The internet has evolved into more than just a communication network, with a global average speed of 5.6 Mbps and speeds exceeding 10-15 Mbps in areas such as Europe, Australia, and North America. It has become an integral part of daily life, encompassing activities ranging from entertainment to finance.
Renowned as an electronic telecommunication network, the internet fundamentally reshapes daily interactions. Beyond mere convenience, its significance extends to economic prosperity and national security, intertwining with the operation of telecommunications networks. Consequently, any disruption to this vital infrastructure carries profound implications for stakeholders.
The Growing Threat of Cyberattacks in the United Kingdom
Recent data from the European Union Agency for Cybersecurity (ENISA) revealed a staggering increase in security incidents, with 5,106 million lost user hours reported due to 168 incidents—an alarming surge compared to the previous year’s figures.
The Telecommunications (Security) Act 2021
To mitigate the growing cybersecurity risks facing the UK’s telecom infrastructure, the government introduced the Telecommunications (Security) Act 2021. This legislation represents a pivotal step towards bolstering the security and resilience of the country’s communication networks, albeit with considerable implications for telecom companies.
The Telecommunications (Security) Act 2021 introduces a tiered framework, categorizing telecom companies based on annual turnover and the potential impact of security breaches. Companies falling under Tier I, with annual turnovers exceeding GBP 1 billion, are tasked with safeguarding networks critical to national infrastructure, facing severe penalties for non-compliance. Tier II companies, with turnovers ranging from GBP 50 million to GBP 1 billion, are obligated to guarantee the security of networks that impact critical national infrastructure or regional accessibility. Meanwhile, Tier III companies, although subject to fewer stringent requirements, are still mandated to uphold security measures to protect their customers.
ENISA’s Focus on eSIM and Fog Computing Security in 5G
Resilience stands as a paramount concern for organizations like ENISA—the EU’s Cyber Security Agency—which has been actively engaged in the telecom sector for nearly a decade. Through extensive studies and collaborations with national telecom regulators, ENISA works to bolster the resilience of the EU’s cyber infrastructure, as mandated by Article 13a of the 2009 Telecom Framework Directive.
Drawing from years of experience, ENISA outlines the looming challenges facing the telecom industry, categorizing them into technical and political realms. Technical challenges encompass issues like cybersecurity threats and network vulnerabilities, while political challenges revolve around regulatory frameworks and international cooperation.
As the reliance on telecommunications continues to grow, addressing these challenges becomes imperative to ensure the integrity and security of our digital infrastructure. ENISA’s efforts serve as a crucial step in safeguarding the backbone of modern life against emerging threats and vulnerabilities.
Emerging technologies like eSIMs and fog computing bring new opportunities and challenges to the forefront of cybersecurity. ENISA delves into these areas to support national security competent authorities and strengthen the cybersecurity posture of the telecommunications sector.
eSIM Security Challenges and Mitigation
Embedded SIM (eSIM) technology embedded within devices provides convenience and flexibility, but it also introduces security risks. ENISA’s report evaluated the market potential of eSIMs in Europe and identified security issues such as eSIM swapping, memory attacks, and profile manipulation. While major technical vulnerabilities are scarce, the proliferation of eSIMs in IoT devices may increase the risk of cyber incidents.
Fog and Edge Computing in 5G
Fog and edge computing, integral components of the 5G ecosystem, optimize network resources and enhance user experience by decentralizing computing and storage capabilities. However, this architecture introduces multi-modal security challenges. Thus, ENISA continues to explore the architectural aspects, standardization solutions, and application scenarios of fog and edge computing in 5G. By providing insights into security considerations, ENISA aims to support stakeholders in mitigating risks and maximizing the benefits of these technologies.