Cybersecurity for CSPs - five strategies to stay out of the headlines

Srinivas Bhattiprolu, Global Head of Advanced Consulting Services at Nokia

Srinivas Bhattiprolu, Global Head of Advanced Consulting Services at Nokia

Developments such as 5G and network cloudification are essential for communications service providers (CSPs) to remain competitive, agile, and innovative. But these transitions have also complicated the security landscape. Faced with an unprecedented attack surface, how can CSPs protect their own networks and customers’ critical infrastructure?

This is a question of paramount importance for CSPs, who could be responsible for securing critical functions of everything from hospitals and power grids to air traffic control and railway networks. No CSP wants to find their company’s name in the headlines associated with a disastrous cyberattack. Fortunately, there are actions available to defend against malware and malicious actors.

Conduct a security audit

A security audit involves examining every aspect of the network, including policies, infrastructure, devices, operating systems, and applications. The goal is to assess the network’s overall security posture as well as to uncover any underlying security issues and formulate a plan to address them.

There are two types of audits. Routine audits are preventative, involving regular examinations (typically yearly) of the network. Event-based audits take place after a security incident or attack, with the goal of identifying what happened, how it happened and how it can be prevented in the future.

By their nature, audits are comprehensive and thorough. This presents a challenge as CSPs may lack the in-house resources to conduct an effective security audit, or the necessary expertise with new technologies like 5G. A dedicated, external firm is the solution in such cases. The right partner will have the resources and perspective to do proper penetration testing, find weaknesses and exposures, and review and refine internal processes and policies.

Take a zero-trust approach

5G presents a complicated security landscape that requires authenticating identities, authorizing subjects, verifying the integrity of associated devices or workloads, and monitoring individual sessions continuously. A zero-trust approach can help CSPs manage this complexity and effectively maintain trust relationships between:

• Core network functions and user equipment, allowing the equipment to access network functions

• Network functions themselves for control and user plane tasks

• Operations and management users and network functions to support management tasks

Zero-trust security protects these relationships by never trusting subjects and objects within them, by way of:

• Strong authentication that verifies subject identities whenever they attempt to access objects

• Least-privilege authorization, which grants users access only to what they need to fulfill their responsibilities

• Integrity checks on devices and front-end applications before the start of any session to avoid unauthorized access and compromised workloads

• Continuous session validation that scans and detects changes in device or workload integrity to identify malicious activity

Emerging zero-trust network access solutions can secure trust relationships between subjects and assets even in operational technology environments.

Invest in security automation tools

The benefits of 5G come with added complexity, increasing the risk of human error and requiring resources CSPs might not have. The number of devices and amount of data to be managed and sheer size of modern networks makes it challenging to adequately monitor and protect every element. Some degree of automation has become essential.

On the security side, automated incident response workflows can be implemented to reduce false positives and dependency on personnel. By automating repetitive or routine tasks, security teams can keep their focus on more complex threats and high-priority alerts.

Monitor for anomalies

Critical to keeping systems safe is reacting at the first sign of malicious activity. That ability demands continuous, properly configured anomaly monitors.

The first step is threat modeling. It requires creating a security profile for an asset’s architecture, determining threats that might pose a risk, identifying countermeasures and then developing rules to support mitigation. While this same approach is taken in IT, IT systems and 5G have vastly different security profiles. CSPs must take care to configure their tools and technologies according to 5G-specific use cases.

Threat hunting is another key practice. Proactively uncovering threats that have evaded preventative measures is critical to stopping attacks before they start. Network operators must stay vigilant of unusual activity that could indicate defenses have been breached or compromised.

Create a threat detection and response plan

A threat response plan helps ensure the timely detection and remediation of attacks and creates a consistent, reliable approach for response across personnel. Such a plan identifies team members involved in detection and response and who should be informed of any incident and specifies under what conditions the plan will be activated.

The containment, analysis, remediation, reporting and forensics used in IT incident response processes all apply to 5G. A typical plan will call for concurrent analysis, containment and mitigation, along with the evaluation of potential harms and impacts of remedial actions. Remediation and eradication of the threat follow, with data recovery as needed. A thorough analysis to determine whether the threat has been successfully contained or eliminated should take place afterward, as well as a full review.

Partnering for safety and security

As 5G becomes more ubiquitous, cybersecurity is growing more complex — and essential. To help secure their networks and customers’ critical infrastructure from cyberattacks, CSPs can use security audits, zero-trust architectures, automation, anomaly monitoring, and well-defined threat detection and response processes. These actions require deep network architectural and operational competencies that, if not available in-house, should be found in a trusted partner.

 

Read Also

Strengthening Enterprise Security via a Multi-Faceted Approach

Strengthening Enterprise Security via a Multi-Faceted Approach

David Jenkins, Chief Information Security Officer,The Lottery Corporation
Effective Communications between CISOs and Key Stakeholders

Effective Communications between CISOs and Key Stakeholders

Kevin P. Gowen, Chief Information Security Officer, Synovus
Giving Cybersecurity a Business Lens

Giving Cybersecurity a Business Lens

Grant McKechnie, Chief Information Security Officer at Endeavour Group
Setting the Right Security Culture

Setting the Right Security Culture

Mackenzie Muir, Chief Information Security Officer at Allianz Australia
Ways to Thrive in the Ever-Evolving Cybersecurity Landscape

Ways to Thrive in the Ever-Evolving Cybersecurity Landscape

Yonesy Núñez, the Chief Information Security Officer at Jack Henry™
Future Of Cyber Security: Responding To Threats With Confidence

Future Of Cyber Security: Responding To Threats With Confidence

Bernard Gavgani, Group CIO, BNP Paribas