In-Depth Study Sets Out Operator Security Principles

Posted Apr 2017

Trade bodies often get a hard time from the media and their members, but the GSMA is certainly to be congratulated for its detailed look at the security and safety issues facing mobile networks and their customers.

Its report – Safety, Privacy and Security across the mobile eco-system – comprises nearly 70 pages of analysis and, importantly, includes a set of principles that will be supported by the full GSMA operator membership.

Broken down into four sections – protecting consumers, protecting the privacy of stored consumer data, protecting public safety, and protecting the network – the report, produced in conjunction with respected global management consulting firm AT Kearney, highlights the issues and concerns across its four focus areas and suggests policies and approaches that operators should adopt to combat them all.

Not surprisingly, it is the area of network security and the report’s recommendations in that field which most grabbed our attention. The guidance here is clear and states at the outset that all the players in the industry’s eco-system need to work together and co-ordinate with international law enforcement to share threat intelligence and respond to attacks on networks and devices.

And when it comes to the security weaknesses in SS7 signalling, the report is unequivocal and calls upon all operators to respond in a “comprehensive and collective manner” to mitigate the risks. The report also highlights the existence of monitoring, detecting and blocking tools – like our own signalling firewall – and points members towards the work of the GSMA’s Fraud and Security Group whose advice and guidelines to operators we actively contribute to as part of our long standing commitment to support the work of this group.

The GSMA report also looks to future networks and the need to build security into 5G and IoT services. It admits that no security technology is guaranteed to be unbreakable, but talks about maintaining a high bar as far as the networks are concerned. It sees the advent of 5G as an opportunity to rethink security and how it can be provided.

It sets out as a key implication for the industry the need for collective action to protect connected networks and consumers through consistency and consensus in the development of standards and the proportionate use of monitoring, detection and blocking capabilities.

We certainly welcome the report and are ready to play our role helping the operator community to meet its recommendations.