Network operators have a hard time. They have to run numerous overlapping communication networks with different protocols and underlying technologies. Besides this, they also need to adhere to regulations, business processes and client needs. On top of that they have to withstand threats to cybersecurity - and new technologies like quantum cryptography, network virtualisation and distributed ledger technologies need to be managed as well. Every new network technology in the rack adds new security threats to the stack.
Cyberattacks are everyday business. Hackers can break into a specific network, like a mobile wireless network for instance, and steal (clients') data from that network. Another kind of attacks of the network are the Distributed Denial of Service (DDOS). If a network is isolated (siloed networks), the hackers only have access to whatever data is on the network they have broken into. He or she cannot hop onto another network and therefore damage is limited.
Network isolation goes against the principles of the network value itself. An emerging trend is operators converging their networks into just one IP core network. If a hacker can get into the core network, then he can steal whatever data he wants to or shut down the entire system. So, the risks of cyberattacks increases. The challenge now is how to protect a single all-in-one IP network.
First, you might ask why we converge all these networks into one, if the cyber security risks are increasing? That is a good question with a logical answer: costs are always a trade-off. It is more cost efficient to maintain one network than multiple networks. Network operators have to provide different services for their clients, managing many different networks on numerous devices that support different applications. They fight the cyber threats while focusing on the availability and scalability of those networks - and taking into consideration privacy regulations and client security. There is a lot of balance trade for the Chief Information Security Officer (CISO) t the network operato to deal with.
It is madness for every network operator to orchestrate these networks in remaining secure.
A security reason also underlies the need for network convergence. As everything is connected, hacking techniques are becoming automatised as well, which creates a constant tension. So, we need management tools to see traffic flows and detect their attacks. That is easier to do on one platform than on multiple platforms. So, it is important to develop features in the core network that automatically deal with network attacks. Regulatory requirements for network customers - as well as business cases for operators - are becoming compelling for strong security in network services delivery. There is a need for a single view of all of the security policies across all of the different devices and vendors via a Security Operations Centre (SOC).
While maintaining the alerts to tackle the old strategies used by phreakers to break into networks - making use of social engineering, poor passwords, vulnerabilities in operating systems or exposed open interfaces - we need to address new challenges too. Threats like poor app testing in agile DevOps, scheduling the patch deployment, interdependencies with customer and suppliers' equipment and Application Protocol Interfaces (APIs) that are interlaced with network assets, and so on.
This network convergence wave offers a good opportunity to refurbish the entire security framework, simplifying the procedures and tools to protect the traffic plane of IP networks. Strong authentication and authorisation will remain a must, along with cryptography, as well as a reliable supply chain for hardware and software; the armed wing of privacy. And finally, a careful design of the topology as the foundation for resilience in the face of disruptions.
We live in a world where new technologies like quantum cryptography, network virtualisation, and distributed ledgers are emerging to better protect data; but they can also be used to hack better. New technologies are two sides of a coin. They open up an entire new field of development with an increasing paradox between flexibility and scalability demands on the one hand and security needs on the other.
The rat race between the good guys and the bad guys is speeding up due to the rapid evolvement of new technologies. That will never end. That is why business people need to stay alert and to look for opportunities to take advantage of new technologies before the hackers do. That is what I teach in the class network security in Cybersecurity 360: how to beat the enemy.
About Manuel Carpio
Carpio is Vice President of Continuam. He was formerly Chief Information Security Officer (CISO) for Telefónica and secretary of their Corporate Security Committee. He founded the Spanish Private CISO's Association and has contributed to policymaking in Europe and Latin America on networks and applications. He has also been involved in consulting about European regulatory frameworks on topics like GDPR. Carpio is one of the members of the Cybersecurity 360 faculty at Berkeley University and teaches about network security in the course Cybersecurity 360 that is developed by EIT Digital and Berkeley University.
Interested? You can still enrol on the Cybersecurity 360 course.
Authors: Manuel Carpio and Karin Oost