CYBER-SECURED 4G/LTE PMR NETWORKS

Transcription

1 CYBER-SECURED 4G/LTE PMR NETWORKS Guaranteeing mission success with always available and operational network

2 EXECUTIVE SUMMARY The evolution of legacy voice centric PMR networks to 4G/LTE PMR networks is set to deliver safety and operational efficiency improvements to missioncritical organisations. This evolution also opens up the way for new deployment models using dedicated networks, commercial networks or a combination of both. However, open standards and IP technologies, together with the interconnection with other networks, expose 4G/LTE PMR networks to potential cybersecurity threats that can lead to network service outages or compromised data. A mission critical network must always be available; as a result it is fundamental to apply a security by design approach when deploying a 4G/LTE PMR network. This white paper examines the cyber security threats to the LTE core network and the subsequent mitigation techniques. The LTE core network transports all LTE PMR services, and is, as a result, considered the most critical component of a 4G/LTE system. The white paper goes on to outline guidelines to designing a cyber-secured LTE core network and provides examples of security architectures and solutions: Common practices to segregate flows of different logical planes should be enhanced with a multi-tier approach where security is enforced orthogonal to the logical planes in isolated and dedicated tiers, Secured interconnection practices with external networks such as the Internet or LTE networks of roaming partners should be enhanced with specific LTE based security practices to protect the home network against malicious and non-malicious attacks, Anti-DDoS best practices to mitigate one the major cybersecurity threats, Guaranteeing the system is cyber-secured 24/7 by deploying a Threat Management Centre that monitors and prevents threats in real time and ensures the latest cyber-secured measures are quickly implemented for maximum 4G/LTE PMR services availability. Thales is a leader in cybersecurity and a key actor in PMR industry for more than 15 years. Thales is uniquely positioned to support mission-critical organisations in securing their 4G/LTE PMR system to guarantee mission-critical broadband services. 2 _ Cyber-secured 4G/LTE PMR networks

3 TABLE OF CONTENTS EXECUTIVE SUMMARY 2 1 4G/LTE PMR NETWORKS: A NEW SECURITY PARADIGM 4 2 4G/LTE PMR NETWORK: SECURITY BY DESIGN Security Enforcement Points Securing LTE Hosting Platforms Securing Interfaces To Backbone Networks Securing Peering With Roaming Partners Thales Security Design Implementation 9 3 PROTECTING AGAINST DDOS ATTACKS DDoS Attack Trends An Hybrid DDoS Protection Architecture 12 4 KEEPING PACE WITH CYBER THREATS Cyber Security Operations Anti-DDoS Operations 14 5 CONCLUSION 15 GLOSSARY 16 Cyber-secured 4G/LTE PMR networks _ 3

4 1. 4G/LTE PMR NETWORKS: A NEW SECURITY PARADIGM Mission-critical users (namely Public Safety agencies, Defence Forces, Transportation operators, Energy suppliers and Critical Industries) today need 21st century communications capabilities to confront 21st century threats and missions. It is now a fact that legacy voice-centric PMR (Private Mobile Radio) networks will evolve to 4G/LTE (Long Term Evolution) multimedia-centric networks. With 4G/LTE, mission critical users can access real-time voice, high speed data, instant location and video services. 4G/ LTE also makes it possible to quickly integrate new IP-based applications and sensors tailored to users missions. This trend has already started in a number of countries and will continue to grow around the world and within mission-critical organisations in the near future. 4G/LTE PMR systems are based on the commercial 3GPP standard that uses an all-ip architecture. This enables users to benefit more quickly from new capabilities and services. 4G/LTE offers multiple deployment models including dedicated networks, Secured MVNO (Mobile Virtual Network Operators) or a federation of both. Besides, terminals, networks and group communications services are all standardized. Unlike legacy PMR systems that remain siloed, 4G/LTE are naturally interoperable. As terminals, networks and group communication services are all standardized, 4G/LTE can interconnect networks of different organisations to enable transparent roaming of mission-critical users between different partners networks and interoperable communications between users of different organizations. Control Rooms PMR App Servers Own EPC Own EPC Own EPC Own LTE RAN MNO A MNO N Partner EPC Partner LTE RAN Own LTE RAN MNO A MNO N DEDICATED S-MVNO FEDERATED Figure 1-4G/LTE PMR deployment models However, an all-ip architecture also triggers new challenges as it dramatically changes the cybersecurity threat profile of PMR services delivery. The use of open standards and technologies together with the availability of full-featured mobile equipment, expose 4G/LTE PMR infrastructure to new cyber threats with potentially disruptive consequences: service disruption that may endanger lives or service outages in critical operations, data theft or compromised data. Besides, these cyber threats can be non-malicious threats, for example signalling storm, or malicious threats, for example intrusion attempts from a computer installed with specific tools, or DDoS attacks. Mission-critical organisations also have to consider the numerous borders with external networks that may be a source for attacks, namely mobile equipment, radio access network, the Internet, application networks and roaming partner networks (commercial operators and/or other mission-critical organisations). 4 _ Cyber-secured 4G/LTE PMR networks

5 In this context, mission-critical operators must firstly protect the services provided to their end-users by improving the robustness of their infrastructure and protecting core data assets (subscribers database), and secondly, ensure privacy by protecting the communications. Security is not an option for mission-critical networks. It is a fundamental element of the 4G/LTE PMR infrastructure design. Mobile backhaul network Use of protocol vulnerabilities (GTP or SCTP) to attempt service disruption or malicious access Malicious user attempting access to control core elements from IPX Misuse of control elements at roaming partner side can lead to unexpected messages or traffic volume (Non malicious threats) PARTNER S CORE NETWORK INFRASTRUCTURE mme PCRF S/PGW nms Unauthorized access to Management servers can lead to misconfiguration of critical assets Malicious access to critical core elements (eg: HSS) and data modification (eg: K, charging data) Malware modifies the configuration of communication gateway Modification of HSS data can lead to stealing service Intrusion attempts leveraging protocols vulnerabilities or open services Applicative and volume denial of service on gateways Signaling attack from rogue device or malware on Base Station) Mobile backhaul network mme SGW hss LTE MOBILE CORE PCRF PGW PMR Application function Internet Eavesdropping Data Tampering Use of protocol weaknesses (forged GTP messages) to attempt service disruption Figure 2: 4G/LTE PMR network main cyber threats This white paper explores cybersecurity practices to mitigate threats to the LTE core network (aka Evolved Packet Core or EPC) infrastructure. Cyber-secured 4G/LTE PMR networks _ 5

6 2. 4G/LTE PMR NETWORK: SECURITY BY DESIGN Security by design starts with the identification of the 4G/LTE PMR network s security enforcement points. Once these points and related threats are known, specific actions can be taken. 2.1 Security Enforcement Points Five security enforcement points have been identified to achieve the relevant level of security expected for the 4G/ LTE PMR infrastructure. ROAMING INTERFACES PROTECTION CTRL Plane S6a and S9 firewalling to protect homed critical assets USER Plan: S8 traffic inspection Mobile backhaul network PARTNER S CORE NETWORK INFRASTRUCTURE mme PCRF S/PGW Mobile backhaul network 2 4 mme SGW CORE EPC SECURITY Control & Management logical planes segmentation (defence-in-depth) Data assets protection (subs database, charging database) hss 1 nms LTE MOBILE CORE PCRF 5 PGW SECURITY MEDIATION Log collection from security assets Optional: Interworking with Security Operation Centre 3 PMR Application function Internet RAN INTERFACE SECURITY epc mgmt infrastructure protection from RAN network CTRL Plane: SCTP (S1-MME) filtering USER Plane: GTP (S1-U) inspection Data Confidentiality BACKBONE SIDE SECURITY Exposure reduction to external networks User Plane protection Figure 3 - LTE Security Enforcement Points 1 Secured hosting platform leveraging the Defence-in-depth concept to enhance protection of the LTE core network assets. The essential targets are the protection of the Management plane as well as the Control plane. Depending on the context of use and throughput requirements, User Plane may also be considered in order to protect the User Plane assets and user devices. 2 3 Secured interface to external networks for EPC that provides an architectural framework to limit exposure of the LTE infrastructure to external threat agents (i.e. mobile terminal and packet data networks such as the Internet). 4 Secured interfaces to roaming partners to provide protection of IP peering interactions with relevant peering partners (in case of various roaming scenarios). Up to a certain extent, peering partners may be considered as external threat agents. 5 Security Mediation (log management and monitoring) that provides an OSS-level capacity supporting the need to monitor security-relevant activity on the LTE platform through log collection, and aggregation from the various LTE network elements and security building blocks. 6 _ Cyber-secured 4G/LTE PMR networks

7 The following sub-sections detail the cybersecurity measures to mitigate the risks on these enforcement points. 2.2 Securing LTE Hosting Platforms The LTE hosting platform contains the core elements that handle the LTE service. These elements are involved in different logical planes as defined by 3GPP: Management, Control and Data/User logical planes. To guarantee the appropriate level of security for the hosting platform, the security solution must aim at achieving the following objectives: Significantly reduce the attack surface by minimizing the points of exposure to external networks, Implement the defence-in-depth principle as per the best practices in terms of multi-tiers domains implementation, Protect sensitive information: the EPC infrastructure hosts information whose disclosure may compromise organisations and user s privacy, Clear segregation of security planes by using dedicated network interfaces (physical or logical) to ensure that different network planes are used for management, signalling and data connectivity. The purpose of the security design is to protect the critical assets by preventing unfiltered access from an element belonging to the same logical plane. Therefore, in addition to logical planes segregation, relying on VPN (for example using VPRN, Virtual Private Routing Network), a secured EPC infrastructure must be organised in Security Tiers orthogonal to 3GPP logical planes. Each tier responds to specific security requirements. Tiers identification helps at segregating the network equipment as per their functions and the information they are handling. The Presentation tier applies to the security requirements at the perimeter of the EPC, and exposed to external or untrusted networks. The Core tier provides security requirements for the core network components inside the border (e.g. a PGW). The Data tier provides security requirements concerning the access, privacy and confidentiality of sensitive data (e.g. HSS). The Mediation tier provides for security requirements with trusted networks. Traffic segregation ensures that communications only occur between network components that need it, and on the contrary, denies communications between components that do not have such need. Stateful firewalls must be used to ensure the required level of segregation between networks while permitting the required level of connectivity. In addition to the filtering function, Intrusion Detection & Prevention function (IDS/IPS) should be enabled at OAM logical plane as detective and corrective defence mechanisms for both network and application targeted attacks. Those systems work at the network layer by inspecting network traffic and keep systems protected from attacks against vulnerable services, data manipulation attacks on applications, privilege escalation on hosts, multiple failed unauthorized logins, and even access to sensitive data. This is extremely important in locations where an attack can lead to anything from a service outage to the actual loss of sensitive data. Cyber-secured 4G/LTE PMR networks _ 7

8 Criticity: Medium Criticity: major Criticity: high Criticity: major mgmt plane Pres Mgmt Core Mgmt Data Mgmt Med Mgmt Mgmt Traffic Mgmt Traffic Mgmt Traffic Mgmt Traffic user plane control plane Mgmt Traffic Crtl Traffic (SIG) enodeb E2E user traffic (data) Presentation Tier DRA MME Crtl Traffic (SIG) Managemt Traffic (OAM) Crtl Traffic (SIG) SecGW SGW PGW E2E user traffic (data) Core Tier PCRF Crtl Traffic (SIG) Data Tier HSS Crtl Traffic (SIG) One firewall instance as per logical plane to filter traffic and generate security logs Charging Med Traffic (SIG) Mediation tier Figure 4 - Traffic segregation and defence in depth principles 2.3 Securing interfaces to Backbone networks Specifically in the PMR context, the protection of the interfaces to external public networks shall be considered. To this end, Thales Cyber secured PMR network solution includes dedicated security functions to protect the LTE infrastructure by: Mitigating threat impacts by reducing the exposure to external networks, Providing Stateful Filtering for session control and guaranteeing traffic is not malicious, Filtering traffic to prevent incoming connection attempts. These security functions are handled by a specific carrier grade UTM (Unified Threat Management) appliance providing traffic firewalling as well as intrusion detection functions. In addition to the pure security feature, Security UTM Data Plane security functions allow logging that aims at providing relevant network activity information in case of investigation. 2.4 Securing Peering with Roaming Partners 4G/LTE PMR networks will most probably be interconnected with other 4G/LTE networks, either with commercial operators for improved coverage and capacity and/or with other dedicated 4G/LTE PMR networks from other PMR organisations. 3GPP defines dedicated interfaces to manage roaming between several networks; these interfaces are based on Diameter over SCTP for Control plane (LTE interfaces S6a/S9) and GTP for User plane (LTE interface S8). These interfaces are potential open doors to the external networks. The role of the security infrastructure is to guarantee that these interfaces cannot degrade the security level of the home LTE infrastructure. The secured by design 4G/LTE PMR architecture complements specific Diameter control functions handled at DEA/DRA level by inspecting SCTP streams. This approach guarantees protection from network level to application level. User Plane must also be considered for completing security of the PMR core infrastructure. Actually GTP protocol has not been designed with security functions in mind. For this purpose the security solution shall support specific functions to protect the PMR core network from malformed or forged GTP traffic. That includes control of consistency with 3GPP standards as well as inspection of the GTP packets prior to processing by the gateways. 8 _ Cyber-secured 4G/LTE PMR networks

9 2.5 Thales Security Design Implementation In order to provide a Defence in depth protection, firewalls are positioned at the heart of the infrastructure to validate the flows between security tiers as per the traffic matrix and to ensure the content of the packets do not embed malicious applicative information that would cause unexpected effects on the core elements. For this purpose, Thales security solution leverages the virtual capabilities offered by the UTM (Unified Threat Management) appliance where dedicated virtual firewalling instances filter traffic as per security tier level (Presentation, Core, Data, Mediation) in each logical plane in order to guarantee a strong segregation between core elements. As depicted in the diagram below, five firewalling instances are deployed. Security tiers Defence-in-depth ROAMING PARTNER INFRA mme enb P/SGW PCRF Backhaul ROAMING USER plane Firewall instance + IPsec termination ROAMING CTRL plane Firewall instance + IPsec termination S6a/S9 S8 SecGW Assumption: SecGW supports GTP inspection and SCTP firewalling Mgmt Plane Control Plane User Plane NMS Mgmt Core Tier MME DRA/DEA SGW NMS Mgmt Data Tier Data Tier Figure 5 - Security Solution Architecture NMS Mgmt Mediation Tier PCRF HSS Charging Mediation Tier PGW MGMT Plane firewall instance + IPS CTRL Plane firewall instance Firewall instance on SGi interface PMR Application function Internet Cyber-secured 4G/LTE PMR networks _ 9

10 Management Plane Firewall instance CTRL Plane Firewall instance USER Plane Firewall instance ROAMING CTRL Plane Firewall instance ROAMING USER Plane Firewall instance Log Collectors Zoning of OAM plane to prevent from unauthorized traffic between assets belonging to different tiers Network activity log (denied rules) for reporting Intrusion Prevention System to prevent from attack using management protocols Zoning of Control Plane to prevent from unauthorized traffic between assets belonging to different tiers in order to protect critical assets (HSS, PCRF, OCS/ OFCS) SCTP traffic firewalling Network activity log (denied rules) for reporting Exposure reduction to external networks with restriction of network services (Internet, Application networks) to ensure only internal connection request and protect UE to prevent incoming connections requests and therefore protect Evolved Packet Core from backbone attack attempts Network activity log (denied rules) for reporting SCTP traffic firewalling Roaming peers authentication (using IPsec) Network activity log (denied rules) for reporting Encryption of Control traffic exchanged with roaming partners (S6a and S9 traffic) Exposure reduction to Roaming partner infrastructure with restriction of network services GTP Inspection (S8 traffic) Peers Authentication (using IPsec) Encryption of User traffic exchanged with roaming partners (S8 traffic) Network activity log (denied rules) for reporting Dedicated log collector servers that aggregate security log information generated by the security appliances. Then, it allows an efficient central point in case of investigation. These virtual instances are hosted in one or more clusters of carrier grade firewall appliances or based on Virtual Machines as per dimensioning requirements simplifying network design and deployment and ensuring carrier-grade level of availability. 10 _ Cyber-secured 4G/LTE PMR networks

11 3. PROTECTING AGAINST DDOS ATTACKS Since the early 2010s, Distributed Denial of Service (DDoS) attacks have increased exponentially and have become the #1 most costly cybersecurity threats for the on-line industry 1, with the public sector constantly being one of the top three targets along with Finance and Telecommunications Service Providers. Providing dedicated detection and mitigation techniques against DDoS is therefore critical to guarantee the availability of 4G/LTE PMR networks against these types of attacks. Mobile operators on the other hand are still considered medium risk targets. Yet, in 2015, 68% of mobile operators declare they have observed DDoS attacks targeting their mobile users or infrastructure, compared to only 36% in The expansion of LTE network technology and smartphone usage is responsible for this escalation of attacks. 4G/LTE PMR networks should therefore anticipate similar risks and trends. 3.1 DDOS ATTACK TRENDS DDoS attacks can be: Volumetric attacks attempt to consume the available network bandwidth, Protocol attacks go after the connection state tables of network and security equipment such as routers, switches, load balancers, firewalls or IPS/IDS, Application-layer attacks target implementation aspects of an application or service at Layer-7. Volumetric attacks regularly hit the headlines, with volumes now reaching several 100s Gbps. yet this volume increase also hides another less visible trend which is an increase in sophistication, with the majority of attacks being now multi-vector, combining volumetric, protocol and application-layer attacks in a single, coordinated campaign. As illustrated in the figure below 2, governments are - and have always been - amongst the highest risk targets when it comes to DDoS attacks. In 2015, government services were targeted and threatened through various campaigns of both hacktivists and terror groups responding to political climate. Attacks on government sites are not, however, always politically motivated; many attacks are launched so that attackers improve their reputation and/ or publically shame government sites for lacking adequate security. Figure 6 - Radware DDoS ring of fire 1 Source Ponemon Institute, Cost of Cyber Crime Studies, 2012 to Source Radware Global Application & Network Security Report Source Arbor Worldwide Infrastructure Security Report 2015 Cyber-secured 4G/LTE PMR networks _ 11

12 3.2 An hybrid DDoS protection architecture An anti-ddos solution must protect critical networks and services infrastructures from a multi-facetted DDoS threat. This can be achieved thanks to Defence-In-depth principles combining two layers of protection via a hybrid approach: On-Premise Protection provides always-on protection of applications, services and core network infrastructure against protocol and application-layer attacks, Cloud Protection provides on-demand protection against volumetric attacks that may saturate the Internet pipe. Thales cyber security solution implements this hybrid approach based on Radware DDoS protection technology which provides unique capabilities to detect and mitigate attacks within seconds, including zero-day attacks for which no signature is available. Security tiers 24x7 DDoS attack monitoring and mitigation Defence-in-depth Anti-DDoS NMS NMS NMS ROAMING PARTNER INFRA mme PCRF P/SGW Anti-DDoS protection for ROAMING interfaces Mgmt Plane Control Plane Mgmt Core Tier MME Mgmt Data Tier Data Tier Mgmt Mediation Tier PCRF HSS Charging Mediation Tier Anti-DDoS protection to applications network enb Backhaul SecGW User Plane DRA/DEA SGW PGW PMR Application function Internet Anti-DDoS protection for RAN interfaces Anti-DDoS protection for interfaces to public and external networks Figure 7 - Hybrid anti-ddos solution architecture DDoS protection is primarily deployed at Internet Peering sites, as well as with peering partners, hence protecting both the core network infrastructure and critical services (e.g. DNS) from Internet-generated attacks, which today represent the majority of attacks. Additional protection may be considered on the interconnection points with the backhaul network, in order to detect and mitigate potential attacks originating from both backhaul networks operated by 3rd parties, as well as end-user terminals behind the RAN. Regarding this latter risk, the protection strategy will be highly dependent on the policy related to the supply and management of end-user devices (e.g. consumer smart phones vs. purpose-built terminals) and Operating System (e.g. Android OS with security stack vs. closed OS with dedicated applications). 12 _ Cyber-secured 4G/LTE PMR networks

13 4. KEEPING PACE WITH CYBER THREATS 4.1 CyBER SECURITy OPERATIONS In order to ensure that the security mechanisms described above are effective and efficient (and consequently that the 4G/LTE PMR services are always available to the mission-critical users), it is recommended to deploy a centralized capability to monitor threats on a 24x7 basis and measure compliance with the security policy over time. A CSOC - Cybersecurity Operations Centre - solution provides a centralized approach for controlling in real-time the security posture of the core infrastructure. It detects alerts and reports against threats, vulnerabilities and potential attacks or misbehaviours on the entire Information System. Two options can be considered: as Managed Security Services in full out-sourced services or hosted in customer s environment. Anticipate Security Detect & Respond Comply Threat Intelligence Vulnerability Management Security Operations incl. AntiDDoS, Sandboxing, etc. Detect and Analyze Real-Time Incident Detection and Management Support Investigate Log Analysis Forensics and Malware Analysis On-site Investigation Manage Crisis Crisis Management Rapid Response Team Security Policy Deviation Control Log Management Risk Management Figure 8 - Thales Managed Security Services (MSS) complete portfolio Cyber-secured 4G/LTE PMR networks _ 13

14 Proactive Threat Management Real Time Attack Detection and Security Policy Deviation Monitoring Regulatory Compliance and Forensic Support Threat prevention The proactive threat management function proactively assesses vulnerabilities on the assets in order to detect impacted systems and zero-day threats. This provides tools to automatically schedule and control the active or passive scans feeding the asset database. Dashboards and reports provide KPIs, detailed results and remediation information to support our customers action plan. Whatever the infrastructure size and the geographical constraints, the solution collects, aggregates and correlates security events and flows to detect any suspicious or non-compliant activity in a massive amount of security information. This includes: Support for on-going Compliance and Security Policy deviation control through Network Flow and Log analysis. Specific rules are built to trigger the right level of events, Unauthorized user behaviours and configuration issues detection and immediate reporting through generic or user-built dashboards and reports. Regulatory Compliance and Forensic support functions store massive amounts of security related information in usable, lawful compliant formats and supports legal and technical deep security investigations through forensics tools. Visibility and anticipation: the intelligence on cyber-threats Backed by services of the CERT-IST which Thales operates as a member of FIRST and the findings of its CSOC, Thales delivers qualified threat intelligence services that are customized to each customer s context: e-reputation, indicators of compromise (IOC), threats and vulnerabilities evolutions. Risk mitigation: the management of vulnerabilities By integrating cyber-threat intelligence data to its CSOC monitoring process, Thales helps better qualify incidents according to the level of exposure. Ensure compliance Thales services are designed to respond to the strongest requirements, including for Critical Infrastructure Providers. The aim is to be able to bring the right information at the right time to take the most relevant and appropriate decisions. In managed security services, Thales monitors the security of information systems, delivers contextualized information on new threats, and provides our customers the expertise required to quickly solve their incidents. Moreover, Thales delivers the right degree of visibility on risks, security status and business impacts. 4.2 Anti-DDoS operations The Thales CSOC ensures 24x7x365 operations of the anti-ddos solution with the following services: DDoS threat intelligence to maintain an upto-date view of the DDoS threats relevant to the mission-critical organisation, DDoS attack monitoring to ensure 24x7 monitoring and first-level analysis and qualification of DDoS alerts in interaction with the missioncritical organisation, DDoS attack mitigation to launch and follow-up mitigation in cooperation with the mission-critical organisation s security team, including real-time analysis and adaptation of countermeasures to changing attack vectors, DDoS attack reporting to provide monthly reporting on traffic and DDoS attack trends and individual reporting on past attacks, including postmortem analysis and recommendations to improve DDoS protection, DDoS protection change management to manage on-going changes through a structured change management process, and ensure continuous adaptation to the ever-changing customer network and threat landscape. 14 _ Cyber-secured 4G/LTE PMR networks

15 5. CONCLUSION The evolution from legacy PMR networks to 4G/ LTE networks leads to new paradigms in terms of cybersecurity. Open standards and IP-based approaches expose 4G/LTE PMR networks to potential cyber-attacks that can lead to service outages, data theft and compromised data for mission-critical organisations. Taking strict measures to cyber-protect 4G/LTE PMR networks is critical. To this end, Thales has defined a cybersecurity approach that protects the services offered by 4G/ LTE PMR infrastructure and the critical data hosted in the infrastructure, including both control information and the users database. Thales cybersecurity solution is: Modular: security design is adapted to a specific context as per our customer s environment and requirements Scalable: security design based on distributed firewall instances can scale up as per throughput requirements In addition to a security architecture based on bestof-breed firewalling and anti-ddos devices, Thales s LTE cybersecurity solution proposes advanced security managed services for security monitoring. Thales is the only company on the market proposing a global security approach based on network infrastructure protection at the build phase as well as risk prevention, threat detection, mitigation management and, compliance reporting via 24x7 real time security monitoring. Security managed services are complemented with crisis management and remediation services. Managed Security Services as offered by Thales leverage (Computer Emergency Response Team Industry, Services and Tertiary (CERT-IST) providing operators and mission-critical organisations a knowledge base, alerts and response to incidents, from a simple vulnerability of a network to major computer attacks. In conclusion, our customers benefit from Thales s cybersecurity expertise: Dramatically reduce risks of impacts in case of cyber-attacks, Anticipate and pre-empt cybersecurity risks with an acute visibility to detect weaknesses, Meet stringent regulatory requirements to protect against cyber-attacks, Deliver secure mission-critical services continuity with a greater level of end-user confidence in the 4G/LTE PMR network, Conserve a trusted reputation by delivering a more secure service. Thales leverages its fully field-tested methodologies and techniques based on 20 years of experience in the deployment and operation of cybersecurity services. Cyber-secured 4G/LTE PMR networks _ 15

16 GLOSSARY 3GPP CERT-IST CSOC DDoS DNS EPC FIRST GTP HSS IDS IP IPS LTE MME MVNO NTP OCS OFCS PCRF PGW PMR SCTP SGW S-MVNO VPN VPRN Third Generation Partnership Program Computer Emergency Response Team - Industry, Services and Tertiary Cyber Security Operations Centres Distributed Denial of Service Domain Name Server Evolved Packet Core Forum of Incident Response and Security Teams GPRS Tunnelling Protocol Home Subscriber Server Intrusion Detection System Internet Protocol Intrusion Prevention System Long Term Evolution Mobility Management Entity Mobile Virtual Network Operator Network Timing Protocol Online Charging System Offl ine Charging System Policy Control and Rating Function Packet Data Network Gateway Private Mobile Radio Stream Control Transmission Protocol Serving Gateway Secured-MVNO Virtual Private Network Virtual Private Routing Network 16 _ Cyber-secured 4G/LTE PMR networks

17 facebook.com/thalesgroup twitter.com/thalesgroup linkedin.com/company/thales youtube.com/thethalesgroup 06/ / Thales Crédits : Thales, Shutterstock Thales Communications & Security 4 avenue des Louvresses Gennevilliers France Tel: +33(0)