Securing CSP Networks from the Next Wave of Threats

Matt Pley, Vice President – Carrier & Service Provider Group, Fortinet

As the demand for cloud services rises, opportunities for communications service providers increase. The Internet of Things (IoT) and the Industrial IoT (IIoT) open up myriad possibilities, while software-defined networking (SDN) and network functions virtualization (NFV) provide greater efficiencies and tailored service offerings

At the same time, there’s a world of unknowns to conquer and challenges to overcome.

One of the biggest challenges is ensuring that carrier networks and operations overall are secure. The number of intrusions and the sophistication of the attacks are constantly on the rise. And with the emergence of the IoT—with countless devices, products, assets and even people connected via the internet—the level of risk goes even higher.

Here is the moment for CSPs to take stock in their cyber security strategies and determine what they need to do to protect themselves and their customers from attack. Next-generation security solutions are available today that provide a high level of protection, and it’s imperative that carriers explore these offerings in order to meet the increasing dangers.

Threats on All Sides

No business is exempt from cyber attacks. These attacks come in many forms: hackers, malware writers, rogue entities within foreign government, hacktivists, cyber criminals and other bad actors. CSPs are no exception. For carriers, this is a period of transition, as they offer newer services such as cloud hosting, mobile communications, content delivery, IoT, IIoT, mobile payments and a host of other digital offerings made possible by higher bandwidth, new applications and a growing appetite for digital services. At the same time, communications carriers can employ newer technologies such as SDN and NFV, which can help them better and more cost-effectively serve their customers through increased network efficiency.

However, if the security component isn’t handled well, these opportunities can be derailed. Industry research shows how vulnerable carriers are to attacks. For example, according to the Global State of Information Security Survey 2016 by consulting firm PwC, as disruption in the industry accelerates, “organizations face a rapidly evolving business environment that is rife with both prospect and peril.”

Respondents of this survey stated that they saw a 45 percent increase in detected security incidents compared with the year earlier. Carriers typically store a large amount of detailed customer data that is of high value to certain adversaries, the report notes, so it’s no wonder that compromise of customer records increased 25 percent in 2015 from the year before.

The IoT is a huge problem area for the industry in terms of data security and privacy. This includes digitally connected homes and vehicles, segments of IoT that carriers are well positioned to serve. The PwC report notes that there are serious privacy and security risks associated with connected homes and vehicles, because providers will amass and store an unprecedented amount of information about consumer activity and create points of access into home and car networks that didn’t exist in the past.


The IoT is still a Wild West in terms of security. Security events involving IoT components such as operational systems, embedded devices and consumer technologies including home routers more than doubled in 2015. Securing this ecosystem will require robust authentication, monitoring and threat-intelligence correlation to safeguard networks and help support data privacy.

Mobile payments is another area that is growing rapidly but potentially brings added risk for carriers. Contactless payment services are a natural fit for communications carriers, and many are partnering with technology companies, credit card issuers, banks and retailers to develop mobile payment systems that can drive new revenue streams. But the adoption of new payment systems might bring unexpected security risks.

Carriers also face potential security risks from the move to open SDN. It is an emerging architecture that decouples the network control function from hardware, allowing it to be directly programmable and the underlying infrastructure to be abstracted for applications and network services. SDN allows network managers to configure and manage network resources quickly through automated SDN programs.

SDN makes network design and operation simpler—if it is deployed through open standards—because instructions are provided by SDN controllers instead of vendor-specific devices and protocols. SDN can provide automated provisioning, network virtualization and network programmability to data center and enterprise networks, and the increased network flexibility can help enterprises as they move into cloud computing, mobile technology and the IoT.