My CSRIC working group had the opportunity to present our progress to our fellow Communications Security, Reliability, and Interoperability Council on our portion of the report which has been looking at network vulnerabilities associated with the Diameter protocol, which continues similar vulnerabilities as SS7 does and is widely used for wireless communications.
However, globally many wireless carriers are still using SS7 to enable roaming and Diameter has yet to be implicated in any cybersecurity incidents to date. So there is still plenty of time for our group to have put together some key recommendations:
– monitoring and analytics are more important than ever
– good network hygiene is important
– mobile networks are complex
– need to distribute security among as many layers as possible
– the roaming ecosystem is a primary hack opportunity
– spoofing is still a problem
– IoT will bring even more challenges ahead
The working group with responsibility for the Transition Path to NG911 also made their report and particularly noted that they will be seeking the input of small carriers as part of the next step in the council’s work on the readiness checklist and other key items that small carriers need to think about in this space.
I will not lie, sitting around the table with some brilliant engineering minds has meant that I’ve had to work hard to grasp what I can about the protocols and best practices in being proactive on protecting them and future innovation but I believe strongly in the importance of the industry coming together to seek solutions.