Beyond the Network: The Critical Need for OT Security in Telecom Industries!

Due to the increasing importance of digital transformation in our daily lives, combining Information Technology (IT) and Operational Technology (OT) is considered by most businesses not as an option but as a necessity.

Telecom companies and Managed Service Providers (MSPs) are aware that this integration can result in both positives and negatives: on the one hand, it allows for enhanced connectivity and rapid service; on the other, their most crucial infrastructures become exposed to a new type of cyber threats at the industrial level.

The Shift Ahead team has realized that the historical "air-gap" between OT and IT has been eliminated. And at the same time, essential equipment such as cell towers, signal boosters, and even large data center cooling systems, have become targets for highly skilled attackers.

What risks are there in failing to secure OT/IT?

It is extremely important to secure operational technologies (OT) in the telecom sector. Cybersecurity in this case is not about protecting the privacy of user data as with IT environments; rather, it is about ensuring that services remain available and that people's safety is not compromised.

According to recent statistics, the number of cyberattacks on industrial control systems (ICS) has gone up by more than 85% in just the past year. Besides a huge data leak, in the case of an attack on a telecom company's OT systems the 5G system would be physically shut down, communication blackouts would be experienced in the areas, and expensive and time-consuming repair operations of the damaged equipment would be required.

MSPs are now faced with this tough spot. By taking care of their clients' edge computing and IoT heavy networks, they also become potential platforms for cybercriminal activities. Thus, if there is just one security loophole in an MSP’s control panel, an attacker can use it as a launchpad to get into OT networks of the telecommunication points of hundreds of downstream clients.

Case Study: Making a Top Telecom Company Secure

This major change was quite shocking for the Tier-1 Telecom company in question. The threat of increased lateral movements at the distributed cell sites was only very recently realized. A large number of the customer's remote locations ran where the same local networks (for example, Modbus and BACnet) were shared by both IT and OT technologies, yet segmentation had not been performed properly.

What the strategic challenge was:

The client's Internet-isolated older OT systems were based on their initial design to be so. But for the "Smart Towers" to be alive and kicking, there must be live monitoring of power supplies, HVAC systems, and generators, etc.

Such connectivity exposure made unsecured industrial protocols accessible over the corporate WAN as well. We refer to that as "protocol debt."

How Shift Ahead Solved:

Step 1:

Asset discovery and deeply mapping: As we know, without visibility, protection is impossible. Our professionals began with a passive network explorer to locate all non-IT assets. Shift Ahead made an important discovery: Around a third of OT devices were shadow assets introduced by the third-party facility management contractors, completely unbeknownst to the central security team which can affect the client via multiple factors.

Step 2:

Micro-segmentation and overlay protocol cleaning: Micro-segmentation was what our experts settled on next. Our main goal is to separate OT traffic from the IT management plane, we ensured the client that even if the technician's laptop was compromised, a cyber attacker would not be able to move on to the cell tower's power management system.

Step 3:

OT-specific, continuous adaptive threat monitoring: Our team provided the client with specially designed sensors that were able to perform deep packet inspection (DPI) of the industrial protocols. This helps to detect the unauthorized execution of any command, they provide the client with an alert.

In Numbers: Losing a Battle Costs Millions

This statistical data is an alarm signal. The average ransom payment for an attack on critical infrastructure is $4.62 million, far above the global average for data breaches.

Also, since 5G networks will require 10 times as many very small cells as 4G networks, the Telecom OT attack surface will get a lot bigger eventually.

What Role Will MSPs Play in the Future?

OT security can no longer be something that Managed Service Providers offer only as a feature; it may well become the most essential ingredient of their services even if it is only to help them stand out in the market. MSPs moving towards an "OT-First" security decision are not just security patch applicators but are becoming resilience engineers as well.

At Shift Ahead, we think that Telecom's destiny relies on the integration of these two worlds. Excellent performance in securing the OT segment is not just about preventing downtime; it is about protecting the very essence of our connected world.

As more and more years of the decade go by, those companies which maintain the integrity of their physical processes will be the ones that continue to enjoy the global market's trust in the long ​‍​‌‍​‍‌​‍​‌‍​‍‌run.

To explore how Shift Ahead Technologies can support your NOC, GCC, and network operations strategy, visit us here: Cyber OT Solutions (Partner) | Shift Ahead Tech