This blog is by Gerald Reddig from the Networks business of Nokia.
Would you give your credit card to a stranger and tell him or her the PIN? Would you type in your bank account log-in details if you thought somebody was watching? No, I didn’t think so.
You only access password-protected online sites because you are reasonably confident you can do so securely. It’s no exaggeration to say that the future growth of the entire mobile broadband industry rests on people having the confidence to safely use advanced data services without fear of being hacked. If people lose that confidence, our industry will stagnate and even decline catastrophically.
That’s why recent reports of the Heartbleed vulnerability in OpenSSL software were so alarming to many people. OpenSSL encrypts communication between a device and a server and is used by the majority of websites. In fact, half a million sites are thought to have been open to the bug, although nobody knows if there have been any actual losses since intrusion through the flaw is undetectable.
Why is Open Source so critical?
Open Source software is vital to mobile broadband and used widely, enabling rapid technological advances and highly cost-effective products for mobile broadband operators. The success of Open Source is established beyond doubt.
If the Open Source ecosystem were to fail, the use of proprietary software would dominate. Mobile broadband development would be slower, cost much more, be less innovative, and be far less useful to everyone. But it won’t fail because the Open Source community – users, developers, vendors – works collaboratively to contribute to the ecosystem’s evolution and protection.
How are we committed to security in mobile networks?
Nokia is committed to that community and a leader in helping ensure Open Source is air-tight. For example, we recently pledged to help the OpenSSL Project in its fight against future vulnerabilities like Heartbleed by making a substantial financial donation.
We are also the Project’s first Platinum sponsor.
According to Giuseppe Targia, head of end-to-end security for the Networks business of Nokia, “We are strongly committed to enhancing Open Source security and sharing our developments with the community. We already offer our Certificate Management Protocol (CMP) client implementation for integration into the OpenSSL Project’s cryptography library, which is available to the industry. CMP is a security cornerstone of modern LTE networks, and the client implementation provided by Nokia is the only usable out-of-the-box example available under a free and open source license.”
Other examples include our Security Vulnerability Monitoring (SVM) process, which ensures that Nokia customers get the updates and security patches they need to keep their network elements safe from the latest threats emerging in the Open Source world.
Likewise, our Nokia Security Center in Berlin will facilitate an exchange of know-how about telco security and demonstrate end-to-end security for mobile broadband environments.
Common efforts to protect the industry
These efforts and others are being increasingly recognized as vital in helping protect the mobile broadband industry. Red Hat recently gave public thanks to Nokia for revealing an important flaw and including it in the Common Vulnerabilities and Exposures (CVE) directory.
“I am proud to say that our work in this area not only enables us to deliver highly secure solutions that protect mobile operators and their networks from security flaws, but also helps to ensure that Open Source software remains the foundation of a growing and phenomenally successful global mobile broadband industry,” Targia remarks.
We have more to share on our Security web page.
Read other recent blogs by Gerald here:
To share your thoughts on the topic, join the discussion with @NSNtweets using #NokiaNext #telcosecurity #mobilebroadband.