Rowland Corr is Vice President and Head of Government Relations here at Enea, where he helps cybersecurity agencies, regulators, and other government stakeholders evolve and execute their national cybersecurity strategies. Prior to joining Enea, Rowland served in Ireland’s Department of Defence in interdepartmental advisory and international engagement roles on security matters such as cybersurveillance, non-proliferation, and hybrid threats.
Rowland, can you tell us more about your background and experience?
Prior to joining Enea, I held a senior advisory role in Ireland’s Department of Defence. Employed at military headquarters, I dealt with matters including cyber surveillance, proliferation risks, and a host of things that could be grouped together as hybrid threats. Common to all of these are system-level risk and societal impact, which of course require a systemic response. My purpose was to orchestrate that response among National Security stakeholders, which comes down to building exceptional relationships in extraordinary contexts, domestically and internationally.
I first heard of Enea at a time when cyber surveillance and the importance of protecting privacy was becoming of greater interest to me. Mobile signaling stood out as an underserved but systemically important area of cybersecurity. “Nature abhors a vacuum”, yet this space has been occupied largely by threat actors and often missed altogether by defenders from policymakers to practitioners (SOCs and CERTs, for example). The fact that Enea’s technology and experts work very much at the frontier of innovation addressing this deficit globally was a powerful draw for me.
You were invited to contribute as an expert at a hearing of the EU PEGA Committee, set up to investigate the use of Pegasus and equivalent surveillance tools. What insights did you share with the committee at the hearing?
I shared our insight into the world of cyber surveillance being investigated by the Committee.
It is not enough to simply point to a world in peril, but to explain what it means to inhabit such a world. So it was vital for us not just to paint a picture, but to provide a lens through which the Committee could see and understand the relevance of mobile signaling to the issue of cyber surveillance more broadly.
In this context, the best way to convey the threat environment was to explain its ecosystem, first highlighting the historical drivers that have shaped the current environment. This would help the Committee to make sense of our specific insights. For example, the scale of threat actors exploiting leasing arrangements with EU telcos to illicitly gain control of infrastructure, and to understand how this could be done with relative impunity even when so much attention is paid to data protection and user privacy, as well as to cyber threats more broadly.
To quantify the issue for the Committee, I shared two key metrics derived from our intelligence:
1. Today, threat actors exploit access and effective end-use for attack purposes of mobile infrastructure from more than half of EU member states.
2. We observe threat actors to conduct network reconnaissance on a truly global scale which we estimate to impact as much as 70-90% of all operators worldwide in any single instance.
I also emphasised that a deep understanding of the ways attackers exploit signaling today is remarkably lacking on the defender side, despite the familiarity of many with the fact that signaling protocols are vulnerable to manipulation. Indeed, in many ways it is familiarity that proves fatal to innovative thinking on the issue.
Since then, the committee has adopted 8 telecom recommendations to safeguard mobile communications. How do you expect these recommendations to shape telecom security in the future?
These recommendations should help to ensure that mobile telecoms security is finally incorporated into wider cybersecurity efforts underway at a time when Member States are evolving national frameworks to comply with the new NIS 2 Directive. They should help to break the strategic silo that is IT-centric cyber security as a practice. By calling upon all EU MS collectively, the recommendations also align with the harmonisation required towards achieving a “high common level of security”
In terms of what this means for governments, nations, and Critical National Infrastructure, the recommendations highlight a systemic gap in telecom security that persists in between critical infrastructure protection and cyber security frameworks today. Since the called-for measures are focused not only on evaluating resilience however, but also on enhancing it in an informed and measurable way, there are benefits for mobile operators too. Implementing fit-for-purpose protection, which is ultimately what the recommendations seek to bring about, will enable operators to provide measurable assurance to subscribers, and meaningful accountability to state agencies. By improving capabilities, operators will also be better able to contribute to threat and information sharing frameworks like the GSMA’s T-ISAC and the recently announced ‘Tackling Serious Adversaries Through Interconnect Security Improvement’ (TSATSI) programme. Indeed, capability is crucial for these innovative interventions to be successful – I spoke on this topic in more detail at the HardenStance Telecom Threat Intelligence Summit.
You are considered a leading expert in hybrid threats. The continued conflict in Ukraine has shone a light on mobile network-enabled attacks in hybrid warfare, why do you think this is a concern for governments, operators, and regulators around the world?
I think hybrid threats are a concern for any country that recognises the extent to which mobile networks can be exploited below (as well as above) the conventional threshold of warfare in hostile activity by well-resourced and determined adversaries in everything from disinformation to disruption of services. Concern also comes with the mounting realisation that any meaningful level of threat resilience requires not only cross-government cooperation, but cross sectoral coordination, which can take a lot of time and sustained focus on the part of stakeholders to achieve, yet is imperative to pursue. Finally, urgency attaches to such a realisation because, as a gap in defences, you simply cannot move too soon to close it. Ukraine has pre-eminently demonstrated the kind of preparation and sustained effort required in this regard, so successfully in fact that many commentators last year prematurely concluded that Russia’s cyberwarfare must have misfired, where in reality it was met with unprecedented resilience.
Your role at Enea involves enabling governments and operators to protect National Critical Infrastructure. What is critical infrastructure, and why is it insecure?
Critical National Infrastructure comprises the infrastructure essential to the functioning of societies, economies, and countries. It consists of the many systems across different sectors which we all rely on in our daily lives such as transport, energy, health, and financial services. The growing vulnerability of CNI today stems from its ongoing digitalisation wherein the systems, environments, and installations themselves increasingly present reachable attack surfaces for cyber threat actors.
In this ever more interconnected world, telecommunications have been very aptly described by ENISA as the “backbone, the primary infrastructure based on which our society works”(Enisa, 2018). Vulnerabilities in telecom networks implicate the security of our Critical National Infrastructure in an incredibly pervasive way. For example, instances of signaling storms in recent times have left millions of people unable to access emergency call services, disrupted rail services, and even ATM operation– at a stroke impacting banking, transport, and health sectors together. So mobile signaling is clearly an integral part of the threat picture, yet it is often missed in practice. While there are many reasons for this, it comes down to the way regulatory and cybersecurity frameworks have developed historically, and certain path dependencies that have tended to shape the trajectory of resilience to date.
Read more about critical infrastructure and resilience in the EU in this article.
How does Enea help governments and operators protect National Critical Infrastructure?
While critical gaps remain in mobile signaling security for many countries, there is a sea-change underway in efforts worldwide to update regulatory frameworks and implement more robust cybersecurity and CNI protection regimes. Enea can help governments, regulators and operators to ensure that their implementation is effective and that measures adopted are fit-for-purpose so that countries are able to keep pace with the evolution of threats without placing undue burden on stakeholders. Our SIGIL software, for example, takes care of the task of threat hunting and analysing the comparative severity of an attack by alerting the customer to threat events and producing actionable finished intelligence.
Enea is the only vendor to offer a suite of solutions providing truly national protection and assurance for subscribers, operators, regulators and cybersecurity agencies. Enea’s global threat intelligence alone can be a game-changer for cybersecurity stakeholder communities. Visibility after all, is the first line of defence, but the ultimate benefit derives from the combined utilisation of our SIGIL software, Next Generation Signaling Firewalls, and Threat Intelligence Unit (TIU) Support. Through this unique blend of multi-protocol signaling firewalls, global intelligence, and expert signaling analysts, Enea provides the catalyst for national capability to secure society, economy, and state.
Discover more about how Enea protects National Critical Infrastructure here.