Legacy Systems and Services Risk Reduction Status Update

This update provides insight into Working Group 10's efforts in assessing risks associated with legacy communication technologies and their impact on transitioning to next-generation networks. The group focuses on vulnerabilities like SS7 and offers strategies for risk mitigation. Members include industry leaders and experts collaborating to enhance communication network security.

• legacy systems
• risk reduction
• communication technologies
• security
• next-generation networks

anh_323 Follow

Uploaded on Mar 13, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Working Group 10: Legacy Systems and Services Risk Reduction Status Update December 21, 2016 John Kimmins, Co-Chair, iconectiv Danny McPherson, Co-Chair, Verisign FCC Liaison: Steven McKinnon

2. WG10 Objectives Working Group Description: In the Technology Transitions Order of August 2015, the Commission notes that communications are rapidly transitioning away from TDM-based technologies to new, all-IP multimedia networks. The intermingling of legacy communications technologies with advanced communications technologies introduces new threat vectors and cyber risk. Recently, this issue has gained greater attention in light of the security threats to Signaling System 7 (SS7) and its IP based version SIGTRAN, a signaling protocol supporting call setup, routing, exchange, and billing functions in communications networks by sending messages between fixed and mobile communications service providers. The scale of SS7, which is used by carriers all over the world, means that every network subscriber could be vulnerable to these security risks. As part of a series of requests to CSRIC, the Commission asked CSRIC to examine vulnerabilities associated with the SS7 protocol and other key communications protocols (e.g., Diameter). CSRIC Working Group 10 will assess existing and potential threats and current defensive mechanisms and make recommendations to the FCC on how to overcome security challenges present in SS7 and other communications protocols used between communications networks and their impact on the transition to next generation networks. The first step is the development of a Risk Assessment and Summary Report as described herein. Deliverables: Risk Assessment - December 21, 2016 and Risk Mitigation Strategies Summary Report and Recommendations by March 2017. 2

3. WG10 Members John Kimmins, Co-chair (iconectiv) Danny McPherson, Co-chair (Verisign) Donald Morris-Jones, DHS John Gallagher, Sprint Drew Morin, Director, T-Mobile Tim Lorello, President & CEO Seculore Solutions LLC Travis Russell, Director, Oracle Kathy Blasco, Communications Assessment Lead, DHS\NCCIC Mohammad Khaled, Nokia David Nolan, Electronics Engineer, DHS John Gallagher, Sprint Kathy Whitbeck, Director, Nsight Shawn Clark, Comcast John Marinho, Technology & Cybersecurity, CTIA Philip Linse, Director, Public Policy, CenturyLink Xiaomei Wang, Technical Lead, Verizon Wireless Kevin Briggs, Chief of Continuity Assessment and Resilience, DHS\NCCIC Martin Dolly , ATIS Mark Easley , AT&T Nilesh Ranjan, MTS/Director Systems Design and Strategy Engineering, T-Mobile Joshua Franklin, NIST Mohammad Khaled, Nokia FCC Liaison: Steven McKinnon 3

4. WG10 Deliverables Risk Assessment Report Interim Final - December 21, 2016 Summary Report & Recommendations Final - March 2017 4

5. Expert Outreach Industry Subject Matter Experts - Outreach Silke Holtmanns, Nokia-Bell Labs Karsten Nohl, Security Research Labs Brian Collins, Adaptive Mobile Risk Assessment Topics Telecom Network & Signaling Technologies Background Threat Landscape Risk Assessment Risk Detection & Mitigation Global Assessment Conclusions 5

6. Risk Assessment Outline Overview of SS7 Background & History Application to Wireline Networks Generic Architectural Overview Relevant Standards & Protocols Security Practices Transition to New Technology Application to Mobile Network Generic Architectural Overview Relevant Standards & Protocols Security Practices Attack Surface and Scope SS7 Target System Elements Diameter Targets Risk Mapping Methodology SS7 Paths and Diameter Overlaps 6

7. Risk Assessment Outline (continued) Reported Threats and Risks Unauthorized Access Wireline Mobility Assessment of Reported Threats and Risks Targeted Assets Threat Vectors & Threat Models Prioritization/Likelihood/Scope of Threats Current Detection & Risk Mitigation Scenarios Industry Standards & Practices Global Assessment Summary Conclusions Monitoring and Filtering IPSec Diameter & 5G Global Trust Groups Protection of Network Nodes 7

8. Key Points Overwhelming amount of SS7 traffic is legitimate Assessed different attack methodologies documented & discussed in different settings, e.g., conferences, industry forums Attacks have exploited legacy interconnected trust ecosystem for signaling access More coverage, networks and participants have increased the probability that this trust will be exploited Changing business & geo-political factors have played a role in increasing frequency and volume of targeted attacks Attack vectors indicate a focus on different motivations including potential tracking, interception, fraud and Denial-of-Service of a targeted individual or groups of individuals 8

9. Key Points (Continued) Service companies need to be measured in their response to avoid collateral network impacts to legitimate traffic Different products and capabilities have been implemented to counter known attacks Industry groups (e.g., GSMA) and standards forums (e.g., 3GPP) are providing key security guidance and specifications Summary Conclusions Monitoring & Filtering is critical to controlling peer relationships with other service companies Potential Diameter risks with its features & architecture need to be analyzed The 3GPP concept of Global Trust Groups needs to be studied Protecting network nodes is important 9

10. Next Steps and Activities Continue to refine Risk Assessment Leverage industry expertise & standards/forums relevant material Characterize the threat and network and subscriber impacts Develop final Risk Mitigation Strategies Summary Report & Recommendations Identify current defensive mechanisms Provide recommendations to advise the CSRIC Council and the FCC on mitigation techniques Continue weekly conference calls Provide updates to Steering Committee and Council 10