Software-defined networking (SDN) and network functions virtualisation (NFV) may provide opportunities to overcome key networking challenges – but security remains a key concern.
FirstWave Strategy Director, Roger Carvosso, who attended the SDN NFV World Congress 2019 in The Hague, the Netherlands, has prepared a final summary of the event – including details of a presentation from Ofcom, the United Kingdom’s communications regulator that laid out the security challenge in stark terms.
“Telecommunications regulators and national security agencies worldwide are very concerned – even alarmed – about the potential risks of cyber-attacks from state-based actors against centralised telecommunications end-to-end service and network orchestration technology platforms or solutions from single vendors,” Roger says. “They are also concerned about the dominance or concentration of market power to one or a few NFV orchestration vendors or standards in the telecommunications, carriage service provider and digital service provider space.”
Vendors at the event, he says, responded by emphasising the importance of security planning, design and controls needed for any orchestrator that has privileged access to network elements for the purpose of service and network orchestration.
Security also remains a divisive issue within many telecommunications providers, with an intra-organisational divide between cyber-security leaders such as vice-presidents of security products, professionals and operations team members and SDN/NFV networking engineers. These engineers are typically not as aware or as knowledgeable of security or cyber-security as a service, or the importance of baking security as a philosophy or discipline to be baked into SDN/NFV technologies, tools and processes.
At FirstWave, we are working to ensure our CSMP/CCSP platform security architecture, including APIs, has the highest level of security accreditation and validation – where the required components have privileged access to telecommunications network elements for service and network orchestration. Our platform effectively supports the diversification of orchestration vendors and a more competitive, secure sector. Our products and culture can also help telecommunications providers bridge the internal security gap and capture the value possible through SDN and NFV.
For more information, contact us at: firstname.lastname@example.org.
Most businesses and government organisations are now aware that cybersecurity is not merely the responsibility of IT. They recognise that everyone is accountable for protecting systems, people and information from attack. They also know that many attacks occur from within rather than from external parties. So how can they make part of their business culture?
Education is key. An education program should complement and explain robust security policies that detail the assets a business or organisation needs to protect, the threats to those assets and the rules and controls for protecting them.
An effective program makes every worker acutely aware of cyber threats, including emails or text messages designed to trick them into providing personal or financial information; entice them to click links to websites or open attachments containing malware, or deceive them into paying fake invoices that purport to be from a senior executive.
It teaches them how to recognise common threats, the actions they need to take and people they need to inform when targeted and the steps to take if they do fall victim to a malicious individual or software. In addition, the program should teach workers how to recognise and respond to poor – or suspicious – cybersecurity behaviour by a colleague.
Cyber security education also needs to extend to a business or government organisation’s senior leadership team, who should also visibly support its objectives and model appropriate behaviours. It should also encourage workers and managers to pass on lessons learned to friends and family to help them avoid being compromised by malicious cyber activities.
Perhaps most importantly, it is not good enough to run a cybersecurity education program once and consider it a box ticked. A business or government organisation should run programs regularly and update them as needed to account for changes in policies and the threat landscape. It should also provide ongoing information and direct people to resources such as the Australian Cyber Security Centre for assistance.
Cybersecurity policies and education programs also need to complement the effective use of proven, regularly updated security products to protect systems, people and information from cyber threats.
For more information, contact us at: email@example.com