies to improve efficiencies in business operations, roll out new services and applications, and store and distribute content. As telcos are often a gateway into multiple businesses, threats can either target a specific telecom company, its third-party providers, or the subscribers of a telecom service. These attacks can come in various forms.

Trend Micro disclosed that telecoms have a larger cyber-attack surface than most enterprises, often stretching from their base station infrastructure to call centers and home workers’ laptops. The surface area provides ample opportunity for threat actors looking for customer or organizational data, trying to hijack customer accounts, or seeking to disrupt services via DDoS (distributed denial of service) and ransomware. Furthermore, supply chain providers, cloud services, IoT systems and new infrastructure needed to support 5G and network slicing create additional risk.

Industrial Cyber reached out to experts in the telecoms sector to examine the key factors that make the communications sector vulnerable to cyber attacks. They also weigh in on the unique challenges that the communications sector faces when it comes to securing and safeguarding its OT/ICS environments.

Teresa Cottam, the chief analyst at Omnisperience, told Industrial Cyber that in the past, where security was considered in telecoms the focus tended to be how it affected performance – such as minimizing DDoS traffic and attacks. “More recently, as everything has become more interconnected and the threat landscape has evolved, cyberattacks specifically against telecoms firms have increased,” she added.

Cottam pointed out that ultimately four challenges stand out – complexity, exposure, volume and variety, and cost.

On complexity, Cottam said that each individual ‘network’ actually comprises several generations of technology with some of it being decades old, and it might include fixed, mobile, and even satellite infrastructure. “Moving data from one side of the world to another requires multiple networks, each owned by a different company with a different risk profile. The move from 4G to 5G introduces even more complexity. In the 5G era, cloud, data, and IoT are combined – increasing security risks. Breaches now have a company-wide impact from production through supply chains and logistics to corporate systems,” she added.

Cottam also added that “when you consider how much equipment is in public places it’s actually surprising it’s not attacked more often. Malign actors don’t even need to mount a cyberattack, they can simply vandalise equipment to target specific regions or industries.”

Elaborating on volume and variety, Cottam said that the sheer volume of endpoints is staggering and continually increasing. “IoT has already massively increased the number of endpoints and will continue to do so. Many of these so-called smart objects aren’t very smart and are highly vulnerable. Many of the most vulnerable devices are in the home, but wherever they are, each device has the potential to inject malign traffic into the network,” she added.

On cost, Cottam said that the cost of securing a network end-to-end is significant and the reality is that telecoms firms and their customers are having to continually juggle risk versus security.

Turning the question around, Grant Lenahan, partner and principal analyst at Appledore Research, said that one of the huge transitions underway is from fundamentally private data centers and networks to outsourced or managed, secure networks that interconnect distributed enterprise to their digital partners, remote employees, public cloud, and SaaS facilities. Therefore, there is a blurring of public and private targets.

“We certainly can look at those who attack public networks because of the private data and traffic. We can also look at those who attack not an underlying enterprise target per se, but the network infrastructure itself,” Lenahan told Industrial Cyber. “These attacks, rather than going after specific data, or intended either to disrupt, for example, terrorism or to gain control that can later be used to target intellectual property the transit to the network. The very fact that public networks are public, complicates securing them.”

On the other hand, Lenahan added that there is scale and scope, allowing for concentrations of security expertise and automated protections, that might not be possible or affordable by individual enterprises. “We have spent hundreds of pages covering this seismic shift in our security research stream. Some readers might be interested in consulting it,” it added.

Andrei Elefant, CEO of EdgeHawk Security told Industrial Cyber that the key factors that make the communication sector vulnerable to cyber attacks are that the CSPs (communication service providers) face multiple and large attack surfaces. They also have a limited security budget and have to prioritize the security measures they take compared to the cost and priorities.

He also added that security expertise in CSPs is limited. “The various types of attack scenarios, attack methods, the type of data and systems that need to be protected are huge. CSPs cannot build expertise in all the required security domains and have to prioritize focus areas. The CSPs are defined as critical infrastructure and are frequently a target of Nation State Actors, which means higher expertise and more budget on the attackers’ side.”

Elefant added that these challenges are even more noticeable when it comes to protecting the OT/ICS environment. “Attack surfaces grow exponentially with the growth in the number and variety of the endpoints. Many of the OT endpoints have limited inherent protection capabilities (due to resources limitation, legacy devices, etc.,), which means they can be a perfect attack surface to harm CSPs or penetrate their networks. In many cases, these devices are being exploited for DDoS attacks, as they are available in masses with limited protection.”

Addressing ​​the essential components that make cybersecurity in telecoms a vital and fundamental part of protecting the telecommunications landscape, as it also serves much of/all the other critical infrastructure sectors, Cottam said that not having complete visibility of the complexity of the telecoms landscape is one of the biggest challenges. “For example, there could be vulnerabilities in equipment and devices – which is often the focus of analyst reports – but equally there can be vulnerabilities in core processes which were put in place decades ago and haven’t been updated,” she added.

Cottam identified that a typical attack occurs by a criminal convincing the telecoms firm they are the customer and want to move to a new provider. “The telecoms firm – often with only minimal checking – provides the ‘customer’ with the means to do so. In the UK the system is designed to make it as easy as possible for the customer to do this, which also makes it easy for criminals. Such an attack against employees is bad; now consider it targeted at IoT devices. This is a great example of how cybersecurity often focuses on securing equipment (endpoints) but ignores vulnerable processes,” she added.

“Many countries have acted to secure number portability and in this respect, the UK is particularly vulnerable as its current system is so old-fashioned and inefficient,” according to Cottam. “Another problem this causes for IIOT is that the UK system also struggles to port large volumes of numbers such as would need to happen with a large corporate or IoT customer. This has the potential of decreasing competition in the connectivity part of the market since it’s a blocker to switching operators.”

Lenahan said that he doesn’t “believe we need to emphasize how important telecom infrastructure is. Not only is it critical infrastructure and it’s all right, but it is often the control plane for other infrastructure such as water, gas, electricity, emergency services, and many other essential components of both private public, and industrial life. It is, what’s on call, a target rich environment. That said, let’s look at what success looks like,” he added.

Elefant said that the CSPs are becoming a part of the critical infrastructures in any state. “National defense strongly relies on communication availability on the state level, in addition to the fact that these networks provide essential communication infrastructure to many other critical infrastructure facilities,” he added.

The essential components needed to keep CSPs networks available and reliable focus on two main aspects, according to Elefant. “Protecting the network infrastructure from unauthorized access and malicious attacks. This includes implementing firewalls, intrusion detection and prevention systems, and other security measures to prevent unauthorized access.”

He also pointed to protecting network availability for critical infrastructure communication by identifying and blocking attempts to saturate the network and accessibility to specific applications/devices using DDoS attacks.

The telecoms industry has had to reconsider its cybersecurity protocols in light of the digitization and incorporation of Industrial Internet of Things (IIoT) technologies. The executives looked into the main threats posed by increased connectivity techniques and how this shift affects the cybersecurity posture of these communication companies.

Cottam said that often today’s IIoT devices use the same networks as other systems, which presents a double-edged risk. “If a criminal can compromise an IIoT device they could use this as an access point to corporate systems; if they compromise corporate systems or user devices they can hijack IIoT devices. Again, this speaks to the interconnectedness of networks and often the poor understanding of how criminals can utilise connections and access points to compromise industrial customers.”

“The main concerns from customers include exposure of their data, compromised network equipment, attacks on devices and network signaling, as well as creating a gateway for further attacks. Network segmentation is a useful technique to limit the scope of such attacks,” according to Cottam. “Reliable security frameworks are built into 3GPP standards to ensure 4G and 5G cellular connections are secure. But as we move to 5G a range of new exciting techniques are also delivered.”

Another technique is to utilize private networks – effectively campus networks within a factory or industrial complex with limited connections to the public network but complex connections within the private network, Cottam said. “Connectivity is only provided to authorised devices (more secure than WiFi, as it can be based on SIM authentication) and data is processed on-site,” she added.

“The simplest way to look at this is that complexity is increasing dramatically in enterprise networks. There will be an order of magnitude more endpoints; applications and data will reside in various clouds; and dynamically changing ecosystems of digital trading partners will continuously evolve,” Lenahan said. “This implies a complex network that crosses ownership boundaries, and is constantly changing.”

Lenahan noted that the only apparent constant throughout this ‘web’ is the telecom CSP that undertakes end-to-end connectivity, orchestration, and in our view, security. “This is a huge opportunity for our industry. However, it also means we need to think completely differently about security. It cannot be a separate island; it must be integrated into network automation. Furthermore, it must be automated, something tacos in security professionals have long been uncomfortable with,” he added.

Elefant identified some of the threats brought by these increased connectivity techniques, including increased attack surface, unsecured devices, protocol vulnerabilities, and DDoS attacks. With “the exponential increase in the number of connected devices, the attack surface of the network has increased, creating more opportunities for malicious actors to gain unauthorized access to the network. Many IoT devices are not designed with security in mind, and may have weak passwords, unpatched vulnerabilities, or lack encryption, making them easy targets for attackers.”

He also pointed out that IoT devices often use proprietary protocols, which may have vulnerabilities that are not well understood and are difficult to patch. IoT devices can be easily compromised and used to launch DDoS attacks, overwhelming the network with traffic and causing availability issues.

Elefant highlighted that the new threats have led to a shift in the cybersecurity posture of CSPs. “Implementing more strict network segmentation, both on their infrastructure and also as a service to their customers. Specifically for the IIoT environment, access control services, delivered by the CSPs, are being applied on a larger scale. Protecting the network from DDoS attacks on the edge and access points became a mandatory consideration. Additionally, there is a need to continuously monitor and assess the security of the network edge and access as more attacks may come from exploited devices connected to the network.”

Like other critical infrastructure sectors, the communications sector has also faced mounting cybersecurity rules and regulations in recent times. The executives address how the communication sector responded to the increase in cybersecurity regulations for critical infrastructure owners and operators, as well as analyze the impact these initiatives have had in enhancing reporting procedures and improving the cybersecurity posture of the telecoms sector.

Cottam said that one of the biggest challenges stems from the ‘democratisation’ of IoT. “As it becomes the norm in manufacturing supply chains, smaller and newer industrial firms are drawn in or adopt IoT to increase their efficiency. These firms often don’t fully understand the importance or complexity of securing their IoT devices and lack the budget and expertise in-house,” she added.

Another challenge is that many enterprises deploy and secure IoT from an IT perspective, according to Cottam. “Traditional IT security largely focuses on end-point and perimeter security. But with hundreds of thousands of IoT endpoints and more permeable boundaries, the emphasis has to shift to securing and managing the network rather than trying to put security into every device – not all of which are designed to be secured,” she added.

“Likewise, while cellular IoT is reasonably secure – and that based on 5G even more so – it is not unhackable. IoT network security isn’t just about securing the network either, it’s about network-based security that can monitor all the connected objects, processes, and applications,” Cottam said. “Neither is it just about hackers anymore. Nation states, protestors, and terrorists are just as likely to want to attack critical infrastructure and their objectives are different and their budgets and expertise are huge. While there has been much talk of bringing together IT/OT/IoT into a single process to make it more manageable and auditable, the risk is that the complexity and volume become overwhelming.”

Lenahan said that details on how telcos are handling critical infrastructure security are hard to get, and in my opinion, rightly so. “That said, we can see many trends in the industry to prepare telecoms to not only be more secure on its own but to be in a good position to secure infrastructure for others. Some things are as simple as the collaborative work in the MEF, on secure transport services — or the transport service in security or considered as one. Similarly, the managed services, with security at their core, that many leading telcos are offering to their enterprise clients, can be applied to protecting public and shared infrastructure as well,” he added.

“One thing we believe they must change is that these ‘managed’ services, which, by definition, are semi-custom, must become more standardized products,” according to Lenahan. “We say this because that is the only way telcos can afford to invest in the level of automation that will truly illuminate errors and omissions and stay ahead of the bad actors. It’s simply a matter of operating a process at scale and concentrating one’s fire, so to speak.”

The CSPs responded in various methods to address the increase in cybersecurity regulations for critical infrastructure, Elefant said. “Increase in network segmentation to protect critical infrastructure, the CSPs designed their networks in a way they can segment their network based on the type of service they need to deliver. Applying more protection capabilities at the edge of the network to protect the network from threats that may come from the access side, in addition to more traditional protection methods they apply on the network core,” he added.

Elefant also suggested adding more secure communication channels, like segmentation and encryption for critical elements, such as the control plane, and adding more monitoring tools to identify security risks in real time. “These initiatives help CSPs to identify security threats in real-time and apply faster response and mitigation, leveraging the new control points, mainly at the edge of the network,” he concluded.

References:

https://industrialcyber.co/features/cybersecurity-issues-in-telecoms-sector-call-for-protection-of-network-infrastructure-and-availability/

https://industrialcyber.co/features/cybersecurity-issues-in-telecoms-sector-call-for-protection-of-network-infrastructure-and-availability/

https://www.trendmicro.com/en_se/research/22/b/the-telecoms-cyber-threat-landscape-in-2021.html

https://www.enisa.europa.eu/news/enisa-news/cyber-threat-warnings-the-ins-and-outs-of-consumer-outreach

Cybersecurity to be a top priority for telcos in 2023

IEEE/SCU SoE Virtual Event: May 26, 2022- Critical Cybersecurity Issues for Cellular Networks (3G/4G, 5G), IoT, and Cloud Resident Data Centers

 

Cybersecurity to be a top priority for telcos in 2023

Telecom has always been susceptible to cyberattacks and data breaches.  With increasing deployment of IoT devices, attackers will have more opportunities to obtain our data as more gadgets are connected to our network.  OpenRAN, with many more exposed interfaces, widens the attack surface for bad actors.

Different security risks brought on by 5G will leave the sector open to cyberattacks. To strengthen security surrounding connected devices, cloud systems, and the networks that connect them, telecom operators must invest in implementing stringent cybersecurity measures because there is a significant amount of sensitive data dispersed across intricate, private, and private networks.

According to Gartner, there will be 43 billion IoT-connected devices by the end of 2023. For those in charge of cybersecurity, it’s necessary to keep in mind IoT devices, such as smartwatches or human-wearable biometrics, monitoring systems, robotics, alarm systems, sensors, IT devices, and industrial equipment. IoT security is essential as more telecoms embrace the industry and implement these devices in their networks because they can remotely access base stations and data centers.

Finally, enterprises deploying SD-WANs and other private or virtual private networks. In particular:

  • Secure Access Service Edge (SASE) combines network security functions (such as SWG, CASB, FWaaS and ZTNA), with WAN capabilities (e.g. SD-WAN) to support businesses’ secure access needs. Previously, security for SD-WAN was an open, unresolved issue.
  • Secure Service Edge (SSE) is the security components of SASE focusing largely on the cloud access security broker, secure web gateway, and zero-trust network access products to enable secure use of the internet and cloud services for a hybrid workforce working from anywhere,”  said Gartner analyst Charlie Winckless.

Dell’Oro group July 2022 report found that the SSE market grew 40% year-over-year to more than $800 million in the first quarter.  A December report noted that SSE  achieved its tenth consecutive quarter of sequential revenue expansion in 3Q-2022. Dell’Oro’s Director of Network Security, SASE, and SD-WAN Mauricio Sanchez said the strong growth is a testament to more enterprises preferring cloud-delivered security over traditional on-premises solutions.  Sanchez told SDX Central:  “The growth factors that have existed largely since the pandemic started are still with us.  That’s the shift to hybrid work, the shift of workloads to the cloud, and the importance of the digital experience.”

References:

https://insidetelecom.com/a-look-at-the-telecommunication-industry-trends/

Summary of EU report: cybersecurity of Open RAN

IEEE/SCU SoE Virtual Event: May 26, 2022- Critical Cybersecurity Issues for Cellular Networks (3G/4G, 5G), IoT, and Cloud Resident Data Centers

U.S. cybersecurity firms seek tech standards to secure critical infrastructure

Enterprises Deploy SD-WAN but Integrated Security Needed

Have we come full circle – from SD-WAN to SASE to SSE? MEF’s SD-WAN and SASE standards

FBI and MI5 Chiefs Issue Joint Warning: Chinese Cyber Espionage on Tech & Telecom Firms

Chinese government-backed hackers have attacked major telecom businesses throughout the world in a cyber-espionage effort that has lasted at least two years and has successfully compromised at least 13 telecommunications groups.

In a recent advisory, the FBI, NSA and CISA stated that hackers linked to the People’s Republic of China (PRC) had targeted and hacked major telecommunications businesses by exploiting simple and well-known network and system vulnerabilities.

According to the report, Chinese espionage is often initiated with hackers surveying target networks and exploring the manufacturers, models, versions, and known vulnerabilities of routers and networking equipment using open-source scanning tools such as RouterSploit and RouterScan. The Chinese government consistently disputes charges of hacking.

The heads of the FBI and Britain’s domestic security service have just issued sharply worded warnings to business leaders about the threats posed by Chinese espionage, especially spying aimed at stealing Western technology companies’ intellectual property.

In a rare joint appearance on Wednesday July 6th at the headquarters of MI5 in the UK, Christopher Wray, director of the Federal Bureau of Investigation (FBI), and Ken McCallum, director-general of MI5, urged executives not to underestimate the scale and sophistication of Beijing’s campaign.

“The Chinese government is set on stealing your technology—whatever it is that makes your industry tick—and using it to undercut your business and dominate your market,” Mr. Wray told the audience of business people.

“They’re set on using every tool at their disposal to do it.” China uses state-sponsored hacking on a large scale, along with a global network of intelligence operatives in its quest to gain access to technology it considers important, Messrs. Wray and McCallum said.

“The Chinese government poses an even more serious threat to Western businesses than even many sophisticated business people realize,” Mr. Wray added.

PHOTO CREDIT: DOMINIC LIPINSKI/ASSOCIATED PRESS

“We want to send the clearest signal we can on a massive shared challenge—China,” Mr. Wray said in his appearance with his U.K. counterpart. Tackling the threat is essential, he said, “if we are to protect our economies, our institutions and our democratic values.”

“The most game-changing challenge we face comes from the Chinese Communist Party,” Mr. McCallum said. “It’s covertly applying pressure across the globe. This might feel abstract, but it is real and it is pressing.”

China is engaged in “a coordinated campaign on a grand scale” that represents “a strategic contest across decades,” Mr. McCallum said. “We need to act.”

While American law enforcement and intelligence officials have been warning about the problem for years, it is a far more recent phenomenon for British security officials, who until last year made few public comments about the Chinese threat.

MI5 is running seven times more investigations involving Chinese espionage than it did in 2018, and plans to double the current number in the coming years, Mr. McCallum said.

…………………………………………………………………………………………………………………………………………

The statement from the American security agencies did not name the victims of the hacking, nor did it specify the extent of the damage. However, US authorities did list specific networking equipment, such as routers and switches, that Chinese hackers are suspected of routinely targeting, exploiting serious and well-known flaws that basically gave the attackers full control over their targets.

Cisco, Citrix, Fortinet and Netgear equipment were among the most often attacked devices.  Cisco and Netgear, according to the warning, have already published software updates for the majority of the identified vulnerabilities. The organizations recommended that operators take certain actions to minimize possible threats in addition to applying available patches and system upgrades. These include removing or isolating suspected compromised devices as soon as possible, segmenting the network to limit or prevent lateral movement, disabling unused or unnecessary network services, ports, protocols, and devices, and requiring multi-factor authentication for all users, including those connected via a VPN.

For intelligence organizations, telecommunications companies are particularly valuable targets. These service providers develop and operate the majority of the Internet’s infrastructure, as well as numerous private networks throughout the world. Successfully hacking of these networks can open the door to an even larger universe of valuable surveillance opportunities.

References:

Chinese hackers breach telecom giants around the world

https://www.wsj.com/articles/heads-of-fbi-mi5-issue-joint-warning-on-chinese-spying-11657123280

https://www.technologyreview.com/2022/06/08/1053375/chinese-hackers-exploited-years-old-software-flaws-to-break-into-telecom-giants/

https://www.nytimes.com/2022/07/06/world/asia/fbi-china-taiwan-sanctions.html

Summary of EU report: cybersecurity of Open RAN

The EU has published a report on the cybersecurity of Open RAN, a 4G/5G (maybe even 2G?) network architecture the European Commission says will provide an alternative way of deploying the radio access part of 5G networks over the coming years, based on open interfaces. The EU noted that while Open RAN architectures create new opportunities in the marketplace, they also raise important security challenges, especially in the short term.

“It will be important for all participants to dedicate sufficient time and attention to mitigate such challenges, so that the promises of Open RAN can be realized,” the report said.

The report found that Open RAN could bring potential security opportunities, provided certain conditions are met. Namely, through greater interoperability among RAN components from different suppliers, Open RAN could allow greater diversification of suppliers within networks in the same geographic area. This could contribute to achieving the EU 5G Toolbox recommendation that each operator should have an appropriate multi-vendor strategy to avoid or limit any major dependency on a single supplier.

Open RAN could also help increase visibility of the network thanks to the use of open interfaces and standards, reduce human errors through greater automation, and increase flexibility through the use of virtualisation and cloud-based systems.

However, the Open RAN concept still lacks maturity, which means cybersecurity remains a significant challenge. Especially in the short term, by increasing the complexity of networks, Open RAN could exacerbate certain types of security risks, providing a larger attack surface and more entry points for malicious actors, giving rise to an increased risk of misconfiguration of networks and potential impacts on other network functions due to resource sharing.

The report added that technical specifications, such as those developed by the O-RAN Alliance, are not yet sufficiently secure by design. This means that Open RAN could lead to new or increased critical dependencies, for example in the area of components and cloud.

The EU recommended the use of regulatory powers to monitor large-scale Open RAN deployment plans from mobile operators and if needed, restrict, prohibit or impose specific requirements or conditions for the supply, large-scale deployment and operation of the Open RAN network equipment.

Technical controls such as authentication and authorization could be reinforced and a risk profile assessed for Open RAN providers, external service providers related to Open RAN, cloud service/infrastructure providers and system integrators. The EU added that including Open RAN components into the future 5G cybersecurity certification scheme, currently under development, should happen at the earliest possible stage.

Following up on the coordinated work already done at EU level to strengthen the security of 5G networks with the EU Toolbox on 5G Cybersecurity, Member States have analysed the security implications of Open RAN.

Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age, said: “Our common priority and responsibility is to ensure the timely deployment of 5G networks in Europe, while ensuring they are secure. Open RAN architectures create new opportunities in the marketplace, but this report shows they also raise important security challenges, especially in the short term. It will be important for all participants to dedicate sufficient time and attention to mitigate such challenges, so that the promises of Open RAN can be realised.”

Thierry Breton, Commissioner for the Internal Market, added: “With 5G network rollout across the EU, and our economies’ growing reliance on digital infrastructures, it is more important than ever to ensure a high level of security of our communication networks. That is what we did with the 5G cybersecurity toolbox. And that is what – together with the Member States – we do now on Open RAN with this new report. It is not up to public authorities to choose a technology. But it is our responsibility to assess the risks associated to individual technologies. This report shows that there are a number of opportunities with Open RAN but also significant security challenges that remain unaddressed and cannot be underestimated. Under no circumstances should the potential deployment in Europe’s 5G networks of Open RAN lead to new vulnerabilities.”

Guillaume Poupard, Director General of France’s National Cyber Security Agency (ANSSI), said: “After the EU Toolbox on 5G Cybersecurity, this report is another milestone in the NIS Cooperation Group’s effort to coordinate and mitigate the security risks of our 5G networks. This in-depth security analysis of Open RAN contributes to ensuring that our common approach keeps pace with new trends and related security challenges. We will continue our work to jointly address those challenges.”

Finally, a technology-neutral regulation to foster competition should be maintained., with EU and national funding for 5G and 6G research and innovation, so that EU players can compete on a level playing field.

References:

https://ec.europa.eu/commission/presscorner/detail/en/IP_22_2881

https://digital-strategy.ec.europa.eu/en/library/cybersecurity-open-radio-access-networks

https://www.telecompaper.com/news/open-ran-creates-new-opportunities-but-also-security-risks-eu-report–1424010

U.S. cybersecurity firms seek tech standards to secure critical infrastructure

A group of cybersecurity companies that specialize in securing critical infrastructure said they’ve formed a lobbying group to push for technological standards among the private sector and government.

The Operational Technology Cybersecurity Coalition said it will directly work with government to share feedback on policy proposals and adopt uniform technological standards for securing places such as pipelines and industrial facilities. Founding members include Claroty Inc, Tenable Holdings Inc, Honeywell International Inc, Nozomi Networks Inc and Forescout Technologies Inc.

Editor’s Note: What is Cybersecurity?

Cybersecurity is a subset of information security which aims to defend an organization’s cloud, networks, computers, and data from unauthorized digital access, attack, or damage by implementing various defense processes, technologies, and practices. With the countless sophisticated threat actors targeting all types of organizations, it’s critical that your IT infrastructure is secured at all times to prevent a full-scale attack on your clouds, networks, or endpoints and risk exposing your company to fines, data losses, and damage to reputation.

………………………………………………………………………………………………………………

The new cybersecurity industry initiative comes as experts have placed increased scrutiny on what’s known as Operational Technology (OT), a broad array of computer systems that monitor and control industrial equipment.

In May, the cybersecurity firm Mandiant Inc warned that compromises against Internet-connected OT devices were on the rise.

“This work is essential to protect our country’s critical infrastructure,” said Jeff Zindel, vice president and general manager for cybersecurity at Honeywell.

The U.S. government has also recently warned of increased threats from Russia amid the Kremlin’s war in Ukraine. The Justice Department in March announced indictments against four Russian nationals for their alleged role in cyberattacks against hundreds of companies in the energy sector, including the operator of a nuclear power facility in Kansas.
The Operational Technology Cyber Security Alliance: Meeting the security challenges of a digital world:

Information Technology (IT) and Operational Technology (OT) are converging, bringing the promise of improved efficiency and new business models enabled by mass digital transformation and the Industrial Internet of Things (IIoT). However, along with the promise of greater connectivity comes greater risk.

As new technologies are introduced and integrated into legacy operations, OT and IT teams are being challenged from every direction. Security approaches that previously worked for one environment may not apply to the other.

That is why a coalition of industry leaders founded the Operational Technology Cyber Security Alliance (OTCSA) — to provide OT operators and suppliers with resources and guidance to mitigate their cyber risk in a fast-evolving world.

An ecosystem approach to safe and secure industrial operations:

The OTCSA is committed to enabling safe and secure operations for the entire OT spectrum. This includes securing the related interfaces to enable interconnectivity to IT while continuing to support and improve the daily life of citizens and workers in an evolving world.

The OTCSA provides OT operators and their vendor ecosystems with regular technical briefs and implementation guidelines to navigate necessary changes, upgrades and integrations. We will build and support an understanding of OT cyber security challenges and solutions from the board room to the factory floor.

The OTCSA adresses cyber security concerns across the entire range of industrial operations, including:

  • Industrial control system equipment, software, and networks
  • IT equipment and networks that are used in OT systems or provide functionality to OT systems
  • Building management systems
  • Facilities and control rooms access control systems
  • CCTV systems
  • Medical equipment
……………………………………………………………………………………………………………
References:

PON’s Vulnerability to Denial of Service (DoS) Attacks

by Shrihari Pandit

Introduction:

The dominant architecture used in fiber optic deployment -Passive Optical Networks (PONs) may be vulnerable to attack. It is important to bring attention to this under-appreciated weakness and discuss what steps are possible to protect fiber infrastructure.

As various PON technologies are long standing and widely deployed, this is a matter of no small concern. PONs are widely deployed by Verizon FiOS, AT&T U-verse and many others.

The PON architecture is a hodgepodge of old and new technologies, hardware and strategy, limited budget and often is not overseen by a single team.

In this article we describe how fiber optic infrastructure based on PONs may be open to potential denial of service (DoS) attacks via optical signal injections. Security experts warn that this is a growing issue, which could take down entire sectors of PON segments.

Considering the ever increasing state-sponsored and non-state-actor cyber attacks, these types of vulnerabilities that allow for massive disruption for large groups of people are very attractive targets.

PON Overview:

The cost advantages of PON architecture make it the overwhelming choice for FTTH deployments. PON allows wireline network providers to deliver service to businesses and homes without having to install costly active electronics on roads, curb-side or even within buildings themselves.

Active electronics, on the other hand, add cost and create operational complexity as deployments scale. The conveniences and differentiators of PONs are precisely what opens up the floodgates to serious vulnerabilities.

PONs are fundamentally susceptible due to the architecture from the passive optical splitter (POS) to the optical network unit (ONU) within the overall network infrastructure. The POS component of the network functions like a bridge, allowing any and all communications to transverse without the ability to filter, limit or restrict flow.

The fiber optic market currently boasts 585.9 million subscribers worldwide, with that number set to grow to 897.8 million subscribers by 2021.

The industry has moved to upgrade 1st generation GPONs and EPONs to next-generation PONs, like NG-PON2 (the favorite), XG-PON1 and XGS-PON.  For example, Verizon uses the Calix AXOS E9-2 Intelligent Edge System for large-scale NG-PON2 deployments that began in the first quarter of 2018.

However, with subscriber density significantly increasing per PON segment, the risks increase as more subscribers are affected by a cyber attack on a single fiber.

Sidebar:  NG-PON2

NG-PON2 combines multiple signals onto a single optical fiber by using the different wavelengths of laser light (wave division multiplexing), and then splits transmission into time slots (time division multiplexing), in order to further increase capacity. NG-PON2 is illustrated in the figure below.

Legend: 

 OLT =Optical Line Termination                                                         ONT =Optical Network Termination

NGPON2 has three key advantages for operators:

1. Cost

Firstly, it can co-exist with existing GPON and NGPON1 systems and is able to use existing PON-capable outside plant. Since the cost of PON FTTH roll out is 70 per cent accounted for by the optical distribution network (ODN), this is significant. Operators have a clear upgrade path from where they are now, until well into the future.

2. Speed

Initially NGPON2 will provide a minimum of 40 Gb/s downstream capacity, produced by four 10 Gb/s signals on different wavelengths in the O-band multiplexed together in the central office with a 10 Gb/s total upstream capacity. This capability can be doubled to provide 80 Gb/s downstream and 20 Gb/s upstream in the “extended” NGPON2.

3. Symmetrical upstream/downstream capacity

Both the basic and extended implementations are designed to appeal to domestic consumers where gigabit downstream speeds may be needed but more modest upstream needs prevail. For business users with data mirroring and similar requirements, a symmetric implementation will be provided giving 40/40 and 80/80 Gb/s capacity respectively.

………………………………………………………………………………………

The Essence of a PON Cyber Attack:

Given the flashpoints around the globe, it doesn’t take much imagination to envision how state and non-state actors might want to cause such a chaotic and widespread disruption.

If a “cyber criminal” gains access to the underlying fiber, they could inject a wideband optical signal to disrupt communications for all subscribers attached to the PON segment.

Alternatively, at your home the adversary could manipulate the ONU’s optical subsystem to transmit abnormal PON signals and impact service to all subs on that segment. Communications including internet, voice and even analog TV signals that operate on nearby wavelengths would be susceptible to these serious DoS attacks.

Possible Solutions, Preventive Methods and Procedures:

So, what can be done with current equipment without a massive and costly fiber optic network overhaul? The unfortunate answer is that an overarching vulnerability will always exist as long as the passive components are in place.  A reactionary process is the best and only option.

The current primary solution for operators is to reduce the number of subscribers per PON segment as a way to manage risks. If an attack was detected, the network operator would be able to localize the source and identify and disconnect the bad actor from the network. But it’s easier said than done.

This sort of manual process is not ideal. Extensive PON outages means spending the time and money to send personnel to optical line terminals to check each individual port until the attacker is found. The installation of active electronics on each PON segment or near PON subscribers is unrealistic and impractical. That undertaking would actually be more costly in terms of time, money and location.

The best ongoing solution is that operators should consider installing passive tap points per PON segment. Each can be independently routed back and managed at a provider’s operations center and allow operators to effectively analyze segments and detect unusual optical light levels that may signal an attack.

At that point the operator could physically dispatch techs on-site to continue the localization and resolution process while ensuring other non-threatening users remain unaffected. This solution is to effectively take a reactionary restriction and make it as automatic and proactive as currently possible.

Conclusions:

P2MP (point to multi-point) architecture has become the most popular solution for FTTH and FTTP.  Yet there needs to be a severe increase in awareness to potential PON vulnerability into the next generation.

If we can catalyze the telecom industry to develop methods and measures to protect infrastructure, such crippling network security issues will be stopped before widespread exploits occur.

The industry needs to address these concerns sooner rather than later or else be left without effective countermeasures against these very real threats.

………………………………………………………………………………………………..

References:

https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos

https://s2.ist.psu.edu/paper/ddos-chap-gu-june-07.pdf

https://www.youtube.com/watch?v=G93I_v2pa24

……………………………………………………………………………….

About Shrihari Pandit:

Shrihari Pandit is the President and CEO of Stealth Communications, the NYC-based ISP he co-founded in 1995. Stealth, having built its own fiber-optic network throughout the city, provides high-bandwidth connectivity services to a broad roster of customers in business, education and government.

Prior to Stealth, Mr. Pandit was a network-security consultant to various software and telecom companies, including MCI, Sprint and Sun Microsystems. He also served as an independent consultant to several U.S. agencies, including NASA and the National Infrastructure Protection Center (NIPC), now part of the Department of Homeland Security.