The evolution of telco cybersecurity
By Guy Daniels
Oct 8, 2024
To embed our video on your website copy and paste the code below:
<iframe src="https://www.youtube.com/embed/HhLCtYbznsU?modestbranding=1&rel=0" width="970" height="546" frameborder="0" scrolling="auto" allowfullscreen></iframe>
Guy Daniels, TelecomTV (00:12):
Hello, you are watching TelecomTV. I'm Guy Daniels. Today's discussion looks at the evolution of Telco cybersecurity. We're going to focus on current cybersecurity trends, the experiences of companies in navigating these trends and the impact on their operations, and we will gain insights into the most significant challenges they face and highlight emerging technologies that are shaping the evolving landscape of cybersecurity. Well, I'm delighted to say that joining me on the program today are Srini Bhattiprolu, who is Global head of Presales and Advanced Consulting Services at Nokia Cloud and Network Services. Terje Jensen SVP head of Global Business Security for Telenor and Ville Syrjänen CTO Connectivity and Security Business at Elisa B2B. Hello everyone. It's really good to see you all. Thanks so much for joining us on the show. Now, to give some context to our conversation, can I first of all ask you what are the most significant emerging cyber threats that are currently impacting the telecoms industry and how should communication service providers prepare for them? Srini, let me come across to you first for your comments.
Srinivas Bhattiprolu, Nokia (01:38):
Thank you very much. Guy telecom industry is termed as something which is called critical infrastructure, and this is something that's going to really drive the economy forward for multiple countries. Considering this situation. There are a lot of state and non-state actors and a lot of emerging threats that are ensured to this particular sector. I would actually talk about four specific ones. The first one would be the DDoS, which actually, which is also termed as distributed denial of service, which directly impacts the availability of the services from telecom service providers. That's the first one I would talk about. The second one I will also talk about is the network vulnerabilities considering the diversity of the network environment in a telco service provider. Considering the type of legacy network elements and the new age network elements that exist in the network, having vulnerabilities in the network is the second emerging threat that I would point out. The third most important one is the supply chain security, considering all the challenges that we see across the world around supply chain and the security that is required. Last but not the least is the exfiltration of PII or personally identifiable information. There are several others which include insider threats, phishing, social engineering and whatnot. But the first four that I talked about are the key emerging threats I would say are very important for a telecom service provider.
Guy Daniels, TelecomTV (03:11):
Great. Thanks very much Srini for going through those four key areas. Terje, what about you? What are the areas that you are seeing as most important for CSPs to understand and act to now?
Terje Jensen, Telenor (03:29):
Thanks guys. I think please allow me to take a bit of a step back and so what I'm starting on in the beginning of the response to that is not strictly only cybersecurity, but it will be security in a bit of a broader context. And the reason for that is that we see across all these security threats. So the way we are approaching it is actually divided into, call it four layers. So it start with the physical part of it, which then goes into the cutting sea cables for example. What we are seeing, we are seeing that there are trends or threats around the mots falling down. Of course it could be on sabotage, but of course threats is also coming from more the climate part of it. So that's on the physical side, so not forget about that. Then of course we see a lot of monitoring activities, which could be called esp, ESP with using drones and so on, so that's a physical part of it.
(04:28):
Then on top of that, of course this logical which where we see the traffic and then we find threats like I think Ian mentioned that on the volume attacks, for example DDoS, we see also someone hijacking for example, how to route the traffic DNS for example, we see misconfigurations traffic tapping and adult. Part of that on the logic level, on the top of that is the third level, which is more the information and the application and the services where there are identity tests, there are misuse, misuse, misinformation, leakage of information, fake profiles in different apps and those kind of things. And the fourth lever is more the human aspect and the impact of societies. For example, fraud attempts, deep fakes manipulation, and also taking out more critical infrastructure capabilities. So we look at all these four layers and the reason for that is that we see the attacks and the threats typically are coming across as hybrid or multi-mode if you want.
(05:35):
So this coordination across different attacks, both on the logical as well as applications as well as humans for example. So these are coordinated and the most advanced attackers are playing on many of these layers. So that's the way we are responding to it as well. So we have organized ourself into something called a 360 perspective on the business security where we are covering all the physical part, personal security information, security fraud and so forth into the same way of work. And the reason for that again, is that the insight across different layers is very important and then it's important also to understand what's going on, what the ideas are doing, and then of course how we should coordinate our response to that. And we see actually growing trends. I think also Rindi indicated that we see growing trends when it comes to ransomware. We see clearly also inside the threat, but both within inside there as a telco but also insider into co partners what we are doing. So that's also growing quite a lot. We see clearly deep fake initiatives, whether that's coming onto videos or even conferences like this. And the last part, what Trinity was also saying is supply chain, and we see that is also coming up as a big increasing threat and the number of risks attached to that. So I think that's kind of the things we are seeing on the currently at least and how we are responding that in a 360 perspective across all these modes or layers.
Guy Daniels, TelecomTV (07:11):
Great, thanks Terje, for those insights and Ville, do you see the same threats from your business?
Ville Syrjänen, Elisa (07:19):
Okay, yeah. My first take is from the enterprise business point of view. Our customers see ransomware into ransomware threats into their production systems as the number one threat and I guess for the operator as well, kind of advanced persistent threats by state actors is the number one threat. So in a sense it's almost similar and how we're responding, increasing awareness, making sure we understand the nature of the threats and learn about them, as well as then ticking all the boxes around the vulnerability side and educating our frontline.
Guy Daniels, TelecomTV (08:20):
Thanks very much Ville. Well, let's follow up on some of those technologies you spoke of then. Terje. Let me put this next question to you first if I can. How have recent advancements in technology such as AI automation and quantum computing, how have they changed the cybersecurity landscape for telecom companies?
Terje Jensen, Telenor (08:39):
Yeah, no, just to build on maybe what we was also pointing to that there are a number of areas where we see that new technologies of course are impacting the cybersecurity landscape and maybe you can split them roughly into what whole is technology embraced by telco companies themselves, how are these? And the second is maybe how technologies are used in society or in the enterprises or citizens or public agency for example. And thirdly, I think it's not to forget how are these technologies actually being used by the attackers. So taking one by one, and I was going get through all of this in every detail, but clearly of course from the operator or telco perspective, we are embracing automation, we are embracing ai, of course the 5G is there, cloud is there looking into quantum safe and these kind of things. So that's coming of course into our requirements, our implementations and also the way of work with partners and also internally.
(09:40):
So we have of course a roadmap like any other telco to maximize the use of these new technologies in both safe way or secure way if you want, but also in a responsible way. And particularly when it comes to ai, the responsible and the recent approved EU ai Actis is very critical there. So I think it's important all these telcos and the companies are making cost use all the new technologies in the best way possible there. I think what also Ville was alluding to is that of course our customers and we see this new technologies also are in use in society at large, and this typically is related to digitalization. For example, automating or running business critical for example, processes on which depends on connectivity and then of course 5G might be part of that as a private network for example. Of course IOT is typically a clear player there where embracing or using a lot of more devices and connecting them and keep them connected for example, and much more of the critical processes and critical information is actually made available online for the enterprise to work in an effective manner.
(10:57):
So we see that many of the enterprises are actually or are using also this, and we'd have partners to discuss with how to take these steps in a secure manner. So for example, what is the responsible principles for using ai? For example, how are you going to activate 5G and what kind of mechanisms needs to be there for example? And all these kind of things which the enterprise typically are reaching out to operators to benefit from their insights from us as being of course a professional player into exactly discussing this. Then lastly, I think if I may also, nuclear technologies are used by attackers. There's no doubt about that. And sometimes you can also know if an attack is just made by a human or is it made by a machine. I think you probably have been a victim, all of us or at least try to be a victim of many kind of fraud attempts, many of us at least both on the SMS and voice calls and all the kind of messaging and attempts what they're doing.
(12:06):
So just take one simple example, it takes very little effort these days to make a script, for example, to make a ransomware software. So that means that to starting that business for any attackers is fairly low, a low threshold actually, which of course makes it a bit scary I think from the other side, but we have to prepare ourselves for that. These kinds of technologies also allow attackers to be much more effective, to be much more targeted and to take advantage of that something is happening. For example, what we discussed about earlier, something is happening on the physical side. Maybe you can launch an attack on the logical side or with trying to steal some information at the same time to take advantage of a kind of confusion or a kind of uncertain situation in the very beginning. So also attackers of course are using, for example, AI to make very, very realistic scenarios when it comes to personalizing or contextualizing an attack for example. So again, all technologies are induced by all these different players, both the operators, all the customers on the society at large, and also the attackers.
Guy Daniels, TelecomTV (13:18):
Great, thanks very much Terje, there was so much to be aware of, isn't there? Well, let's bring in Ville now for some additional comments there. I'm sure you want to comment more on the enterprise B2B sector there Ville.
Ville Syrjänen, Elisa (13:29):
Yeah, definitely. Thanks guy and thanks Terje. I really much chime to Terje that it feels like really, really tough environment to play in and to stay on top of, but there's the keys are of course having the partners that bring you technology, bring you the playbooks and having this kind of very, very scalable cloud-based response capability. And then I guess for the vulnerability management, you need to automate everything so that you can very quickly and the first day or the zero day that the vulnerabilities are found, start to close them and by the end of the day or by the end of the hour, be able to be firm that you've covered that base.
Guy Daniels, TelecomTV (14:30):
Great. Thanks very much Ville. Well, let's move from technology and let's focus even more on the specific telco requirements here. Can you discuss any specific cybersecurity challenges that the telcos face compared to other vertical industries and what unique strategies are being employed to address them? Srini, perhaps we could come across to you to tell us more about the unique threats and situation that telcos find themselves in.
Srinivas Bhattiprolu, Nokia (15:05):
Great will do guy. As you know, telco environment is pretty diverse. I certainly alluded to deploying the traditional IT tools to network I would call is almost tantamount to putting a square plug in a round hole. And I'll explain to you why this is the reason. The first thing is the network is extremely diverse. It is a combination of physical network functions, virtual network functions and cloud native network functions, which is unlike the case let's say with an IT application, which is fully containerized. The protocols are different and the complexity that exists in a network is extremely different. So I already talked about the DDoS attacks and that's something which we all need to be aware of and the complex network architecture certainly requires you to employ additional care. What I would recommend to many telcos and I have had these conversations with many of them, is to really have a separate strategy for protecting the telco network.
(16:07):
And that is a crown jewel that exists for any telco service provider. And if the network is brought down or if there are compromise or the malware, the Terje and Ville were talking about a malware incident in a network, number one, there could be a huge impact on the brand equity of the telco. At the same time the services would go down, a telco services going down would actually have a cascading effect on the entire economy. And we've observed this with a large telco in Portugal as to what happened when the entire national infrastructure came down. So that's one thing, looking at the network infrastructure holistically and making sure that there is a very clear strategy to protect the network infrastructure. That's one aspect which I would talk about. The second thing which is very, very important is to employ or deploy zero trust architecture, which has already been alluded to by both Terje and Ville.
(17:02):
Having a zero trust architecture as opposed to let's say a castle and a mote approach, everybody who's actually coming into the network must be authenticated. Everybody who is actually considered as someone who's an outsider to the network. So that's something which we should be really looking at. We certainly talked about the attackers, both state and non-state. In case of telcos, the use of the activities from state actors is a lot more prevalent because of the critical infrastructure and the impact that they they're able to make. So to ward off the threats that are coming in from the state actors I think requires a very specific strategy and approach. Last but not the least, ensuring that you adapt the right standards to secure your supply chain. That's something which telcos cannot really ignore. And what we also see across the telcos are there are country specific regulations with the advent of 5G, which Terje rightly talked about, the network architecture is made a lot more open and the country regulators are becoming a lot more paranoid about the safety, security and resilience of these networks. And to have a holistic approach to really secure these networks is something which is being recommended and there are very specific prescriptive policies that are actually being asked for the telco service providers to adhere to. And that's something which the regulators are imposing as we see across multiple countries, not just in European Union but also in the other parts of the world.
Guy Daniels, TelecomTV (18:42):
Great, thanks very much. And Terje, let's come across to you for your additional comments.
Terje Jensen, Telenor (18:50):
Yeah, just to build on what Trini mentioned, I think, so of course at Telco we are managing a vastly distributed infrastructure, which is interconnected. Interconnected, and then of course in total we actually comes up with as a global infrastructure for the whole world. And as also Rin mentioned, it's mainly based on international standards, at least on the network side. So on top of that, I think also Rin mentioned that in previous or earlier in this session is that we are also managing multi technology network. So some of the two G stuff for example is more than 30 to 30 years old and we are still providing seamless services across a number of technologies. And some of these actually also imposed from the regulation point of view that is something we need to maintain at least for the next year or so. So that's kind of the bit of the complexity, both vastly distributed and network with a lot of technologies.
(19:49):
And then of course increasing traffic, also increasing number of devices. And what we also see is that the dependency of the society on the connectivity is very crucial. And we actually talked, interviewed a couple of, we actually had out a survey among a number of enterprise customers in the Nordics and we asked them the question about seen from your perspective, who would you look to watch when it comes to protection on cybersecurity? And it was a very close race between number one, which turns out to be the cybersecurity specific vendors and the telcos. And the reason for that is typically the telcos and the connectivity is a first line of defense when it comes to defending against cyber attacks. The reason is that the attackers are typically using connectivity or try to use connectivity as one of the entry points in order to launch something towards the enterprises. So I think our critical role in this is important to remember. Then of course there are other industries having pieces of this financials for example, and also electricity distribution. So we see that of course there are similarities which we could collaborate with of course and also learn from. And I think that's probably also one of the motivation for the new regulations coming from within the EU on this niche two, which is actually stimulating to further collaboration among the players across the industries, but also among the different countries and the governments there.
Guy Daniels, TelecomTV (21:27):
Yeah, thanks very much Terje. And you mentioned that this is a global industry built on standards. So Ville, let me come across to you. What role do industry standards and frameworks play in shaping cyber security strategies and ensuring compliance?
Ville Syrjänen, Elisa (21:45):
Well, I think, so one does need some frame of reference to be able to communicate what we need to achieve, whether it's ISO 27,001 or NIST or SAF, you pick your chosen one, but definitely it's such a complex area, especially in the telco that you do need some framework. And then partners and technology developers also adhere or recognize or build services around most adopted frameworks like the NISD, nist. So I'd say it's a common language as all standards are, they are formative, but the most important thing is to understand your particular vulnerability, your risks IE threat vector and what's important in your own production and then what are your vulnerabilities and then prioritize your action and actions and spend according to that. That's like the polar star of this whole thing.
Guy Daniels, TelecomTV (23:12):
Great. Thanks for that advice Ville. And let's go across to Terje as well for some additional thoughts on terrier.
Terje Jensen, Telenor (23:19):
Yeah, I would try to be brief, I think. So as a principal of course we prefer international standards because it's exactly what we'll assess. It provides terminology, frameworks, which can be recognized across many of the players I think. So that's of course strongly supported, but I think it's also important that standards of course is one thing, but you also have to look into an implementation and operations of it. So it's also how we are working internally, how we are working with partners, how we are working with customers, for example, which is the key, the clear. But then of course standards are of course important again to provide a common language, and it's also allows of course to share benchmarking, to share experience again with the same framework. So we find standard as in iso for example, on 27,000 maturity assessment for example, you find three gpp, Etsy. So the number of standard areas I think, which is very important for us as telco at least to lean on and also to learn from. So I think that's also, but not to forget about when we are engaging with enterprises, they typically also have their own standards within their industries. So the cross industry fertilization goes about security and learning and from the best of the best is very important. So we also need to look at standards outside our traditional industry in that sense.
Guy Daniels, TelecomTV (24:43):
Oh yes, absolutely. Thanks everyone for those comments. There are a couple of other areas, specific areas we want to cover. So let me move on and ask, are there any innovative approaches or technologies that are currently being explored to improve threat detection and prevention in the telecoms industry? Srini, perhaps we could start with your thoughts on threats, detection and prevention.
Srinivas Bhattiprolu, Nokia (25:11):
Oh, certainly there are quite a few of them. This is an area which is experiencing a lot of innovative approaches. The first one I would talk about is the user and entity behavior analytics, which monitors user and device and entity behaviors and then establishes baselines to really look at very specific anomalies that occur on a regular basis. The second one is all about real time threat intelligence for aggregation and automated correlation. That's something which we see as another innovative approach utilizing extended detection and response based approaches to drive automation in the security operation center, utilizing advanced playbook and really making sure that the actions to the threat vectors are automated and semi-automated. That's another important trend that we see establishing zero trust. And in that utilizing micro and macro segmentation, innovative ways of role-based access control and making sure that you also have things like honey pots and deception technologies. These are some innovative trends that we've actually observed in threat detection.
Guy Daniels, TelecomTV (26:23):
Thanks very much Srini and Terje. A, what do you see as some of the emerging cyber threats facing the industry?
Terje Jensen, Telenor (26:32):
So of course what we see is that it's a very dynamic threat landscape, so you really need to be on your toes in order to understand what's going on. And then of course you need to automate these processes, you need to use AI and so forth, what RIN just mentioned. So I think that's important, but it's also good to have a peek into what's available out there, what in, so-called dark web, what are there on capabilities, what data is for sale and so forth, what kind of scripts and languages and something is up which you can get hold of and so on. So keep your finger on the pulse a bit on what's happening on that side of the fence, if I may say it like that. So what we also see as a bit of a challenge of course is to translate some of these very hardcore security technology language into something that the customers understand.
(27:31):
And then of course you do that in order to make sure that you are doing the right things. Your focus is on eliminating the threats, which are the biggest one or the most dramatic ones for the relevant enterprises for example. And that is typically a dialogue and you need to relate to different threats and of course into the readiness or the maturity or the preparedness for the different companies. So that's important think as well. And in that way, you're actually also embedding security into all the other areas, both in the technical sense, in the process sense, and also in the people and the market sense. So that is a bit of a different, call it high level sense of working with the threats. It's not only a technical kind of things, but actually bringing it out and bringing, translating that into risks which people are understanding. And also I'm able to engage in a practical discussion on what to do and how to prepare. That hits me, for example.
Guy Daniels, TelecomTV (28:36):
Well, let me stay with you a moment, Terje, because I want to come also onto data protection. What are some of the most effective practices you've observed for protecting sensitive data in the telecom sector?
Terje Jensen, Telenor (28:49):
Yeah, thanks Gary. I think it's one of the key questions there is to start with of course, is to identify what is the sensitive data and where is it and who should have access to that. So I think that's something we typically refer to as data ownership or data management. I think that's some of the basic things which needs to be in place in order to manage the sensitive data. Of course, not only sensitive data but data in general, but of course it's very critical for sensitive data. So then of course there needs to be a qualification on who should have access to this, who should be able to process the data, for example, and also making sure that this sensitive data is not tampered with, so it's not changed by or on purpose or in bad will. And so integrity for example, and mechanisms around that.
(29:44):
One, it is important to be aware of when it comes to the sensitive data. So of course one of the key elements is encrypting. Then of course all the sensitive data both at rest, meaning that when it's stored, but also in transit and also when in processed. So there are a number of key technologies of course to make sure that you have confidential processing for example, but also that you limit and restrict the persons you can have accesses. Another part of it is of course, that when someone receives sensitive data, there needs to be mechanisms as well to validate that this is correct, so it's not a misinformation or has been tampered with on the way and so forth. So there also a number of practices there on the receiver side. So it's not only the one generating the data, but it's also the one using it.
(30:40):
So you can insert security controls or checkpoints if you want both on the sender side or the ownership side, but also on the user side. So I think, and then of course when it comes to the case, there is a breach, this data is leaked or is misute in any way, you need to have a log meaning, and the logs of course can be used for doing forensics and what happened, and then of course learn from mistakes or anything else, which you then should plug some security holes or any way other way you should improve the data.
Guy Daniels, TelecomTV (31:16):
Thanks Terje. And Srini, did you want to come in on the issue of protecting sensitive data?
Srinivas Bhattiprolu, Nokia (31:23):
Oh yeah. I think Terje's answer was pretty comprehensive. There are a couple of areas which I would like to augment to whatever he just said. One is performing regular audits. That's something which is extremely important just to make sure that the right data management practices, data governance practices and secure data protection practices are actually employed within the organization. That's something which is very, very key for us to make sure that the personally identifiable information is actually protected. The second aspect, which I would like to really highlight is we really cannot undermine the importance of humans who are involved in this whole data lifecycle, and which essentially means that it is important to train these individuals on a regular basis as to what is important, what is a personally identifiable data, what are the different means. So we could certainly employ the technical tools that Terje alluded to, the aspects like protection role-based access controls, multifactor authentication and whatnot. But certainly conducting regular audits and making sure that there is proper enablement in place within the organization to apprise people and continuously monitor them on their progress to really get to a good level of data governance and data management practices.
Guy Daniels, TelecomTV (32:47):
Thank you very much, Srini. Ville, would you like to comment to?
Ville Syrjänen, Elisa (32:51):
Yeah. A change in this map of protected data is coming with the European Data Act two, which introduces GDPR to legal entities. So a company owns its own data and can ask for it from the provider's systems and can ask it to be rectified or changed or deleted. So that will cause a new set of expansion in the sort of data management capabilities introducing this kind of object, like a legal identity into the picture.
Guy Daniels, TelecomTV (33:42):
That's great information. Thank you Ville. And Ville, I have another question for you because this is obviously a rapidly evolving threat landscape we're in. How do you approach incident response and threat mitigation? Are there any recent examples of successful strategies or lessons learned that you can share with us?
Ville Syrjänen, Elisa (34:02):
Well, let's start with by be sure to have a recovery platform and to have a recovery of your data, of course. But then when it comes to actual incidents, at least our practice is this kind of cybersecurity service operating center which leads activities in terms of communication as well as the actions. And then the second part is you need to have really deep competencies for the forensics and for recovery actions, and it takes time to build that capability. You may need to revert to partners for support, but yeah, competencies, leadership and being prepared would be at least some of the actions.
Guy Daniels, TelecomTV (35:22):
Great. Thanks for that advice. Ville We will go to Srini and hear from him in a second, but Terje, lemme come across to you next
Terje Jensen, Telenor (35:30):
And just quickly build on what Ville mentioned and to what I referred to earlier as a 360 perspective on business security. So roughly consisting of four different areas. The first one is threat insight and threat intelligence, and the second part is more on the reactive part of it. So for example, what you do in case of incident, it could be crisis management, even if that turns into a crisis or it is more like a minor kind of incident or major incident for example, then of course you need to have the monitoring part of that is in order to react in the right way. Then the third element of this three something we call the proactive. So how to try to avoid that to end up in that situation, which is spanning everything from having the right policies in order to make sure that you have all the mechanisms and security controls there doing, for example, penetration testing to figure out do you have any weaknesses or any holes there. And the fourth element of this 360 perspective is also what Ville has said, which we refer to as scaling. So then you need to scale it through the organization, you need to scale it through the partners and also scale it with working together with the customer. So these are the kind of the four elements we think needs to be in place, the threat picture, the reactive part, the proactive part, and also the scaling part of it.
Guy Daniels, TelecomTV (37:02):
Thank you. Terje. Srini, any examples or lessons you can share?
Srinivas Bhattiprolu, Nokia (37:08):
Yeah, there are a couple of real best practices that I would like to share. One is obviously utilizing automation and using tools which actually drive playbook execution. That's something which is very, very important and pertinent in this space. The second one is all about sharing of the information, which it could be real time threat intelligence, it could be other aspects, sharing of the information among the communication service providers. That's key to success and we really advocate the communication service providers come together and share the information without any inhibitions so that there is a database that's available and one could tap into the experience of other in a specific country or a market, making it a lot more effective together as these people try and ward off the threats to the critical infrastructure.
Guy Daniels, TelecomTV (38:02):
Great. Thank you Srini. And we'll quickly go back to Ville for some additional comments.
Ville Syrjänen, Elisa (38:08):
In terms of the learnings from some recent cases in Finland, I guess the best learning is that if you are able to help the customer, the enterprise to manage and solve a breach, do it effectively, it produces huge trust and satisfaction on the customer side, so it's really worth investing into.
Guy Daniels, TelecomTV (38:44):
Good to hear. Well, thank you all for those comments. I've got a final question for you though. If we look ahead, what future trends do you anticipate will shape the cybersecurity landscape for telecoms and how can organizations stay ahead of these developments? Terje, perhaps we could hear from you first.
Terje Jensen, Telenor (39:08):
I think it will be continue of course to be a race between the different players in this both defenders and attackers, which is something we have seen of course so far as well. And then of course, as we also discussed about earlier, so all of them will use the latest technologies and they will be become all victors I think on all sides of the game in there. So I think back to what was mentioning, of course, collaboration is one of the key points, I think at least on our side as we see it, is that it's not only a single company or a single industry issue, it's a broad issue and collaboration could just make us a bit stronger and of course more prepared in order to do that. But that also raises the bar a bit for some of the security people, at least the security experts, because you cannot only be a deep technology or technical, the security expert anymore, you need to be able to engage with.
(40:12):
And so what we are then of course, can we truly embed security into all the processes, all the systems and all the people mindset in a way. So the human element of this is very important and not only in telco companies, not only in partners, but also in the society at large. Then of course there are a number of areas I think, which is looking into, for example, on making sure that the security is fully covered among the supply chain. I think it was mentioned earlier in this session as well. Of course there are collaboration going on both within telcos for example, on shared physical infrastructure. So that also is one of the elements where we have to a bit step up on supporting this, I think was mentioned, I think really mentioned something about oscillation and trying to contain any kind of attacks into smaller compartments and so on, which of course is one element though when we are facing even more software, for example, even more smartness into the operations and the systems and so on. So I think there are a number of oncology elements which will be helping us both on our side and also on the attacker side. But of course, this collaboration, sharing information and making security truly embedded all these different people, processes and systems is a must going forward.
Guy Daniels, TelecomTV (41:39):
Yeah, absolutely. Thank you. Terje and Srini, what future trends do you anticipate that we will see?
Srinivas Bhattiprolu, Nokia (41:47):
Yeah, I would like to talk about three specific trends. The first one is obviously we've beaten this topic to death, the advanced adoption of artificial intelligence and machine learning. Number two, this will also be a corollary to what I just said about AI driving automation in the security operations. That's something which is certainly going to be adapted by many operators. Also recognizing the fact that network security must be treated separately with very specific tools that have expertise and people that have expertise in the networks security area. That's something which I certainly see as a trend. A last but not the least, I think quantum safe, which has existed in the universities as of now, will become a reality, having the right level of quantum safe certified technologies in place, and that's something which is really going to drive the future, in my view.
Guy Daniels, TelecomTV (42:47):
Yeah, very interesting. Srini, thank you very much for that. And Ville, let's hear from you for this final question.
Ville Syrjänen, Elisa (42:55):
Yeah, first of all, second, this quantum security, it's this kind of geological logical movement or thing that will change the way we cipher in the kind of midterm and the risk is here now already because of these kind of harvesting attacks, which harvesting means just recording internet traffic and deciphering it when the quantum computers are available, and the US or US has implemented a law that requires government organizations to actually map their ciphers by the end of this year. And there's a process to take in the new C ciphers already before the end of this decade. That's one. Second big, big movement is towards distributed computing architectures, and there I think the important technology is this kind of zero trust approach to access and to control lateral movement all the time, and perhaps even using cloud technologies to do that in our cloud, say C model for example.
(44:39):
But ultimately it's about the people and the frontline continues to be really important and the place of the first defense is there and raising awareness of these deep fakes, and we will be more cautious in operate their personnel about engaging, and so that will somehow impact. Last but not least, we need to seek byproduct benefits from security operations because it's always a cost to benefit, even though it's national infrastructure. I think there are opportunities to reduce costs, improve customer experience with the insight that we actually have when we are doing, observing what's happening in the network.
Guy Daniels, TelecomTV (45:48):
Well, great insights everybody, but we must leave it there. Thank you all so much for taking part in our discussion today. For more information on the subjects covered in today's program, please visit Nokia's website where you will find related content and the company's latest threat intelligence report and the relevant link can be found in the text that accompanies this video. For now, from all of the team here at telecom tv, thank you for watching and goodbye.
Hello, you are watching TelecomTV. I'm Guy Daniels. Today's discussion looks at the evolution of Telco cybersecurity. We're going to focus on current cybersecurity trends, the experiences of companies in navigating these trends and the impact on their operations, and we will gain insights into the most significant challenges they face and highlight emerging technologies that are shaping the evolving landscape of cybersecurity. Well, I'm delighted to say that joining me on the program today are Srini Bhattiprolu, who is Global head of Presales and Advanced Consulting Services at Nokia Cloud and Network Services. Terje Jensen SVP head of Global Business Security for Telenor and Ville Syrjänen CTO Connectivity and Security Business at Elisa B2B. Hello everyone. It's really good to see you all. Thanks so much for joining us on the show. Now, to give some context to our conversation, can I first of all ask you what are the most significant emerging cyber threats that are currently impacting the telecoms industry and how should communication service providers prepare for them? Srini, let me come across to you first for your comments.
Srinivas Bhattiprolu, Nokia (01:38):
Thank you very much. Guy telecom industry is termed as something which is called critical infrastructure, and this is something that's going to really drive the economy forward for multiple countries. Considering this situation. There are a lot of state and non-state actors and a lot of emerging threats that are ensured to this particular sector. I would actually talk about four specific ones. The first one would be the DDoS, which actually, which is also termed as distributed denial of service, which directly impacts the availability of the services from telecom service providers. That's the first one I would talk about. The second one I will also talk about is the network vulnerabilities considering the diversity of the network environment in a telco service provider. Considering the type of legacy network elements and the new age network elements that exist in the network, having vulnerabilities in the network is the second emerging threat that I would point out. The third most important one is the supply chain security, considering all the challenges that we see across the world around supply chain and the security that is required. Last but not the least is the exfiltration of PII or personally identifiable information. There are several others which include insider threats, phishing, social engineering and whatnot. But the first four that I talked about are the key emerging threats I would say are very important for a telecom service provider.
Guy Daniels, TelecomTV (03:11):
Great. Thanks very much Srini for going through those four key areas. Terje, what about you? What are the areas that you are seeing as most important for CSPs to understand and act to now?
Terje Jensen, Telenor (03:29):
Thanks guys. I think please allow me to take a bit of a step back and so what I'm starting on in the beginning of the response to that is not strictly only cybersecurity, but it will be security in a bit of a broader context. And the reason for that is that we see across all these security threats. So the way we are approaching it is actually divided into, call it four layers. So it start with the physical part of it, which then goes into the cutting sea cables for example. What we are seeing, we are seeing that there are trends or threats around the mots falling down. Of course it could be on sabotage, but of course threats is also coming from more the climate part of it. So that's on the physical side, so not forget about that. Then of course we see a lot of monitoring activities, which could be called esp, ESP with using drones and so on, so that's a physical part of it.
(04:28):
Then on top of that, of course this logical which where we see the traffic and then we find threats like I think Ian mentioned that on the volume attacks, for example DDoS, we see also someone hijacking for example, how to route the traffic DNS for example, we see misconfigurations traffic tapping and adult. Part of that on the logic level, on the top of that is the third level, which is more the information and the application and the services where there are identity tests, there are misuse, misuse, misinformation, leakage of information, fake profiles in different apps and those kind of things. And the fourth lever is more the human aspect and the impact of societies. For example, fraud attempts, deep fakes manipulation, and also taking out more critical infrastructure capabilities. So we look at all these four layers and the reason for that is that we see the attacks and the threats typically are coming across as hybrid or multi-mode if you want.
(05:35):
So this coordination across different attacks, both on the logical as well as applications as well as humans for example. So these are coordinated and the most advanced attackers are playing on many of these layers. So that's the way we are responding to it as well. So we have organized ourself into something called a 360 perspective on the business security where we are covering all the physical part, personal security information, security fraud and so forth into the same way of work. And the reason for that again, is that the insight across different layers is very important and then it's important also to understand what's going on, what the ideas are doing, and then of course how we should coordinate our response to that. And we see actually growing trends. I think also Rindi indicated that we see growing trends when it comes to ransomware. We see clearly also inside the threat, but both within inside there as a telco but also insider into co partners what we are doing. So that's also growing quite a lot. We see clearly deep fake initiatives, whether that's coming onto videos or even conferences like this. And the last part, what Trinity was also saying is supply chain, and we see that is also coming up as a big increasing threat and the number of risks attached to that. So I think that's kind of the things we are seeing on the currently at least and how we are responding that in a 360 perspective across all these modes or layers.
Guy Daniels, TelecomTV (07:11):
Great, thanks Terje, for those insights and Ville, do you see the same threats from your business?
Ville Syrjänen, Elisa (07:19):
Okay, yeah. My first take is from the enterprise business point of view. Our customers see ransomware into ransomware threats into their production systems as the number one threat and I guess for the operator as well, kind of advanced persistent threats by state actors is the number one threat. So in a sense it's almost similar and how we're responding, increasing awareness, making sure we understand the nature of the threats and learn about them, as well as then ticking all the boxes around the vulnerability side and educating our frontline.
Guy Daniels, TelecomTV (08:20):
Thanks very much Ville. Well, let's follow up on some of those technologies you spoke of then. Terje. Let me put this next question to you first if I can. How have recent advancements in technology such as AI automation and quantum computing, how have they changed the cybersecurity landscape for telecom companies?
Terje Jensen, Telenor (08:39):
Yeah, no, just to build on maybe what we was also pointing to that there are a number of areas where we see that new technologies of course are impacting the cybersecurity landscape and maybe you can split them roughly into what whole is technology embraced by telco companies themselves, how are these? And the second is maybe how technologies are used in society or in the enterprises or citizens or public agency for example. And thirdly, I think it's not to forget how are these technologies actually being used by the attackers. So taking one by one, and I was going get through all of this in every detail, but clearly of course from the operator or telco perspective, we are embracing automation, we are embracing ai, of course the 5G is there, cloud is there looking into quantum safe and these kind of things. So that's coming of course into our requirements, our implementations and also the way of work with partners and also internally.
(09:40):
So we have of course a roadmap like any other telco to maximize the use of these new technologies in both safe way or secure way if you want, but also in a responsible way. And particularly when it comes to ai, the responsible and the recent approved EU ai Actis is very critical there. So I think it's important all these telcos and the companies are making cost use all the new technologies in the best way possible there. I think what also Ville was alluding to is that of course our customers and we see this new technologies also are in use in society at large, and this typically is related to digitalization. For example, automating or running business critical for example, processes on which depends on connectivity and then of course 5G might be part of that as a private network for example. Of course IOT is typically a clear player there where embracing or using a lot of more devices and connecting them and keep them connected for example, and much more of the critical processes and critical information is actually made available online for the enterprise to work in an effective manner.
(10:57):
So we see that many of the enterprises are actually or are using also this, and we'd have partners to discuss with how to take these steps in a secure manner. So for example, what is the responsible principles for using ai? For example, how are you going to activate 5G and what kind of mechanisms needs to be there for example? And all these kind of things which the enterprise typically are reaching out to operators to benefit from their insights from us as being of course a professional player into exactly discussing this. Then lastly, I think if I may also, nuclear technologies are used by attackers. There's no doubt about that. And sometimes you can also know if an attack is just made by a human or is it made by a machine. I think you probably have been a victim, all of us or at least try to be a victim of many kind of fraud attempts, many of us at least both on the SMS and voice calls and all the kind of messaging and attempts what they're doing.
(12:06):
So just take one simple example, it takes very little effort these days to make a script, for example, to make a ransomware software. So that means that to starting that business for any attackers is fairly low, a low threshold actually, which of course makes it a bit scary I think from the other side, but we have to prepare ourselves for that. These kinds of technologies also allow attackers to be much more effective, to be much more targeted and to take advantage of that something is happening. For example, what we discussed about earlier, something is happening on the physical side. Maybe you can launch an attack on the logical side or with trying to steal some information at the same time to take advantage of a kind of confusion or a kind of uncertain situation in the very beginning. So also attackers of course are using, for example, AI to make very, very realistic scenarios when it comes to personalizing or contextualizing an attack for example. So again, all technologies are induced by all these different players, both the operators, all the customers on the society at large, and also the attackers.
Guy Daniels, TelecomTV (13:18):
Great, thanks very much Terje, there was so much to be aware of, isn't there? Well, let's bring in Ville now for some additional comments there. I'm sure you want to comment more on the enterprise B2B sector there Ville.
Ville Syrjänen, Elisa (13:29):
Yeah, definitely. Thanks guy and thanks Terje. I really much chime to Terje that it feels like really, really tough environment to play in and to stay on top of, but there's the keys are of course having the partners that bring you technology, bring you the playbooks and having this kind of very, very scalable cloud-based response capability. And then I guess for the vulnerability management, you need to automate everything so that you can very quickly and the first day or the zero day that the vulnerabilities are found, start to close them and by the end of the day or by the end of the hour, be able to be firm that you've covered that base.
Guy Daniels, TelecomTV (14:30):
Great. Thanks very much Ville. Well, let's move from technology and let's focus even more on the specific telco requirements here. Can you discuss any specific cybersecurity challenges that the telcos face compared to other vertical industries and what unique strategies are being employed to address them? Srini, perhaps we could come across to you to tell us more about the unique threats and situation that telcos find themselves in.
Srinivas Bhattiprolu, Nokia (15:05):
Great will do guy. As you know, telco environment is pretty diverse. I certainly alluded to deploying the traditional IT tools to network I would call is almost tantamount to putting a square plug in a round hole. And I'll explain to you why this is the reason. The first thing is the network is extremely diverse. It is a combination of physical network functions, virtual network functions and cloud native network functions, which is unlike the case let's say with an IT application, which is fully containerized. The protocols are different and the complexity that exists in a network is extremely different. So I already talked about the DDoS attacks and that's something which we all need to be aware of and the complex network architecture certainly requires you to employ additional care. What I would recommend to many telcos and I have had these conversations with many of them, is to really have a separate strategy for protecting the telco network.
(16:07):
And that is a crown jewel that exists for any telco service provider. And if the network is brought down or if there are compromise or the malware, the Terje and Ville were talking about a malware incident in a network, number one, there could be a huge impact on the brand equity of the telco. At the same time the services would go down, a telco services going down would actually have a cascading effect on the entire economy. And we've observed this with a large telco in Portugal as to what happened when the entire national infrastructure came down. So that's one thing, looking at the network infrastructure holistically and making sure that there is a very clear strategy to protect the network infrastructure. That's one aspect which I would talk about. The second thing which is very, very important is to employ or deploy zero trust architecture, which has already been alluded to by both Terje and Ville.
(17:02):
Having a zero trust architecture as opposed to let's say a castle and a mote approach, everybody who's actually coming into the network must be authenticated. Everybody who is actually considered as someone who's an outsider to the network. So that's something which we should be really looking at. We certainly talked about the attackers, both state and non-state. In case of telcos, the use of the activities from state actors is a lot more prevalent because of the critical infrastructure and the impact that they they're able to make. So to ward off the threats that are coming in from the state actors I think requires a very specific strategy and approach. Last but not the least, ensuring that you adapt the right standards to secure your supply chain. That's something which telcos cannot really ignore. And what we also see across the telcos are there are country specific regulations with the advent of 5G, which Terje rightly talked about, the network architecture is made a lot more open and the country regulators are becoming a lot more paranoid about the safety, security and resilience of these networks. And to have a holistic approach to really secure these networks is something which is being recommended and there are very specific prescriptive policies that are actually being asked for the telco service providers to adhere to. And that's something which the regulators are imposing as we see across multiple countries, not just in European Union but also in the other parts of the world.
Guy Daniels, TelecomTV (18:42):
Great, thanks very much. And Terje, let's come across to you for your additional comments.
Terje Jensen, Telenor (18:50):
Yeah, just to build on what Trini mentioned, I think, so of course at Telco we are managing a vastly distributed infrastructure, which is interconnected. Interconnected, and then of course in total we actually comes up with as a global infrastructure for the whole world. And as also Rin mentioned, it's mainly based on international standards, at least on the network side. So on top of that, I think also Rin mentioned that in previous or earlier in this session is that we are also managing multi technology network. So some of the two G stuff for example is more than 30 to 30 years old and we are still providing seamless services across a number of technologies. And some of these actually also imposed from the regulation point of view that is something we need to maintain at least for the next year or so. So that's kind of the bit of the complexity, both vastly distributed and network with a lot of technologies.
(19:49):
And then of course increasing traffic, also increasing number of devices. And what we also see is that the dependency of the society on the connectivity is very crucial. And we actually talked, interviewed a couple of, we actually had out a survey among a number of enterprise customers in the Nordics and we asked them the question about seen from your perspective, who would you look to watch when it comes to protection on cybersecurity? And it was a very close race between number one, which turns out to be the cybersecurity specific vendors and the telcos. And the reason for that is typically the telcos and the connectivity is a first line of defense when it comes to defending against cyber attacks. The reason is that the attackers are typically using connectivity or try to use connectivity as one of the entry points in order to launch something towards the enterprises. So I think our critical role in this is important to remember. Then of course there are other industries having pieces of this financials for example, and also electricity distribution. So we see that of course there are similarities which we could collaborate with of course and also learn from. And I think that's probably also one of the motivation for the new regulations coming from within the EU on this niche two, which is actually stimulating to further collaboration among the players across the industries, but also among the different countries and the governments there.
Guy Daniels, TelecomTV (21:27):
Yeah, thanks very much Terje. And you mentioned that this is a global industry built on standards. So Ville, let me come across to you. What role do industry standards and frameworks play in shaping cyber security strategies and ensuring compliance?
Ville Syrjänen, Elisa (21:45):
Well, I think, so one does need some frame of reference to be able to communicate what we need to achieve, whether it's ISO 27,001 or NIST or SAF, you pick your chosen one, but definitely it's such a complex area, especially in the telco that you do need some framework. And then partners and technology developers also adhere or recognize or build services around most adopted frameworks like the NISD, nist. So I'd say it's a common language as all standards are, they are formative, but the most important thing is to understand your particular vulnerability, your risks IE threat vector and what's important in your own production and then what are your vulnerabilities and then prioritize your action and actions and spend according to that. That's like the polar star of this whole thing.
Guy Daniels, TelecomTV (23:12):
Great. Thanks for that advice Ville. And let's go across to Terje as well for some additional thoughts on terrier.
Terje Jensen, Telenor (23:19):
Yeah, I would try to be brief, I think. So as a principal of course we prefer international standards because it's exactly what we'll assess. It provides terminology, frameworks, which can be recognized across many of the players I think. So that's of course strongly supported, but I think it's also important that standards of course is one thing, but you also have to look into an implementation and operations of it. So it's also how we are working internally, how we are working with partners, how we are working with customers, for example, which is the key, the clear. But then of course standards are of course important again to provide a common language, and it's also allows of course to share benchmarking, to share experience again with the same framework. So we find standard as in iso for example, on 27,000 maturity assessment for example, you find three gpp, Etsy. So the number of standard areas I think, which is very important for us as telco at least to lean on and also to learn from. So I think that's also, but not to forget about when we are engaging with enterprises, they typically also have their own standards within their industries. So the cross industry fertilization goes about security and learning and from the best of the best is very important. So we also need to look at standards outside our traditional industry in that sense.
Guy Daniels, TelecomTV (24:43):
Oh yes, absolutely. Thanks everyone for those comments. There are a couple of other areas, specific areas we want to cover. So let me move on and ask, are there any innovative approaches or technologies that are currently being explored to improve threat detection and prevention in the telecoms industry? Srini, perhaps we could start with your thoughts on threats, detection and prevention.
Srinivas Bhattiprolu, Nokia (25:11):
Oh, certainly there are quite a few of them. This is an area which is experiencing a lot of innovative approaches. The first one I would talk about is the user and entity behavior analytics, which monitors user and device and entity behaviors and then establishes baselines to really look at very specific anomalies that occur on a regular basis. The second one is all about real time threat intelligence for aggregation and automated correlation. That's something which we see as another innovative approach utilizing extended detection and response based approaches to drive automation in the security operation center, utilizing advanced playbook and really making sure that the actions to the threat vectors are automated and semi-automated. That's another important trend that we see establishing zero trust. And in that utilizing micro and macro segmentation, innovative ways of role-based access control and making sure that you also have things like honey pots and deception technologies. These are some innovative trends that we've actually observed in threat detection.
Guy Daniels, TelecomTV (26:23):
Thanks very much Srini and Terje. A, what do you see as some of the emerging cyber threats facing the industry?
Terje Jensen, Telenor (26:32):
So of course what we see is that it's a very dynamic threat landscape, so you really need to be on your toes in order to understand what's going on. And then of course you need to automate these processes, you need to use AI and so forth, what RIN just mentioned. So I think that's important, but it's also good to have a peek into what's available out there, what in, so-called dark web, what are there on capabilities, what data is for sale and so forth, what kind of scripts and languages and something is up which you can get hold of and so on. So keep your finger on the pulse a bit on what's happening on that side of the fence, if I may say it like that. So what we also see as a bit of a challenge of course is to translate some of these very hardcore security technology language into something that the customers understand.
(27:31):
And then of course you do that in order to make sure that you are doing the right things. Your focus is on eliminating the threats, which are the biggest one or the most dramatic ones for the relevant enterprises for example. And that is typically a dialogue and you need to relate to different threats and of course into the readiness or the maturity or the preparedness for the different companies. So that's important think as well. And in that way, you're actually also embedding security into all the other areas, both in the technical sense, in the process sense, and also in the people and the market sense. So that is a bit of a different, call it high level sense of working with the threats. It's not only a technical kind of things, but actually bringing it out and bringing, translating that into risks which people are understanding. And also I'm able to engage in a practical discussion on what to do and how to prepare. That hits me, for example.
Guy Daniels, TelecomTV (28:36):
Well, let me stay with you a moment, Terje, because I want to come also onto data protection. What are some of the most effective practices you've observed for protecting sensitive data in the telecom sector?
Terje Jensen, Telenor (28:49):
Yeah, thanks Gary. I think it's one of the key questions there is to start with of course, is to identify what is the sensitive data and where is it and who should have access to that. So I think that's something we typically refer to as data ownership or data management. I think that's some of the basic things which needs to be in place in order to manage the sensitive data. Of course, not only sensitive data but data in general, but of course it's very critical for sensitive data. So then of course there needs to be a qualification on who should have access to this, who should be able to process the data, for example, and also making sure that this sensitive data is not tampered with, so it's not changed by or on purpose or in bad will. And so integrity for example, and mechanisms around that.
(29:44):
One, it is important to be aware of when it comes to the sensitive data. So of course one of the key elements is encrypting. Then of course all the sensitive data both at rest, meaning that when it's stored, but also in transit and also when in processed. So there are a number of key technologies of course to make sure that you have confidential processing for example, but also that you limit and restrict the persons you can have accesses. Another part of it is of course, that when someone receives sensitive data, there needs to be mechanisms as well to validate that this is correct, so it's not a misinformation or has been tampered with on the way and so forth. So there also a number of practices there on the receiver side. So it's not only the one generating the data, but it's also the one using it.
(30:40):
So you can insert security controls or checkpoints if you want both on the sender side or the ownership side, but also on the user side. So I think, and then of course when it comes to the case, there is a breach, this data is leaked or is misute in any way, you need to have a log meaning, and the logs of course can be used for doing forensics and what happened, and then of course learn from mistakes or anything else, which you then should plug some security holes or any way other way you should improve the data.
Guy Daniels, TelecomTV (31:16):
Thanks Terje. And Srini, did you want to come in on the issue of protecting sensitive data?
Srinivas Bhattiprolu, Nokia (31:23):
Oh yeah. I think Terje's answer was pretty comprehensive. There are a couple of areas which I would like to augment to whatever he just said. One is performing regular audits. That's something which is extremely important just to make sure that the right data management practices, data governance practices and secure data protection practices are actually employed within the organization. That's something which is very, very key for us to make sure that the personally identifiable information is actually protected. The second aspect, which I would like to really highlight is we really cannot undermine the importance of humans who are involved in this whole data lifecycle, and which essentially means that it is important to train these individuals on a regular basis as to what is important, what is a personally identifiable data, what are the different means. So we could certainly employ the technical tools that Terje alluded to, the aspects like protection role-based access controls, multifactor authentication and whatnot. But certainly conducting regular audits and making sure that there is proper enablement in place within the organization to apprise people and continuously monitor them on their progress to really get to a good level of data governance and data management practices.
Guy Daniels, TelecomTV (32:47):
Thank you very much, Srini. Ville, would you like to comment to?
Ville Syrjänen, Elisa (32:51):
Yeah. A change in this map of protected data is coming with the European Data Act two, which introduces GDPR to legal entities. So a company owns its own data and can ask for it from the provider's systems and can ask it to be rectified or changed or deleted. So that will cause a new set of expansion in the sort of data management capabilities introducing this kind of object, like a legal identity into the picture.
Guy Daniels, TelecomTV (33:42):
That's great information. Thank you Ville. And Ville, I have another question for you because this is obviously a rapidly evolving threat landscape we're in. How do you approach incident response and threat mitigation? Are there any recent examples of successful strategies or lessons learned that you can share with us?
Ville Syrjänen, Elisa (34:02):
Well, let's start with by be sure to have a recovery platform and to have a recovery of your data, of course. But then when it comes to actual incidents, at least our practice is this kind of cybersecurity service operating center which leads activities in terms of communication as well as the actions. And then the second part is you need to have really deep competencies for the forensics and for recovery actions, and it takes time to build that capability. You may need to revert to partners for support, but yeah, competencies, leadership and being prepared would be at least some of the actions.
Guy Daniels, TelecomTV (35:22):
Great. Thanks for that advice. Ville We will go to Srini and hear from him in a second, but Terje, lemme come across to you next
Terje Jensen, Telenor (35:30):
And just quickly build on what Ville mentioned and to what I referred to earlier as a 360 perspective on business security. So roughly consisting of four different areas. The first one is threat insight and threat intelligence, and the second part is more on the reactive part of it. So for example, what you do in case of incident, it could be crisis management, even if that turns into a crisis or it is more like a minor kind of incident or major incident for example, then of course you need to have the monitoring part of that is in order to react in the right way. Then the third element of this three something we call the proactive. So how to try to avoid that to end up in that situation, which is spanning everything from having the right policies in order to make sure that you have all the mechanisms and security controls there doing, for example, penetration testing to figure out do you have any weaknesses or any holes there. And the fourth element of this 360 perspective is also what Ville has said, which we refer to as scaling. So then you need to scale it through the organization, you need to scale it through the partners and also scale it with working together with the customer. So these are the kind of the four elements we think needs to be in place, the threat picture, the reactive part, the proactive part, and also the scaling part of it.
Guy Daniels, TelecomTV (37:02):
Thank you. Terje. Srini, any examples or lessons you can share?
Srinivas Bhattiprolu, Nokia (37:08):
Yeah, there are a couple of real best practices that I would like to share. One is obviously utilizing automation and using tools which actually drive playbook execution. That's something which is very, very important and pertinent in this space. The second one is all about sharing of the information, which it could be real time threat intelligence, it could be other aspects, sharing of the information among the communication service providers. That's key to success and we really advocate the communication service providers come together and share the information without any inhibitions so that there is a database that's available and one could tap into the experience of other in a specific country or a market, making it a lot more effective together as these people try and ward off the threats to the critical infrastructure.
Guy Daniels, TelecomTV (38:02):
Great. Thank you Srini. And we'll quickly go back to Ville for some additional comments.
Ville Syrjänen, Elisa (38:08):
In terms of the learnings from some recent cases in Finland, I guess the best learning is that if you are able to help the customer, the enterprise to manage and solve a breach, do it effectively, it produces huge trust and satisfaction on the customer side, so it's really worth investing into.
Guy Daniels, TelecomTV (38:44):
Good to hear. Well, thank you all for those comments. I've got a final question for you though. If we look ahead, what future trends do you anticipate will shape the cybersecurity landscape for telecoms and how can organizations stay ahead of these developments? Terje, perhaps we could hear from you first.
Terje Jensen, Telenor (39:08):
I think it will be continue of course to be a race between the different players in this both defenders and attackers, which is something we have seen of course so far as well. And then of course, as we also discussed about earlier, so all of them will use the latest technologies and they will be become all victors I think on all sides of the game in there. So I think back to what was mentioning, of course, collaboration is one of the key points, I think at least on our side as we see it, is that it's not only a single company or a single industry issue, it's a broad issue and collaboration could just make us a bit stronger and of course more prepared in order to do that. But that also raises the bar a bit for some of the security people, at least the security experts, because you cannot only be a deep technology or technical, the security expert anymore, you need to be able to engage with.
(40:12):
And so what we are then of course, can we truly embed security into all the processes, all the systems and all the people mindset in a way. So the human element of this is very important and not only in telco companies, not only in partners, but also in the society at large. Then of course there are a number of areas I think, which is looking into, for example, on making sure that the security is fully covered among the supply chain. I think it was mentioned earlier in this session as well. Of course there are collaboration going on both within telcos for example, on shared physical infrastructure. So that also is one of the elements where we have to a bit step up on supporting this, I think was mentioned, I think really mentioned something about oscillation and trying to contain any kind of attacks into smaller compartments and so on, which of course is one element though when we are facing even more software, for example, even more smartness into the operations and the systems and so on. So I think there are a number of oncology elements which will be helping us both on our side and also on the attacker side. But of course, this collaboration, sharing information and making security truly embedded all these different people, processes and systems is a must going forward.
Guy Daniels, TelecomTV (41:39):
Yeah, absolutely. Thank you. Terje and Srini, what future trends do you anticipate that we will see?
Srinivas Bhattiprolu, Nokia (41:47):
Yeah, I would like to talk about three specific trends. The first one is obviously we've beaten this topic to death, the advanced adoption of artificial intelligence and machine learning. Number two, this will also be a corollary to what I just said about AI driving automation in the security operations. That's something which is certainly going to be adapted by many operators. Also recognizing the fact that network security must be treated separately with very specific tools that have expertise and people that have expertise in the networks security area. That's something which I certainly see as a trend. A last but not the least, I think quantum safe, which has existed in the universities as of now, will become a reality, having the right level of quantum safe certified technologies in place, and that's something which is really going to drive the future, in my view.
Guy Daniels, TelecomTV (42:47):
Yeah, very interesting. Srini, thank you very much for that. And Ville, let's hear from you for this final question.
Ville Syrjänen, Elisa (42:55):
Yeah, first of all, second, this quantum security, it's this kind of geological logical movement or thing that will change the way we cipher in the kind of midterm and the risk is here now already because of these kind of harvesting attacks, which harvesting means just recording internet traffic and deciphering it when the quantum computers are available, and the US or US has implemented a law that requires government organizations to actually map their ciphers by the end of this year. And there's a process to take in the new C ciphers already before the end of this decade. That's one. Second big, big movement is towards distributed computing architectures, and there I think the important technology is this kind of zero trust approach to access and to control lateral movement all the time, and perhaps even using cloud technologies to do that in our cloud, say C model for example.
(44:39):
But ultimately it's about the people and the frontline continues to be really important and the place of the first defense is there and raising awareness of these deep fakes, and we will be more cautious in operate their personnel about engaging, and so that will somehow impact. Last but not least, we need to seek byproduct benefits from security operations because it's always a cost to benefit, even though it's national infrastructure. I think there are opportunities to reduce costs, improve customer experience with the insight that we actually have when we are doing, observing what's happening in the network.
Guy Daniels, TelecomTV (45:48):
Well, great insights everybody, but we must leave it there. Thank you all so much for taking part in our discussion today. For more information on the subjects covered in today's program, please visit Nokia's website where you will find related content and the company's latest threat intelligence report and the relevant link can be found in the text that accompanies this video. For now, from all of the team here at telecom tv, thank you for watching and goodbye.
Please note that video transcripts are provided for reference only – content may vary from the published video or contain inaccuracies.
Overview
During this panel discussion, hosted by TelecomTV, industry leaders from Elisa, Nokia and Telenor shared their perspectives on the evolving landscape of cybersecurity.
Focusing on current cybersecurity trends, the experiences of companies in navigating these trends, and the impact on their operations, the panellists provided valuable insights into the most significant challenges they face and highlighted the emerging technologies that are driving the evolution of cybersecurity.
For more information:
Participants
Srinivas Bhattiprolu
Global Head of Pre-Sales and Advanced Consulting Services, Nokia Cloud and Network Services
Terje Jensen
Head of Global Business Security, Telenor
Ville Syrjänen
CTO, Connectivity and Security Business, Elisa B2B
