Securing the Modern Cellco

By: Mark Cummings, Ph.D.

As the modern Cellco becomes more and more critical to society, new threats and vulnerabilities are creating new challenges. With the advent of nation state cyber attacks, Cellcos have become targets. At the same time, mobile networks are evolving from hardware-based components to more software-based components. Taken together, these two require strengthening internal security in two ways: changes in policies and procedures, and the extension of end-to-end orchestration to automated detection and response to intrusions and infections.

Changing threat environment

As wireless becomes the default last kilometer, IoT explodes, and autonomous vehicles arrive; the Cellco becomes increasingly critical to society. It used to be that the only significant threat to Cellco networks was from disgruntled employees or difficult labor actions. For example, a fiber-cutting incident in Silicon Valley that took out cellular service, many of the web services, and disrupted phone service for a day occurred when there was a labor action in the area prompting speculation that the two were related.

Now, the threat profile has expanded to include nation states. “Zero Days,” was an HBO documentary on events surrounding the cyber attacks on the Iranian nuclear centrifuges. It stated that Iran, as a warning of potential reprisals to continued cyber attacks, launched a cyber attack on an Israeli Cellco. With apparently authoritative claims of Chinese and Russian cyber attacks and apprehensions about rogue states and terrorist organizations, there is growing concern for the vulnerability of infrastructure in general and Cellcos in particular. The Cellco is not only a key infrastructure element by itself, but it plays a critical role in the viability of most other critical infrastructures including water, transportation, oil and gas, electrical grid, emergency services - just to name a few. Because of this central role, the Cellco has become an increasingly attractive target.

Evolving vulnerabilities

Looking back in time, the Cellco was composed primarily of hardware components, now called by some PNFs (Physical Network Functions). Today Cellcos are moving to software-based components. 2G base stations have 50 software settable parameters. 3G have 500. 4G have 6,000. And 5G is on the horizon.  SDR (Software Defined Radio) is moving high-speed signal processing out of hardwired ASICs (Application Specific Integrated Circuits) into software. SDN (Software Defined


Latest Updates