`

Feedback

Reader's Poll

Which of the following technologies/concepts are likely to witness significant traction this year?
 
Any data to show

Teledata

Tele Data

Mobile Subscribers Yearwise comparision

Error
  • JUser::_load: Unable to load user with id: 679

Safety Net: Need for stringent network security

April 30, 2014
E-mail Print PDF

Himanshu-GuptaRajiv-KAmitRajan-S

 

As new technologies are being introduced in the telecom domain, there is a growing concern about the security threat posed by external sources to operators’ networks. The increased presence of foreign equipment vendors is also a cause of concern for the Indian government, which has mandated the implementation of enhanced network security measures by operators. industry experts share their views on various issues pertaining to security and the way forward for the sector…

Himanshu Gupta

Security requirements of telecom operators

In the past few years, there have been several ups and downs in the security requirements for telecom operators. The government laid down stringent regulations, especially for foreign telecom companies, which was a setback for them as most of the infrastructure had been set up by these companies. This led to concerns among industry stakeholders as investments worth billions were at stake for the entire ecosystem.

New regulations were issued, which made operators and vendors accountable for any security intrusion and involved the imposition of heavy fines in case of non-compliance. The guidelines mandated operators to get their networks audited by authorised agencies and use equipment certified as per national and international standards. All operators were required to obtain security clearance from the Department of Telecommunications (DoT) before procuring equipment and software from foreign vendors.

Expectations from the government

There have been several policy and regulatory changes in the past. Stringent regulations have been introduced as network security issues have been a major cause of concern for equipment vendors.

While ZTE is committed to abiding by the laws of the country, we expect a more streamlined and phased implementation of the security regulations, which will work to the benefit of the entire ecosystem.

Rajiv K. Luthra

Need for privacy laws

While there are some provisions dealing with privacy and data protection under the Information Technology Act, 2000 and other legislations, the current framework does not match the country’s ambitions in either the domestic or the international context. It is important that the proposed privacy law is given final shape and passed by Parliament. This is driven by two factors – the need to protect civil liberties and address the commercial issues arising from difficulties faced by Indian companies in handling data from jurisdictions such as the European Union, which have high levels of data protection. These issues must be taken into account while devising the new privacy framework. The government should also address the issue of national security through this framework.

Views on the proposed NTSP

Protecting telecom networks from intrusion and malicious attacks is of great importance. While the latest draft of the National Telecom Security Policy (NTSP) is not available in the public domain, media reports suggest that the scope of the policy has been expanded since the initial drafts. Legal issues could arise on a number of fronts, depending on the scope and wording of the policy. The implications of the NTSP for privacy, if it includes provisions related to interception and monitoring, will require careful analysis. Further, if guidelines related to testing and certification of telecom equipment are not framed and implemented correctly, there could be implications under international trade law norms. Overall, while a framework for telecom security is important, it must be ensured that the policy is not developed in isolation, and that commercial and legal implications are taken into account.

Amit Marwah

Security requirements of telecom operators

The need for security in the telecom sector is primarily driven by the increasing complexity of operations and migration of networks to packet-based switching technologies that are implemented through IP suites for next-generation technologies. Similar to the cybersecurity risks faced by the IT industry, mobile technologies and cloud computing have created major safety concerns for Indian telecom operators. A large subscriber base and huge volumes of customer data have also made mobile networks vulnerable to hacking and other malicious attacks, including website mutilations, and credit card and identity thefts, which are, in turn, posing a national security threat.

Nokia Solutions and Networks (NSN) is focusing on two major aspects of telecom security – legal and regulatory requirements, and the internal control environment. The critical role these drivers play in ensuring telecom security and safeguarding national economic interests has led to a spate of government regulations aimed at telecom equipment and network security. However, these regulations are not well defined. Second, there are legal requirements under the Information Technology (Amendment) Act, 2008 and the National Cyber Security Policy of 2013 to mitigate the security risks associated with telecom networks in order to check exploitation by anti-national and terrorist organisations that try to intercept communications and launch denial-of-service attacks during terror strikes.

Need for strong security systems

In order to protect the telecom network and its resources from unauthorised access, security frameworks should involve multiple layers of hardware as well as software components. All telecom operators have experienced some level of information security risks. However, the ability to mitigate them depends on the maturity of the organisation and the extent to which its staff and security personnel can understand these layers. While most mobile network operators have implemented a governance framework in the information security and IT functions, they need to extend it to their telecom networks as well.

There is a need for a strong multilayered security system not only in the existing 3G networks but also in future networks with new technologies such as long term evolution (LTE). Indian operators can learn from the experience of global telecom operators in implementing effective risk management policies and tools and conducting employee awareness and security governance training programmes, which will help reduce risks from insiders and facilitate data protection.

New network security solutions

As the country shifts towards next-generation technologies like LTE, new security measures will be required to protect both customers and operators. LTE is an all-IP technology that creates vulnerabilities that were not earlier observed in 2G and 3G networks. LTE architecture is different because it is all-IP, not only within its core but also in the access network. Encryption is typically applied only between the LTE base station and the end-user device, which leaves traffic on the transport network unencrypted.

Telecom operators have started looking for patterns and algorithm-based security solutions, and end-to-end security solutions for LTE networks with a live deployment experience. Inbuilt and high throughput IPSec in eNodeBs, pre-validated LTE radio access network solutions and fully automated certificate life cycle management systems for eNodeBs and the security gateway have also attracted the interest of LTE security vendors and network operators due to their high performance capabilities.

NSN has demonstrated a software-focused approach for network and end-user security. It offers an end-to-end, 3GPP-compliant security solution that is built specifically for telecom networks and LTE architecture. These solutions are likely to result in up to 25 per cent savings in implementation costs and increase the speed of network roll-out by 25 per cent, as compared to manual processes. For end-users, NSN has demonstrated its Mobile Guard application that is capable of detecting malware installed on mobile devices by analysing its traffic patterns in the telecom infrastructure.

Expectations from the government

While the government has issued stringent regulations to safeguard national security, it is imperative to identify a list of critical network infrastructure and equipment to implement security controls methodically. It would augur well for policymakers, government departments, operators, content and service providers, and telecom suppliers to collaborate closely in order to develop strategies for addressing security issues. Collaboration is necessary as no stakeholder can single-handedly ensure that the telecom infrastructure is secure and resilient.

Further, there is a need to understand the global risks related to network security, and identify and implement global standards for the same. The Indian government should work with international agencies to develop a stable framework that will protect telecom networks.

Rajan S. Mathews

Major challenges faced by operators in ensuring network security

DoT has specified security guidelines for telecom networks through a licence amendment dated May 31, 2011. The Indian telecom industry also complies with recognised international standards, best practices and technologies to build a robust security programme.

Ensuring network security is increasingly being mandated not only in India but across the globe. There are prevailing threats and more are emerging from various external and internal sources. There is a need to enhance telecom network security given the shift from circuit-switched to IP-based networks as well as the growth in data services. Operators are facing cybersecurity issues such as mobile botnets, advanced persistent threats and spam; software security threats such as integrity violations, manipulations or backdoors and trojans; and risks associated with cloud computing services.

Further, with the increasing use of smartphones, telecom operators will be required to provide security and address equipment vulnerabilities, interconnected network issues, etc. This is because smartphones use various network technologies such as 3G, LTE, Bluetooth, infrared and WLAN, Wi-Fi and near-field communication. Other challenges include the increasing number and complexity of wireless protocols, especially when devices fall back to older, less secure technologies during low network capacity.

To resolve these challenges, there is a need for cooperation between government authorities, operators and equipment vendors.

In order to promote a global market for India, best practices must be adopted to address security issues related to cloud services, machine-to-machine and other emerging technologies. These include encryption, privacy, network security, law enforcement assistance, interoperability and preservation of cross-border data traffic.

It is also essential to evaluate the threats arising from these issues and regularly upgrade security measures. This requires skilled manpower with knowledge of this domain. Academic institutions should offer more courses with special training on cyber and telecom security. The government is also evaluating a proposal to set up centres of excellence for this purpose.

The cybersecurity policy aims to provide training to up to 500,000 persons in the next five years. In addition, the National Critical Information Infrastructure Protection Centre will oversee security practices related to the design, acquisition, development, use and operation of information resources.

Issues that need to be addressed through a telecom security policy

The NTSP should deal with security issues in a comprehensive manner as the interconnected telecom network environment will expose the network to threats that have the potential to be launched from jurisdictions beyond borders and can intrude on national networks, thereby causing damage to the information they contain.

It is important to regularly evaluate these threats, understand Indian security needs and implement measures to protect the telecom network. This requires understanding and interaction among standards bodies across the globe. Security policies have implications regarding the privacy of citizens. Hence, adequate measures should be taken by the government to safeguard the privacy aspects while charting the policy.

Since the telecom sector comprises foreign service providers, equipment and product suppliers as well as customers, country-specific regulations related to security testing should be aligned with global best practices. In addition, interoperability of equipment is gaining momentum with the convergence of technologies, which mandates the use of internationally acceptable standards and practices for ensuring network security.

Initiatives for security, testing and standardisation of telecom equipment are interlinked and therefore, these need to work in tandem with each other. In view of this, the adoption of standards that are in line with global standards is essential to provide services through different technologies. The Telecommunications Standards Development Society, India, which has been approved by the government as a national Standards Development Office, has a dedicated working group to understand the country’s requirements and align them with international bodies such as 3GPP–Secured Assurance Mechanism.

 
 
 Your cart is empty

Monday morning

Monday morning