Telecom – Critical Infrastructure Risk – Softwarization
In our series of articles on Telecom Risk and Resilience as part of Critical National Infrastructure, we look at the path to softwarization within Telecom.
Telecom resilience, once defined largely by physical infrastructure and well-established failover architectures, can no longer be confined to those parameters. As networks evolve, critical components are increasingly software-based, running on virtualized platforms, commodity hardware, and hybrid cloud environments.
The recent outage at Amazon brought automated processes into focus. The root cause was a race condition in DNS update, in which records were updated and subsequently deleted by 2 automated processes (in this case their DNS Enactor). In this case, like others experienced in telecom, a small error in DNS, Border Gateways or software upgrades has large consequential effects.
Telecom has historically been built on state-developed infrastructure, with an expectation of reliability, dependability, and resilience – at least to a “5 9s” standard. What is changing is the nature of the underlying infrastructure.
As software vendors, we understand that software inevitably encounters issues. Unlike hardware, software’s mean time between failures can vary significantly. In tech, there’s a tolerance—even an expectation—to move fast, innovate, and occasionally break things. But integrating these two worlds—telecom and agile software development—requires both sides to adapt.
Software vendors must evolve to meet ‘telco-grade’ standards. Meanwhile, telecom operators are redefining what ‘telco-grade’ means in a world where architectures are increasingly distributed and diversified. One often-heard principle is that “security must be designed in.” That’s true—but it’s only half the picture. We would also say it has to be designed in, from the operational side, i.e. there must be an understanding of the operational environment in which it functions, the platform it is running on, what data is needed to verify operational integrity and what other checks and probes can be used to secure the environment.
Securing traffic across all planes of the network—control, user, and administrative—is essential. The subscriber data that drives the network must also be secured to preserve the integrity and trust placed in network access by users.
As network resources become more distributed—extending into hybrid and edge architectures—maintaining operational security becomes increasingly complex.
Drawing from Enea’s experience and insights, we focus on the following areas:
- Software and Its Deployment – Lessons learned from DevOps
- Distribution and the Edge – Challenges of decentralization
- Trust, But Verify – Rethinking assumptions in a software-driven world
- Overlaying Security – The right tools, in the right places
These are complex topics in themselves and will not paint a complete picture of security and resilience. The topics are explored in some depth in our detailed ebook “Telecom Networks At Risk: Securing Critical National Infrastructure”
In brief:
Software and deployment
- We look at the need to define and maintain Clear Telco Infrastructure & Security Standards
- Address rolling upgrades for deployed systems and coordinate with virtual infrastructure changes.
- Automating testing and lifecycle management to reduce time to deployment and probability of error.
- Robust data handling strategy for stateful data storage and distribution.
- Performance tuning and Operational environment changes to reduce demands on infrastructure, avoid bottlenecks and make the software easier to manage.
Visibility & The Edge
- Visibility – the role of traffic inspection, device and endpoint identification and observability.
- Threat Detection and Protection – endpoint security, anomaly detection. Firewalling and privilege management.
Trust
- Network & functional segmentation
- Authentication and Monitoring
- The Role of AI and how to train your AI dragon.
Finally, we review the essential tools and where they are needed.
Want to know more?
