Security collaboration key as attack surface grows

Mobile networks have become the foundation of our digital lives, but this brings numerous security challenges as technology complexity grows.

In a wide-ranging interview with Telecoms, Alex Leadbeater, Technical Security Director at the GSMA, discussed how mobile infrastructure’s classification as critical national infrastructure has affected security approaches, the impact of emerging technologies, and defensive strategies the industry is implementing.

Legacy systems present ongoing security challenges

Leadbeater highlighted that while 5G networks were designed with security in mind, legacy systems continue to pose serious challenges.

“If you take it back 20 years ago, mobile technology was in its post-GSM days, relative infancy, pre-Facebook,” reflects Leadbeater. “Move that forward to 2025, we’re in a position where the mobile industry pretty much underpins everybody’s digital life.”

This evolution has brought additional complexity to the ecosystem, creating security constraints that weren’t part of the original design considerations.

“5G is awesome. It is designed to be secure—concepts like ‘zero trust’ and all those sort of good things built into it,” Leadbeater explained. “The challenge is that a lot of the underlying technology we still rely on, like SS7, weren’t really designed for it.”

“If you look at most of 5G’s security weaknesses, they are caused by its interaction with legacy. If you build a greenfield 5G network that is standalone 5G only, it’s pretty good.”

In an ideal world, we’d just switch off problematic legacy systems. However, eliminating such systems is a significant undertaking as many essential services (e.g., smart meters in the UK) still rely on technologies like GSM.

An attack surface that ‘forever gets bigger’

When asked about how emerging technologies like Open RAN, network APIs, and non-terrestrial networks contribute to expanding the attack surface, Leadbeater acknowledged the inevitable growth of potential vulnerabilities.

“Every time we add a technology, we add APIs, we add more AI … it doesn’t really matter what technology is dreamt up next week … the attack surface forever gets bigger,” he stated. “That’s something we’re never going to be able to do much about. It’s the nature of technology.”

However, Leadbeater emphasised that fundamental security principles remain effective despite the expanding technological landscape.

“While the landscape itself gets bigger, so does the number of opportunities and the number of ingress points for attackers to have a go at. However, the fundamental defences and the fundamental security that you use to defend that doesn’t change,” he noted.

He stressed that newer technologies, including Open RAN and network APIs, have been designed with security as a foundational element rather than an afterthought.

“The APIs, at least, have been designed with security in mind. If implemented properly, they are actually quite secure,” Leadbeater said. “The challenge is whether they’re implemented securely.”

Collaborative defence through intelligence sharing

A key strategy highlighted by the GSMA in its recent Mobile Telecommunications Security Landscape 2025 report is the concept of “defensive force multipliers,” particularly through industry-wide threat intelligence sharing.

“A very good example of this is T-ISAC. So the telecoms threat sharing ISAC that GSMA runs brings together around 120 of our members,” Leadbeater explained.

This collaborative approach enables operators to share threat information and develop coordinated responses. Leadbeater cited the industry’s retrospective analysis of the FluBot malware outbreak as an example of how collective intelligence can improve detection capabilities.

“It’s interesting going back into our T-ISAC data. We can see it, the mobile networks weren’t really affected by it because it was hitting sort of end IoT devices, but we can see it in the T-ISAC traffic,” he said.

“One of the things we’ve now got rather better at is looking with the operators collectively and saying, ‘Well, okay, we’ve now got an unknown trend. What is this?’”

The GSMA also facilitates information sharing through its Fraud and Security Group (FASG), which brings together operators and industry third parties to address issues like SMS blasters, SIM farms, and fraudulent activities.

Supply chain security and resilience

On the critical topic of supply chain security, Leadbeater revealed that the GSMA is currently updating its guidance.

“A lot of this comes down, as it says in the report, to the sort of knowing your network, and that extends out to the supply chain itself,” Leadbeater explained. “One approach is to say, ‘I’m going to reduce my supplier dependency by reducing the number of suppliers.’

“The downside to that – as we clearly saw during the COVID period, when some supply chains were disrupted, or in more recent technology failures – is that large numbers of operators, or indeed industries, are being hit because they’ve all picked the same supplier.”

Leadbeater emphasised that the GSMA’s current security control guidelines provide recommendations, with the fundamental advice being to “know your suppliers, ask questions.” He also mentioned the increasing importance of the Software Bill of Materials (SBOM) and the role of GSMA’s Network Equipment Security Assurance Scheme (NESAS).

When discussing resilience against geopolitical conflicts, Leadbeater offered a nuanced perspective on the global nature of telecoms technology.

“It doesn’t really matter where you buy your technology from, in that approximately 30% of it is European, approximately 30% of it is Asian – predominantly Chinese and South Korean – and about the other 30% give or take is US,” he explained.

“The actual fundamental technology, because most of it’s built on things like 3GPP standards, is actually identical. The only difference really between it is the colour of the badge on the front of the equipment and where your kit is supported from.”

This global interdependence means that operators must develop resilience strategies that account for geopolitical realities while ensuring service continuity during natural disasters or other disruptions.

Proactive threat hunting and human factors

The GSMA’s report emphasises the importance of proactive threat hunting, which Leadbeater described as essential to staying ahead of evolving threats.

“Security is always the adage that says, ‘If you test something today and it passes, either you haven’t tried hard enough to make it fail or it will probably fail tomorrow,’” Leadbeater quips. “The general principle is you’re only as good as the last attack you managed to defend against.”

He acknowledged regional regulatory differences that can impact threat detection capabilities, particularly citing privacy directives in Europe that limit the ability to analyse communications content for security signatures compared to other regions.

However, Leadbeater stresses that human factors remain the biggest vulnerability.

“We still see fundamentally that an awful lot of the vulnerabilities and the threats that occurred are human-triggered. They’re people clicking on malware. They’re people being fooled into doing certain things.”

Looking ahead to 6G security

Discussing the future of 6G networks, Leadbeater described the technology as part of a continuous evolution rather than a revolutionary shift.

“6G is not necessarily a step change. So if you look at 5G into 5G advance into 6G, what we’ve really entered in is a continuous technology evolution,” he explained.

While 6G standards are still in early development, Leadbeater identified several security considerations, including API security, AI-hardening, and better integration of satellite communications.

“5G doesn’t treat satellites natively particularly well. They’re a sort of an inconvenient bolt-on to some degree, whereas 6G is likely to treat them far more like a native cell site,” he noted.

Regarding quantum computing threats, Leadbeater stated that “6G is likely to be effectively quantum-safe by design” as it will incorporate NIST’s quantum-safe algorithms from the outset.

Industry collaboration is key

As mobile networks continue to underpin critical infrastructure globally, Leadbeater emphasised that collaborative approaches to security will be essential for addressing evolving threats.

The GSMA is expanding its security focus. This year’s MWC featured the largest security content set that it’s ever had, including a security summit and even an AI hackathon.

Through initiatives like T-ISAC, FASG, and ongoing standards development, the mobile industry is working to strengthen its defensive capabilities while managing the inherent complexity of global telecoms infrastructure.

As Leadbeater concluded, the challenge for the mobile industry is “to not give people opportunities” for attacks through proper security controls and practices, though he acknowledged that, in 2025, the industry is “probably some way away from that.”

See also: US charges 12 Chinese nationals for ‘reckless’ cyberattacks

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: 4g, 5G, 6g, connectivity, cybersecurity, gsm, gsma, LTE, mobile, Networks, quantum computing, report, research, Security, supply chain, telecoms