Mobile phone providers and the role played by operational support systems in the area of security

Simon Wells
Authored by Simon Wells
Posted Tuesday, June 6, 2023 - 6:39am

An interview with Markus Cserna (CTO, cyan Digital Security) on the subject of mobile phone providers and the role played by operational support systems in the area of security

Considering the increasing interconnectedness of mobile networks with other systems and devices: What is the role of operational support systems (OSS and BSS) for Telecommunication (TC) companies and how do they contribute to the functionality of mobile operators?

Telecom providers are indeed increasingly becoming digital operators of ecosystems. The service idea here is fed by several divisions: the TowerCo spinoffs of the last few years as well as the network set-up all the way to the customer, driven by 5G and the innovations it enables in a variety of areas, such as IoT, eSIM, analytics and AI/ML automation, etc. 

Now imagine the telecom infrastructure here in four layers: The foundation is the network hardware (vA antennas and data centres). The next level is the core software infrastructure. Then, OSS (Operations Support System) represent the connection to the core for the telco. And finally the level reining in the end customer/end device is created via the BSS (Business Support System). 

However, the demarcation between the individual levels is becoming increasingly blurred, especially when looking at the individual components, due to the development of micro-service-based platforms and the telco cloud. 

We are in a market phase where software has an increasingly decisive role in the functionality and competitiveness of mobile operators.

What requirements do companies have today for high-performance BSS/OSS systems?

OSS/BSS must therefore efficiently process ever faster connections and larger amounts of data, at the same time supporting complex networks. High availability is essential to ensure continuous operation and real-time data access.

Regarding the question of why this is important, a look at current research data is enough: The industry association, GSMA, projects a slight growth in human subscribers, to over 6 billion mobile end users by 2030, but at the same time, non-human network subscribers will more than double - and likely overtake the number of human users - in the 2030s. At the same time, the amount of data per end device will rise three or fourfold in the next five years. In total, this equates to an increase of about ten times the current levels. 

For modern companies, scalability of such systems is crucial to keep pace with data growth and networking.

In addition, seamless integration with existing systems and open architecture is also required to ensure flexibility and interoperability. Open APIs enable telco ecosystems to share data in real time. This opens up completely new use cases and opportunities.

Finally, security and data protection are of utmost importance, as sensitive customer data must be protected.

To what extent are there dangers from cyber-attacks when operating BSS/OSS systems?

Targeted attacks on vulnerable points or the theft of sensitive data can compromise business support systems, which in the event of damage can lead to business interruptions and data loss.

And: Once the digital attack has succeeded, there is the threat of additional reputational damage. Customers, partners and suppliers would react critically if the worst came to the worst.

How can BSS and OSS help secure systems and devices in an increasingly connected world and protect potential targets from cybercriminals?

We see two essential aspects in cybersecurity - on the one hand, it is about protecting the infrastructure and the operation of the telecom operator, and on the other hand, it is about protecting the end customers or the end devices in the network. 

We design these components so that the vulnerability to operational failures is kept as low as possible. Regardless of whether these malfunctions are intentional, unintentional, or due to external criminals. 

Comprehensive access controls, continuous vulnerability assessments, robust encryption, proactive threat detection and security measures are all absolutely essential to this process.

A second important point, which is often overlooked: as an access provider and technology service provider, a telecom company should make it easy for customers to protect themselves. 

Here, the role of OSS/BSS solutions is not only to be secure in the interaction with the customers themselves, but also to give the customers the possibility to protect themselves and their own network. The better the solutions which are integrated into OSS/BSS platforms, the more efficiently they can scale.

How can mobile operators protect their networks from threats with BSS and OSS systems?

The aforementioned relevance to technological interconnectivity shows the consequences for BSS/OSS. OSS/BSS is not in itself a security solution, but in context it must enable security and interact with the individual services. 

If it is true that "cybersecurity is only as strong as your weakest link", then it is absolutely crucial to implement resilient security measures - from hardware, software and employees through to the end customer. 

This includes a proactive approach to threat detection and incident responses to identify, combat and quickly respond to threats. This also ensures the integrity and availability of BSS/OSS systems throughout.

Which measures should be taken first for digital protection?

An obvious basic principle, which is unfortunately too often neglected, should apply in both the private and enterprise sectors: Make regular security updates and backups.

This applies not only to software and databases, but also to all employees. Training to strengthen in-house awareness is the be-all and end-all. The telecom provider can go one step further than the technological leader and make sure that service providers and suppliers also improve their cyber-posture. 

Nowadays, hackers rely more than ever on obsolete IT structures and outdated corporate thinking to increase the vulnerability of companies. 

So raising awareness of the dangers of social engineering and phishing must be a major building block of digital resilience. 

Today, cybercriminals are already exploiting helpfulness, trust, and fear or respect for authority in a very sophisticated way in order to ultimately gain a monetary advantage through, for example, blackmail (ransomware) or the sale of data.

Clear guidelines within the company are also helpful here; for example, how to deal with an acute threat even in the course of emergencies.

In a worst-case scenario, what impact can successful attacks on BSS and OSS systems have on mobile operators and their customers? 

Successful attacks on BSS and OSS systems can have a serious impact on mobile operators and their customers. In the worst-case scenario, customer data could be stolen and misused, networks compromised and the mobile operator's functionability disrupted.

However, it must also be said that telecom companies are aware of this responsibility. That is why they are also among the pioneers in terms of cybersecurity.  

So, except for a few unfortunate incidents, such attacks are a rather difficult target for most "hackers". There are thousands of easier and thus more lucrative targets, especially in medium-sized businesses, where companies often have to get by without a highly endowed security team. These can be attacked en masse without much effort, even by a layman. The tools for this are available for rent from professional criminals on the Internet. 

That is why it is so important that telecom companies use their position to enable cybersecurity all the way to the end customer.

Share this

Gallery