cyberattacks
Aftermath of Salt Typhoon cyberattack: How to secure U.S. telecom networks?
Salt Typhoon Attack: On December 4, 2024, a top U.S. security agency representative confirmed reports that foreign actors, state-sponsored by the People’s Republic of China, infiltrated at least eight U.S. communications companies, compromising sensitive systems and exposing vulnerabilities in critical telecommunications infrastructure. This was part of a massive espionage campaign that has affected dozens of countries. Salt Typhoon has targeted telcos in dozens of countries for upward of two years, officials added.
Dated legacy network equipment and years of mergers and acquisitions are likely impeding the ability of telecommunications providers to prevent China inspired cyber-attacks. Until telecom operators fully secure their networks, China will keep finding ways to come back in, officials have warned.
- On Thursday, FCC chair Jessica Rosenworcel proposed a new annual certification requirement for telecom companies to prove they have an up-to-date cybersecurity risk management plan. More below.
- Senior Cybersecurity and Infrastructure Security Agency and FBI officials confirmed Tuesday that U.S. telcos are still struggling to keep the China-backed hackers out of their networks — and they have no timeline for when total eviction is possible.
FCC Chair Jessica Rosenworcel suggested ‘telecom carriers’ raise their network security methods and procedures: “The cybersecurity of our nation’s communications critical infrastructure is essential to promoting national security, public safety, and economic security,” said Rosenworcel. “As technology continues to advance, so does the capabilities of adversaries, which means the U.S. must adapt and reinforce our defenses. “While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future.”
Rosenworcel’s plan is to make U.S. telcos submit some kind of annual certification to the FCC, proving their cybersecurity measures are up to scratch. The clear inference from the attack itself and all the subsequent attempts to shut the stable door after the horse has bolted is that those efforts currently fall short of the mark. Understandably, none of the specific deficiencies have been publicly detailed.
These proposed FCC measures have been made available to the five members of the Commission. They may choose to vote on them at any moment. If adopted, the Declaratory Ruling would take effect immediately. The Notice of Proposed Rulemaking, if adopted, would open for public comment the cybersecurity compliance framework, which is part of a broader effort to secure the nation’s communications infrastructure.
The FCC press release refers to a recent WSJ report based on an unpublished briefing from U.S. national security adviser Anne Neuberger, in which she detailed the scale of the Salt Typhoon attack. “The Chinese compromised private companies, exploiting vulnerabilities in their systems as part of a global Chinese campaign that’s affected dozens of countries around the world,” she was quoted as saying.
Illustration: Sarah Grillo/Axios
……………………………………………………………………………………………………………………………
Legacy network equipment and years of acquisitions have made it particularly difficult for telcos to patch every access point on their networks, Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told Axios.
- Many of the systems in question are nearly 50 years old — like landline systems — and they were “never meant for the type of sensitive data and reliance that we have on them right now,” he said.
- During an acquisition, a company could also miss a server when taking stock of all its newly acquired equipment, Steinhauer said. Network engineers are often inundated with security alerts that are hard to prioritize, he added.
- U.S. telecommunications carriers are required to provide a way for law enforcement to wiretap calls as needed — providing another entry point for adversaries.
Many of the security problems telcos face require simple fixes, like implementing multifactor authentication or maintaining activity logs.
- Even CISA’s recent guidance for securing networks focuses on the security basics.
- But to keep China out, telcos would have to make sure that every device — including their legacy physical equipment, online servers and employees’ computers — is patched.
Most high-profile cyberattacks across industries come down to the basics: a compute server that didn’t have multifactor authentication turned on or an employee who was tricked into sharing their password. Even if a company invests all of its resources in cybersecurity, it may not be enough to fend off a sophisticated nation-state like China.
- These actors are skilled at covering their tracks: They could delete activity logs, pose as legitimate users, and route their traffic through compromised computers in the U.S. so they aren’t detected.
- “You’ve got a persistent, motivated attacker with vast resources to poke and prod until they get in,” Mr. Steinhauer said.
References:
https://docs.fcc.gov/public/attachments/DOC-408015A1.pdf
https://www.axios.com/2024/12/06/telecom-cybersecurity-china-hack-us
WSJ: T-Mobile hacked by cyber-espionage group linked to Chinese Intelligence agency
WSJ: T-Mobile hacked by cyber-espionage group linked to Chinese Intelligence agency
According to the Wall Street Journal, T-Mobile’s network was hacked in a damaging Chinese cyber-espionage operation that successfully gained entry into multiple U.S. and international telecommunications companies.
Hackers linked to a Chinese intelligence agency were able to breach T-Mobile as part of monthslong campaign to spy on the cellphone communications of high-value intelligence targets. It is unclear what information, if any, was taken about T-Mobile customers’ calls and communications records.
“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokeswoman said. “We will continue to monitor this closely, working with industry peers and the relevant authorities.”
China’s multipronged spying operations have drawn warnings in the U.S. about their economic implications. Photo: Andy Wong/Associated Press
…………………………………………………………………………………………………………………………………………………………………………..
Salt Typhoon used sophisticated methods to infiltrate American telecom infrastructure through vulnerabilities including Cisco Systems routers, and investigators suspect the hackers relied on artificial intelligence or machine learning to further their espionage operations , people familiar with the matter said. The attackers penetrated at least some of that infrastructure over eight months or more.
In the broader hacking campaign, attackers were able to access cellphone lines used by an array of senior national security and policy officials across the U.S. government, in addition to politicians. The access allowed them to scoop up call logs, unencrypted texts and some audio from targets, in what investigators believe may have significant national-security ramifications.
Additionally, the hackers were able to access information from systems maintained by the carriers to comply with U.S. surveillance requests, raising further counterintelligence concerns. Investigators are still endeavoring to fully understand and have said the attack was carried out by the Salt Typhoon group. At Lumen, which doesn’t provide wireless service, the attackers didn’t steal any customer data or access its wiretap capabilities, according to people familiar with the matter.
Further investigation has revealed that the hackers sought access to data managed under U.S. law enforcement programs, including those governed by the Foreign Intelligence Surveillance Act (FISA). This act authorizes American intelligence agencies to monitor suspected foreign agents’ communications. By targeting these programs, Chinese hackers may have aimed to infiltrate sensitive government communications channels, gaining insights into U.S. surveillance efforts.
Some foreign telecommunications firms were also compromised in the hacks, including in countries that maintain close intelligence-sharing partnerships with the U.S., people familiar with the matter said. Earlier this week, the Biden administration acknowledged in a public statement some details about the nature of the “broad and significant” hack that were previously reported by the WSJ.
Chinese government-linked hackers had compromised networks at multiple telecommunications companies “to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the statement from the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said. “We expect our understanding of these compromises to grow as the investigation continues,” they added.
References:
https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b
https://www.newsweek.com/fbi-chinese-cyber-espionage-multiple-telecom-networks-1985617
China backed Volt Typhoon has “pre-positioned” malware to disrupt U.S. critical infrastructure networks “on a scale greater than ever before”
FBI and MI5 Chiefs Issue Joint Warning: Chinese Cyber Espionage on Tech & Telecom Firms
Cybersecurity threats in telecoms require protection of network infrastructure and availability
FT: A global satellite blackout is a real threat; how to counter a cyber-attack?
Demythifying Cyber security: IEEE ComSocSCV April 19th Meeting Summary
StrandConsult Analysis: European Commission second 5G Cybersecurity Toolbox report
Cisco to lay off more than 4,000 as it shifts focus to AI and Cybersecurity
Frontier Communications recovering from unknown cyberattack!
Frontier Communications provides fiber optic based gigabit Internet access to millions of consumers and businesses across 25 states. Frontier Communications said on Thursday that it’s ‘experiencing technical issues with our internal support platforms.’ Frontier’s mobile apps are also down, with the same warning message being displayed after launching the application. A company representative did not respond to questions about the situation.
The Texas-based telecommunications company reported a cyberattack to the Securities and Exchange Commission (SEC) on Thursday. Frontier said it detected unauthorized access to its IT systems on April 14th and began instituting “containment measures” that included “shutting down certain of the Company’s systems.” The shutdowns caused operational disruption that the company said “could be considered material.”
“Based on the Company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information,” the company said in the SEC filing.
“As of the date of this filing, the Company believes it has contained the incident and has restored its core information technology environment and is in the process of restoring normal business operations. Based on the company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information,” the company said.
Investigations into the incident are ongoing and they have hired cybersecurity experts to help with the incident. Law enforcement agencies have been notified.
Despite saying that the shutdowns could be considered material, Frontier later wrote that it “does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”
According to Leichtman Research Group, Frontier is the seventh largest broadband Internet supplier in the US, with almost 3 million customers. The company’s copper and fiber network stretches across large portions of the East and West Coasts.
Light Reading reported on Thursday of warnings from Frontier. “We’re experiencing technical issues with our internal support platforms,” said a message on the company’s website homepage. “Our residential and business networks are not affected by this issue. In the meantime, please call for assistance.”
……………………………………………………………………………………………………………………………
Last week, AT&T reported that more than 51 million people were affected by a recently-disclosed data breach that included troves of customer information including Social Security numbers, AT&T account numbers and AT&T passcodes.
EchoStar’s Dish Network last year reported a “cybersecurity incident” that impacted its ability to install services, take payments and provide customer care for several weeks.
Fierce reported this week about an intentional cable cut in AT&T’s network that interrupted services at Sacramento Airport.
……………………………………………………………………………………………………………………..
The Federal Communications Commission (FCC) updated its data breach rules for the first time in 16 years in December, expanding regulations on how telecommunication companies report cybersecurity incidents. FCC Chairwoman Jessica Rosenworcel argued that the rules the agency created more than 15 years ago are no longer compatible with a modern world where telecommunication carriers have access to a “treasure trove of data about who we are, where we have traveled, and who we have talked to.”
References:
https://therecord.media/telecom-giant-frontier-cyberattack-sec
https://www.sec.gov/ix?doc=/Archives/edgar/data/20520/000119312524100764/d784189d8k.htm
https://www.lightreading.com/security/frontier-we-were-probably-hacked
China backed Volt Typhoon has “pre-positioned” malware to disrupt U.S. critical infrastructure networks “on a scale greater than ever before”
On Sunday, FBI Director Christopher Wray said Beijing’s efforts to covertly plant offensive malware inside U.S. critical infrastructure networks [1.] is now at “a scale greater than we’d seen before,” an issue he has deemed a defining national security threat. He said that China backed Volt Typhoon was pre-positioning malware that could be triggered at any moment to disrupt U.S. critical infrastructure. “It’s the tip of the iceberg…it’s one of many such efforts by the Chinese,” he said on the sidelines of the security conference.
Wray had earlier told conference delegates, that China was increasingly inserting “offensive weapons within our critical infrastructure poised to attack whenever Beijing decides the time is right.” The FBI chief said the U.S. is particularly focused on the threat of pre-positioning, which some European officials have described as the cyber equivalent of pointing a ballistic missile at critical infrastructure. “Those attacks are now being amplified by artificial intelligence tools. The word ‘force multiplier’ is not really enough,” Wray added.
Note 1. The FBI Director declined to elaborate on what other critical infrastructure had been targeted, stressing that the Bureau had “a lot of work under way.”
Image Credits: imaginima / Getty Images
Machine learning translation has helped Chinese security operatives to more plausibly recruit assets, steal secrets and rapidly process more of the information they are collecting, the Wray said. “They already have built economic espionage and theft of personal and corporate data as a kind of a bedrock of their economic strategy and are eagerly pursuing AI advancements to try to accelerate that process,” Wray added.
FBI Director Christopher Wray PHOTO: KEVIN DIETSCH/GETTY IMAGES
……………………………………………………………………………………………………………………………
Western intelligence officials say China’s scale and sophistication of cyberattacks has accelerated over the past decade. Officials have grown particularly alarmed at Beijing’s interest in infiltrating U.S. critical infrastructure networks, planting malware inside U.S. computer systems responsible for everything from safe drinking water to aviation traffic so it could detonate, at a moment’s notice, damaging cyberattacks during a conflict.
In California, Wray met with counterparts from the Five Eyes intelligence community—which encompasses the U.S., Australia, New Zealand, Canada and the U.K.—to share respective strategies for cyber defense. He has also traveled to Malaysia and India to discuss China’s hacking campaign with authorities in both countries.
“I am seeing more from Europe,” he said. “We’re laser focused on this as a real threat and we’re working with a lot of partners to try to identify it, anticipate it and disrupt it.”
The Netherlands’ spy agencies said earlier this month that Chinese hackers had used malware to gain access to a Dutch military network last year. The agency, considered to have one of Europe’s top cyber capabilities, said it made the rare disclosure to show the scale of the threat and reduce the stigma of being targeted so allied governments can better pool knowledge.
A report released this month by agencies including the FBI, the Cybersecurity and Infrastructure Agency and the National Security Agency said Volt Typhoon hackers had maintained access in some U.S. networks for five or more years, and while it targeted only U.S. infrastructure directly, the infiltration was likely to have affected “Five Eyes” allies.
Author’s Note:
……………………………………………………………………………………………………………………………
Volt Typhoon, the China-sponsored hacking group, has been targeting U.S. critical infrastructure, including satellite and emergency management services and electric utilities, according to a new report from the industrial cybersecurity firm Dragos. That report outlines how the notorious hacking group is positioning themselves to have disruptive or destructive impacts on critical infrastructure in the U.S.
Robert M. Lee, founder and CEO of Dragos, warned during a media briefing that Volt Typhoon is not an opportunistic group, but is instead targeting specific sites that assist U.S. adversaries “trying to hurt or cripple U.S. infrastructure. It’s hitting the specific electric and satellite communication providers that would be important for disrupting major portions of the U.S. electric infrastructure,” Lee added.
The report comes shortly after the National Security Agency, FBI, and Cybersecurity and Infrastructure Security Agency, revealed that Volt Typhoon has been in some critical infrastructure networks for at least five years. That alert warned of Volt Typhoon operations that targeted the aviation, railways, mass transit, highway, maritime, pipeline, and water and sewage sectors.
……………………………………………………………………………………………………………………………………………………………………………………………………………………………………
The NSA, CISA and FBI said in a joint advisory report that Volt Typhoon has been burrowing into the networks of aviation, rail, mass transit, highway, maritime, pipeline, water and sewage organizations — none of which were named — in a bid to pre-position themselves for destructive cyberattacks, published on February 7th. The release of the advisory, which was co-signed by cybersecurity agencies in the United Kingdom, Australia, Canada and New Zealand, comes a week after a similar warning from FBI Director Christopher Wray. Speaking during a U.S. House of Representatives committee hearing on cyber threats posed by China, Wray described Volt Typhoon as “the defining threat of our generation” and said the group’s aim is to “disrupt our military’s ability to mobilize” in the early stages of an anticipated conflict over Taiwan, which China claims as its territory.
According to Wednesday’s technical advisory, Volt Typhoon has been exploiting vulnerabilities in routers, firewalls and VPNs to gain initial access to critical infrastructure across the country. The China-backed hackers typically leveraged stolen administrator credentials to maintain access to these systems, according to the advisory, and in some cases, they have maintained access for “at least five years.”
This access enabled the state-backed hackers to carry out potential disruptions such as “manipulating heating, ventilation, and air conditioning (HVAC) systems in server rooms or disrupting critical energy and water controls, leading to significant infrastructure failures,” the advisory warned. In some cases, Volt Typhoon hackers had the capability to access camera surveillance systems at critical infrastructure facilities — though it’s not clear if they did.
Volt Typhoon also used living-off-the-land techniques, whereby attackers use legitimate tools and features already present in the target system, to maintain long-term, undiscovered persistence. The hackers also conducted “extensive pre-compromise reconnaissance” in a bid to avoid detection. “For example, in some instances, Volt Typhoon actors may have abstained from using compromised credentials outside of normal working hours to avoid triggering security alerts on abnormal account activities,” the advisory said.
Earlier this year, the FBI and U.S. Department of Justice announced that they had disrupted the “KV Botnet” run by Volt Typhoon that had compromised hundreds of U.S.-based routers for small businesses and home offices. The FBI said it was able to remove the malware from the hijacked routers and sever their connection to the Chinese state-sponsored hackers.
According to a May 2023 report published by Microsoft, Volt Typhoon has been targeting and breaching U.S. critical infrastructure since at least mid-2021.
……………………………………………………………………………………………………………………………………………………………………………………………………………………………..
References:
Volt Typhoon targeted emergency management services, per report
US disrupts China-backed hacking operation amid warning of threat to American infrastructure
https://www.controlglobal.com/home/blog/11293192/information-technology
IEEE/SCU SoE Virtual Event: May 26, 2022- Critical Cybersecurity Issues for Cellular Networks (3G/4G, 5G), IoT, and Cloud Resident Data Centers
This virtual event on ZOOM will be from 10am-12pm PDT on May 26, 2022.
Session Abstract:
IEEE ComSoc and SCU School of Engineering (SoE) are thrilled to have three world class experts discuss the cybersecurity threats, mitigation methods and lessons learned from a data center attack. One speaker will also propose a new IT Security Architecture where control flips from the network core to the edge.
Each participant will provide a 15 to 20 minute talk which will be followed by a lively panel session with both pre-planned and ad hoc/ extemporaneous questions. Audience members are encouraged to submit their questions in the chat and also to send them in advance to [email protected].
Below are descriptions of each talk along with the speaker’s bio:
Cybersecurity for Cellular Networks (3G/4G, 5G NSA and SA) and the IoT
Jimmy Jones, ZARIOT
Abstract:
Everyone agrees there is an urgent need for improved security in today’s cellular networks (3G/4G, 5G) and the Internet of Things (IoT). Jimmy will discuss the legacy problems of 3G/4G, migration to 5G and issues in roaming between cellular carriers as well as the impact of networks transitioning to support IoT.
Note: It’s important to know that 5G security, as specified by 3GPP (there are no ITU recommendations on 5G security), requires a 5G Stand Alone (SA) core network, very few of which have been deployed. 5G Non Stand Alone (NSA) networks are the norm, but they depend on a 4G-LTE infrastructure, including 4G security.
Cellular network security naturally leads into IoT security, since cellular networks (e.g. NB IoT, LTE-M, 5G) are often used for IoT connectivity.
It is estimated that by 2025 we will interact with an IoT device every 18 seconds, meaning our online experiences and physical lives will become indistinguishable. With this in mind it is as critical to improve IoT security as fastening a child’s seatbelt.
The real cost of a security breach or loss of service for a critical IoT device could be disastrous for a business of any size, yet it’s a cost seldom accurately calculated or forecasted by most enterprises at any stage of IoT deployment. Gartner predicts Operational Technologies might be weaponized to cause physical harm or even kill within three years.
Jimmy will stress the importance of secure connectivity, but also explain the need to protect the full DNA of IoT (Device, Network and Applications) to truly secure the entire system.
Connectivity providers are a core component of IoT and have a responsibility to become part of the solution. A secure connectivity solution is essential, with strong cellular network standards/specifications and licensed spectrum the obvious starting point.
With cellular LPWANs (Low Power Wide Area Networks) outpacing unlicensed spectrum options (e.g. LoRa WAN, Sigfox) for the first time, Jimmy will stress the importance of secure connectivity and active collaboration across the entire IoT ecosystem. The premise is that the enterprise must know and protect its IoT DNA (Device, Network & Application) to truly be secure.
Questions from the audience:
I am open to try and answer anything you are interested in. Your questions will surely push me, so if you can let me know in advance (via email to Alan) that would be great! It’s nice to be challenged a bit and have to think about something new.
One item of interest might be new specific IoT legislation that could protect devices and data in Europe, Asia, and the US ?
End Quote:
“For IoT to realize its potential it must secure and reliable making connectivity and secure by design policies the foundation of and successful project. Success in digital transformation (especially where mission and business critical devices are concerned) requires not only optimal connectivity and maximal uptime, but also a secure channel and protection against all manner of cybersecurity threats. I’m excited to be part of the team bringing these two crucial pillars of IoT to enterprise. I hope we can demonstrate that security is an opportunity for business – not a burden.”
Biography:
Jimmy Jones is a telecoms cybersecurity expert and Head of Security at ZARIOT. His experience in telecoms spans over twenty years, during which time he has built a thorough understanding of the industry working in diverse roles but all building from early engineering positions within major operators, such as WorldCom (now Verizon), and vendors including Nortel, Genband & Positive Technologies.
In 2005 Jimmy started to focus on telecom security, eventually transitioning completely in 2017 to work for a specialist cyber security vendor. He regularly presents at global telecom and IoT events, is often quoted by the tech media, and now brings all his industry experience to deliver agile and secure digital transformation with ZARIOT.
…………………………………………………………………………………………………………………………………………………………………………………………………………………….
Title: Flip the Security Control of the Internet
Colin Constable, The @ Company
The PROBLEM:
With the explosion of Internet connected devices and services carrying user data, do current IT architectures remain secure as they scale? The simple and scary answer is absolutely no, we need to rethink the whole stack. Data breaches are not acceptable and those who experience them pay a steep price.
Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see the actual data being transmitted. However, the Router needs meta data (the IP and Port) to make it work. What meta data does the Data level Router have access to?
We need to discuss how to approach the problem and selectively discard, but learn from previous IT architectures so that we can build a more solid, secure IT infrastructure for the future.
Proposition:
I will provide a glimpse of a future security focused IT architecture.
- We need to move most security control functionality to the edge of the network.
- Cloud data center storage should be positioned as an encrypted cache with encryption keys at the edge.
- No one set of keys or system admin can open all the encrypted data.
When data is shared edge to edge we need to be able to specify and authenticate the person, entity or thing that is sharing the data. No one in the middle should be able to see data in the clear.
Issues with Encryption Keys:
- IT and Data security increasingly rely on encryption; encryption relies on keys; who has them?
- Is there really any point to VPN’s Firewalls and Network segmentation if data is encrypted?
- We use keys for so many things TLS, SSH, IM, Email, but we never tend to think about the keys.
- Do you own your keys? If not someone else can see your data!
- What do we need to flip the way IT is architected?
Recommendations for Keys:
- Keys should be cut at the edge and never go anywhere else.
- You should be able to securely share keys along with the data being transmitted/received.
- There needs to be a new way to think about identity on the Internet.
The above description should stimulate many questions from attendees during the panel discussion.
Biography:
Colin Constable’s passion is networking and security. He was one of the founding members of the Jericho Forum in the 2000s. In 2007 at Credit Suisse, he published “Network Vision 2020,” which was seen by some as somewhat crazy at the time, but most of it is very relevant now. While at Juniper, Colin worked on network virtualization and modeling that blurred the boundaries between network and compute. Colin is now the CTO of The @ Company, which has invented a new Internet protocol and built a platform that they believe will change not just networking and security, but society itself for the better.
……………………………………………………………………………………………………………………….
The Anatomy of a Cloud Data Center Attack
Thomas Foerster, Nokia
Abstract:
Critical infrastructure (like a telecommunications network) is becoming more complex and reliant on networks of inter-connected devices. With the advent of 5G mobile networks, security threat vectors will expand. In particular, the exposure of new connected industries (Industry 4.0) and critical services (connected vehicular, smart cities etc.) widens the cybersecurity attack surface.
The telecommunication network is one of the targets of cyber-attacks against critical infrastructure, but it is not the only one. Transport, public sector services, energy sector and critical manufacturing industries are also vulnerable.
Cloud data centers provide the required computing resources, thus forming the backbone of a telecommunications network and becoming more important than ever. We will discuss the anatomy of a recent cybersecurity attack at a cloud data center, review what happened and the lessons learned.
Questions:
- What are possible mitigation’s against social engineering cyber- attacks?
-Multifactor authentication (MFA)
-Education, awareness and training campaigns
- How to build trust using Operational Technology (OT) in a cloud data center?
Examples:
- Access monitoring
- Audits to international standards and benchmarks
- Security monitoring
- Playbooks with mitigation and response actions
- Business continuity planning and testing
Recommendations to prevent or mitigate DC attacks:
- Privileged Access Management across DC entities
- Individual credentials for all user / device entities
- MFA: One-Time Password (OTP) via text message or phone call considered being not secure 2-Factor Authentication anymore
- Network and configuration audits considering NIST/ CIS/ GSMA NESAS
- Regular vulnerability scans and keep network entities up to date
- Tested playbooks to mitigate security emergencies
- Business continuity planning and establish tested procedures
Biography:
Thomas Foerster is a senior product manager for Cybersecurity at Nokia. He has more than 25 years experiences in the telecommunications industry, has held various management positions within engineering and loves driving innovations. Thomas has dedicated his professional work for many years in product security and cybersecurity solutions.
Thomas holds a Master of Telecommunications Engineering from Beuth University of Applied Sciences, Berlin/ Germany.
……………………………………………………………………………………………………………………………………………………………………………………………………………………………..
Video recording of this event: Critical Cybersecurity Issues for Cellular Networks, IoT, and Cloud-Resident Data Centers – YouTube
Previous IEEE ComSoc/SCU SoE March 22, 2022 event: OpenRAN and Private 5G – New Opportunities and Challenges
Video recording: https://www.youtube.com/watch?v=i7QUyhjxpzE