Telecoms are essential to everyone’s cybersecurity challenges

Editor’s note: The following is a guest article from Jason Atwell, principal advisor of global intelligence at Mandiant. 

Some of the largest intelligence coups in history have been the result of the compromise of telecommunications systems.

For as long as messages have been passed between people, whether in writing or orally, knowledge of their content by third parties has been a goal of nation-states and bad actors.

Manipulating communication processes, by injecting false information or degrading the speed and quality of traffic, has also been ubiquitous over time. Being the first to know — or better yet, to know something when your opponent or competitor doesn’t know you know — is a distinct advantage to protecting sensitive information.

Decades ago this was a matter of capturing riders or spies, intercepting messengers in the trenches, downing balloons or pigeons, tapping cables or phone lines, or stealing the keys to encryption machines.

The methods may have evolved but intercepting communications is not new, and it will likely remain a lasting issue.

What is new, however, is that the current global information environment makes compromising communications possible on a scale never before imagined.

Segmented, specialized networks limited to military or government uses, as well as regional and low-tech postal, telephone, and radio are mostly obsolete. In their place, international corporations and service providers produce the hardware, software and networks everyone uses to send and receive information.

These entities have built a system that is highly efficient and spans the globe as well as the public and private sectors. This translates into a communications system that is accessible almost anywhere, at any time by both friend and foe alike.

Open access

Telecommunications covers a huge swath of economic and technological territory. For cybersecurity, this includes internet service providers; social media conglomerates; companies that produce mobile devices and most computers; and software corporations that make key products like collaboration suites, VPNs, and other communication-or internet traffic-centric interfaces.

This global socioeconomic system is near-universally accessible and at the same time, vulnerable to all manner of incursions because this accessibility extends to malicious actors.

Universal access does not necessarily have to mean widescale vulnerability, but in our current environment, it does for a few unfortunate reasons.

  • First, the malicious actors who regularly exploit and infiltrate the telecommunications environment do not play by the rules of those entities that build and maintain the infrastructure. 
  • Second, individual user autonomy, one of the qualities that is also the greatest strength of the West, creates a near-infinite attack surface. For most individuals, cybersecurity comes once a year when someone on TV tells them to change their passwords, use a VPN in a coffee shop, or to be careful opening emails with attachments.
  • Third, even basic cyber hygiene is meaningless if practiced on a compromised network, whether it’s an already infected machine or a compromised service provider or software suite.

Rethinking responsibility 

Placing the security onus on the end-user is not unique to telecommunications, but the responsibility ratio is a bit skewed given the technology and concepts in play.

If a malicious actor wants the most bang for their buck when it comes to an intrusion or an attack, targeting the network rather than individual nodes is the more likely approach in most scenarios. A recent example showed an Iranian government-linked hacking group using access to telecom providers to pivot into other organizations using non-technical exploits.

A more realistic balance between users and the networks, products, and services they use is needed to counter the devastating impacts that telecommunications compromises have on the trust and safety of communications, economic, political, and social systems.

A complicating factor of all the above is that this universe only continues to expand, with new platforms emerging in social media, gaming providing yet another layer of software vulnerability, and even internet-of-things devices providing new, exploitable attack vectors.

The emerging concept of the metaverse will also impact telecoms security because this will be largely managed by the same companies that built the infrastructure. The user experience might be virtual but the inevitable technological vulnerabilities therein will be very real.

The top trends in telecoms targeting over the previous year have heavily focused on wireless communications and IT and data services, meaning that the exploitation of vulnerabilities in the software of telecommunications are central to malicious activity.

Telecommunications infrastructure easily falls into a category that makes it both extremely likely and potentially devastating if it is infiltrated, corrupted, degraded or destroyed.

Proactive protection of these assets hinges on a few key initiatives:

  • Defensive efforts designed to make this infrastructure harder and more resilient should be prioritized based on threat scenarios emphasizing the likelihood and severity of potential compromise.
  • Focusing on the security maintenance, mainly patching, of legacy IT such as Microsoft Office. Telecoms might be a unique industry, but it uses the same software for basic functions as many others, and these are still the most likely avenues for exploitation across the board.
  • Acknowledging that tools like VPNs are not a security panacea and layering in defense-in-depth techniques. If VPN usage is intended to protect traffic, then adversaries will shift towards exploiting data at rest on either end of the “tunnel,” invalidating the effort. Therefore, data at rest must be protected and endpoint detection becomes even more critical. This also extends to taking steps to prevent credential abuse that allows widespread access.
  • Prioritizing threats against most likely advanced persistent threats to the industry. Foremost among them known China- and Iran-affiliated threat actors that specifically target telecommunications and media entities.
  • Acknowledging that user-based security is difficult and shifting resources towards protecting them from themselves rather than relying on passwords and antivirus to secure individual accounts.

Not all critical infrastructure is equally critical. The telecommunications industry is simultaneously a driving force behind nearly all socioeconomic activities, while also being a common denominator in attempts to interfere in them.

The good news is best practices are nearly-universal, and industry can take many steps to better secure the common platforms that we all rely on by making better regulatory, security and usage choices.

Next Post

SEC weighs path forward for crypto trading platforms

Here are your FOX Business Flash top headlines for April 4. WASHINGTON — The Securities and Exchange Commission is studying ways to make it more feasible for cryptocurrency trading platforms to register with the agency as exchanges, Chairman Gary Gensler said Monday. Ticker Security Last Change Change % COIN COINBASE […]

Subscribe US Now