ETIS Information Security in Telecommunications
ENISA workshop on providers resilience
29 October 2009, Paris
Mission & Vision
» What is ETIS?
– ETIS is a membership based organisation which brings together the major telecommunications providers in Europe on key information and communication technology (ICT) issues.
» ETIS Mission
– The mission of ETIS is to enable its members to improve their business performance by personal exchange of information on using ICT effectively.
» ETIS Vision
– The ETIS vision is to be the acknowledged best platform for sharing knowledge on the use of ICT in Telcos.
ETIS Members
» ETIS represents 25 Telecom providers supplying voice, mobile and data services all over Europe
» Total revenue from ETIS Members was estimate at over 270 Billion euro in 2008
ETIS Partners & Associates
Associate Members…
contribute technical competence to our working groups and events and gain feedback on user requirements.
ETIS Partners…
are non-profit international bodies with whom we share knowledge on
Information Security Working Group
» What is the ISWG?
– In January 2004, the Information Security Working group was established as a follow up to a meeting at the Global Security Conference in Sophia
Antipolis in November 2003.
– The working group is currently chaired by Andy De Petter from Belgacom and boasts around 30 members from 20 companies.
– Meets 3-4 times a year, phone conferences, discussion forums, etc…
» Role of the group
– The role of the group is to share knowledge and experiences among members concerning Information Security and related matters
and when relevant provide requirements to the industry.
– To help the members protect their information assets and infrastructure – The group is the only Information Security group to concentrate on the
ISWG Topics
Some of the main topics addressed…
– Security Benchmarking
– Resilience, recovery & business continuity management
– Anti-SPAM, Anti Phising, Data Retention, Data Privacy
– Security Culture & Information Security Awareness Campaigns
– Identity Management & TOP Level Policy Document (TLPD)
– Value & ROI of Information Security Projects
– Security Governance models
– eBusiness Security
– Revenue Assurance & Financial losses due to security breaches
– Managed Security services
– The threat of terrorism from a Telco’s perspective
– Sarbanes-Oxley, compliance and Policy
– IT Network & client Security Architecture
ETIS Security Benchmark 2009
Participating Telcos:
TDC, Belgacom, KPN, Telecom Italia, Telekom Austria, Turkcell, TeliaSonera and OTE
Objective with the Benchmark:
Compare Security strategies and approaches among ETIS member companies, thereby enabling these providers to determine which specific aspect of security require attention within their respective organisations.
The following themes are covered in depth:
In-depth themes Exploratory themes 1. Corporate Security Function
2. Security Management 3. Commercial role of security 4. Fraud Management
5. Security in the development process
1. Business Continuity Management 2. Next generation security readiness 3. Infrastructure security
CSF size by security area
Breakdown of CSF size by security area [FTE per billion EUR revenue]
0,00 2,00 4,00 6,00 8,00 10,00 12,00 14,00 16,00 A B C D E F G H
Corporate security fte per area (per billion EUR revenue)
Information Security IT & network security
Physical Security Business Continuity Management Fraud Management Internal Investigations
Personnel Safety Security of products and services Lawful Interception Other
Differences in CSF set
up reflect the choices
each operator has
made with respect to
incorporating specific
security areas.
Business Continuity Plans & NGN Security
Only half of the benchmark participants have a specific
BCM policy in place, but all have Business Continuity
Plans. Maintaining coherence in these Business
Continuity Plans is a difficult task and testing and
exercising them only occurs sporadically.
Whilst telcos are rapidly embracing Next Generation
Network (NGN) infrastructure and services, most of their
security units still work with traditional security
ETIS Anti-Spam Co-operation Group
The target of the group is to…
►
learn and to get feedback on ‘success stories’ and
to develop ‘tangible
action plans’ for reducing outbound SPAM
,
accepted and shared among ‘best-in-class antispam ISPs’
►
reduce the ‘ingress SPAM’ and so
to improve their own QoS by helping others
in reducing ‘egress SPAM’
►
In this context ETIS Anti-SPAM Co-ordination Group it the glue for trusting
each other, for sharing knowledge, for developing a common European ISPs
Anti-SPAM strategy
17 June 2009
Rank: 1
23 September2009
Rank: 9
TI’s success after implementing best practices
13
► The goal of the TI Anti-spam working group, established in 2008 was to get Turk
Telekom and Telecom Italia off the top 10 Autonomous System published on TrendMicro.
TOP 10 Spammer TrendMicro 3-04-2008 TOP 20 Spammer TrendMicro 14-09-2009
Both the objectives have been reached successfully
Too costly for any one operator to build separate ductways etc…
By pooling resources across a number of network operators, and creating additional resilience in the transport and switching Gateways, a smarter, more secure BCM network could be set up, with each country retaining it’s own primary routes, therefore not negating any reach advantage of operators….
BT’s BCM pan EU Network discussion
Is anyone else discussing this? Any pilot projects under way?
Future plans for the ISWG
ETIS Security Benchmark 2010
IMS/VoIP security from a Telco perspective
Resilience in European e-Communication Networks
Partnerships:
ENISA, CIIP – European Public-Private Partnership for Resilience,
Member of EU expert panel on Data Retention
Next meetings:
-
28/29 January, hosted by Bizanga in Paris
-
20/21 May, hosted by KPN in the Hague
To join the Information Security Group or Anti Spam Task Force contact: Fred Werner, ETIS Business Development Manager
