《CTIA:使频谱政策与网络安全目标保持一致(2023)(英文版)(11页).pdf》由会员分享,可在线阅读,更多相关《CTIA:使频谱政策与网络安全目标保持一致(2023)(英文版)(11页).pdf(11页珍藏版)》请在三个皮匠报告上搜索。
1、 “Trusted Research,Analysis and Insight in IT&Telecom Security”Aligning Spectrum Policy with Cybersecurity Goals By Patrick Donegan,Principal Analyst,HardenStance Sponsored by May 2023 White Paper May 2023|Aligning Spectrum Policy with Cybersecurity Goals 2 Executive Summary Spectrum policy should a
2、ttach more weight to a users incentive and ability to defend Americas wireless networks against high impact cyber-attacks whether they be by nation state adversaries like China or other cyber threat actors.The licensed spectrum model drives high standards,accountability,and a high degree of commonal
3、ity and predictability in the way wireless carriers protect and curate spectrum assets against cyber threats.They have mature operating models for protecting the network as well as for reporting cyber incidents.Exclusive spectrum licensing is best for ensuring that the cybersecurity posture of users
4、 aligns with national cybersecurity and broader national security goals.Balancing spectrum policy for a new American era As the Federal Communications Commission(FCC)and the National Telecommunications and Information Administration(NTIA)deliberate over the release of spectrum in the lower mid-band,
5、competing stakeholders who disagree on many details can nevertheless find themselves agreeing on the need for a“balanced”national spectrum policy.The balance that needs to be struck is across the interests of key stakeholders such as the federal government(civilian and military);business interests w
6、ith a stake in licensed spectrum(e.g.the wireless and aviation sectors)as well as the many commercial and non-commercial users of unlicensed spectrum.At a more granular level,balance is needed to ensure spectrum policy can support several different,even conflicting,macro-policy goals like business i
7、nnovation,GDP growth,public safety,social inclusivity,international competitiveness,carbon footprint reduction,defence and national security.Cybersecurity should be a key factor in spectrum policy One factor that has assumed a lot more importance for upcoming spectrum policy decisions is the sharp c
8、hange in Americas relationship with China.Once centred on partnership,co-dependence and collaboration,the axis of the relationship has shifted to one that is undergoing strategic de-coupling and becoming more adversarial.This has two critical implications for U.S.spectrum policy:There is a higher co
9、st to sub-optimal use of spectrum because it fails to maximize the wireless innovation that is key to the U.S.economy outperforming Chinas.The increasingly adversarial nature of the relationship has triggered a sharp uptick in the severity of cyber-attacks against the U.S and its allies,most notably
10、 by Chinese and Russian threat actors.This poses a heightened national security risk to the confidentiality,integrity and availability of communications used by critical sectors of U.S industry,by other businesses,and indeed by all Americans.Figure 1:Cybersecurity is an Increasingly Important Factor
11、 in Spectrum Policy Source:HardenStance One factor that has assumed a lot more importance for upcoming spectrum policy decisions is the sharp change in Americas relationship with China.May 2023|Aligning Spectrum Policy with Cybersecurity Goals 3 Cybersecurity imperatives for a new era This White Pap
12、er argues that aligning spectrum policy with the cybersecurity imperatives of the next ten years requires that the FCC should prioritise releasing mid-band spectrum as licensed spectrum.In particular it requires that the FCC should ensure Americas wireless operators such as AT&T,Verizon and T-Mobile
13、 have the spectrum they need to enable businesses to capture the innovation and growth potential of 5G and 6G.The paper makes this case by demonstrating that the cybersecurity ecosystem that supports licensed wireless operators is already best in class.Moreover,the way the market in wireless service
14、s is set to evolve will also create two new cybersecurity challenges that licensed wireless operators are uniquely well placed to respond to:The first of these is the further scaling up in the volume and diversity of connected wireless devices,applications and traffic.This is a key factor driving de
15、mand for more spectrum in the first place.But as well as all the upside in terms of growth and innovation,this inevitable trend also has a downside in the form of the extra complexity it creates in telco network operations.The dynamic scaling up of interactions between so many new and different hard
16、ware and software components at such scale will inevitably generate new vulnerabilities in telecom networks,hence new hacking opportunities.The second challenge is the evolving landscape in cyber threats targeting American businesses,critical infrastructure and consumers.Given the evidence of more a
17、udacious attacks carried out by China and other nation state hackers of late(see Figure 3),its reasonable to assume that defending against cyber-attacks could become increasingly challenging,generating risk to the economy and society on an even greater scale than what we have seen in the last couple
18、 of years.There may be an even higher social and economic price to pay for failing to defend the nations critical infrastructure against future cyber-attacks including its telecom networks.Cybersecurity is a critical part of national security The critical question that has to be addressed is therefo
19、re what type of cybersecurity ecosystem is going to protect against these increased risks,which players in the ecosystem are going to lead it,and how?Policy makers need to be confident that spectrum allocation decisions are aligned with ensuring users are properly protected against cyber threats,inc
20、luding from a national security perspective.The rest of this paper describes those cyber threats and why licensed operators are best placed to protect against them.As policy makers seek a balanced approach in the lower mid-band,its worth noting just how unbalanced the current state of spectrum alloc
21、ation is.According to Accenture,the commercial wireless industry currently has access to only 270 MHz or around 5%of lower mid-band spectrum(See Figure 2).By contrast,at around 36%,unlicensed spectrum users have access to more than seven times that amount.Government has access to even more spectrum
22、than unlicensed users.Balance surely requires rebalancing here.Figure 2:3 8.5GHz Spectrum Allocations in The United States by Use Source:Accenture,“Spectrum Allocation in The United States”,2022 Aligning spectrum policy with the cybersecurity requirements of the next ten years requires that the FCC
23、should prioritise releasing mid band spectrum as licensed spectrum.May 2023|Aligning Spectrum Policy with Cybersecurity Goals 4 Increasingly audacious attacks on U.S interests One of the defining trends in cybersecurity over the last three years has been the willingness of advanced cyber threat acto
24、rs to pull off increasingly audacious attacks that impose an increasingly heavy price on their targets,often taking increased risk of escalating hostilities between rival or hostile nation states.Figure 3 cites the three most high profile cyber-attacks to impact U.S interests in the last three years
25、.The first two were on SolarWinds(discovered in December 2020)and Microsoft Hafnium(discovered in March 2021),each of which exposed the confidential data of several thousand corporations and large businesses.The third was on Colonial Pipeline which halted 5,500 miles of pipeline operations on the ea
26、st coast in May 2021,causing major disruption to business and millions of people.All three were carried out during the two-year period before the subsequent further deterioration in relations between the U.S and both China and Russia that was triggered by the twos new“partnership with no limits”and
27、then by Russias invasion of Ukraine.The SolarWinds and Hafnium breaches were attributed to Russian and Chinese nation state threat actors,respectively.Although the Colonial Pipeline hack was attributed to a Russian ransomware gang rather than the Russian state,the impact was nevertheless big enough
28、to merit a“whole of government response”at federal level.Some nation state threat actors are taking more and more risk While there have been no known breaches of the U.S telecom sector whose impact compares with them,these three prominent attacks show the escalating scale of the impact or blast radi
29、us that cyber-attacks can have on the American economy and society.They also indicate a willingness on the part of some nation state threat actors to take more and more risk and inflict more and more damage on their targets.In the case of SolarWinds,Russian state threat actors complied with establis
30、hed cyber espionage norms in so far as they accessed then-unprecedented amounts of data and left it at that.With Hafnium,Chinese state threat actors deviated from these norms by also booby-trapping some victims infrastructure.Leaving an adversarys infrastructure vulnerable to being subsequently dama
31、ged or depleted in this way increased the risk of further escalation in offensive cyber operations between the U.S and China.Figure 3:Real World Cyber-attacks on Telecom and Other Critical Sectors Source:HardenStance With Hafnium,Chinese state threat actors deviated from established cyber espionage
32、norms by also booby-trapping some of the victims infrastructure.May 2023|Aligning Spectrum Policy with Cybersecurity Goals 5 Telecom networks are a prize target for cyber-attacks Americas communications networks are a prime target for cyber-attacks seeking to compromise the confidentiality,integrity
33、 and availability of the services they support.Figure 5 is representative of the daily battles wireless operators fight to maintain the availability of their networks in the face of growing volumes of Distributed Denial of Service(DDoS)attacks.In 2023,the idea that major cyber threat actors have no
34、current interest in breaching Americas telecom networks with greater consequences than weve seen to date or that they will have no such interest in the future simply isnt credible.The ban on Huawei is the most obvious example of U.S policy makers recognizing that its telecom networks are a prime tar
35、get for cyber threats.But as shown below,nation state and other threat actors use many other means besides dropping malware in a domestic telecom vendors software to breach telecom networks around the world.In November 2017,the then Head of the UKs National Cyber Security Centre(NCSC)confirmed that
36、Russian interference in the UK that year“included attacks on the UK media,telecom and energy sector”In July 2019,cybersecurity vendor Cybereason published research on Operation Soft Cell whereby Chinese state threat actors managed to exfiltrate Call Detail Records(CDRs)from a number of telecom opera
37、tors using vulnerabilities in a public facing web server as the strike point for initial entry.In 2020,Lebanese Cedar,a cyber threat group linked to Hezbollah and Iran exploited unpatched Oracle and Atlassian servers to exfiltrate private documents from a number of operators in the Middle East and N
38、orth Africa.These included Vodafone Egypt,Mobily and Etisalat.In September 2021,Chinese state threat actors exfiltrated 4 Gbytes of data from the email servers of Roshan Telecom in Afghanistan.The exfiltration activity spiked at the time of the U.S.troop withdrawal from the country.In February 2022,
39、the fixed and mobile networks of Vodafone Portugal were severely disrupted over four days,arising from a cyber-attack which has yet to be publicly attributed to any specific threat group.Vodafone Portugals Chief Executive,Mrio Vaz,deplored the attackers for“shutting down schools,hospitals,firefighte
40、rs,companies,families the lives of millions of Portuguese”.Wireless technology risk increases markedly as IoT scales up Better device-level security is key to protecting against the risk from billions of wirelessly-connected IoT things.But network layer security is just as critical.Licensed wireless
41、 operators can first secure,and then constantly monitor and manage every single 4G or 5G-connected IoT device in the field.With unlicensed technologies,users can connect insecure as well as insecure devices to their home or enterprise network.Some unlicensed spectrum users monitor and manage their d
42、evices but most dont.The risk is heightened by the increasingly critical role that wireless technologies are taking on.For example,some of the advanced industrial use cases being contemplated with 5G,6G,Wi-Fi 6 and Wi-Fi 7 entail far more business and societal risk than anything weve seen before.Its
43、 no longer just your smartphone,your PC or your wirelessly connected doorbell that are at risk it can be industrial machinery or critical infrastructure.In the examples of attacks on telecom networks cited above,the motive in the first four cases was exposing sensitive information(a breach of confid
44、entiality).In the fifth,it was denying services to millions of users(a breach of availability).As wireless technologies are deployed in advanced industrial use cases,including at remote sites with less robust physical protections,all these risks are in play albeit the consequences of a breach are po
45、tentially much greater.Much closer attention also needs paying to the risk of breaches of integrity,whereby industrial processes can be interfered with by exploiting software vulnerabilities or introducing malware.Nation state and other threat actors use many other means besides dropping malware in
46、a domestic telecom vendors software to successfully breach telecom networks.May 2023|Aligning Spectrum Policy with Cybersecurity Goals 6 How licensed wireless operators do cybersecurity As depicted in the NIST cybersecurity framework in Figure 4,the strength of any networks cybersecurity posture is
47、determined by how well people,technology and processes are coordinated.In line with the first of the five pillars depicted that first means identifying risks and protecting against them.It also requires excellence in detecting and responding when breaches arise.Finally,cybersecurity posture is deter
48、mined by how well an organization can recover from a breach.Ultimately,the security of any network fixed or wireless,licensed or unlicensed is only as good as its weakest link.How wireless operators using licensed spectrum practise cybersecurity is explained below in five sections:commercial incenti
49、ve;security architecture;security operations;collaboration with government and wireless industry peers;and consistency.Its true that with some aspects of a wireless users experience it makes no difference to their cybersecurity whether theyre using licensed or unlicensed spectrum.For example,Android
50、 and iOS deal with malware in exactly the same way,independently of whether it gets onto a device via 5G or Wi-Fi.In an enterprise network,a firewall provides uniform protection against unwanted traffic,independent of access network.The power of a commercial incentive In many other ways,however,the
51、cybersecurity ecosystem curated by licensed wireless operators is unrecognizable from the world of unlicensed spectrum.In the first place the licensed spectrum model is founded on large commercial incentives.In the 30 years since the FCC was first granted its spectrum auction authority,it has raised
52、 over$230 billion.In Auction 107,which made available 5G spectrum in the 3.7 GHz to 3.98 GHz band,the FCC announced in January 2021 that wireless operators had bid$81 billion.Investment on this scale,and the need to generate a return on it,creates a huge incentive for licensed operators to protect t
53、he confidentiality,availability and integrity of their networks on behalf of all their customers who pay for using them.This commercial incentive features front and centre in a wireless operators cybersecurity framework,including the foundational Identify pillar shown in Figure 4.A trillion dollar,s
54、tandards-driven ecosystem Licensed wireless operators derive the fundamentals of their network security architecture from 3GPP,the global standards body responsible for 2G,3G,4G and now 5G standards.Roughly speaking,3GPPs security features map to the second Protect pillar in Figure 4.More than 750 o
55、perators throughout the world leverage 3GPPs security standards to generate more than a trillion dollars in annual revenues according to data from the GSMA.Figure 4:The NIST Cybersecurity Framework Source:HardenStance/NIST Ultimately,the security of any network fixed or wireless,licensed or unlicens
56、ed is only as good as its weakest link.May 2023|Aligning Spectrum Policy with Cybersecurity Goals 7 Foundational security features of the 5G platform Some of the foundational security features of the 5G platform are clearly differentiated:Like all 3GPP technologies,5G is connection-oriented rather t
57、han connectionless.This means that in hand-off scenarios between 5G cell sites,data is only ever transferred once an encrypted connection is established between the two cell sites.That protects against the data being dropped,intercepted or re-routed.In 5G every user session is automatically encrypte
58、d -at home,at work and anywhere in public whilst on the move.5G users dont have to think or worry about installing a VPN and making sure its switched on and up to date.5G operators dont have to worry about large numbers of their users not bothering to use a VPN.Like all prior 3GPP technologies,5G re
59、quires mutual authentication.Devices must authenticate with the network through sophisticated authentication keys.The ability to deny access to non-approved devices at the point of an initial authentication attempt is built in to 5G.In the U.S,licensed wireless operators require that a device must b
60、e certified for use.Uncertified devices that may interfere with the spectrum and the experience of other users are denied access.Encrypting against IMSI catchers and signaling interception 3GPP has a proven track record of delivering a strong cybersecurity roadmap for licensed wireless operators spa
61、nning different generations of the standards.For example for 5G it has further extended encryption into parts of the security architecture where traffic was previously allowed to be in plaintext.With 4G,so-called false base stations or IMSI catchers can potentially be used to capture unencrypted Int
62、ernational Mobile Subscriber Identity(IMSI)numbers over the air and determine whether a target individuals phone is in the immediate area.In 5G,the equivalent of the IMSI is encrypted to prevent that.As captured by a notorious 2016 60 Minutes documentary showing how members of Congress could be all-
63、too-easily spied on,a weakness in 4G standards enabled this by leaving SS7 and Diameter signaling traffic between mobile roaming partners unencrypted.The 5G security standards now encrypt this traffic to prevent that.As well as embedding fixes for the above vulnerabilities in 5G security standards,3
64、GPP has also worked with wireless operators,vendors and other ecosystem partners to develop retrospective fixes for the same problem in older generations of the standards.For example,signaling firewalls are widely available for blocking malicious signaling messages in 2G,3G and 4G roaming traffic.So
65、lutions are also available that detect false base stations or IMSI catchers trying to exploit weaknesses in older 3GPP standards.Spectrum Sharing Models Introduce New Cyber Threat Vectors In cybersecurity,complexity always helps attackers and always hinders defenders.The licensed spectrum model offe
66、rs clear cyber security advantages over complex database-driven shared spectrum mechanisms like the one Citizens Broadband Radio Service(CBRS)uses.To give just one example,the CBRS models dependence on a handful of centralized Spectrum Access System(SAS)databases to coordinate sharing introduces pot
67、ential DDoS attack vectors.Compromised CBRS devices could potentially flood an SAS with communication,hence potentially preventing it from allocating spectrum to users.For 5G,3GPP has further extended encryption into parts of the security architecture where traffic was previously allowed to be in pl
68、aintext.May 2023|Aligning Spectrum Policy with Cybersecurity Goals 8 Network and security operations to curate the wireless network Best practise cybersecurity determines that the second protection pillar of the NIST cybersecurity framework is necessary but not sufficient.In line with so-called Zero
69、 Trust principles,the working assumption has to be that a subset of cyber threats will inevitably penetrate whatever protections are put in place hence no user,device,application or network can be inherently trusted.This is what drives the importance of best-in-class security operations.This monitor
70、s for known and unknown threats in the wireless network with strong detection and response as prescribed by the third and fourth pillars.Licensed wireless operators invest a lot in this kind of network and network security monitoring.Some even tie their operations teams bonuses to specific Key Perfo
71、rmance Indicators(KPIs)like dropped calls.Protecting wireless networks against jamming Two different examples demonstrate the unique capabilities that licensed operators bring to bear in terms of assuring the availability of the wireless network.The first is jamming.From a legal perspective,jamming
72、or blocking of wireless signals in licensed or unlicensed spectrum is illegal under the 1934 Communications Act.From a technical perspective,jamming is also just as easy to carry out in licensed or unlicensed spectrum.In practice,however,the licensed spectrum ecosystem is much better at defending ag
73、ainst jamming.With unlicensed spectrum,any jamming signal is typically dismissed by users as co-channel interference from other users.The user accepts the degradation in service,typically without even being aware that jamming is occurring.The licensed spectrum model is better at defending spectrum a
74、gainst jamming because wireless operators are permanently monitoring it.A sudden change in experience due to a jammer gets flagged up to the operations team as a performance degradation,allowing the operations team to investigate.Ultimately,a licensed wireless operator can work with law enforcement
75、to identify,apprehend and prosecute an offender.Theres no reason an unlicensed spectrum user cant do some or all of these things.Its just that in practice,it tends to be the exception rather than the rule whereas its the rule in the case of the licensed spectrum ecosystem.Certainly,jamming has prese
76、nted a low risk to wireless networks up until now.The coverage zone or number of users that can be impacted is pretty small.Moreover,such motivations have been at least partially deterred by the risk of discovery and prosecution.Two factors have potential to increase risk here,though:The first is ri
77、sing geopolitical tensions.The second is much better coordination of jamming devices or the development of better jamming devices.These factors could potentially combine to foster attacks that block communications across larger coverage areas,requiring a rapid,coordinated response by wireless operat
78、ors and law enforcement.A high level of investment in DDoS protection A second example is what licensed operators do 24/7 to defend users against DDoS attacks.NETSCOUT Systems 2H 2022 Threat Report shows that licensed operators drop 80%100%of high bandwidth attack traffic.They also mitigate 25%of at
79、tacks under 100 Mbit/s.That said,operators only recoup a subset of this cost from customers paying for protection against DDoS attacks that target them directly.The operators shoulder a large portion of the total cost themselves to maintain service availability for all their customers-once again,its
80、 in their interest.Most customers are not even aware of this;they just take it for granted.But this high level of investment is critical to minimizing network and service outages and degradations.If licensed operators only mitigated those DDoS attacks that their customers directly pay them to mitiga
81、te,world-wide media headlines would be pointing at the impacts within hours.Jamming or blocking of wireless signals in licensed or unlicensed spectrum is illegal under the 1934 Communications Act.In practice,however,the licensed spectrum ecosystem is much better at defending against jamming.May 2023
82、|Aligning Spectrum Policy with Cybersecurity Goals 9 Figure 5:A Sharp Uptick in DDoS Attacks on Wireless Networks Throughout the World Source:NETSCOUT 2H 2022,Threat Intelligence Report The last year has seen a particularly marked uptick in the number of DDoS attacks on wireless networks that NETSCO
83、UT has observed.As shown in Figure 5,NETSCOUT reports seeing peaks of more than 5,000 DDoS attacks per day on wireless networks from the end of 2022,up from 2,000 3,000 per day a few months earlier.5G Fixed Wireless Access(FWA)is growing rapidly now,with T-Mobile and Verizon counting two million and
84、 one million customers,respectively,at the end of 2022.An additional risk that has to be managed with FWA,however,is that it exposes the wireless network to the exact same risk of DDoS and other attacks from poorly secured IoT devices in the home that cable and other fixed line ISPs have exposed the
85、ir networks to for years.At least with licensed wireless operators,though,best practise network and security operations are in place and experienced at mitigating this sort of risk.Proven cybersecurity collaboration with government and peers In the U.S.the effectiveness of any licensed wireless oper
86、ators cybersecurity operations is derived in part from its participation in a much broader cybersecurity ecosystem as depicted in Figure 6.This protects the telecom sector itself but also leverages the telecom sector to protect other IT infrastructure,including critical infrastructure.Some relations
87、hips in this ecosystem are hierarchical or top-down.For example,when the FBI obtains the authority for lawful interception,licensed wireless operators have to comply.They have an opportunity to try and shape the final outcome of FCC Notices of Proposed Rule Making,such as recent ones on emergency wi
88、reless alerts and mandatory incident reporting-but when the rules are finalized,they also have to comply.Many of the other relationships depicted,however,are peer to peer or voluntary.For example,licensed wireless operators are key players in the FCCs Communications Security,Reliability,and Interope
89、rability Council(CSRIC),augmenting wireless network security beyond 3GPP standards.They also collaborate in groups such as CTIAs Cyber Security Working Group(CSWG),whose 5G Security Test Bed launched in January 2022.Launched by founding members AT&T,Ericsson,T-Mobile,UScellular,MITRE,and the Univers
90、ity of Maryland,the test bed primarily focuses on verifying the FCCs CSRIC VII recommendations for 5G networks.The effectiveness of any licensed wireless operators cybersecurity operations is derived in part from its participation in a much broader cybersecurity ecosystem.May 2023|Aligning Spectrum
91、Policy with Cybersecurity Goals 10 Figure 6:Close Security Collaboration Between Government and Licensed Wireless Operators Source:HardenStance Led by Director Jen Easterly,CISA is seeking to improve cyber threat intelligence sharing among stakeholders across the government and private sectors.This
92、is widely considered to be in need of significant improvement.Among the various industry Information Sharing and Analysis Centres(ISACs)that come under CISA,however,the Communications Information Sharing and Analysis Centre(Communications ISAC),is well established and widely considered to be among t
93、he most effective.As well as in formal industry fora,wireless industry collaboration in cybersecurity also happens informally on the basis of personal,trusted,networks of peers in the U.S and abroad.In January 2023,the FCC brought forward a new Notice of Proposed Rule Making proposing to update the
94、terms on which telecom operators must report cybersecurity incidents to the authorities.Unlike telecom operators using licensed spectrum,disaggregated networks using unlicensed or shared spectrum are not expected to be in a position to participate in data breach notifications.The licensed wireless i
95、ndustrys response to a 911 hack One example of what the wireless industry can achieve through collaboration in cybersecurity is its response to a notorious incident back in 2016.A teenage hacker,Meetkumar Hiteshbhai Desai,wrote code that caused iPhones to make repeated calls to Public Safety Answeri
96、ng Points(PSAPs).These are the dedicated call centres that respond to 911 calls.Desai then published the code on social media,leading others to also use it as a“prank”.The resulting Telephony Denial of Service(T-DoS)attacks on PSAPs in 12 states risked disruption to 911 services,putting lives at ris
97、k.The wireless industrys response to this incident resulted in a fix for the problem being developed and rolled out by all the major wireless carriers within 24 hours.This type of extensive,systematic,collaboration to achieve common goals,some of which may have major national security implications,i
98、s unique to wireless operators that use licensed spectrum.Consistent security practices across licensed spectrum users Wireless operators using licensed spectrum are driven to abide by norms in cybersecurity architecture and operations that extend well beyond a common baseline of advanced security b
99、aked into all 3GPP compliant hardware and software.The common commercial incentives,the common approach to security operations,the regulatory mandates and peer-to-peer collaboration,mean licensed wireless operators have a lot more in common than differentiates them from a cybersecurity perspective.U
100、nlike telecom operators using licensed spectrum,disaggregated networks using unlicensed or shared spectrum are not expected to be in a position to participate in data breach notifications.May 2023|Aligning Spectrum Policy with Cybersecurity Goals 11 This alignment around common practices and shared
101、objectives between private and government sectors is enormously important from a national security perspective as well as from a broader cybersecurity perspective.Stakeholders are familiar with ways of responding to known cybersecurity incidents and are able to adapt those best practices to new even
102、ts as and when they arise.In this regard,the contrast with the world of unlicensed spectrum couldnt be more stark.Unlicensed spectrum users may use broadly similar technology building blocks and technical architectures.However,the variations in architecture and security operating model are inevitabl
103、y a lot greater from one deployment to the next.Neither the FCC nor any other government agency has anything like the same expectations of unlicensed spectrum holders with respect to collaboration and accountability in areas like cyber incident reporting in the broader national interest.About CTIA C
104、TIA represents the U.S.wireless communications industry.From carriers and equipment manufacturers to mobile app developers and content creators,we bring together a dynamic group of companies that enable consumers to lead a 21st Century connected life.www.ctia.org About HardenStance HardenStance prov
105、ides trusted research,analysis and insight in IT and telecom security.HardenStance is a well-known voice in telecom and enterprise security,a leader in custom cybersecurity research,and a leading publisher of cybersecurity reports and White Papers.HardenStance is also a strong advocate of industry c
106、ollaboration in cybersecurity.HardenStance openly supports the work of key industry associations,organizations and SDOs including NetSecOPEN,AMTSO,OASIS,The Cyber Threat Alliance,MEF,The GSMA,CTIA and ETSI.To learn more visit HardenStance Disclaimer HardenStance Ltd has used its best efforts in coll
107、ecting and preparing this report.HardenStance Ltd does not warrant the accuracy,completeness,currentness,noninfringement,merchantability or fitness for a particular purpose of any material covered by this report.HardenStance Ltd shall not be liable for losses or injury caused in whole or part by Har
108、denStance Ltds negligence or by contingencies beyond HardenStance Ltds control in compiling,preparing or disseminating this report,or for any decision made or action taken by user of this report in reliance on such information,or for any consequential,special,indirect or similar damages(including lo
109、st profits),even if HardenStance Ltd was advised of the possibility of the same.The user of this report agrees that there is zero liability of HardenStance Ltd and its employees arising out of any kind of legal claim(whether in contract,tort or otherwise)arising in relation to the contents of this report.