Telecom Security During a Pandemic
Total Page:16
File Type:pdf, Size:1020Kb
Telecom Security During A Pandemic Telecom security good practices and lessons learned from the COVID-19 outbreak NOVEMBER 2020 0 TELECOM SECURITY DURING A PANDEMIC November 2020 ABOUT ENISA The European Union Agency for Cybersecurity (ENISA) is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure. For more information, visit www.enisa.europa.eu. CONTACT To contact the authors please email [email protected]. For media enquiries about this paper, please email [email protected]. AUTHORS Georgia Bafoutsou (ENISA) and Marnix Dekker (ENISA). ACKNOWLEDGEMENTS To support the stocktaking and the analysis, ENISA contracted Mojca Volk, Ph.D., University of Ljubljana via the ENISA call for expressions of interest framework. We are grateful for the useful early input on this project from Oscar Koeroo, Paul Slootmaker (KPN), Alejandro Becerra and Edi Fernando (Telefónica). This ENISA paper has been reviewed by the Article 13a group and the document contains input from this group. LEGAL NOTICE Notice must be taken that this publication represents the views and interpretations of ENISA, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the Regulation (EU) No 2019/881. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. COPYRIGHT NOTICE © European Union Agency for Cybersecurity (ENISA), 2020 Reproduction is authorised provided the source is acknowledged. Copyright for the image on the cover: © Shutterstock. For any use or reproduction of photos or other material that is not under the ENISA copyright, permission must be sought directly from the copyright holders. ISBN: 978-92-9204-406-0 and DOI: 10.2824/239478 1 TELECOM SECURITY DURING A PANDEMIC November 2020 CONTENTS 1. INTRODUCTION 6 1.1 TARGET AUDIENCE 6 1.2 SCOPE 6 2. EARLY RESPONSE PHASE 6 2.1 ACTIVATION OF BUSINESS CONTINUITY PLANS 7 2.2 SUPPORTING EMERGENCY SERVICES AND COMMUNICATIONS 7 3. FROM INITIAL STRAIN TO THE NEW NORMAL 10 3.1 THE INITIAL STRAIN 11 3.2 CHANGED DEMANDS UNDER LOCKDOWN 13 3.2.1 Impact on the internet backbone 14 3.2.2 Increased usage of mobile and fixed voice services 15 3.2.3 Impact on broadband traffic 16 3.2.4 Impact on mobile handoffs 18 3.3 NEW NORMAL 19 3.4 NETWORK MANAGEMENT AND MAINTENANCE DURING A PANDEMIC 20 3.4.1 Management of network capacity and performance 20 3.4.2 Management of spectrum resources 21 3.4.3 Network maintenance 21 3.4.4 Network investments and 5G 23 3.4.5 Adapting customer care services 23 3.4.6 In-store services move online 24 3.4.7 In-house visits 25 4. RESPONSE BY AUTHORITIES AND INDUSTRY INITIATIVES 26 4.1 RESPONSE BY THE NATIONAL TELECOM AUTHORITIES 26 4.2 INDUSTRY INITIATIVES 29 4.2.1 Exchanging good practices 29 4.2.2 Adaptation of streaming quality and scheduling of popular releases 31 4.2.3 Promoting responsible use of network resources 32 4.2.4 Management of spectrum resources 32 2 TELECOM SECURITY DURING A PANDEMIC November 2020 5. CONCLUSIONS AND LESSONS LEARNED 35 5.1 LESSONS LEARNED FOR OPERATORS 35 5.2 LESSONS LEARNED FOR AUTHORITIES 36 5.3 CONCLUSIONS 37 3 TELECOM SECURITY DURING A PANDEMIC November 2020 EXECUTIVE SUMMARY The COVID-19 pandemic triggered major changes in the use of electronic communication networks and services in the EU: employees working from home instead of in the office, children receiving home-schooling, citizens using streaming services for entertainment instead of going out, people meeting up over a video link instead of in person, etc. The security and resilience of electronic communication networks and services became even more important for the EU’s society and economy. In this paper, we look at the role telecom providers played in ensuring the security and resilience of the services and networks during the pandemic. This paper focuses on the telecom networks and services themselves, not the endpoints. So COVID-related cyberattacks like COVID phishing emails and scam domain names are out of scope here. Also we don’t discuss the arson attacks on base stations inspired by the conspiracy theories about the pandemic. Throughout this paper we give examples of good practices and we conclude with lessons learned. We look at the following three aspects. Early response phase: in this phase, providers activated their business continuity plans and supported emergency communications and public warnings. We give examples of such activities in the EU and across the globe. From initial strain to the new normal: providers had to deal with major surges and shifts in usage and traffic patterns from the start of the pandemic. This gradually stabilised to what is now considered the new normal. We look in detail at the changes in usage and traffic patterns and the network performance monitoring during the pandemic, and examine how providers managed the increased network loads. Response by the national authorities and collaboration with the sector: we give a brief country-by-country summary of the pandemic response by the national telecom security authorities in the EU and we give examples of collaboration initiatives and information sharing between providers and authorities as well as in the private sector. The general take away from the pandemic so far is that the services and the networks have been resilient during the crisis, despite major changes in usage and traffic. The pandemic also had a lasting effect on the perception of consumers about telecoms: Electronic communication networks are now considered as a lifeline for citizens and they are crucial to keep the economy and society going. 4 TELECOM SECURITY DURING A PANDEMIC November 2020 From discussions with experts in the sector and the national authorities, we can also draw the following first lessons and ideas for improvements: There is a need for intense cooperation and policy alignment between the various stakeholders in the public sector (competent authorities/ministries) but also between the public and the private sector, among the industry and with the citizens. There is a need to build trust between the public sector and critical infrastructure operators. Information relevant to the handling of the crisis has to be disseminated in a timely way to key stakeholders, so that they can successfully adjust and apply their business continuity plans. It is a crucial in this period to provide enhanced support to digitalisation, focusing on: • enhancing network capacity and coverage in rural areas; • encouraging investments and innovation (broadband/fibre vouchers, teleworking, e-government). The internal operations of the providers have to be flexible, able to adapt to emerging situations and aligned with the company’s business continuity plan. Remote and unmanned monitoring and surveillance of the infrastructure and diagnostic, as well as remote access to networking equipment should be promoted. Telecom customers should be supported with advanced customer care services. 5 TELECOM SECURITY DURING A PANDEMIC November 2020 1. INTRODUCTION The COVID-19 pandemic required an immediate response from the EU’s telecom sector. In this paper, we look at the role of telecom providers in ensuring the security and resilience of the telecom networks during the pandemic. We focus on the networks and services, the telecommunication infrastructure. Out of scope are COVID related attacks on endpoints like COVID phishing emails and COVID scam domain names. The ENISA Threat Landscape 2020 gives an overview of such attacks. The paper focuses on the following three aspects: Early response phase: this section summarises the steps taken by providers in the early response phase, in activating business continuity plans and supporting emergency services and communications. From initial strain to the new normal: this section looks in detail at the network traffic changes. It gives examples of how providers are coping with the load and the need to manage the network traffic. Response by the authorities and collaboration with the industry: this section summarises the response of national authorities in the EU, country-by-country. It contains some examples of collaboration between the authorities and the industry and within the industry. Note that throughout the paper, we highlight a few examples from the real world, using information from public sources, for the sake of illustration (not to single out a single provider for criticism or praise). This paper does not intend to give a full and complete overview of how EU providers reacted to overcome the crisis, but it gives a number of interesting examples from providers in the EU and in the rest of the world. 1.1 TARGET AUDIENCE The paper targets security and resilience experts in the telecom sector, cybersecurity experts and experts at national authorities and ministries.