Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nordic Perspective on SS7

Published byἈελλώ Ουζουνίδης Modified over 5 years ago

Similar presentations

Presentation on theme: "Nordic Perspective on SS7"— Presentation transcript:

1 Nordic Perspective on SS7

2 Senior Specialist Heidi Kivekäs (@KivekasHeidi)
18 Dec 2014 The Washington Post article "German researchers discover a flaw that could let anyone listen to your cell calls" 19 Dec 2014 FICORA sends to Finnish MNOs a questionnaire What is the level of protection? FICORA contacts main vendors What are the technical possibilities to detect and prevent abuse? 23 Dec 2014 FICORA compiles a summary of the findings It was noticed that MNOs are protected against some of the abuse methods but not all 27 Dec 2014 Chaos Communication Congress Senior Specialist Heidi Kivekäs 28 Feb 2018

3 FICORA's assessment is that severity of SS7 security issues is high
FICORA takes very seriously the possibilities to abuse the SS7 network Even if it may be argued, that possibilities for abusing SS7 message traffic are somewhat difficult to utilize This is the reason why FICORA instantly started to investigate the situation, and why FICORA has insisted to add security measures to protect Finnish networks and end users Senior Specialist Heidi Kivekäs 28 Feb 2018

4 Senior Specialist Heidi Kivekäs (@KivekasHeidi)
5 Jan 2015 FICORA sends to 4 Finnish MNOs a more detailed questionnaire 21 Jan 2015 FICORA compiles a summary of the findings There is a need for having additional protection and improving detection capability January 2015 Information exchange between Nordic NRAs is initiated January - June 2015 Several meetings with MNOs and vendors Discussions on how to improve level of protection Senior Specialist Heidi Kivekäs 28 Feb 2018

5 Senior Specialist Heidi Kivekäs (@KivekasHeidi)
Gradually shapes an idea of establishing best practices for defending the SS7 network in Nordic region MNOs in all Nordic countries acknowledge the threat and they are at least willing, in most cases even eager to implement new protection and detection measures Hard regulatory intervention (such as regulation) seems oversized action, besides we might not like that the measures taken are public information All Nordic regulators were active within this area and working on same questions Legislation concerning telecom industry and even the operation of public authorities is highly similar in all Nordic countries Nordic NRAs have confidential relations and well operating network and information security group There are pros for operators and vendors Faster and cheaper for vendors to implement Cheaper for operators to comply, because product development costs are shared among larger group Common recommendations are easier for those operators who have networks in several Nordic countries to comply because there is no need to make country specific adaptations Why not join efforts? Next step of NRA co-operation: from information sharing to co-operation Senior Specialist Heidi Kivekäs 28 Feb 2018

6 Senior Specialist Heidi Kivekäs (@KivekasHeidi)
April 2015 Mutual decision between NRAs of Finland, Sweden, Norway, Denmark and Iceland to start drafting Common Nordic Recommendations The goal was set to develop a set of joint Nordic recommendations that describe reasonable expectations on implemented protection and detection measures The recommendations are expected to simplify dialogues between NRAs and operators as well as between operators and vendors 3 Sep 2015 A draft Nordic Recommendation is sent to MNOs for comments 14 Sep 2015 also a hearing event 18 Dec 2015 The Common Nordic Recommendations on SS7 Security Issues were approved by all Nordic regulators Recommendation is not public Legal status will depend on each country May also be binding if reference is included in ordinances, decisions etc. Senior Specialist Heidi Kivekäs 28 Feb 2018

7 Senior Specialist Heidi Kivekäs (@KivekasHeidi)
12 January 2016 A press release about the recommendations is published "FICORA calls for a single information security level for mobile network in the Nordic countries" 30 March 2016 FICORA sends to MNOs a request to report on how and when they are implementing the recommendations June 2016 FICORA arranges meetings with MNOs to discuss their answers and timeline for the implementation Senior Specialist Heidi Kivekäs 28 Feb 2018

8 Senior Specialist Heidi Kivekäs (@KivekasHeidi)
Are we ready now? Common Nordic Recommendation is a living document hence it may be updated if such needs arise In 2017 Nordic NRAs have been discussing about Diameter issues Again several meetings and research has been made Also GSMA is active in this area, so we are considering possibilities to benefit their already done work A second follow-up survey on the implementation of the SS7 recommendation On 16 February 2018 a request to report was sent to Finnish MNOs After responses, next steps will be evaluated Past couple years have shown that SS7 abuse attempts do happen This work has not been in vain Senior Specialist Heidi Kivekäs 28 Feb 2018

9

Download ppt "Nordic Perspective on SS7"

Similar presentations

In Class Work and Homework Due 2-13-14. 3 Articles Please read each article and create a quality summary of the authors idea’s.

In Class Work and Homework Due Articles Please read each article and create a quality summary of the authors idea’s.
FDA Recalls Risk Communication Advisory Committee David K. Elder Director, Office of Enforcement.

FDA Recalls Risk Communication Advisory Committee David K. Elder Director, Office of Enforcement.
Incident Management Taking Task 05 Forward David Stones, Stockholm 12/13.02.2009.

Incident Management Taking Task 05 Forward David Stones, Stockholm 12/
DPG HEALTH MEETING USAID CONFERENCE ROOM 6 NOVEMBER 2013 International Health Regulation (2005)

DPG HEALTH MEETING USAID CONFERENCE ROOM 6 NOVEMBER 2013 International Health Regulation (2005)
Water Supply Planning Initiative State Water Commission November 22, 2004.

Water Supply Planning Initiative State Water Commission November 22, 2004.
June 1, 20161 41 st Asia Pacific Privacy Authorities (APPA) Forum – PHAEDRA Workshop Nr. 3: The EU Data Protection Regulation and regional perspectives.

June 1, st Asia Pacific Privacy Authorities (APPA) Forum – PHAEDRA Workshop Nr. 3: The EU Data Protection Regulation and regional perspectives.
IRG/ERG Gabrielle Gauthey Member of the Board of ART.

IRG/ERG Gabrielle Gauthey Member of the Board of ART.
FAA Senior Leadership Development Program Policy Dynamics Seminar Dr. Gerald Dillingham April 28, 2009 The Role of the U.S. Government Accountability Office.

FAA Senior Leadership Development Program Policy Dynamics Seminar Dr. Gerald Dillingham April 28, 2009 The Role of the U.S. Government Accountability Office.
National Public Health Performance Standards Local Assessment Instrument Essential Service:6 Enforce Laws and Regulations that Protect Health and Ensure.

National Public Health Performance Standards Local Assessment Instrument Essential Service:6 Enforce Laws and Regulations that Protect Health and Ensure.
FDA job description  Regulates about 25% of all consumer purchases  Mission summary: protect and advance public health  Products: food, cosmetics, drugs,

FDA job description  Regulates about 25% of all consumer purchases  Mission summary: protect and advance public health  Products: food, cosmetics, drugs,
1 15 th July 2015 Teleconference 32 nd IG Meeting South Gas Regional Initiative.

1 15 th July 2015 Teleconference 32 nd IG Meeting South Gas Regional Initiative.
Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Co-ordination and Co-operation.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Co-ordination and Co-operation.
NRC’s 10 CFR Part 37 Program Review of Radioactive Source Security

NRC’s 10 CFR Part 37 Program Review of Radioactive Source Security
Contracting Officer Podcast Slides

Contracting Officer Podcast Slides
Study visit on 'Evidence-based Policy Making in Education and Training' The aim of the study visit was to exchange experience concerning the use of evidence.

Study visit on 'Evidence-based Policy Making in Education and Training' The aim of the study visit was to exchange experience concerning the use of evidence.
Contracting Officer Podcast Slides

Contracting Officer Podcast Slides
Update from the Faster Payments Task Force

Update from the Faster Payments Task Force
Eastern European Partner countries

Eastern European Partner countries
Please review these important Webinar Etiquette guidelines

Please review these important Webinar Etiquette guidelines
Contracting Officer Podcast Slides

Contracting Officer Podcast Slides

Similar presentations

Ads by Google