European telecommunications operators, despite being fierce competitors in some markets, share a spirit of trust and collaboration in their approach to information security, a spirit of essential importance in making a stand against cybercrime. This spirit of trust and collaboration was evident at the recent meeting of the ETIS Information Security Working Group hosted at the iconic BT Tower in London, an event gathering over 30 European security professionals to share knowledge and best practices on the latest cybersecurity threats, opportunities and challenges facing the telecom industry.
The telco threat horizon
Some of the discussion points covered in the meeting included securing shadow IT, security in the supply chain, SDN & NFV security, automated threat intelligence, cloud security policy and the telco threat horizon.
Of special interest was the presentation of a “Telco Security Roadmap” identifying the key developments to affect telco security in coming years and qualifying each development in terms of nature, criticality and time horizon. The Roadmap reflects the collective mindset of European telco security professionals and was developed with the help of TNO, a member of both ITU and ETIS.
The cyber-threat landscape is evolving rapidly, with increasingly severe vulnerabilities emerging at a tremendous pace. Topping the Roadmap’s list of near-term security priorities were advanced persistent threats, supplier dependency, cloud consumption, security/privacy regulations, 5G, IoT and SDN/NFV.
New security collaboration
One of the key weapons in the fight against cybercrime is the exchange of credible, real-time threat intelligence, and both ETIS and ITU have developed platforms to automate the exchange of this intelligence in the ETIS MISP based threat intelligence platform and the ITU CYBEX platform. ETIS and ITU, as membership-driven organizations, have also begun to explore how they might achieve mutual benefit by taking advantage of the cyber-threat intelligence collected by the ETIS and ITU communities.
Future security challenges will not only come from unprecedented numbers of ‘doors’ to the network opened by billions of connected devices, but also from the great variance in the security demands of vertical industries such as healthcare, energy and transportation. New applications such as remote medical surgery and automated, connected cars will elevate the significance of consequences resulting from security breaches.
With the imminent arrival of 5G and massive-scale IoT application, telcos are approaching security standardization with renewed vigour.
The recent meeting of the ETIS Information Security Working Group highlighted the strategic importance of telco participation in the technical standardization work of ITU-T Study Group 17 (Security). ETIS and ITU have embarked on new cooperation to ensure that the organizations are represented at one another’s meetings, and the two organizations will maintain open dialogue to spot opportunities for collaboration. ITU provides a platform that could help ETIS to work on issues including the establishment of security baselines and identity access management, and ETIS will channel telco-specific industry requirements and challenges into the security standardization work of ITU-T Study Group 17.
Attending the ETIS meeting in London, I was pleased to find a coherent group of European telco industry security professionals that trust each other enough to put competition aside, realizing that good security is the rising tide that raises all ships.
The Telco Security Roadmap presented at the meeting offers insight into the telecoms industry’s top security priorities and will no doubt be of great interest to my fellow participants in ITU-T Study Group 17.
ITU-T Study Group 17 is the ITU standardization expert group responsible for building confidence and security in the use of information and communication technologies. The next meeting of ITU-T Study Group 17 will be held in Geneva from 29 August to 7 September 2016.
Arkadiy Kremer was appointed as chairman of ITU-T SG17 in 2008. He has lead a number of projects in the field of implementation of information and telecommunication technologies, and has previously held positions as chairman of Russian Association for Networks and Services (RANS) Executive Committee and head of RANS Education Department in MTUCI. He holds a degree from the Moscow Technical University of Communications and Informatics (MTUCI).