The document discusses cybersecurity in the mobile communications industry. It notes that delivering advanced cybersecurity is complex due to a constantly evolving threat landscape. The mobile industry, including carriers, manufacturers, and application providers, work together through organizations like CTIA to provide solutions. All players have a shared economic interest in ensuring an effective cybersecurity system across the entire mobile ecosystem. The document provides an overview of today's mobile cybersecurity landscape and solutions.
This presentation compares the activities of Future Internet Socio Economics and Future Internet Enterprise Systems. Although there are similarities in terms of discussions about neutrality, regulation and rights the drivers are significantly different between consumers (largely focus of FISE) and industry (largely focus on FInES)
This document outlines Professor Matt Warren's presentation on future security research topics. It discusses the development of security research and identifies five current hot topics: malware, mobile technology, cloud security, virtualization/visualization, and privacy/security in social media. Potential areas for future research are identified, such as those relating to national broadband, cloud computing, mobile technology, and health informatics. Smart grid security is provided as a specific example for a potential research project proposal.
1) The document discusses the concept of Cyber 3.0, which uses machine learning and semantic analysis to provide visibility, control, and context for cybersecurity in today's environment of hyperconnectivity, mobility, and big data.
2) Current cybersecurity solutions require human intervention that does not scale to address the speed, volume, and variety of network data.
3) Cyber 3.0 automates processes through machine learning to identify threats and enforce policies faster than human analysts can, providing the intelligence needed to protect critical assets now and in the future.
The document provides an introduction to the Global Internet of Things (IoT). It defines IoT as a system of interconnected computing devices, machines, objects, animals or people that can transfer data over a network without requiring human interaction. It discusses how IoT is the next phase of development after the Internet of computers and mobile phones. The document outlines several key technologies that enable IoT, including RFID, wireless networks, sensors, cloud computing and energy harvesting. It also discusses the architecture, applications, market and impact of digital transformation of IoT.
This document summarizes a two-day cyber security conference held in Brussels, Belgium on May 29-30, 2012. The conference featured briefings from government agencies, militaries, and private sector organizations on assessing and addressing cyber threats to national security networks. It also included workshops on topics such as Chinese cyber warfare, cloud security, and recent cyber security exercises. Over 100 speakers were scheduled from organizations including GCHQ, the EU Commission, US Army, BP, Citibank, and others.
Internet of Things for Next-Generation Public Safety Mobile CommunicationsReza Nourjou, Ph.D.
This document introduces the beamCitizen technology, a mobile communication platform developed by beamSmart Inc. for public safety. It allows citizens, dispatchers, and first responders to share live video, audio, text, photos, and location information. The beamCitizen was tested at the University of Maryland as a pilot program to provide emergency communication among students, faculty, and first responders. It aims to improve emergency response times by connecting people, information, and sensors through an Internet of Things approach.
http://www.ibm.com/smarterplanet/us/en/smart_grid/article/cyber_security.html?cmp=agus_cxosp2gridsec-20100426&cm=c&csr=endsecurity&cr=slideshare&ct=usbrb401&cm_mmc=agus_cxosp2gridsec-20100426-usbrb401-_-c-_-endsecurity-_-slideshare
IBM End-to-End Smart Grid Security Involving IT Security and Enterprise Asset Management
This document discusses security in cloud computing. It begins by outlining the current state of cloud security and several high-profile data breach cases. It then examines some of the key challenges to cloud security, such as insecure interfaces, insider threats, and resource sharing issues. The document compares security in traditional networks versus cloud networks. It also looks at common cloud security controls and an approach based on defense in depth. Finally, it explores security as a service (SaaS) model and its future prospects.
This presentation compares the activities of Future Internet Socio Economics and Future Internet Enterprise Systems. Although there are similarities in terms of discussions about neutrality, regulation and rights the drivers are significantly different between consumers (largely focus of FISE) and industry (largely focus on FInES)
This document outlines Professor Matt Warren's presentation on future security research topics. It discusses the development of security research and identifies five current hot topics: malware, mobile technology, cloud security, virtualization/visualization, and privacy/security in social media. Potential areas for future research are identified, such as those relating to national broadband, cloud computing, mobile technology, and health informatics. Smart grid security is provided as a specific example for a potential research project proposal.
1) The document discusses the concept of Cyber 3.0, which uses machine learning and semantic analysis to provide visibility, control, and context for cybersecurity in today's environment of hyperconnectivity, mobility, and big data.
2) Current cybersecurity solutions require human intervention that does not scale to address the speed, volume, and variety of network data.
3) Cyber 3.0 automates processes through machine learning to identify threats and enforce policies faster than human analysts can, providing the intelligence needed to protect critical assets now and in the future.
The document provides an introduction to the Global Internet of Things (IoT). It defines IoT as a system of interconnected computing devices, machines, objects, animals or people that can transfer data over a network without requiring human interaction. It discusses how IoT is the next phase of development after the Internet of computers and mobile phones. The document outlines several key technologies that enable IoT, including RFID, wireless networks, sensors, cloud computing and energy harvesting. It also discusses the architecture, applications, market and impact of digital transformation of IoT.
This document summarizes a two-day cyber security conference held in Brussels, Belgium on May 29-30, 2012. The conference featured briefings from government agencies, militaries, and private sector organizations on assessing and addressing cyber threats to national security networks. It also included workshops on topics such as Chinese cyber warfare, cloud security, and recent cyber security exercises. Over 100 speakers were scheduled from organizations including GCHQ, the EU Commission, US Army, BP, Citibank, and others.
Internet of Things for Next-Generation Public Safety Mobile CommunicationsReza Nourjou, Ph.D.
This document introduces the beamCitizen technology, a mobile communication platform developed by beamSmart Inc. for public safety. It allows citizens, dispatchers, and first responders to share live video, audio, text, photos, and location information. The beamCitizen was tested at the University of Maryland as a pilot program to provide emergency communication among students, faculty, and first responders. It aims to improve emergency response times by connecting people, information, and sensors through an Internet of Things approach.
http://www.ibm.com/smarterplanet/us/en/smart_grid/article/cyber_security.html?cmp=agus_cxosp2gridsec-20100426&cm=c&csr=endsecurity&cr=slideshare&ct=usbrb401&cm_mmc=agus_cxosp2gridsec-20100426-usbrb401-_-c-_-endsecurity-_-slideshare
IBM End-to-End Smart Grid Security Involving IT Security and Enterprise Asset Management
This document discusses security in cloud computing. It begins by outlining the current state of cloud security and several high-profile data breach cases. It then examines some of the key challenges to cloud security, such as insecure interfaces, insider threats, and resource sharing issues. The document compares security in traditional networks versus cloud networks. It also looks at common cloud security controls and an approach based on defense in depth. Finally, it explores security as a service (SaaS) model and its future prospects.
This document summarizes a presentation on tussles in the future internet given by Burkhard Stiller on behalf of SESERV. It discusses how the future internet ecosystem involves tensions between social and economic interests. A conceptual structure is presented showing how economic and social theories relate to future internet architecture principles. Key societal themes for the future internet are identified, including issues around governance, privacy and participation. Finally, recommendations are made for technology makers, providers and policymakers to better align conflicting stakeholder interests in the future internet.
The document discusses how software companies could learn from the cellular structure of terrorist organizations. It proposes a "Cellular Business Model" where companies are organized into autonomous teams or "cells" that are supported by centralized "pattern units". The goals are to increase agility, speed to market, and profitability while reducing bureaucracy and waste. The model is compared to how terrorist groups like Al-Qaeda operate as decentralized networks of cells.
Manet mobile ad hoc network – challenges, security and protocols-2prjpublications
This document discusses mobile ad hoc networks (MANETs) and related security challenges. It provides an overview of MANETs, including their evolution, characteristics, and architecture. The document then examines key security issues for MANETs, such as vulnerabilities to different types of attacks, including active attacks like packet dropping, modification, and denial of service attacks. It emphasizes that MANETs require new security solutions due to their lack of infrastructure, dynamic topology, and other distinguishing features compared to traditional wired networks. Overall, the document serves to introduce MANETs and outline important security considerations for further research on this topic.
Public safety in a multi media era facilitating incident management responseJack Brown
The document discusses facilitating incident management response through improved situational awareness using multimedia technologies. It describes how situational awareness originally referred to a pilot's tactical awareness but now means comprehending observations through additional context. It argues that public safety systems need to integrate data in real-time to provide responders with a shared operational picture. A geospatial visualization of integrated information sources could help facilitate rapid decision making during incidents.
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)ictseserv
The document summarizes a presentation given at an ITU workshop in Kampala, Uganda on April 2, 2012. The presentation discusses the goal of designing future network technologies with socioeconomic awareness. It proposes a structure for a new ITU recommendation called "Y.FNsocioeconomic" to provide methods for achieving socioeconomic design goals and objectives outlined in another ITU recommendation (Y.3001). One such method discussed is tussle analysis, which involves identifying stakeholders, their potential conflicts (tussles), and how those tussles may evolve as technologies are adopted and configured. Bandwidth sharing is provided as an example case of applying tussle analysis.
This document discusses pervasive computing, which involves embedding microprocessors in everyday objects to allow ubiquitous communication and sharing of digital information. Key points include:
- Pervasive computing aims to make technologies seamlessly integrated into daily life through miniaturized, networked "smart objects".
- It builds upon distributed and mobile computing trends towards constant connectivity anywhere.
- Major challenges include scaling the technology as more devices connect, integrating heterogeneous systems, and ensuring user privacy and interface invisibility.
- Research initiatives like Oxygen, Aura and Cooltown aim to advance this vision of ambient intelligence through objects and environments that are responsive to human needs.
The document discusses how wireless services-oriented networks are transforming airport operations by streamlining processes, lowering costs, and enhancing profitability. It describes how airports are migrating disparate wired networks to a common, interoperable wireless network to improve security, efficiency, and constituent satisfaction. The wireless network allows airports to better manage key areas like security, operations, maintainability, and loyalty programs. [/SUMMARY]
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
The instant and obvious benefits of WiFi have made WLANs a big success
in public, private, and enterprise sectors. Unfortunately, the adoption of
correct security measures for WLANs is lagging far behind the fast pace
at which these networks are being deployed. The presence of WiFi in
most laptops and handhelds, the simplicity of independently installing
WiFi networks, and the ease of exploiting wireless vulnerabilities have
together escalated the risks manifold. Even organizations that do not
own a WLAN are equally at risk.
1) This paper discusses how nanotechnology can impact future wireless devices and communications.
2) Nanotechnology enables new sensing technologies using arrays of tiny sensing elements, as well as new materials for antennas and radios.
3) Nanotechnology may provide solutions to achieve both increased wireless communication speeds and reduced power consumption for mobile devices.
Wireless information management, a reviewAndrew Olsen
This document summarizes a review article about wireless information management. It begins by discussing the growing use of wireless systems in businesses and the challenges that arise in managing information from different wireless devices. It then examines popular wireless systems like BlackBerry and Bluetooth devices. Next, it outlines trends in wireless devices and networks such as the rise of 3G, WiFi, and Bluetooth. It also discusses challenges in securing wireless information and dealing with different standards. Finally, it stresses the importance of information managers preparing strategies to ensure the security, integrity and reliability of corporate information managed through wireless technologies.
The unfortunate reality is that because of the critical nature of the technology and
the services that it provides, the grid becomes a prime target for acts of terrorism and cyberattacks. In January 2008,
a CIA analyst reported that hackers had attacked foreign utilities, turning out the lights in several foreign cities. Even
if the motivation behind a targeted attack on the energy infrastructure is not terror or disruption, the evolving threat
landscape dictates that the potential financial gains of such action can be alluring to the cybercriminal network.
Security model evaluation of 3 g wireless network1 paper presentationRotract CLUB of BSAU
This document provides an overview of security in 3G wireless networks. It discusses the security features of 2G networks like GSM and how they have known vulnerabilities. It then examines the two main 3G standards - UMTS and CDMA2000, pointing out their security improvements over 2G as well as some remaining issues. The document evaluates the 3G security model based on availability, confidentiality and integrity.
This document discusses issues of trust as it relates to technology and society. It covers how trust underlies civilizations and how various technological developments from writing to the internet have both increased and challenged trust over time. It examines specific issues like network security threats, software safety, and privacy of personal data. The document argues that trustworthy systems and practices are important for democratic societies and that European policies need to nurture democratic values in the digital age. It outlines the EU's legal framework around data protection and privacy technology. Finally, it discusses the goals and activities of the RISEPTIS advisory board, which aims to provide guidance on security, privacy, and trustworthiness research and policy challenges.
Cloud-Based Impact for Mobile and Pervasive Environments: A SurveyIOSR Journals
Abstract: Mobile Cloud Computing (MCC) which combines mobile computing and cloud computing, has
become one of the industry buzz words and a major discussion thread in the IT world since 2009. Despite
increasing usage of mobile computing, exploiting its full potential is difficult due to its inherent problems such
as resource scarcity, frequent disconnections, and mobility. MCC integrates the cloud computing into the
mobile environment and overcomes obstacles related to the performance (e.g., battery life,storage, and
bandwidth), environment (e.g., heterogeneity, scalability, and availability), and security (e.g., reliability and
privacy) discussed in mobile computing. As MCC is still at the early stage of development, it is necessary to
grasp a thorough understanding of the technology in order to point out the direction of future research. With
the latter aim, this paper presents a review on the background and principle of MCC, characteristics, recent
research work, and future research trends.
Keywords: Cloud computing, Distributed Computing, Mobile Cloud Computing
Why the Private Sector is Key to Cyber DefenceGareth Niblett
Presentation made at Cyber Defence 2010 (National Security in a Borderless World), in Tallinn, Estonia on 17th May 2010, covering "Why the Private Sector is Key to Cyber Defence".
Research Inventy : International Journal of Engineering and Scienceinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
Raise The Cybersecurity Curtain!
With a clear grasp of systems theory and revelation of pervasive, persistent, and resilient interconnectedness, I set out on the journey to interact with 100 "best of the best" Cybersecurity / Information Security professionals to learn about their own EXPERIENCES and gain INSIGHTS from their personal perspectives.
I was truly blessed to have had a wide variety of insightful conversations with leaders who are serving their organizations at various levels.
I sincerely wanted to expand the impact of the lessons I learned from these interactions by sharing them with Cybersecurity enthusiasts around the globe - people who are paving their own way towards a successful Cybersecurity career.
I hope readers will gain insights into how they can guide their career path to the success they desire and benefit the global security community through their unique contributions.
Operational space of digital (r)evolution requires an instantaneous reaction. Seeking knowledge has brought me far beyond my personal horizons of discernment.
With hope to create and scale globally an inclusive ‘authors-publisher-readers’ circle of wisdom and expertise; with channeled determination to gain understanding by carefully selecting the best information sources (Dis moi où cherche! Mais où?) and reading between the lines, I invited the Cyber Warriors ‘Men and Women on the Arena’ with hope to “Raise the Cybersecurity Curtain”.
A central topic of these thoughts is cybersecurity. A fundamental and delicate question at the heart of my work is: how to inspire readers' thirst for knowledge, for learning.
I hope readers will gain insights into how they can guide their career path to the success they desire and benefit the global security community through their unique contributions.
This document summarizes a research paper on implementing heterogeneous interface mobile nodes in the NS2 network simulator. The paper discusses adding multiple WiFi and WiMAX interfaces to a mobile node individually, and then a heterogeneous interface combining both WiFi and WiMAX. It reviews related work on 4G networks and multiple interfaces. Implementation details are provided on creating homogeneous WiFi and WiMAX interfaces in NS2, including trace file and network animator outputs. Challenges are noted in implementing a heterogeneous interface on a single node due to NS2 limitations. An alternative approach of using separate nodes for each interface is proposed to simulate a mobile node with multiple heterogeneous interfaces.
This document provides a consultant bio for Pegg Nadler. It summarizes her experience and accomplishments in marketing, database marketing, and direct marketing over 30+ years. She is currently president of her own consulting firm, Pegg Nadler Associates, which provides database marketing and direct marketing solutions. Previously, she held database marketing roles at several large companies and non-profits. Pegg Nadler has received numerous honors for her contributions to direct marketing and is involved in several direct marketing organizations.
This document provides a summary of Randy Pausch's time management presentation. The presentation covers several key topics for improving time management, including:
- Clarifying goals and priorities and creating a plan to achieve them
- Managing tasks, paperwork, meetings, and technology more efficiently
- Learning to say no and avoid procrastination
- Effectively delegating tasks to others
- Overcoming common time wasters like interruptions and unnecessary tasks
The presentation provides many specific techniques for each topic, such as using to-do lists, minimizing desk clutter, scheduling phone calls efficiently, and establishing clear deadlines for delegated work. The overall message is that proactively managing one's time through planning and focus
This document summarizes a presentation on tussles in the future internet given by Burkhard Stiller on behalf of SESERV. It discusses how the future internet ecosystem involves tensions between social and economic interests. A conceptual structure is presented showing how economic and social theories relate to future internet architecture principles. Key societal themes for the future internet are identified, including issues around governance, privacy and participation. Finally, recommendations are made for technology makers, providers and policymakers to better align conflicting stakeholder interests in the future internet.
The document discusses how software companies could learn from the cellular structure of terrorist organizations. It proposes a "Cellular Business Model" where companies are organized into autonomous teams or "cells" that are supported by centralized "pattern units". The goals are to increase agility, speed to market, and profitability while reducing bureaucracy and waste. The model is compared to how terrorist groups like Al-Qaeda operate as decentralized networks of cells.
Manet mobile ad hoc network – challenges, security and protocols-2prjpublications
This document discusses mobile ad hoc networks (MANETs) and related security challenges. It provides an overview of MANETs, including their evolution, characteristics, and architecture. The document then examines key security issues for MANETs, such as vulnerabilities to different types of attacks, including active attacks like packet dropping, modification, and denial of service attacks. It emphasizes that MANETs require new security solutions due to their lack of infrastructure, dynamic topology, and other distinguishing features compared to traditional wired networks. Overall, the document serves to introduce MANETs and outline important security considerations for further research on this topic.
Public safety in a multi media era facilitating incident management responseJack Brown
The document discusses facilitating incident management response through improved situational awareness using multimedia technologies. It describes how situational awareness originally referred to a pilot's tactical awareness but now means comprehending observations through additional context. It argues that public safety systems need to integrate data in real-time to provide responders with a shared operational picture. A geospatial visualization of integrated information sources could help facilitate rapid decision making during incidents.
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)ictseserv
The document summarizes a presentation given at an ITU workshop in Kampala, Uganda on April 2, 2012. The presentation discusses the goal of designing future network technologies with socioeconomic awareness. It proposes a structure for a new ITU recommendation called "Y.FNsocioeconomic" to provide methods for achieving socioeconomic design goals and objectives outlined in another ITU recommendation (Y.3001). One such method discussed is tussle analysis, which involves identifying stakeholders, their potential conflicts (tussles), and how those tussles may evolve as technologies are adopted and configured. Bandwidth sharing is provided as an example case of applying tussle analysis.
This document discusses pervasive computing, which involves embedding microprocessors in everyday objects to allow ubiquitous communication and sharing of digital information. Key points include:
- Pervasive computing aims to make technologies seamlessly integrated into daily life through miniaturized, networked "smart objects".
- It builds upon distributed and mobile computing trends towards constant connectivity anywhere.
- Major challenges include scaling the technology as more devices connect, integrating heterogeneous systems, and ensuring user privacy and interface invisibility.
- Research initiatives like Oxygen, Aura and Cooltown aim to advance this vision of ambient intelligence through objects and environments that are responsive to human needs.
The document discusses how wireless services-oriented networks are transforming airport operations by streamlining processes, lowering costs, and enhancing profitability. It describes how airports are migrating disparate wired networks to a common, interoperable wireless network to improve security, efficiency, and constituent satisfaction. The wireless network allows airports to better manage key areas like security, operations, maintainability, and loyalty programs. [/SUMMARY]
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
The instant and obvious benefits of WiFi have made WLANs a big success
in public, private, and enterprise sectors. Unfortunately, the adoption of
correct security measures for WLANs is lagging far behind the fast pace
at which these networks are being deployed. The presence of WiFi in
most laptops and handhelds, the simplicity of independently installing
WiFi networks, and the ease of exploiting wireless vulnerabilities have
together escalated the risks manifold. Even organizations that do not
own a WLAN are equally at risk.
1) This paper discusses how nanotechnology can impact future wireless devices and communications.
2) Nanotechnology enables new sensing technologies using arrays of tiny sensing elements, as well as new materials for antennas and radios.
3) Nanotechnology may provide solutions to achieve both increased wireless communication speeds and reduced power consumption for mobile devices.
Wireless information management, a reviewAndrew Olsen
This document summarizes a review article about wireless information management. It begins by discussing the growing use of wireless systems in businesses and the challenges that arise in managing information from different wireless devices. It then examines popular wireless systems like BlackBerry and Bluetooth devices. Next, it outlines trends in wireless devices and networks such as the rise of 3G, WiFi, and Bluetooth. It also discusses challenges in securing wireless information and dealing with different standards. Finally, it stresses the importance of information managers preparing strategies to ensure the security, integrity and reliability of corporate information managed through wireless technologies.
The unfortunate reality is that because of the critical nature of the technology and
the services that it provides, the grid becomes a prime target for acts of terrorism and cyberattacks. In January 2008,
a CIA analyst reported that hackers had attacked foreign utilities, turning out the lights in several foreign cities. Even
if the motivation behind a targeted attack on the energy infrastructure is not terror or disruption, the evolving threat
landscape dictates that the potential financial gains of such action can be alluring to the cybercriminal network.
Security model evaluation of 3 g wireless network1 paper presentationRotract CLUB of BSAU
This document provides an overview of security in 3G wireless networks. It discusses the security features of 2G networks like GSM and how they have known vulnerabilities. It then examines the two main 3G standards - UMTS and CDMA2000, pointing out their security improvements over 2G as well as some remaining issues. The document evaluates the 3G security model based on availability, confidentiality and integrity.
This document discusses issues of trust as it relates to technology and society. It covers how trust underlies civilizations and how various technological developments from writing to the internet have both increased and challenged trust over time. It examines specific issues like network security threats, software safety, and privacy of personal data. The document argues that trustworthy systems and practices are important for democratic societies and that European policies need to nurture democratic values in the digital age. It outlines the EU's legal framework around data protection and privacy technology. Finally, it discusses the goals and activities of the RISEPTIS advisory board, which aims to provide guidance on security, privacy, and trustworthiness research and policy challenges.
Cloud-Based Impact for Mobile and Pervasive Environments: A SurveyIOSR Journals
Abstract: Mobile Cloud Computing (MCC) which combines mobile computing and cloud computing, has
become one of the industry buzz words and a major discussion thread in the IT world since 2009. Despite
increasing usage of mobile computing, exploiting its full potential is difficult due to its inherent problems such
as resource scarcity, frequent disconnections, and mobility. MCC integrates the cloud computing into the
mobile environment and overcomes obstacles related to the performance (e.g., battery life,storage, and
bandwidth), environment (e.g., heterogeneity, scalability, and availability), and security (e.g., reliability and
privacy) discussed in mobile computing. As MCC is still at the early stage of development, it is necessary to
grasp a thorough understanding of the technology in order to point out the direction of future research. With
the latter aim, this paper presents a review on the background and principle of MCC, characteristics, recent
research work, and future research trends.
Keywords: Cloud computing, Distributed Computing, Mobile Cloud Computing
Why the Private Sector is Key to Cyber DefenceGareth Niblett
Presentation made at Cyber Defence 2010 (National Security in a Borderless World), in Tallinn, Estonia on 17th May 2010, covering "Why the Private Sector is Key to Cyber Defence".
Research Inventy : International Journal of Engineering and Scienceinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
Raise The Cybersecurity Curtain!
With a clear grasp of systems theory and revelation of pervasive, persistent, and resilient interconnectedness, I set out on the journey to interact with 100 "best of the best" Cybersecurity / Information Security professionals to learn about their own EXPERIENCES and gain INSIGHTS from their personal perspectives.
I was truly blessed to have had a wide variety of insightful conversations with leaders who are serving their organizations at various levels.
I sincerely wanted to expand the impact of the lessons I learned from these interactions by sharing them with Cybersecurity enthusiasts around the globe - people who are paving their own way towards a successful Cybersecurity career.
I hope readers will gain insights into how they can guide their career path to the success they desire and benefit the global security community through their unique contributions.
Operational space of digital (r)evolution requires an instantaneous reaction. Seeking knowledge has brought me far beyond my personal horizons of discernment.
With hope to create and scale globally an inclusive ‘authors-publisher-readers’ circle of wisdom and expertise; with channeled determination to gain understanding by carefully selecting the best information sources (Dis moi où cherche! Mais où?) and reading between the lines, I invited the Cyber Warriors ‘Men and Women on the Arena’ with hope to “Raise the Cybersecurity Curtain”.
A central topic of these thoughts is cybersecurity. A fundamental and delicate question at the heart of my work is: how to inspire readers' thirst for knowledge, for learning.
I hope readers will gain insights into how they can guide their career path to the success they desire and benefit the global security community through their unique contributions.
This document summarizes a research paper on implementing heterogeneous interface mobile nodes in the NS2 network simulator. The paper discusses adding multiple WiFi and WiMAX interfaces to a mobile node individually, and then a heterogeneous interface combining both WiFi and WiMAX. It reviews related work on 4G networks and multiple interfaces. Implementation details are provided on creating homogeneous WiFi and WiMAX interfaces in NS2, including trace file and network animator outputs. Challenges are noted in implementing a heterogeneous interface on a single node due to NS2 limitations. An alternative approach of using separate nodes for each interface is proposed to simulate a mobile node with multiple heterogeneous interfaces.
This document provides a consultant bio for Pegg Nadler. It summarizes her experience and accomplishments in marketing, database marketing, and direct marketing over 30+ years. She is currently president of her own consulting firm, Pegg Nadler Associates, which provides database marketing and direct marketing solutions. Previously, she held database marketing roles at several large companies and non-profits. Pegg Nadler has received numerous honors for her contributions to direct marketing and is involved in several direct marketing organizations.
This document provides a summary of Randy Pausch's time management presentation. The presentation covers several key topics for improving time management, including:
- Clarifying goals and priorities and creating a plan to achieve them
- Managing tasks, paperwork, meetings, and technology more efficiently
- Learning to say no and avoid procrastination
- Effectively delegating tasks to others
- Overcoming common time wasters like interruptions and unnecessary tasks
The presentation provides many specific techniques for each topic, such as using to-do lists, minimizing desk clutter, scheduling phone calls efficiently, and establishing clear deadlines for delegated work. The overall message is that proactively managing one's time through planning and focus
How to Leverage Big Data in the Mobile WorldVivastream
Jennifer Veensenmeyer is the Vice President of Digital Analytics at Merkle, Inc. She gave a presentation on mobile analytics covering 7 deadly sins to avoid in mobile analytics, 5 table stakes for effective mobile analytics, examples of using big data in mobile marketing, and 7 cool use cases for applying big data to mobile marketing including location data, multichannel CRM data, ad network data, and social data.
Learn the 4 Essential Requirements, Part 3 of 4, Slides 153-228Vivastream
The document discusses the importance of multichannel marketing integration. It notes that while 93% of marketers use multiple channels, only 27.4% feel their efforts are effective, showing a need for better integration. The key aspects of integration are ensuring the message, media mix, timing, and customer experience are coordinated across channels to provide a consistent, relevant experience for each individual based on their preferences. This helps avoid "integrated multichannel irritation" and increases the chances the customer will remember a brand's message.
This document summarizes the goals and progress of the Mobile Coupon Ad Unit Standards Committee. The committee aims to establish standards for mobile coupon advertising to address the large and growing market for digital and mobile coupons. Key goals include developing guidelines for mobile coupon use cases, creative design, measurement, validation, distribution and testing the standards with industry participants. The committee invites interested parties to get involved by joining working subgroups or providing feedback to help shape the mobile coupon standards.
The document discusses psychology-based marketing and how it can trigger consumers' unconscious minds. It notes that loyalty is declining, with over half of highly loyal customers reducing purchases or defecting within a year. Broken trust is a major reason consumers switch brands. The unconscious mind is driven by emotions like pain avoidance and pleasure seeking. Marketing must appeal to these unconscious triggers to influence behavior. Effective marketing understands how emotions, rewards, packaging and other psychological factors sway irrational decision making.
The Mobile Project. Technology, Standards & ScaleVivastream
This document provides best practices for mobile advertising from Rubicon Project. It discusses keeping calls to action clear and limited, including non-immediate calls to action, keeping videos under 30 seconds, using banner teasers and moderate animation, and leveraging location-based targeting. Specific strategies and case studies are presented to illustrate how these techniques can increase user engagement and advertising metrics.
How Workday went from Good...to Great!: Winning with Big DataVivastream
This document discusses how to use big data and close the loop on customer relationships to improve marketing performance. It emphasizes using multiple data sources and analytics tools to track customers throughout their entire journey and attribute success to specific programs and channels. This allows marketers to identify the most effective programs that generate high-quality leads and increase sales. It also discusses using a validated engagement scoring system to measure individual and company engagement over time in order to personalize experiences and improve conversion rates. The overall message is that integrating customer data and closing the loop on performance metrics provides valuable insights for optimizing marketing programs and sales processes.
The Essential Ingredient for Today's EnterpriseReadWrite
The innovation that comes with the mobile enterprise are immense but problems come with this new world of devices. Namely the huge security concerns that arise. Devices can carry so much important information. How do you control it?
This paper from CIO Custom Solutions Group examines the mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy.
Paper Florencio Cano - Patient data security in a wireless and mobile worldWTHS
1. Mobile devices and wireless networks introduce new security threats to patient data and medical devices in healthcare environments.
2. A risk assessment should be conducted to identify the most critical risks and prioritize security measures. This involves analyzing important information assets, threats, vulnerabilities, and calculating risk levels.
3. Defense in depth with security policies, endpoint security measures, and network security controls at multiple layers is recommended to secure healthcare networks with mobile devices and protect sensitive patient data and medical devices from various threats.
Botnets are evolving in their usage and tactics. Botnet controllers build large profiles on infected users and sell the data. Advanced persistent adversaries query botnet operators to identify already compromised machines belonging to their target organizations. Bad actors borrow techniques from black hat SEO to evade defenses like reputation systems. Research finds targeted attacks may have roots in common botnets, with adversaries paying top dollar for information from botnet operators.
1) Information security is undergoing significant change driven by evolving technology trends and how people use technology. Key trends include the growth of cloud computing, connected devices, data sharing, and new identity and trust models.
2) Over the next decade, information security requirements will be shaped by factors like globalization, regulation, and demographics. Suppliers will need to specialize to meet diverse needs.
3) Organizations require holistic information security approaches considering technology, processes, and people to adapt to threats and remain compliant with changing rules. Proactive strategies can provide competitive advantages over reactive ones.
Harbor Research - Designing Security for the Internet of Things & Smart DevicesHarbor Research
The document discusses the growing security challenges posed by the increasing number of internet-connected devices (the Internet of Things). It notes that while the Internet has enabled widespread connectivity, the underlying architecture is still vulnerable to security issues. The company Mocana has developed a unique approach to networked device security that could provide a foundation for security in an economy powered by trillions of interconnected devices and sensors.
Authentication And Authorization Issues In Mobile Cloud Computing A Case StudyAngie Miller
The document discusses authentication and authorization issues in mobile cloud computing. It presents the mobile cloud computing (MCC) security solution developed and applied by STMicroelectronics. The solution addresses issues like reducing the need to store multiple passwords/usernames for different services and simplifying security policy management. It takes into account the complexity of STMicroelectronics' geographical and organizational structure. The solution and the tools/technologies used are described. Conclusions on the solution are also discussed.
Iain Morton from Tyco Integrated Security, a solution provider at the marcus evans Distribution Technology & Innovation Summit 2013, provides insight on how the industry can prepare for government standards and compliance.
Interview with: Iain Morton, Vice President Canada, Tyco Integrated Security
Mobile technology will transform productivity by connecting technologies through cloud computing. This will reinvent productivity through intelligent networks, ubiquitous collaboration, and people-centric compliance. Intelligent networks will leverage collective power through connected devices. Ubiquitous collaboration addresses changing workforce expectations of mobile communication and collaboration. People-centric compliance focuses on empowering users while maintaining security as new risks arise from mobility.
The document discusses the need for an integrated approach to managing cyber risk across an enterprise. It outlines how cybersecurity involves coordinating policies, people, operations, technology, and managing risks. It provides examples of complex cyber threats including advanced persistent threats from state actors that can go undetected for years. A holistic approach is needed to address the multifaceted cyber threat environment through activities like asset management, planning, compliance, and building resiliency.
Cyber security involves protecting computer systems and networks from criminal activity like fraud, theft, and blackmail. It aims to protect information and property while allowing authorized access. The field is growing due to increased internet connectivity of devices and the need to secure critical systems and infrastructure. Cyber security education covers traditional security topics like cryptography as well as emerging areas like cloud, mobile, and cyber-physical security. Career opportunities in cyber security include security analyst, engineer, architect, and administrator roles.
Security Models in Cellular Wireless NetworksWilliam Chipman
- Wireless networks and cellular networks are increasingly used for sensitive data transfer, raising security concerns.
- There are four main approaches to cellular network security: authentication, authorization, encryption, and physical security. Newer approaches include sandboxing on smartphones.
- As cellular and wireless networks continue integrating, new security risks emerge that require comprehensive security models across both network types.
The wireless industry has baked security into our networks since the beginning, and works diligently to continually update and build on our security capabilities with every generation of wireless. Today’s 4G LTE networks have the most advanced security features to date, and 5G will further improve upon them.
Strengthening Your Network Against Future Incidents with SecurityGenSecurityGen1
Prevention is the cornerstone of a resilient network defense strategy. SecurityGen empowers you to take a proactive stance against potential incidents, fortifying your network against future threats. This segment outlines the proactive defense mechanisms offered by SecurityGen, highlighting how these measures can bolster your network's security posture and provide peace of mind in an ever-evolving digital landscape.
Telecom Resilience: Strengthening Networks through Cybersecurity VigilanceSecurityGen1
The digital age has redefined the way we communicate, relying on a complex network of telecommunications infrastructure to bridge distances and connect individuals, organizations, and nations. However, as the reliance on these interconnected systems grows, so does the potential for cyber threats to disrupt these vital connections. "Telecom Cybersecurity" takes center stage as the safeguarding force that strengthens the resilience of these networks against cyberattacks and breaches
Unleashing the Power of Telecom Network Security.pdfSecurityGen1
Telecommunications networks face increasing security threats as they converge with IT technologies and rely more on virtualization and third party suppliers. This exposes sensitive subscriber data and critical network functions to risk. Regulators have established guidelines for telecom supply chain security, but recent breaches show these risks are not always adequately addressed. MNOs must implement stringent security for new services like 5G roaming to properly inspect, protect, and detect threats across complex interconnections between networks.
O National Security Alliance’s (InSA) Cyber Council, organização norte-americana de inteligência e segurança, publica o primeiro de vários relatórios destinados a ampliar a visão dos tomadores de decisão da indústria e do governo sobre a importância do desenvolvimento de uma “inteligência cibernética”.
The Cisco 2010 Midyear Security Report includes:
* Results and analysis from two new Cisco studies -- one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
* International trends in cyber-security and their potential impact on business
* Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
* An update on global spam trends since late 2009 and spam volume predictions for 2010
* Guidance from Cisco security experts to help businesses improve their enterprise security by 2011
- The document discusses securing the Internet of Things (IoT), where every physical object has a virtual presence and can interact over the Internet.
- Several obstacles stand in the way of fulfilling the IoT vision, including security issues as the Internet and its users are already under attack and constrained IoT devices are vulnerable.
- To implement IoT security successfully, researchers must understand the IoT conceptually, evaluate current Internet security, and develop solutions that can reasonably assure a secure IoT.
The Customer Engagement Roadmap - The Key to Increasing the Value of Your Membership Base
Want to increase your subscription site’s profitability? The Customer Engagement Roadmap will show you how!
This document contains a list of 14 single words, each beginning with a different letter, ranging from A to T. The words include various materials, colors, audio equipment and other nouns. Overall, the document presents an alphabetical listing of short single words from different semantic categories.
This document provides an overview of software quality assurance. It discusses key quality concepts, quality control, the cost of quality, and software quality assurance. It also describes formal technical reviews, statistical quality assurance, software reliability, and the components of a software quality assurance plan. The goal of software quality assurance is to achieve a high-quality software product through standards, reviews, testing, and other quality control measures.
The document describes JEEVA, a mobile application for recognizing, collecting, sharing, surveying, and exploring flora and fauna. The app allows users to take photos of plants and animals and upload them to the system for identification. If the photo is of a new species, the user can start a new section for it. Otherwise, the user can update existing details. The app is intended for academic, conservation, exploration, and nature lovers to study nature. It has features like image recognition of species, location-based species reporting, automatic species notifications, guides and checklists, article writing and sharing, and discussions. Potential users include students, researchers, tourists, Ayurvedic practitioners, conservation organizations, nature lovers
This document provides tutorials for learning Apex programming using the Force.com platform. The tutorials cover topics such as creating custom objects, using the Developer Console, creating sample data, defining classes, Apex language fundamentals like data types and variables, executing transactions, adding triggers, writing unit tests, and integrating Apex with Visualforce. The goal is to provide hands-on exercises to help developers learn the Apex language and how to develop applications using the Force.com platform. Completing the tutorials will equip developers with essential Apex programming skills.
Breaking Up is Hard to Do: Small Businesses’ Love Affair with ChecksVivastream
This document discusses small businesses' reliance on checks and the challenges they face in adopting electronic payments. It notes that small businesses write billions of checks per year at high costs. While checks meet their needs of being easy to use and widely accepted, electronic payments could offer benefits like cost savings and fraud protection. However, small businesses are often too busy with core operations to prioritize alternatives. The document also outlines hurdles small businesses face in using ACH or credit cards, such as navigating bank requirements and understanding fees. It suggests that businesses more open to electronic payments tend to have standardized payment processes or receive remittance data with payments.
Banks see Smart Commerce as a growing threat that could distance them from customers. Smart Commerce is defined as involving digital payment methods that simplify purchases and enriched communication between merchants and consumers using mobile technology. It is driven by demand from both consumers and merchants, and by large profit pools outside of just payments, particularly merchant sales promotions. Many banks believe Smart Commerce will become widespread within two years and pose the main risk of intermediating banks and reducing their relevance in consumer commerce.
This document summarizes key findings from a global consumer banking survey conducted by EY. Some of the main points include:
1. Customer advocacy and trust in their primary banking provider is high, driven largely by positive customer experiences. However, banks still have opportunities to improve certain aspects of the customer experience.
2. Convenience through digital banking channels is important to customers, but mobile banking features still lag online banking. Simplifying fees and communications remains a top priority.
3. Customers are generally satisfied with their primary bank but open to switching for better service or advice. Segmenting customers reveals opportunities for banks to better meet different needs.
4. Banks should focus on making banking simple and clear
This document summarizes the key findings from EY's 2014 Global Consumer Banking Survey. Some of the main points include:
1. Customer trust and advocacy are important drivers of growth for banks. Customers with complete trust in their primary bank are much more likely to recommend them.
2. Customer experience is a key factor influencing trust and advocacy. Customers cited how they are treated and quality of communications as important reasons for trust. Experience also influenced account openings and closings.
3. Banks can improve the customer experience by making banking simple and clear, providing helpful advice, and resolving problems well. Specifically, banks should improve fee transparency, mobile and online banking, and customer service.
Sereno is a fraud detection solution that uses image analysis and multi-source correlation modeling to identify check fraud. It integrates with existing image processing systems and analyzes check images using multiple recognition engines to flag potential fraud. Sereno reduces false positives and focuses analysts on a small number of suspect transactions. It builds databases of check stock and signatures over time to improve accuracy. Sereno provides cost savings through reduced manual review and losses from fraud while allowing banks to expand their fraud detection capabilities.
Orbograph's new Accura XV solution leverages Next Generation Recognition (NGR) Technology to provide virtually 100% check processing performance at the teller. The solution achieves read rates as high as 95% and can attain 100% read rates on small transactions using V100 mode. It provides tangible benefits like reducing data entry costs and recognition errors as well as intangible benefits like highly reliable technology and streamlined processes. Accura XV is the foundation for all of Orbograph's centralized and distributed recognition solutions and services.
Growth in remote deposit capture is driving additional requirements in check recognition. Orbograph provides a scalable check recognition solution for RDC that uses multiple recognition engines to achieve read rates from 90-98%. The solution can identify alterations, validate fields, and ensure image quality to reduce fraud while streamlining the deposit process. Orbograph offers flexible licensing and deployment options to meet the needs of various sized financial institutions supporting desktop, consumer, and mobile RDC.
The document introduces Orbograph's Healthcare Payments Automation Center (HPAC), a cloud-based platform that hosts two services: P2Post for converting paper explanation of benefit forms into electronic files for practice management systems, and E2Post for matching electronic funds transfer payments to remittance advices. By leveraging image processing and recognition technologies, HPAC can convert claims at high volumes while reducing costs up to 60% by eliminating manual data entry and exceptions. The platform provides adaptive onboarding of forms, HIPAA compliance, and guaranteed performance.
The document discusses next generation check recognition technologies that can improve teller image capture (TIC) and remote deposit capture (RDC) workflows. It outlines several business problems with early generation technologies like low read rates, balancing issues, and fraud risks. Next generation technologies aim to solve these by using multi-engine correlation, dynamic thresholding, item verification, and check box detection to achieve near 100% recognition performance and reduce errors. The benefits include cost savings, improved efficiency, customer experience, and reduced fraud.
Orbograph introduces Automation Services and Automation Services LE, innovative recognition solutions that provide up to 40% labor cost savings through high levels of automation and accuracy. Automation Services achieves 98% automation and 99%+ accuracy, while Automation Services LE attains 90% automation with 99% accuracy. Both solutions support various check processing workflows and can be implemented on Orbograph's legacy OrboCAR platform or new G6 Enterprise Recognition Technology platform. Orbograph also offers managed recognition services to continuously monitor performance and ensure solutions meet guaranteed service levels.
Orbograph is a provider of electronic solutions for healthcare revenue cycle management and check processing recognition software. It has over 1,500 financial institution and biller clients that process billions of documents annually using Orbograph's technologies. Orbograph converts paper-based documents like EOBs into electronic files to automate payment data reconciliation and provide reporting tools. It is a subsidiary of Orbotech and was founded in 1996, employing over 50 people who serve the banking, financial, and healthcare industries.
2. Today’s Mobile Cybersecurity:
Protected, Secured & Unified
ExEcutivE Summary
D
elivering advanced cybersecurity in mobile communications may sound simple,
but the reality is a complex, constantly evolving undertaking. The cyberthreat
landscape changes literally by the hour and requires constant vigilance and
innovation throughout the entire U.S. mobile industry - an industry that provides
3.8 million direct and indirect jobs across the nation. It is a constant risk to be managed, where
opposing forces must constantly adapt their strategies and tactics to keep the advantage.
Today’s mobile cybersecurity protections must be flexible and adaptable in the face of
increasingly sophisticated and persistent global threats. Staying ahead of cyberthreats is far
too big of a job for a go-it-alone approach, so the company members of CTIA-The Wireless
Association® are working together to deliver real-world solutions driven by these market
forces.
Self Interests and Shared Interests
Wireless communications players invest hundreds of millions of dollars to enhance
the security of their networks, software, hardware and devices. This means carriers,
manufacturers, applications providers, operating system and platform providers, among
others, pursue unified efforts in addition to independent investments. All share an economic
interest in delivering effective cybersecurity and ensuring the entire interdependent mobile
ecosystem delivers sustained, high-value security for all users.
This paper provides:
A brief overview of the cybersecurity landscape of the mobile communications
industry,
The extent of its interdependence in responding to an environment of rapidly
changing threats,
A summary of the many cybersecurity features and solutions at work today, and
A sampling of the many advanced protections available for device users.
2 3
3. Today’s Mobile Cybersecurity
Cybersecurity Is Everyone’s A Complex Ecosystem:
Shared Goal Understanding the Moving Parts
S W
ecurity is only as good as the weakest link. In addition to hen author Arthur C. Clarke wrote “Any sufficiently
the efforts of the mobile industry, cybersecurity depends advanced technology is indistinguishable from magic,”
on the awareness and daily security practices of consumers he could have been talking about the amazing advances
and end users across business and government enterprises. that cellular, and now mobile, communications have made possible.
Policymakers also play a vital role in working collaboratively with
Although mobile communications have changed our world in so
the industry to encourage and maintain a flexible framework that
Everyone has a stake balances the needs of stakeholders while preserving the industry’s many ways, most of us take it for granted. The complex web of “Any sufficiently
technology that makes this mobile world possible might as well
in maintaining effective ability to stay ahead of cybercriminals and hackers. Everyone has
a stake in maintaining effective cybersecurity across the nation’s be magic. Mobile communications and computing for most of us advanced technology
means a cellphone, smartphone or tablet, and it just “works.” It is a
cybersecurity across mobile communications system.
convenient tool for personal and business communications that is
is indistinguishable
There is great value in policymakers, government entities and as indispensible as it is ubiquitous.
the nation’s mobile the wireless industry working collaboratively on maintaining
from magic.”
However, there is one critical element of this magic where a lack of
communications the strongest and most resilient cybersecurity posture possible. – arthur c. clarke
basic understanding of how mobile networks work is a problem —
The wireless industry looks to policymakers for a flexible and
cybersecurity.
system. collaborative framework, where industry provides policymakers
a “view from the trenches” from the individuals and entities that Similar to everyday precautions such as traffic signs or parental
are fighting the battle every day. The ability to share information controls, it is important for consumers and end users to understand
about cyberthreats and effective countermeasures among industry that certain common safeguards are essential to protect important
players and between industry and government is crucial, as is and personal information. Indeed online privacy and cybersecurity
promoting such information sharing with effective industry liability go hand-in-hand since one cannot have privacy without security.
protections. The mobile industry is in the best position to respond
to the changing threats as demonstrated by the set of mobile Though not well understood by the public, mobile network
cybersecurity solutions available today and outlined in this paper. operators (MNOs) have been focused on cybersecurity since the
Continued flexibility, dynamic and responsive countermeasures earliest days of cellular communications. As a result, the key
from the industry are essential going forward to stay one step components for protecting cellular networks are well established,
ahead of the cybercriminals, hackers and hacktivists that target and form the backbone of the communications systems we rely on
mobile communications. today. The central idea behind protecting networks is to safeguard
the elements that transport information and services, including the
voice, data and video transmissions that are translated into packets
of information.
This cybersecurity backbone that MNOs provide, including network
protection as well as security policies and filters, operate in a
constantly evolving and dynamic 24/7 environment. Deployment
4 5
4. Today’s Mobile Cybersecurity
of next-generation technologies and constant innovation provided
by the advent of the mobile Internet has increased the overall
Today’s
complexity for how end-to-end security is delivered. Investments Wireless
by MNOs have been massive, and the benefits (in the form of
well-protected networks and end users) have been recognized Ecosystem
by continued market growth and penetration rates exceeding
100 percent in the U.S. With this rapid pace of investment and
innovation, the mobile industry has evolved from a simple feature
phone providing voice calls, to smartphones and tablets that connect
users to a wealth of media and information via the Internet. This
significant shift from when the carrier controlled virtually every
aspect of the mobile device to today’s diverse ecosystem represents
a broad and growing collection of industry players investing in
security solutions. However, as more entrants and diverse players
get involved, there are greater and more complex security risks. The
next graphic highlights the complexity of today’s ecosystem and the
corresponding interdependent security needs.
consumers – Generally individuals drawn chipset manufacturers – Entities that develop
from the public and employees of enterprises or and manufacture mobile device integrated circuits.
government agencies that use mobile devices.
Network Service Systems – Entities that
mobile Network Operators – Both facilities- render mobile network related services to mobile
based and virtual network operators that render operators.
mobile services to consumers.
Support Software vendors – Entities that
Device manufacturers – Entities that develop provide mobile network support software such as
and manufacture mobile devices that have the operational support systems, back-office systems
ability to access networks that are provided by and other related software.
mobile network operators.
value added Service Providers – Service
applications marketplaces – Generally aggregators, Wi-Fi hot spot providers and other
available virtual marketplace that provides for platform providers that can render services to
the download of applications to mobile devices, consumers directly or through the mobile network
including Web applications and native applications. operator, often in an OTT scenario.
application Developers – Entities that develop Network Equipment manufacturers –
applications and make them available through the Entities that manufacture network equipment
applications marketplace or through the mobile such as mobile base stations, network routers,
network operators, often in an over-the-top (OTT) switching center infrastructure, transmission
scenario. infrastructure and other network related
technology.
Operating System vendors – Entities that
offer mobile operating systems on mobile devices.
6 7
5. Today’s Mobile Cybersecurity
I
t is simply not possible to “declare victory” on cybersecurity makers would do Y or the applications providers would do Z, we
in this environment; risks must be managed because they would be safe and be 100 percent secure.” There is no “silver
cannot be eliminated. Cybersecurity affects all of us in bullet” solution, regardless of how much money, expertise or effort
direct, quantifiable ways. We may not always appreciate the is dedicated to the cybersecurity challenge. The futility of a single
complexities of how mobile communication is made possible, fix is illustrated in the diagram below, depicting just a few of the
but we know cybersecurity is important. People are conscious of major changes in the mobile environment within the last five years.
it — they know what it is — if only because media coverage of Today, cyber risks can only be successfully managed via constantly
cyberattacks. evolving collaboration, innovation and partnerships between the
many players in the mobile ecosystem, including consumers.
Growing interest in mobile cybersecurity is driven by a combination
Information is the
of media coverage and the continuing explosion of mobile devices
in the marketplace. There are more mobile devices in the U.S. today
Changes in the Environment
than people, and the percentage of smartphone users continues to
currency of the 21st grow dramatically. Currently, more than one-third of the population
carry a smartphone. Analyst firm Frost & Sullivan estimate that
century and the by 2017, 80 percent of all mobile phones in use in the U.S. will be
smartphones, which means more than 200 million smartphones
ability of mobile and tablets.
A
technology to store s we become more reliant on mobile communications,
the need for commensurate and ongoing advances in
and transit information cybersecurity measures becomes clearer. In short, the
more essential and valuable something is, the more attractive
demonstrates the it becomes to criminals as a vector of attack. As reliance upon
technology rises, and consumers and enterprises entrust the
essential importance mobile communications industry with their information, more
investment is necessary to manage the associated security risks.
of the mobile Such investment is exactly what is happening in the mobile
communications communications industry and the information it is entrusted with
by consumers and enterprises. Information is the currency of the
industry. 21st century and the ability of mobile technology to store and
transit information demonstrates the essential importance of the Understanding the Players
mobile communications industry.
While growing more complex and remaining a relatively open W hile familiarity with the mobile ecosystem is important, it
is also necessary to understand the players and how they
interact within the ecosystem. These players include all of the
technology ecosystem, mobile communication are becoming an
increasingly attractive target for attackers. As a result, there can be organizations that bring together the chain of technology assets or
no single fix or single point for delivering cybersecurity. It is not “system of systems” that make mobile communications possible.
possible to say, “If only the carriers could do X, or the equipment
8 9
6. Today’s Mobile Cybersecurity
N
However, the most important players are by far the end users and ext, we explore each of the five segments, the threat
consumers. Why? No matter how comprehensive a cybersecurity landscape and the proactive steps the mobile industry is
apparatus is maintained, consumers and other end users must taking to address the threats through solutions available
ultimately take responsibility for their actions. Users that operate today. Following this, we outline the cybersecurity industry
their devices thoughtlessly, such as downloading applications from solutions available today in the section on Solutions from Industry.
unauthorized locations or clicking on links in emails that wary users
would recognize as suspicious, put their own data and privacy, as 1. Consumers and End Users
I
well as data linked to their work or social lives, at risk. In contrast,
an informed user, exercising a sensible level of caution, can ndustry is working hard, and with growing success, to educate
significantly assist in managing cybersecurity risks. users on how to reduce their cybersecurity risks. Best practices
that the industry recommends for consumers to become security
Five Cornerstones of savvy include:
Mobile Cybersecurity configure Devices to Be more Secure – Smartphones and other
mobile devices have password features that lock the devices on a
M
scheduled basis. After a predetermined period of time of inactivity
obile communications are a complex ecosystem (e.g., one minute, two minutes, etc.) the device requires the
comprised of a broad list of technologies and players correct PIN or password to be entered. Encryption, remote-wipe
integrated into a “system-of-systems” that enables capabilities and - depending on the operating system - anti-virus
the wireless environment that consumers enjoy today. Within this software may also serve to improve security.
ecosystem, security is often addressed in terms of five cornerstone
“caveat Link” – Beware of suspicious links. Do not click on
segments as shown below. links in suspicious emails or text messages as they may lead to
malicious websites.
Exercise caution Downloading apps – Avoid applications from
unauthorized application stores. Some application stores vet apps
so they do not contain malware. Online research on an app before
downloading is often a sound first step.
check Permissions – Check the access (i.e., access to which
segments of your mobile device) that an application requires,
including Web-based applications, browsers and native
applications.
Know your Network – Avoid using unknown Wi-Fi networks
and use public Wi-Fi hot spots sparingly. Hackers can create
“honeypot” Wi-Fi hot spots intended to attract, and subsequently
compromise, mobile devices. Similarly, they troll public Wi-Fi spots
looking for unsecured devices. If you have Wi-Fi at home, enable
encryption.
10 11
7. Today’s Mobile Cybersecurity
Don’t Publish your mobile Phone Number – Posting your 3. Network-Based Security Policies
mobile phone number on a public website can make it a target for
software programs that crawl the Web collecting phone numbers From a consumer perspective, network operators provide a wealth
that may later receive spam, if not outright phishing attacks. of tools that can be used to provide improved security and data
protection for information that resides on the smartphone or tablet.
use your mobile Device as it Was Setup – Some people
Such tools include device management capabilities, firewalls and
use third-party firmware to override settings on their mobile
devices (e.g., enabling them to switch service providers). Such other network-based functionality. These tools give consumers the
“jailbreaking” or “rooting” can result in malware or malicious power to protect their information, but network service providers Good security
code infecting the mobile devices. cannot dictate security policies for consumers to follow. However,
service providers provide a wealth of consumer educational begins with good
These are only a few of the strategies and resources available from materials and practices for enhanced security protection.
the industry, but the bottom line is that users play an important role network policies.
in protecting their devices, especially what they download and links From an enterprise workplace perspective, the most important
All computers, they click on. Consumers benefit the best from cybersecurity when element of security is network-based policy. Good security
they are aware of the variety of security options that are a part of begins with good network policies. An ill-defined, inconsistent
including mobile their mobile devices. (See more Cybersafety Tips in the Appendix.) or unenforced set of security policies guarantees poor security.
devices, need to be The challenge for businesses is that, due to the increasing bring
2. Devices your own device (BYOD) dynamic — when people use their
secured to prevent personal mobile devices for work purposes such as sending and
Today’s mobile devices are miniature computers. In addition to receiving email or managing documents — information technology
intrusion. these truly “smart” phones, there is a growing variety of devices departments need to be able to take control of corporate
such as tablets and netbook computers that include wireless applications and all relevant data deployed on these devices. Many
connectivity. These new mobile devices are more advanced than chose to do so by employing mobile device management (MDM)
those sold even five years ago. All computers, including mobile systems that serve to enforce company related security policies for
devices, need to be secured to prevent intrusion. Applications mobile devices.
downloaded from questionable, or even legitimate sites, can record
information typed onto the device (e.g., bank account numbers, 4. Authentication and Control
passwords and PINs), read data stored on the device (including
A
emails, attachments, text messages, credit card numbers and lost, unlocked smartphone with pre-programmed access
login/password combinations to corporate intranets); and record to a bank account or a corporate intranet can cause
conversations (not only telephone calls) within earshot of the incalculable damage. Authentication control is the process
phone. A malicious application or malware can transmit any of of determining if a user is authorized to access information stored
this information to hackers (including those in foreign countries) on the device or over a network connection.
who then use the information for nefarious and criminal purposes,
Authentication is the mechanism that requires the user to enter
such as transferring money out of bank accounts and conducting
credentials based on such things as a password or PIN, and, in the
corporate espionage. The Mobile Cybersecurity: Five Cornerstones
case of an enterprise, based on the organization’s policy settings
figure on page 10 highlights some of the protections that are
and active directory database. In some instances, multi-factor
available today for consumers and end users of mobile.
authentication is used to protect very sensitive data, comprising
12 13
8. Today’s Mobile Cybersecurity
two or more of the following classic requirements: multitude of network options available in the marketplace. Data
center operators are responsible for the management and security
Something the user knows (PIN, password, secret) of both physical and virtual assets, as well as the implementation
Something the user has (physical token, smartcard, mobile device) of organizational security and compliance policies.
Something the user is (biometric data such as a fingerprint, retina internet Backbone — The Internet backbone is comprised of
scan or photo recognition) the principal data routes between large telecommunications
networks and core routers. These data routes are operated by a
As an example, this is especially helpful for anyone who wants mix of primarily commercial (i.e., private sector) operators, and for
to access banking information on a website using an unsecured certain purposes, government agencies and academic institutions.
An ill-defined, terminal location, such as at a coffee shop with a Wi-Fi hot spot. In the private sector, Internet services providers (ISPs) deliver
Internet exchange traffic (i.e., email and Web content) via privately
inconsistent or 5. Cloud, Networks and Services negotiated interconnection agreements.
N
unenforced set of etworks deliver many of the applications and services that core Network — The core network forms a “bridge” between the
consumers enjoy today. As illustrated, the complex security Internet backbone and the next step in the chain, access networks.
security policies solutions the industry provides encompass multiple types One of the main functions of core networks is to route phone calls
of network access connections: the cloud, the Internet backbone, across the public switched telephone network (PSTN). Among the
guarantees poor core network and access network connections. technologies used in core and backbone facilities are data link layer
and network layer technologies.
security. The Cloud allows public and private sector consumers to use
applications and information in a remote data center, where large access Network — The access network connects users to their
clusters of systems work in parallel to process and store data. immediate service provider. The access network refers to the
Consumers directly access cloud services over the Internet. In series of wires, cables and equipment lying between the point at
traditional computing, most of the data and software needed to which a telephone connection reaches the customer and the local
carry out specific functions resides on individual machines, which telephone exchange. In mobile communications, this definition
are operated by their respective users. has expanded to include wireless base stations, which comprise
the Radio Access Network (RAN) and Wi-Fi access points, which
The complex security solutions that the industry provides in are often the end users first touch point to a network. With the
the figure shown on page 10 (Five Cornerstones of Mobile advent of 4G technologies (i.e., HSPA+, WiMAX, LTE), the edge
Cybersecurity) encompass multiple types of network hosting of a mobile operator’s IP network now extends all the way out to
and transmission points, including data centers. These centers the base station itself, blurring the line of responsibility between
are large-scale warehouse environments that hosts thousands traditional core and access networks.
of network servers, which either function independently or are
interconnected by parallel hosting and processing software (cloud
computing software), to complete complex computing functions.
Data centers are a core element of the Internet backbone, as
they host the web pages and web-enabled software/applications
that consumers utilize when they access the Internet through the
14 15
9. Today’s Mobile Cybersecurity
Solutions from Industry: Ongoing Monitoring and Vulnerability Scans
Vulnerability scans through software and other means
Expanding Cybersecurity Defenses constantly analyze computers, computer systems, networks and
C
applications for signs of trouble. While specifics among different
ybersecurity is vital for every player in the wireless
types of scans vary, the common thread is to assess the threats
communications ecosystem. Since its inception, the
and vulnerabilities present in targets in real time. Quite simply,
industry has invested billions of dollars in the ongoing
stop the problem before it happens.
development of cybersecurity resources. For the
constituent parts of the wireless industry — including carriers,
Monitor and Reporting on Malware and Cyberthreats Profiles
equipment makers, operating systems, applications providers and
others — delivering advanced cybersecurity and staying ahead of Effective multi-layered protection, in the cloud, at the Internet
the bad guys is both a defensive and offensive strategy. gateway, across network servers and on devices, is underpinned
by an ability to monitor, report and act upon malware via the
Yes, delivering advanced security is a defensive necessity for maintenance of a robust cyberthreats profile.
maintaining operations, but it’s also a tremendous offensive asset
as a competitive differentiator and overall engine for growth. The Industry Cooperation through CTIA’s Cybersecurity Working Group (CSWG)
wireless communications industry is incredibly diverse, but a
An illustration of the kind of security-enhancing cooperation that
common thread across inhabitants of the sector is its elemental
takes place across the mobile communications industry is CTIA’s
focus on security — and not just what comprises security today, but
Cybersecurity Working Group (CSWG), which is comprised of
what will be required for tomorrow and beyond.
experienced senior representatives from leading companies, including:
The list below provides a useful sampling of the comprehensive Alcatel-Lucent Ericsson Sprint
assets and cybersecurity solutions available today to protect
Asurion HTC Sybase
devices and networks.
AT&T Microsoft Symantec
Carolina West Wireless Motorola Mobility Syniverse
What Industry Does to Secure Its Services
Cavalier Wireless Nex-Tech Wireless TCS
Cellcom Nokia T-Mobile USA
Security Policies & Risk Management
CellularOne NSN U.S. Cellular
Security policy development and risk management for wireless
of Northeast Arizona P3 Communications Verizon Wireless
communications is very nearly an industry unto itself. Today,
CETECOM Qualcomm
all the players have efforts to address security policies and risk
management that include: defined and documented security Cisco Samsung
policies, ongoing security scans of the threat environment,
security assessments and many more risk management efforts to
Meeting on quarterly basis, with informal communications happening
on a much more frequent basis, CTIA’s CSWG is just one example of
safeguard the products and services the industry provides.
providers within the mobile communications industry working together for
Security Technology and Standards a shared goal: delivering advanced cybersecurity for all users.
There is a broad landscape of security standards that increase
security levels. Combining general guidelines with specific directives
for achieving certain standards is also common across the industry.
16 17
10. Today’s Mobile Cybersecurity
Cybersecurity Solutions for Consumers 4. Remote Wipe of Mobile Device
and Enterprises and Consumer Education There are applications available for end users to erase all data
W
from devices that are presumed lost or stolen. There are even
hile the industry has done a great deal to secure its
capabilities where a selective wipe can remove all work-related
services, it has also heavily invested in solutions
data, while retaining the personal data.
that offer protection and security for consumers and
enterprises. These solutions are generally available
throughout the mobile ecosystem and, as described below, offer 5. Anti-Malware/Anti-Virus Software
a more complete picture of what is available today. The industry
Depending on the device’s operating system, anti-malware
also works to educate consumers about the available solutions
and anti-virus software may be available to prevent, detect and
as evidenced by the CTIA Cybersafety Tips in the Appendix. The
remove malware of all descriptions, including: viruses, malware,
The industry also solutions offer protections that consumers can avail themselves of
adware, backdoors, malicious apps, dialers, fraud tools, hijackers,
based on their unique needs and requirements.
works to educate keyloggers, malicious layered service providers (LSPs), rootkits,
spyware, Trojan horses and worms.
1. Lost or Stolen Smartphone Database
consumers about the (EIR – Equipment Identity Register)
6. MDM Policy Management
available solutions A nationwide database, built and maintained by wireless
Given the increasing number of wireless devices used within
companies, prevents smartphones reported as lost or stolen from
as evidenced by the being activated for voice and data services on a carrier’s network.
organizations, mobile device management (MDM) is a crucial
discipline for enterprise and government IT departments. MDM
CTIA Cybersafety The idea is to reduce, if not eliminate, device theft by making it
software secures, monitors, manages and supports mobile devices.
impossible to use a stolen smartphone.
It is fueled by a tight coordination between security policies and
Tips in the Appendix. operations. The measures that organizations take to implement
2. Password Mobile Device Lock mobile device security tend to focus on ensuring that devices are
configured to match corporate policy. Examples include: requiring
All devices have the ability to require a password or passcode in
devices to be protected by a compliant password before a device
order to access the device. Unfortunately, not everyone uses them
can interact with an enterprise server for functions such as email;
or often the feature is turned off by the user. Wireless players
ensuring the information on the devices can be wiped remotely;
have made significant progress in educating consumers and end
and enforcing strict policies on downloading of applications to
users to utilize password protection. Additionally, new features like
require or prevent specific applications on the devices.
minimum password length and password complexity requirements
add an extra measure of security.
3. Remote Lock of Mobile Device
Users can remotely lock their smartphones in the event the devices
are lost or are unattended. Also, if users misplace their phones they
can activate a remote ring that produces a tone, even if the sound
on the device is turned off.
18 19
11. Today’s Mobile Cybersecurity
7.Encryption Data at Rest 9. VPNs
(e.g., FIPS140-2)
A virtual private network (VPN) is a technology for using the mobile
A variety of encryption mechanisms and standards exist within Internet or another intermediate network to connect computers
the mobile industry to support encryption of data that resides to isolated remote computer networks that would otherwise be
locally on a mobile device. Encryption transforms information inaccessible. A VPN provides security so that traffic sent through
using an algorithm to make it unreadable to anyone except those the VPN connection stays isolated from other devices on the
possessing the correct login or key information. An example of an intermediate network. VPNs can connect individual users to a
encryption standard is the Federal Information Processing Standard remote network, application or multiple networks. VPNs typically
140-2 (FIPS 140-2), which sets out U.S. government requirements require remote access to be authenticated and make use of
that IT products should meet for sensitive, but unclassified (SBU) encryption techniques to prevent disclosure of private information.
use. It defines the security requirements that must be satisfied
by a cryptographic module used in a security system protecting 10. Secure Email Solutions
unclassified information within IT systems. FIPS 140-2 is published
by the National Institute of Standards and Technology (NIST). Secure email uses encryption to protect email messages from
eavesdropping or mistaken recipients. There are a variety of
proprietary solutions as well for secure email access.
8. Encryption Data in Transit
(e.g., 3GPP standards)
11. Parental Controls
Encryption is also used to protect data in transit as it moves
from the mobile device to the mobile network, for instance, Mobile devices help children and parents stay in touch and
e-commerce data being transferred over smartphones and tablets. bring new levels of safety and peace of mind for families, but as
The mobile industry relies upon standards that are defined appropriate, parents also want to be able to monitor and manage
by the 3rd Generation Partnership Project (3GPP), which is a the way their children use mobile device. That’s why the mobile
collaboration among groups of telecommunications associations communications industry has led the way in developing effective,
that created and maintain globally applicable third generation easy-to-use controls that offer parents the oversight they need,
(3G) mobile phone system specifications. These specifications while keeping their children in touch.
are based on evolved Global System for Mobile Communications
(GSM) specifications within the scope of the International 12. Secure Applications
Mobile Telecommunications-2000 project of the International
Telecommunication Union (ITU). These standards are in use today Making certain that applications installed on mobile devices are
for 3G and 4G technologies. For example, in 4G mobile networks properly vetted and free of malware or viruses is critical. However,
there are three standards which dictate the handling of traffic. because no platform is perfect and many users find themselves
There are as many standards for the encrypted transit of data as seeking applications that are situated on a non-vetted platform new
there are touch points within networks. Responsibility for these emerging application audit technology services are providing users
standards can range from the application itself to the device, the and enterprises with additional security.
transport, the core, the cloud, etc. and careful attention is needed
on the interweaving of these standards.
20 21
12. Today’s Mobile Cybersecurity
13. Cloud-Based Services and Secure Solutions Conclusion:
The massive migration to cloud-based services has resulted in an Implications for Policymakers
explosion of development and investment in cloud-focused security
E
solutions. The mobile industry has made significant investments in ffective cybersecurity – whether for a nation, business,
cloud-based security solutions. In addition, secure access services’ organization or individual – is the result of a partnership
built-in audit features help users reduce the burden of managing between the entity being protected and those in the industry
security features and compliance in the case of an enterprise. that makes mobile communications possible. All of the participants,
In addition to these from the consumer to the manufacturers, carriers, applications
14. BYOD Solutions developers, software providers, etc. have a role to play. At every
solutions, providers (Secure Container Software Solutions) step of the process, there is a shared responsibility for making
cybersecurity a priority. The good news is that as a result of the
across the mobile As with cloud, the rapid, ongoing expansion of BYOD models historical, ongoing and concerted efforts of industry, regulators and
of operation has resulted in a corresponding investment in the lawmakers, public knowledge of the need for heightened cybersecurity
communications development of secure container software solutions, which provide has grown and continues to grow.
a separate and secure virtual environment on mobile devices.
industry provide While achieving political consensus is always a challenge, there Maintaining security
appears to be a widespread understanding among policymakers that
end users, at both 15. Authentication and Identity Management a single legislative “fix” for cybersecurity does not exist; therefore, in a wireless
For sensitive information, solutions exist for stronger-than- a flexible approach to legislation in the wireless arena is necessary.
the consumer and password authentication. Since a user’s single password can be The threat landscape is, by definition, a non-static one. Enabling environment is a
cybersecurity, as a result, cannot be achieved by following a set list
enterprise level, stolen or guessed, users can use two-factor authentication. In
addition to a password, a digital identifier or time-based random of mandated criteria. Even if such a list were to exist, it would be constantly evolving
outdated the same day it was established.
with access to 24/7 number is required that can prevent hackers who stole a password dynamic.
from accessing the account. Many consumer products provide for
Cybersecurity threats and vulnerabilities can change from day to day,
end user support two-factor authentication, some through text or an application.
and even hour to hour. The effective steps for managing cyber risks
There are a number of mobile applications, such as banking
today are unlikely to suffice for very long. Maintaining security in a
services. applications, that have embedded this two-factor authentication
wireless environment is a constantly evolving dynamic. Experience
into their consumer systems.
has demonstrated repeatedly that this challenge is best left to those
I
n addition to the solutions described above, providers across who know the most about it and have the most at stake. In both cases,
the mobile communications industry provide end users, at both these are the experts in the wireless communications industry.
the consumer and enterprise level, with access to 24/7 end
However, policymakers play an important role in cybersecurity.
user support services. When used in conjunction with ongoing
Policy efforts that are informed by the realities of the cybersecurity
consumer education programs, these services help deliver
atmosphere — no silver bullet, no single fix, many moving parts
advanced security to address the evolving and complex mobile
and all of them interdependent — are a must. Similarly, policies that
cyberthreat landscape.
seek quick-fixes, one-size-fits-all outcomes or so-called solutions
that restrict the flexibility that the wireless industry requires to
22 23
13. Today’s Mobile Cybersecurity For more information, please visit:
www.ctia.org/cybersafety
respond quickly to new and emerging security challenges can cause With more wireless devices than people in the U.S., we have the ability to communicate anytime,
unintended harm to the very businesses, consumers and institutions anywhere.
it seeks to assist. Obviously, we encourage policymakers to focus on
a real-world approach, and provide guidance and oversight, but tap As our use of the devices increases and expands to new features and functions in other areas such as
banking and healthcare, they may hold even more personal data.
those closest to the networks to configure our nation’s cybersecurity
posture in a fashion that is flexible and adaptive to the changing By following CTIA–The Wireless Association® and its members’ simple CYBERSAFETY tips, consumers
threat environment. can actively protect themselves and their data.
Developing and
deploying advanced
As outlined in the Cybersecurity Solutions from Industry section of C – Check to make sure the websites, downloads, SMS links, etc. S – Sensitive and personal information, such as banking or health
this document, the wireless communications industry — although are legitimate and trustworthy BEFORE you visit or add to them records, should be encrypted or safeguarded with additional
fiercely competitive — has always been united in the core belief that to your mobile device so you can avoid adware/spyware/ security features, such as Virtual Private Networks (VPN). For
cybersecurity security is absolutely critical. Developing and deploying advanced
viruses/unauthorized charges/etc. Spyware and adware may
provide unauthorized access to your information, such as
example, many applications stores offer encryption software
that can be used to encrypt information on wireless devices.
cybersecurity solutions to manage risk both maintains consumer location, websites visited and passwords, to questionable
solutions to confidence, and is the best defense to stay ahead of cybercriminals
entities. You can validate an application’s usage by checking A – Avoid rooting, jailbreaking or hacking your mobile device
with an application store. To ensure a link is legitimate, search and its software as it may void your device’s warranty and
manage risk both and hackers. It is this simple reality that drives the industry to spend the entity’s website and match it to the unknown URL. increase the risk of cyberthreats to a wireless device.
hundreds of millions of dollars every year on cybersecurity measures
Y – Year-round, 24/7, always use and protect your wireless device F – Features and apps that can remote lock, locate and/or
maintains consumer — a level of investment that will continue to grow over the years. with passwords and PINs to prevent unauthorized access. erase your device should be installed and used to protect
W
Passwords/PINs should be hard to guess, changed periodically your wireless device and your personal information from
ithout question, there is great value in policymakers,
confidence, and is government entities and the wireless industry working
and never shared. When you aren’t using your device, set its
inactivity timer to a reasonably short period (i.e., 1–3 minutes).
unauthorized users.
E – Enlist your wireless provider and your local police when
the best defense together, collaboratively, on the shared goal of B – Back-up important files from your wireless device to your your wireless device is stolen. If your device is lost, ask your
maintaining the strongest and most resilient cybersecurity posture personal computer or to a cloud service/application periodically provider to put your account on “hold” in case you find it.
to stay ahead of possible. Overall, the wireless industry looks to policymakers for a in case your wireless device is compromised, lost or stolen. In the meantime, your device is protected and you won’t be
responsible for charges if it turns out the lost device was
flexible and collaborative framework, where industry can provide E – Examine your monthly wireless bill to ensure there is no stolen. The U.S. providers are creating a database designed to
cybercriminals and policymakers a “view from the trenches.” The ability to share suspicious and unauthorized activity. Many wireless providers prevent smartphones, which their customers report as stolen,
allow customers to check their usage 24/7 by using shortcuts on from being activated and/or provided service on the networks.
cyberthreat information among industry players and between
their device, calling a toll-free number or visiting their website.
hackers. industry and government is crucial. As is the critical need to promote Contact your wireless provider for details. T – Train yourself to keep your mobile device’s operating system
such information sharing with effective liability protections for the (OS), software or apps updated to the latest version. These
industry. The mobile industry is in the best position to respond to
R – Read user agreements BEFORE installing software or updates often fix problems and possible cyber vulnerabilities.
applications to your mobile device. Some companies may use You may need to restart your mobile device after the
the ever changing threat landscape as demonstrated by the existing your personal information, including location, for advertising updates are installed so they are applied immediately. Many
set of mobile cybersecurity solutions available today. Continued or other uses. Unfortunately, there are some questionable smartphones and tablets are like mini-computers so it’s a good
companies that include spyware/malware/viruses in their habit to develop.
flexibility, dynamic and responsive industry countermeasures are software or applications.
essential going forward to stay one step ahead of the cybercriminals, Y – You should never alter your wireless device’s unique
hackers and hacktivists that would target mobile consumers. identification numbers (i.e., International Mobile Equipment
Identity (IMEI) and Electronic Serial Number (ESN)). Similar
to a serial number, the wireless network authenticates each
The partnership among policymakers, government agencies and mobile device based on its unique number.
industry is very much in keeping with the nature of communications
networks, where every element is connected, interdependent and
reliant on one another to effectively address mobile cybersecurity for
the nation.
24 25
14. Glossary
3G & 4G: A general term that Cybersecurity: Protection from Encryption: Digitally scrambling Hacking: Illicitly exploiting
refers to new wireless technologies unauthorized access or malicious information so it can be transmitted a weakness in a networked
that offer increased data speeds and use of information in the mobile over an unsecure network. At the information system to access or
capabilities using digital wireless or telecom ecosystem, which may other end, the recipient typically alter data or interfere with network
networks. include networks, devices, software, uses a digital “key” to unscramble or device functions. A hacker may
applications or content. the information so it is restored to be motivated by a number of
Adware: On its own, adware is its original form. factors, such as the challenge or
harmless software that automatically Cybersafety (for consumers): profit.
displays advertisements. Proactively installing, using or ESN (Electronic Serial Number):
Unfortunately, some bad actors may visiting available applications, A unique number placed on and IMEI (International Mobile
choose to integrate spyware and software or trustworthy content to within a mobile device by its Equipment Identifier): A unique
other privacy-invasive software in protect or prevent unauthorized manufacturer. It is used within number placed on and within a
adware. use of personal information that a wireless network to identify mobile device by its manufacturer.
is stored or accessed on a mobile and confirm the device. The ESN It is used within a wireless network
App (Application): Downloadable device. standards were defined by TR45 for to identify and confirm the device.
tools, resources, games, social AMPS, TDMA and CDMA mobile The IMEI standards are defined by
networks or almost anything that Cybersafety (for wireless industry): devices. 3GPP in Technical Standard 21.905.
adds a function or feature to a Throughout the wireless industry
wireless device that are available ecosystem (networks, devices, Executable scripts: Instructions Jailbreaking: Involves removing
for free or a fee. Some applications software, apps or content creators that a program or operating system software controls imposed by the
may also offer users the ability and other platform providers), reads and acts upon. operating system by manipulating
to purchase content or enhanced the ability to share information the hardware and/or software coded
features within the application. and tips on how to protect the Firmware: A collection of non- onto the device.
industry’s networks, infrastructure volatile memory and software
Cache (or Cookie): Many websites and customers from unauthorized program code that resides in Malware: Malicious Software is
store the initial visit so that when access; prevent tampering with consumer electronic devices such computer language codes created
the mobile device user visits again, mobile devices, software, apps as smartphones, tablets, television by hackers to access or alter data
the data from the same website can or content; or malicious attempts remote controls, and in personal or interfere with network functions.
appear faster. to steal or use unauthorized computers and embedded systems It may manifest itself as worms,
information. When appropriate, this such as those in smart meters, Trojan horses, spyware, adware,
Cloud: Cloud computing allows navigation systems and vehicles. apps, data files or Web pages with
may include sharing information
users and enterprise companies to Among other activities, firmware executable script.
with the government, academia and
store and process data and deliver ensures that if the device is reset,
industry experts.
applications on the network. In remote wiped or loses power, it
traditional architectures, most of the Cyberthreats: Potential doesn’t lose its memory nor does it
data and software needed to carry vulnerabilities that bad actors can have to be restored.
out specific functions resided only exploit to compromise data, extract
on the computer or mobile device. information or interrupt services.
Under cloud architectures, careful
consideration is needed to ensure
data and applications are protected
from abuse.
26 27
15. Glossary
MIN (Mobile Identification Operating System (OS): As Privacy Settings: Ability to Radio Access Network (RAN):
Number): The MIN, more of July 2012, there are more determine how personally identifiable The portion of mobile networks that
commonly known as a wireless than 10 wireless operating information (PII) is used by wireless provides for controlled access to
phone number, uniquely identifies system platforms. They include: applications, devices and services. radio and spectrum resources by
a wireless device on a wireless Android (Open Handset Alliance); Consumers should always review mobile devices. The RAN is usually
network. The MIN is dialed from BlackBerry OS (Research in the privacy policy of a wireless comprised of radio-base-stations,
other wireless or wireline networks Motion); BREW (Qualcomm); Java application, device and service so they routers and other interconnecting
to direct a signal to a specific (Sun Microsystems); LiMo (Open know when and how their PII will be infrastructure that supports seamless
wireless device. The number differs Source Linux for Mobile); iOS made available to third parties such as interoperation of mobile devices
from the electronic serial number, (Apple); WebOS (HP); Windows their friends, commercial partners or as they traverse the system from
which is the unit number assigned Mobile (Microsoft); Windows Phone the general public. location to location and region to
by a phone manufacturer. MINs and (Microsoft); and bada (Samsung). region.
ESNs may be electronically checked Provider: Also known as a
to help prevent fraud. Parental Control Features and carrier, service provider or Rooting: Rooting allows a device
Tools: Services offered by wireless network operator, a provider is owner to obtain full privileged
Mobile Network Operator providers or third parties that allow the communications company control within the operating
(MNO): Service provider licensed parents to manage or monitor how that provides service to end system to overcome any software
by the FCC to deploy and operate their kids use wireless products user customers or other carriers. parameters or other limits on the
commercial mobile networks that and/or services. These tools include Wireless carriers provide their device. With this access, a hacker
support a host of services from content filters and password customers with service (including may alter or overwrite system
voice communications to high speed protections that may be built-in air time) for their wireless phones. protections and permissions
wireless data to video multimedia or downloaded as an application and run special administrative
applications. to a wireless device. CTIA has Public Switched Telephone applications that a regular device
listed many of the parental control Network (PSTN): The traditional would not normally do. Once
Mobile Virtual Network features and tools that wireless public telephone network, composed rooted, the device is jailbroken.
Operator (MVNO): A company carriers offer here http://bit.ly/ of multiple telephone networks, which
that buys network capacity from Jzph90 themselves are made up of telephone SIM (Subscriber Identity
a network operator in order to lines, switches, cables and a variety of Module) Card: A small card that
offer its own branded mobile PIN (Personal Identification transmission media (fiber, microwave fits inside some wireless devices
subscriptions and value-added Number): An additional security and satellite facilities). This originally and communicates with a wireless
services to customers. feature for wireless phones, much analog, but now almost wholly digital network using a unique code. A
like a password. Programming a network, was predicated on switching SIM card may be removed and
PIN into the wireless phone can be calls rather than establishing dedicated transferred to another wireless
accomplished either through the circuits between calling and called device.
Subscriber Information Module parties. Ultimately it is the collection
(SIM) or other permanent memory of electronic switching infrastructure
storage on the wireless device and transmission and network
that requires the user to enter that termination equipment that comprise
access code each time the phone is the traditional voice communications
turned on and/or used. network as distinguished from the
Internet that was predicated on the
transmission of data packets.
28 29
16. Glossary
Spam: Unsolicited and unwanted Text Message (Short Message
emails or text messages sent to Service (SMS); Texting):
wireless devices. While carriers are Subscribers may send and receive a
constantly filtering their networks text, usually 160 characters or less,
to stop spam text messages, on their wireless devices.
spammers are evolving and
changing their methods to try to Virtual Private Networks (VPN):
get through. If you receive a spam A VPN allows a user to conduct
email on your mobile device, file secure transactions over a public
a complaint with the FCC (http:// or unsecure network. By encrypting
www.fcc.gov/cgb/consumerfacts/ messages sent between devices,
canspam.html). The FCC’s the integrity and confidentially of
CAN-SPAM ban only applies to the transmitted data is kept private.
“messages sent to cell phones
Viruses: A computer virus is
and pagers, if the message uses
unwanted code that is capable of
an Internet address that includes
replicating and transmitting itself
an Internet domain name (usually
from one source (e.g., smartphone,
the part of the address after the
tablet, computer) to another.
individual or electronic mailbox
name and the “@” symbol)”. The Wi-Fi® (Wireless Fidelity): Wi-Fi
FCC’s ban does not cover “short provides Wi-Fi-enabled devices
messages,” typically sent from one (e.g. laptops, tablets, smartphones)
mobile phone to another, that do with wireless Internet access to the
not use an Internet address. immediate local area and is used
in homes, businesses and other
Smartphone: Wireless phones
similar settings. Wi-Fi does not use
with advanced data features and
3G/4G wireless networks.
often keyboards. What makes the
phone “smart” is its ability to better
manage data and Internet access.
For more information on
Spyware: A type of malware
Cybersecurity contact
that functions without a user’s CTIA–The Wireless Association
knowledge or permission. Spyware at 202.785.0081.
frequently captures user activity
and data, either storing it in obscure
file locations or sending it to
another location on the Internet.
30 31