Cybersecurity challenges forfuture critical communications

Peter Clemons

Founder & Managing Director, Quixoticity Ltd

CCW 2016

RAI Amsterdam

June 2nd, 2016

6/2/2016 1

2

• Educated in UK/Latin America:• Languages, philosophy, sociology, economics & communications theory• Clemons Consulting dedicated to critical communications since 1998• Quixoticity established in March 2012• 20+ years of experience of economic analysis & project management

& 20 years in mobile communications (global PMR/TETRA)• Ex-director & board member of global TCCA• A fresh, flexible, adaptable, more robust approach to forecasting• Using experience, knowledge & new techniques

to open a window on the future• Working closely together with industry to explore new possibilities • Seeing the world differently – from new angles

& finding new directions• Championing innovation & visionary thinking• Very active on LinkedIn!!!

Quixoticity?

A world of increasing complexity

• Growing populations; global conflict; arms race; growing dependence on technology:

• Algorithms, processes

• Computing capacity driven by Moore’s Law (Silicon v Carbon)

• Increased connectivity/increased threats

• Big Data & analytics

• The sharing economy

• Transparency, privacy and security

• Automation (IoT/M2M) brings benefits & challenges

• The rise of systemic risk (interconnected systems)

Traditional threats

• There have always been threats to infrastructure, networks, systems & solutions:– Physical damage, i.e. fire, water, pollution

– Natural events – climatic, seismic, volcanic etc.

– Loss of essential services – electricity, air conditioning, telecoms etc.

– Technical failures – systems, hardware, software

– Theft

– Basic human error

The rise of cyber-threats• A digital, data-driven world

• Secrets become more valuable

• No longer the need to use violence to steal money or cause havoc…

• Threat classification (example: Microsoft’s STRIDE):

– Spoofing of user identity

– Tampering

– Repudiation

– Information disclosure (privacy breach or data leak)

– Denial of service

– Elevation of privilege (horizontal & vertical)

• Growing number of examples worldwide explained during these sessions

Source of cyber-threats• Where do we start in a highly interconnected world?:

• Internal:– Employees

– Contractors (and vendors)

– Partners

• External:– Cyber-criminals (professional hackers)

– Spies

– Non-professional hackers

– Activists

– Nation-state intelligence services

– Malware (virus/worms etc.)

Cyber Threat Management• Response has to match complexity of attack – constant evolution/regular updates

• A clear need for authorities to develop a more advanced threat management program due to cyber threats

• Start by purchasing secure-by-design solutions

• Then have a clear cyber threat policy backed up by training & resources:

– Early identification of threats

– Data-driven situational awareness

– More accurate decision-making

– Timely threat mitigation actions

TETRA security• TETRA standard

• TCCA > SFPG (Security & Fraud Prevention Group) Recommendations

• ETSI TC-TCCE (Technical Committee – TETRA & Critical Comms Evolution)

– Digital communications?

– Mutual authentication over the air interface

– Air interface encryption (algorithms: TEA2, TEA3 etc.)

– End-to-end encryption (algorithms: IDEA, AES)

– Anonymity

– Ambience listening; discrete listening

– Secure enabling & disabling of terminals

– Lawful interception

– Security management

– Key management (DCK, CCK, GCK, SCK)

• Over-the-air Re-keying (OTAR)

LTE security• Completely packet-switched; Increased

data rates

• SIM cards (e-SIMs)

• UICC tokens (smart cards)

• Device & network authentication

• Cryptographic keys

• Air interface protection (Uu)

• Backhaul & network protection (S1-MME; S1-U)

• Each Release – new challenges & new opportunities

Internet security & issues• TCP/IP now over 40 years old

• Security patches:

– Network layer security; IP security; security tokens

– E-mail security; Firewalls; browser choice

– Anti-virus; password managers; security suites

• Good v bad IT security arms-race:

– Malicious software (where do we start?)

– Denial-of-service attacks

– Phishing

– Applications vulnerabilities

• In search of the next-generation Internet fit for 2020s:

– RINA, Blockchains etc.

– ETSI NGP ISG

Will it get better?• “Age of austerity”

• No-one wants to pay for security

• Increase in:– Automated processes

– Number of connections

– Devices accessing network

– Intelligence at the edge

• Internet of Everything– 20-50 billion devices, sensors, actuators, machines, processes

– UAVs, wearables, video, data, analytics

• Smart Cities v Safe Cities– Newly designed networks from top-to-bottom & bottom-to-top

– Reliability, availability, capacity, coverage, resilience, privacy, security

What is being done?• Increased awareness

• Increased education

• Reputational risk drives increased focus on security

• Slow adoption because of fears

• Increased hiring of cyber-experts

• Government/SDO/industry programmes (iCERT, ENISA, ETSI/3GPP, EU….)

• Global initiatives (global standards applied locally)

• Increased cooperation (new forms of “network economics”)

• Sectoral approaches (transport, utilities etc.)

• Biometrics etc. – the “death” of passwords

The emerging digital economy

• Smarter technologies (require smarter people, societies, economies & Governments)

• 5th generation communications (5G)• Enormous new requirements for spectrum

• Cleaner, more efficient use of energy

• Cloud computing to cope with big data

• New modulation techniques for better bits/Hz

• Inessential hardware replaced by software (SDN/NFV)

• New forms of value/incentives/businesses & business models (“currencies”, micropayments, decentralised autonomous organisations)

• All communications become “critical”

Our final destination• Fully functioning, scalable, adaptable, flexible, continually evolving systems

• Better & safer (stress-free, risk-free?) user experience

• All processes become manageable by network operators & seamless to users

• Fully automated processes that free up human energy..

• ..To be more productive in a better environment

• A fairer balance between economic value and social value

• New forms of thinking & seeing the world

• A new definition of Being-Human

6/2/2016 16

For more in-depth analysis & commentary on the critical communications landscape, please contact:

Peter Clemons

Managing Director, Quixoticity Ltd.

9 Pine Grove, Penenden Heath

Maidstone, Kent. ME14 2AJ. UK

+44-7951-289934

peter@quixoticity.com

Skype: peterclemons

LinkedIn: Peter Clemons