Telecom networks tie together and coordinate activity between other critical infrastructures, businesses, government agencies, and individuals. In our highly interconnected cyber ecosystem, virtually everyone relies on telecom networks for “always on” services. Without telecom networks operating, the economy will come to a screeching halt. Real-time situational awareness of the threat environment and level of telecom network security is critical for ongoing operational resiliency.
Watch a brief video on telecom network security with ThreatModeler™:
Challenges to Telecom Network Security
Telecom network security is particularly challenged by cybercriminals and other threat actors with easy and inexpensive access to dedicated tools for attacking the telecom networks. Moreover, with the rapid growth of digital demand and the IoT, market forces have driven telecom operators to transform from physical network companies to cloud service providers.
As a result, telecom companies’ attack surface and cyber risk exposure increase significantly, as do the frequency of cyber attacks. Once a threat actor gains access to the network, they can steal confidential data or insert malware on specific downstream customer networks, or conduct a DDoS or other broad-based attack designed to disrupt broad geographical swaths of the economy, put large numbers of people in harm’s way, or simply cause large-scale mayhem.
Because of the critical role of communication networks, Presidential Policy Directive 21 identifies them as a critical infrastructure. However, unlike other critical infrastructures, it is the telecom companies themselves, not the federal government, who is responsible for telecom network security.
The Federal government holds these companies responsible to identify threats, anticipate attacks, and proactively mitigate the risks of service disruption or other attacker activity. The only way to sufficiently understand the threats and threat actors, and to gain the real-time situational visibility needed for concrete proactive measures, is through the “big picture” perspective that enterprise threat modeling provides.
Modern telecom networks are comprised of multiple subsystems, shown above as chained threat models. As shown in this network architecture diagram, the telecom system for which we will build a threat model consists of a 3G subsystem, a 4G subsystem, and an IMS subsystem, all connected to and coordinated by a core system.
Achieving Telecom Network Security with ThreatModeler™
The Core subsystem is comprised of an interconnected network of Signal Transfer Points. These are large-volume routers that receive incoming signals and transfer the outgoing signals to the appropriate subsystem. Signal transfers are managed by the Home Location Server which draws from a Home Location Register database.
The register contains the physical location of each telecommunications endpoint in the local network’s service area – including the location of mobile devices. We will also include in our core network the Policy Charging and Rules Function. The PCRF helps the network provider differentiate services while maximizing revenue.
The above threat model, along with the three chained threat models, identified 342 potential threats and 171 security requirements. You can download the summary threat model report here.
If you would like to learn more about how enterprise threat modeling with ThreatModeler can help you develop better telecom network security,
 Ben-Shimol, Snir. “Today’s Cyber Security Threats in the Telecom Industry.” Radware Blog. Radware Ltd: Tel Aviv. March 23, 2016.