Nokia Siemens Networks Policy and Government Relations

Security of Telecommunication Networks

Nokia Siemens Networks Beliefs The Internet, and therefore the telecommunications networks upon which it relies, are critical infrastructures for todays society. The more we as a society depend on those networks the more fundamental we perceive any security threats to them. Telecommunications networks enable and link other critical infrastructures, so any potential vulnerabilities impact whole economic systems. Hence, network security and critical infrastructure protection aspects must be at the centre of any IT and telecommunications policy debate.

New or increased threats emerge on three layers: 1) the device layer, 2) the network layer and 3) the content layer. With cloud computing becoming mainstream additional security questions need to be addressed. Whether it is botnets, spam, phishing, identity theft, denial of service attacks, advanced persistent threats, malware in general or hidden backdoors for espionage or sabotage, Nokia Siemens Networks believes that such threats and risks need to be countered and mitigated. At Nokia Siemens Networks we understand what is at stake. We are at the forefront of making telecoms networks more secure. 1

Network Security for Future Telecommunication Networks For efficient solutions against attacks on networks, it is important that relevant stakeholders collaborate closely. Policy Makers Operators Content and service providers and Suppliers

need to focus on prevention, preparedness and awareness to address the challenges. We understand that competencies lie with single countries when it comes to defining security and critical infrastructure related national policies but agree with the European Commission that
1

For further reference and Nokia Siemens Networks whitepapers: http://www.nokiasiemensnetworks.com/portfolio/services/security

no single stakeholder has the means to ensure the security and resilience of all ICT infrastructures and to carry all the related responsibilities. Furthermore we agree that a country by country approach is not sufficient to address the challenges ahead. There is a need to achieve a global understanding of the risks, have a global coordination strategy and global risk management. At Nokia Siemens Networks we remain committed to contribute actively to the policy debate and provide technical input when needed within a multistakeholder governance framework. Recommendations: The security of telecommunications networks is recognized as very important by most countries. The need for international collaboration is generally accepted, such as through information exchange about emerging vulnerabilities and active attacks in telecommunications networks. This has for instance led to multi-lateral co-operations and partnerships against cyber threats. Nokia Siemens Networks supports such initiatives by related technical research efforts, e.g. by leading the German research project Asmonia 2 for related attack analysis and counter-measures based on collaborative approaches. We recommend intensifying such international collaboration. In Europe, we welcome the work done by the European institutions on Critical Infrastructure Protection as well as on Data Protection. The latter will be revisited shortly (the European Data Protection Framework for the 21st Century). A stable legal framework in this domain is required. We also recognize that quite a number of activities in the Critical Information Infrastructure Protection (CIIP) area have already been initiated and performed. We recommend not just focusing on assets in the area of CIIP but taking an approach based on a comprehensive risk-based assessment. We recommend putting special emphasis on combating cyber security related threats such as mobile botnets, Advanced Persistent Threats (APT), spam, software security threats such as integrity violations, manipulations or backdoors, and risks resulting from cloud computing. Nokia Siemens Networks has great and global expertise in network security and seeks to participate in the required co-operation between authorities, operators and equipment vendors in this area. Nokia Siemens Networks will seek to promote the debate and urges policy makers to work on a suitable framework for the protection of networks involving the industry. Nokia Siemens Networks particularly recommends acknowledging the role of telecommunications networks as critical infrastructure and that a basic general level of security and protection needs to be implemented in networks globally. Concluding remarks Security is a crucial deployment consideration for future networks wherever they are in the world. We are committed to offering secure telecommunications infrastructure and remain open for a dialogue between policy makers, content and service providers, including over the top providers, and equipment and software vendors on how to ensure the security of telecommunication networks.
For further information: Margit Brandl, Global Head of Telecoms Policy, +49 1732862988, margit.brandl@nsn.com Stephen Crisp, Global Head of Government Relations, +65 90731903, stephen.crisp@nsn.com

http://www.asmonia.de Nokia Siemens Networks Page 2

January 2012