Use Case 2

Secure Identity and Access Management for Telecom Networks Operations

COMPANY INFO: IDENTITY, ACTIVITIES & OBJECTIVES

Orange Romania (ORO) is the largest telecommunications provider of Romania, and part of the Orange Group an international leader in global telecommunications. ORO provides B2B and B2C services to more than 11 milion customers and operates a state-of-the-art 5G Mobile Network, with commercial coverage in 38 cities in Romania. ORO is a trusted provider of B2B services to a large customer base, across business-verticals, and integrates cyber security services, managed networks services, voice and data communications services, and Cloud-EDGE-IoT Continuum Services. ORO’s networks are monitored and operated by dedicated teams working in DevSecOps/DevOps paradigms, with operators having various degrees of privileged access to the network architecture components. In the scope of RECITALS, ORO aims to exploit de resulting platform to a) test and validate an federalized, trusted Identity Access Management capability, b) improve the resilience and security of the DevOps/ DevSecOps processes against insider threats, c) make use of available Threat Intelligence Information to enhance the Security Operations and Network Operations Actionable Intelligence capabilities, d) validate the ambitions of RECITALS through the piloting of a threat scenario involving the unauthorized and unmitigated exploitation of privileged access, to ORO’s production networks, by an inside actor.

EXISTING WORK IN THE DOMAIN OF THE PROJECT

There are readily available, COTS solutions for Identity and Access Management, with the State-Of-The-Art focused on providing Privileged Access Management capabilities. Such capabilities are part of ORO’s operational environment, including the monitoring processes. Such solutions offer a policy-based, static approach to the provision of Identity and Access Management to resources and will suffice for a quasi-static operational environment, in which role changes are infrequent and the evolution of the infrastructure is slow.

A specific threat to the telecom infrastructures is represented by the sheer volume and complexity of the networks in operation. 5G raises the stakes exponentially. In comparison to previous generations of networks, 5G is decentralized and in many places virtualized, creating numerous new potential access points where none existed before. These various access points will require more employees to keep these networks up and running. This adds pressure to the anomaly detection capabilities of such tools, to identify and preserve a “baseline” for normal operations. It is the case that there have been incidents, in the past, where telecommunication providers were victims of malicious actors, exploiting insufficient access management and identity services.

GAPS IN THE MARKET

ORO’s state-of-the-art in Identity and Access Management relies on policy-based solutions and lacks a means of evolving at the same pace as the highly dynamic process of networks transformation, towards 5G and Beyond-5G Paradigms. Furthermore, DevSecOps and DevOps are becoming a default modus operandi for ORO and the SoTA solutions are trailing behind the changes and re-configurations of the processes, teams, and infrastructure. Moreso, there is a gap in the capacity of SoTA to consider complex kill-chains that involve insider threats to production infrastructures, and there is a lack of integration, to the monitoring processes, of Actionable Intelligence sources such as external Threat Intelligence.

RECITALS aims to deliver an enhanced digital identity solution, based on privacy-preserving identity and access management, to support the highly dynamic lifecycle of a DevOps / DevSecOps enabled environment. This will enable a secure operational environment with clearly assigned roles and access privileges to specific identities and will support mitigation actions against insider threats from privileged users with access to core infrastructure. Furthermore, Threat Intelligence information stemming from RECITALS, will be ingested, and consumed through the DevSecOps process in OROSOC, to enable Actionable Intel-based actions against emerging threats to the telecommunications infrastructures.

DATA, DATA MANAGEMENT PROCESSES & DATA TO BE USED IN RECITALS TASKS

Sensitive Data is stored, transported, and shared at SoTA level, in compliance with all national, and international regulations and best-practices at Orange Group Level.

The Cryptography and Anonymization Manager of RECITALS will facilitate threat data sharing to the iSHARE Trust Data Space, a framework which enables the seamless integration of diverse data sources in telecom businesses to enhance data quality and reduce duplication. Threat data will be collected in the validation of the use-case by the RECITALS Core Components and Value-Added Tools, deployed on ORO’s testbed and further processed to derive techniques tactics and procedures (TTPs), and vulnerability data used by malicious actors to circumvent existing cybersecurity controls, and shared to the iSHARE Trust Data Space, as well as EU-CIP Knowledge Hub, a data space acting as a cornerstone of a pan-European ecosystem of CIP/CIR stakeholders. In RECITALS, ORO will provide synthetic data through a testbed readily available to replicate the operational environment of ORO’s commercial Networks. All User data, Infrastructure Data and Control Plane data will be generated in the testbed, in the context of the scenario considered for the Use-Case. ORO will provide Identity data for the SOC/NOC operators, part of the Use-Case Scenario. The RECITALS Core Tools will provide the necessary Identity and Access Control capabilities, to monitor and detect insider threat activities, such as authentication abuse and replay attacks while the Security Manager Layer will provide remediation, response orchestration and non-repudiation to the SOC Teams and Processes.

RECITALS GOALS FOR USE CASE 2

With respect to identity management capability (IAM) of ORO’s Operational Teams, this use-case aims to validate

  1. An adoption of the IAM capability of at least 25% for all administrative workflows of the operational teams accessing Core 5G Infrastructure in the testbed
  2. To increase accuracy of cyberthreats detection and mitigation by at least 20%.
  3. Increase the volume of threat data shared to existing EU Data Spaces by at least 20%
PARTNERS INVOLVED

NKUA, TUD, UPC, PDM, LUH, DCU