skip to Main Content
measec_home

TLC Network Devices Security

The security of the TLC and new 5G networks is a major concern of the European institutions and the rest of the world. It is essential to assess and ensure the integrity of the Public Communications Networks or the Publicly Available Electronic Communications Service. This article provides an overview of the European legislation and recommendations and the products and services offered by MEASEC to be complied with.

European Law and Recommendations
The European Parliament and the Council updated the previous Common Regulatory Framework for Electronic Communications Networks and Services with Directive 2009/140 / EC, forcing Member States to take appropriate technical and organizational measures to manage the risks posed to the security of public communications networks or publicly available electronic communications in an appropriate manner. Member States transpose and implement directives into national legislation, and dissuasive sanctions and sanctions are applied in the event of infringements of national provisions implemented in accordance with these and other specific directives. The Directive focused on two main objectives to be achieved by Member States through their Telecommunications Operators and the National Regulatory Authority:

  • Ensure the integrity of their telecommunications networks.
  • Notify the competent national regulatory authority and ENISA of breaches of security or loss of integrity that have had a significant impact on the operation of telecommunications networks or services.
  • Ensure the integrity of their telecommunications networks.
  • Notify the competent national regulatory authority and ENISA of breaches of security or loss of integrity that have had a significant impact on the operation of telecommunications networks or services.

In line with the Directive, the European Commission recognized on 26 March 2019 that:

  • 5G network technologies are a major enabler for future digital services and will form the backbone for a wide range of services essential for the functioning of the internal market and the maintenance and operation of vital societal and economic functions – such as energy, transport, banking, voting, health, and industrial control systems.
  • The dependence of many critical services on 5G networks would have particularly serious consequences for systemic and widespread disruption. As a result, ensuring cyber-security for 5G networks is a strategic issue for the Union at a time when cyber-attacks are on the rise and are more sophisticated than ever.
  • Any significant vulnerabilities and/or cyber-security incidents involving 5G networks occurring in one Member State would have an impact on the Union as a whole due to the interconnected and transnational nature of the infrastructures.
  • Ensuring European sovereignty should be a key objective, with full respect for Europe’s values of openness and tolerance and an increasing extra-European technological presence in the Union as a security threat.
  • Addressing cyber-security risks in 5G networks should take into account technical factors such as vulnerabilities that may be exploited to gain unauthorized access to information (cyber espionage, whether for economic or political reasons) or for other malicious purposes (cyber attacks aimed at disrupting or destroying systems and data). Important aspects to be considered should be the need to protect networks throughout their entire life cycle and the need to cover all relevant equipment, including in the design, development, procurement, deployment, operation and maintenance phases of 5G networks.

The European Commission has also adopted Recommendation No. EU/2019/534 for cyber-security of 5G networks, which oblige Member States and telecommunications operators to:

  • Conduct a risk assessment of the 5G network infrastructure, including the identification of the most sensitive elements where security breaches would have a significant negative impact.
  • Update the security requirements and risk management methods applied to 5G networks.
  • Ensure the security of sensitive parts of the networks and provide relevant information to the competent national authorities on planned changes to the electronic communications networks and requirements.

Network Infrastructure Devices are ideal targets for malicious cyber players because most or all of the organizational and customer traffic needs to pass through them and because they are often easy targets:

  • Antivirus, integrity-maintenance, and other security tools that help protect general-purpose hosts are either unavailable or not easy to run.
  • Manufacturers build and distribute these network devices with usable firmware and services for ease of installation, operation, and maintenance.
  • Telecommunications Operators often do not change vendor default settings, harden them for operations, or perform regular patching.
  • Telecommunications operators often overlook network devices when they investigate, search for intruders, and restore general-purpose hosts after cyber intrusions.
  • Antivirus, integrity-maintenance, and other security tools that help protect general-purpose hosts are either unavailable or not easy to run.
  • Manufacturers build and distribute these network devices with usable firmware and services for ease of installation, operation, and maintenance.
  • Telecommunications Operators often do not change vendor default settings, harden them for operations, or perform regular patching.
  • Telecommunications operators often overlook network devices when they investigate, search for intruders, and restore general-purpose hosts after cyber intrusions.

Thanks to our broad specific expertise on TLC OT (Operational Technologies), IT (Information Technologies), Information Security and, legal and regulatory, we provide Telecommunication Operators specialized consultancy, tools and services for managing the security risk of TLC Networks, Network Elements and Network Elements Management Systems:

  • Firmware Vulnerability Assessment
  • Firmware and Embedded Software Integrity Validation
  • Hardening and Secure Configuration
  • Compliance with European and National directives/recommendations
  • Consultancy for dealing with TLC manufacturers for removing/mitigating firmware vulnerabilities
0 0 vote
Article Rating
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
ปั้มไลค์

Like!! I blog frequently and I really thank you for your content. The article has truly peaked my interest.

2
0
Would love your thoughts, please comment.x
()
x
Back To Top