With Apple’s iCloud’s coming under the spotlight in recent days for recent high profile data thefts, Leonid Burakovsky Sr. Director, Strategic Solutions for F5 Networks takes a timely look at security in LTE networks.
The concept of security for service providers is undergoing significant changes. Several key trends are contributing to this change: as it relates to business, to technology and who is attacking.
Historically, the main sources of operators’ revenue were voice and SMS. More recently, data revenue is the new star, together with the forays toward new services and service monetization such as mobile commerce, banking, mobile health, and others.
The need for tight security is clear, for example, in the mobile health ecosystem that would require end-to-end security mechanisms including the participating operator’s network. Or for example, mobile commerce, which is currently running over SMS, and obviously can’t function without comprehensive security mechanisms including the network as part of the overall ecosystem.
But do we truly the trust these ecosystems today?
Another new element from the business perspective is the privacy of user information.
LTE networks are inherently less secure than previous generations (I’ll discuss this in more detail in a subsequent post) and, without dedicated security mechanisms, user information is easily accessible to the hacker via threats such as man-in-the-middle attacks.
User awareness of the lack of security is definitely on the rise with the NSA debacle greatly contributing to it. And many users will hold service providers responsible for security breaches, especially if they are not deploying defense systems to protect user data.
Our research, a survey carried out by Opinium on behalf of F5 Networks that surveyed 1922 UK customers, reveals that security is now among the top three elements consumers consider when choosing a mobile operator, after pricing and network coverage and that over a third (35 per cent) now hold operators responsible for any data breaches suffered.
Failure to act could hit the bottom line and trust in the mobile ecosystem to deliver new – revenue generating – services like mobile commerce or mobile health.
And finally, who are the attackers? More and more, we’re dealing with “for-profit” illegal cyber attackers, often involving big criminal organizations. This is a fundamental difference. And because the attacker is different, also the attacks are different.
There are several aspects of cyber-attacks to consider (that at some point can become full blown cyber/mobile wars). With a DDoS attack, even if the attack itself is very painful, everyone can see it. However, the challenge is that more and more cyber criminals are attacking in a “low-and-slow” manner, trying to be under the radar of the current generation security systems. This new generation of attacks is very difficult to detect and sometimes the attack can be going on for years before being detected.
In a subsequent post I’ll discuss technology trends, why LTE networks are less secure than the previous generations and what concepts should be implemented to protect the mobile ecosystem (users, networks, applications) to earn users’ trust.
Leonid Burakovsky currently serves as F5 Networks Sr. Director, Strategic Solutions. Prior to this role he served as Juniper Networks Strategic Alliances CTO. Leonid is regularly asked to present at MWC, NGMN Forum, 4G, CTIA, Futurecom, IEEE, Broadband World Forum and the LTE World Series to name a few. Before joining Juniper Networks in 2004, Leonid worked at Airslide, Bezeq Int, ECI, Alcatel and the Center for Communication Research. Leonid has more than 28 years of industry experience and holds a bachelors and Master’s degree in Information Systems Engineering.