Oversight of UK’s Critical National Infrastructure – Chinese Vendors

In an industry awash with marketing hype, Critical National Infrastructure is, for once, an appropriate name – infrastructure that is critical to the continued safe and prosperous operation of a nation.

In an ever-connected networked world of IoT we all need to be assured that the equipment running our daily lives is safe from malicious attack. To address some of these concerns the UK Government launched the Huawei Cyber Security Evaluation Centre (HCSEC) in 2010 to evaluate potential security hazards in the UKs critical telecommunications infrastructure. The latest July 2018 report identifies a number of significant concerns, including control of security critical third-party software.

The UK of course is not alone in evaluating risks to CNI and enforcing preventative measures. In May, the Pentagon banned Huawei and ZTE phones from retail stores on military bases, stating: “Huawei and ZTE devices may pose an unacceptable risk to the department’s personnel, information and mission.”

But what about the thousands and potentially millions of (non-phone) IoT devices now being installed in our cities? Each one may only perform a simple task such as switching on street lighting, displaying traffic warning messages or reading a residential gas meter. But ten’s of thousands of unprotected or poorly designed devices could be hijacked en-masse to cause widespread disruption, either to their own operation or to act as a proxy to attack other CNI.

IoT devices can be sourced from numerous unregulated manufacturers and there are currently no national approvals. So whilst equipment build standards catch up with cyber security requirements the only protection is to monitor, analyse and detect anomalous behaviour and mis-use of IoT devices, then act on that information. But IoT devces that connect over a mobile or cellular network are often bulk provisioned using eSIM and connect back through mobile address correlation (NAT) to cloud based applications, making misuse and attack identification ever more difficult.

At Telesoft we are helping to protect large scale IoT deployments in both fixed and mobile/eSIM networks, by monitoring carrier networks where all of the IoT traffic is concentrated, helping to find eSIM misuse, malicious attack and anomalous behaviour.

To find out more contact us