Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interconnection Security: An EU level assessment

Published byChristal Reynolds Modified over 6 years ago

Similar presentations

Presentation on theme: "Interconnection Security: An EU level assessment"— Presentation transcript:

1 Interconnection Security: An EU level assessment
ENISA’s IR Team | Secure Infrastructures & Services Unit 24th Article 13a EG workshop | Vienna |

2 You can teach an old protocol new tricks
Many stakeholders are paying attention to this Hacking conferences (CCC, Hackito Ergo Sum,…) Media Coverage (Washington Post, CBS,…) Regulators (Nordic, FCC,…) Organizations (GSMA, ITU, ETSI,…) Interconnection Security | ENISA IR Team –COD1 Unit

3 What can go wrong? Data session hijacking: Belgacom case
Eavesdropping: CBS 60 minutes mTAN interception: O2 One time password theft: Positive technologies SMS and one time password interception: IEEE 2017 Subscriber Profile Extraction and Modification: NSS 2017 2018? Interconnection Security | ENISA IR Team –COD1 Unit

4 Perceived risk from signalling
Interconnection Security | ENISA IR Team –COD1 Unit

5 Common types of attacks
Interconnection Security | ENISA IR Team –COD1 Unit

6 How often? Interconnection Security | ENISA IR Team –COD1 Unit

7 How we protect ourselves?
Interconnection Security | ENISA IR Team –COD1 Unit

8 Guidelines on signalling security
Interconnection Security | ENISA IR Team –COD1 Unit

9 5G security concerns Interconnection Security | ENISA IR Team –COD1 Unit

10 Conclusions Level of risk: Medium to high!
Proper attention needed by all stakeholders Diameter inherited the risk Basic measures are in place but they are basic! Attacks are evolving 5G: A brand new threat playground? Interconnection Security | ENISA IR Team –COD1 Unit

11 High level recommendations
EU Commission 5G PPP (security) Baseline security measures for interconnections Funding to improve protection Increase international cooperation ENISA – Article13a EG Further analysis of the situation to identify further developments EU high-level guidelines to assure advanced protection at MS level NRAs Regularly analyze national situation and be aware of new developments Develop national guidelines/minimum security measures Industry Operators: adopt measures to ensure adequate level of security Standardisation bodies: Ensure security is properly addressed on the new 5G standard to avoid current threats Interconnection Security | ENISA IR Team –COD1 Unit

12 Technical recommendations
Ensure global and exhaustive monitoring of SS7 / Diameter / GTP Operators should be capable to protect against basic attacks Operators should adopt SS7 / Diameter firewalling Development of specifications and standards for new mobile signaling elements Promote communication between operators’ CERTs/SOCs at EU level Interconnection Security | ENISA IR Team –COD1 Unit

13 Good practices Advanced - Redirect to captive environment - Detect prequels to attacks - Detect advanced attacks - Deeply screen signalling messages Intermediate - Regularly perform external network security assessments - Ensure liability and legality of responses to malicious traffic - Analyse Interconnect messaging - Advice carriers to adopt security options in their interconnect offers Core measures - Monitor all interconnect traffic - Monitor core network elements - Monitor outgoing traffic Interconnection Security | ENISA IR Team –COD1 Unit

14 Thank you

Download ppt "Interconnection Security: An EU level assessment"

Similar presentations

NISSG Open Meeting, 28/06/2006 1 ENISA. NISSG Open Meeting, 28/06/2006 2 The Agency ENISA: European Network and Information Security Agency Headquarters:

NISSG Open Meeting, 28/06/ ENISA. NISSG Open Meeting, 28/06/ The Agency ENISA: European Network and Information Security Agency Headquarters:
Khammar Mrabit Director Office of Nuclear Security

Khammar Mrabit Director Office of Nuclear Security
Kampala, Uganda, 23 June 2014 QoS systems in Uganda Echeda Robert, Compliance Specialist, Uganda Communications Commission ITU Regional.

Kampala, Uganda, 23 June 2014 QoS systems in Uganda Echeda Robert, Compliance Specialist, Uganda Communications Commission ITU Regional.
Geneva, Switzerland, 2 June 2014 The Regulatory aspects of CPND, CLI and OI “the ITRs” Sherif Guinena SG2 Chairman ITU Workshop on “Caller ID Spoofing”

Geneva, Switzerland, 2 June 2014 The Regulatory aspects of CPND, CLI and OI “the ITRs” Sherif Guinena SG2 Chairman ITU Workshop on “Caller ID Spoofing”
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.

1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.
DG Information Society: Telecommunications, Markets, Technologies - Innovation and Exploitation of ResearchE.C. LK/lk 1 ETSI, EMTEL workshop, 26 and 27.

DG Information Society: Telecommunications, Markets, Technologies - Innovation and Exploitation of ResearchE.C. LK/lk 1 ETSI, EMTEL workshop, 26 and 27.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
 Road Safety the European Union Policy Carla Hess European Commission, Directorate General for Mobility & Transport Road.

 Road Safety the European Union Policy Carla Hess European Commission, Directorate General for Mobility & Transport Road.
Www.enisa.europa.eu 1 ENISA: Fostering the European Cooperation on Network & Information Security Dr. Panagiotis Trimintzios, CISSP European Network &

1 ENISA: Fostering the European Cooperation on Network & Information Security Dr. Panagiotis Trimintzios, CISSP European Network &
Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.

Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.
Www.enisa.eu.int 1 EU Collaboration in Network and Information Security Baltic IT&T Forum 2006 Riga, 6 April 2006 Dr. Ronald de Bruin ENISA.

1 EU Collaboration in Network and Information Security Baltic IT&T Forum 2006 Riga, 6 April 2006 Dr. Ronald de Bruin ENISA.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
InWEnt | Qualified to shape the future Reducing the Risk of Chemical Clusters by Formation of Chemical Parks Christian Jochum, Prof. Dr. InWEnt Senior.

InWEnt | Qualified to shape the future Reducing the Risk of Chemical Clusters by Formation of Chemical Parks Christian Jochum, Prof. Dr. InWEnt Senior.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Similar presentations

Ads by Google
OSZAR »