Asian telcos less stringent on security
Telcos and service providers in the Asia-Pacific region are paying less attention to network security standards, compared to their Western counterparts--opening the door to potentially large implications, said a Nokia Siemens Networks (NSN) executive.
Keith White, head of NSN's security practice, Asia-Pacific, told ZDNet Asia in an interview, the company has noticed, over the past 12 months, a trend toward meeting "just the minimum" security and compliance standards amongst telcos in the region. Service providers in the United States and Europe are comparatively "more regulated" in that respect, with the recently announced U.S. cybersecurity agency as an example of such, he noted.
| Governments really have to step up and enforce standards. |
| Keith White, Nokia Siemens Networks |
By contrast, Asian telcos are not governed by a strict mandate to adhere to security standards, resulting in "a lot of ad hoc security implementations".
"A lot of service providers just deploy security to a level they think is reasonable", making the level of enforcement "very subjective", said White.
And this trend will get increasingly worrying as telcos start moving to all-IP networks, which opens new vulnerabilities, exacerbated by the lack of adherence to a set of strict security standards and operators' haste to roll out networks as quickly as possible, he added.
"Telcos are used to working on closed networks. As we start to install networks [with] equipment that is IP-addressable, these are accessible from anywhere in the world," said White. Networks can be "simply" compromised by a user with access to a default administrator account, brute force or denial-of-service (DDoS) attacks.
Adding to the threat is a new trend NSN discovered over the past three months, added White.
He said some equipment is shipped with a second default administrator password, leaving a backdoor open to unauthorized access. Worse, it is not "standard security procedure" for service providers to check for this vulnerability, leaving many networks open as a result.
Even if enterprises secure their networks with virtual private network (VPN) software, traffic handled over the public Internet will grind to a halt when networks get compromised. "The actual information is relatively secure, but if the infrastructure goes down, it's like chopping the bridge down," said White.
Telcos in the region "don't want to spend any more than they have to on security... Governments really have to step up and enforce standards", said White.
With networks in the region being rapidly upgraded to catch up to the West, security standards should be ramped up to match, he said.
Pointing to Singapore's planned next-generation National Broadband Network (NBN) as an example, White said: "We are ramping up our infrastructure in the region, but not any mandated security requirements that are going with it."