More Related Content Similar to 150 0046-001 cost-lte_outages_industryinsights_final Similar to 150 0046-001 cost-lte_outages_industryinsights_final (20) 150 0046-001 cost-lte_outages_industryinsights_final1. INDUSTRY INSIGHTS
Protect the S1 - Worth 10X the
Investment
Risks Outweigh the Costs
Using accepted breach and
outage costs, compared to LTE
investments, the risk is up to
10X greater than the LTE S1
Investment.
Representative Operator
60M Subscribers
$1.4B LTE investment
$64M S1 protection capex
One-Time Malicious Breach
1.8M subs impacted (3%)
$159 per sub
$286M- one malicious breach
18 Hour Service Disruption
60M subs impacted
$0.33/sub/hour
$356M for 18 hours
Capex vs. Risk
One malicious breach + one
18-hour service outage
$646M – business risk
$64M S1 protection capex
Is IPsec secure backhaul worth the cost?
As mobile operators invest billions in LTE networks, the rise of security breaches
and service disruptions have exposed the new vulnerabilities of this all-IP network
and risk the high service standards and reputation so carefully constructed. One
can never have enough security and it costs far less for a hacker to attack a
mobile network than for an operator to protect against every foreseeable threat.
Operator must balance business risk against infrastructure investment and
rightfully demand fact-based analysis of the options.
In early LTE deployments operators debated whether or not to secure the RAN-Core
with a security gateway, if the backhaul was considered “trusted”. Today,
however, operators planning or launching LTE are intuitively convinced of the
necessity for the IPsec encryption that a security gateway enables, but still require
a more rigorous, quantified rationale.
How can an operator realistically weigh the business value of deploying a new
security element in such a rapidly changing environment?
This brief applies groundbreaking research from Ponemon Institute with actual
operator statistics to a representative operator scenario to determine that the cost
of security the backhaul (S1) is orders or magnitude less than even a single breach
or major service disruption.
Five LTE Network Domains Require Security
The RAN-Core (S1) interface is one of five LTE network domains that operators
must protect. Each of these five domains has unique vulnerabilities and requires
different protection mechanisms. Any security event that directly impacts
subscribers - records, private live communications, or service availability, will have
similar financial consequences to the mobile operator regardless from which
domain it was originated.
2. STOKE®, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2014 Stoke, Inc. All rights reserved. Lit# 150-0046-001 2
1 IBM Global Study on the Economic Impact of IT Risks, “Understanding the economics of IT, risk, and reputation”, November 2013.
2 http://www.forbes.com/sites/maggiemcgrath/2014/02/26/target-profit-falls-46-on-credit-card-breach-and-says-the-hits-could-keep-on-coming/
“Ponemon Institute further
estimates that the average total
cost for a malicious breach ranges
from $60 to $246 per capita,
depending upon the country, with
the highest costs found in
developed countries."
Figure 1. Operators must protect five network domains.
Business Costs of Malicious Breach
According to IBM study conducted with Ponemon Institute1, the direct costs (tech
support, forensics) of a substantial malicious security breach are only 22% of the
total cost of business continuity and IT security failures. The business costs - lost
productivity, lost revenue, brand damage and regulatory compliance activities – are
more significant, exceeding 75% of the total, and can be long term.
In the event of a widely publicized catastrophic failure (such as the 2013 Target
breach), costs can be significantly higher, with some experts estimating the total
cost of the Target breach will eventually exceed $18 billion.2
So far, the mobile industry has deservedly earned a strong reputation in the area
of security. There have been few publicly disclosed breaches and widely known
LTE service disruptions have been caused by non-malicious sources, such as
application-induced signaling storms or network failures during software upgrades.
But that was also true in the Target incident – the type of breach that occurred
(the intruders gained access to Target's cash-register systems through a
refrigeration contractor in Pennsylvania.) was unique. The general vulnerabilities of
the payment network had been recognized and even identified to management,
but waived off as improbably and not worth the cost. That kind of incident, after
all, had never happened before!
The Risk to Mobile Operators
Yet operators realize that LTE networks are particularly vulnerable and that those
risks are increasing. According to Arbor networks, 25% of operators surveyed have
seen DDoS attacks targeting infrastructure, including the RAN and backhaul –
3. STOKE®, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2014 Stoke, Inc. All rights reserved. Lit# 150-0046-001 3
3 Arbor Networks: “Worldwide Infrastructure Report, Volume IX”, 2013.
4 Ponemon Institute, “2014 Cost of Data Breach Study: Global Analysis”, May 2014.
5 http://www.zdnet.com/hackers-access-800000-orange-customers-data-7000025880/
6 Calculation as follows: Base x 3% x $ per Capita = Cost; Initial LTE Investment x 5% = S1 Capex
“In a 2005 note to clients, Gartner
Inc. analyst Avivah Litan estimated
for every $5.62 businesses spend
after a breach, they could spend
$1 beforehand on encryption and
network protection to prevent
intrusions and minimize damage.
Today, she says, the ratio is about
the same."
double the previous year.3 Ponemon Institute further estimates that the average
total cost for a malicious breach ranges from $60 to $246 per capita, depending
upon the country, and with the highest costs found in developed countries.4 At
the rate estimated by Ponemon, the 2014 hack of 800,000 Orange subscriber
records (3% of Orange subscriber base5), cost the company about $161M.
Estimating the Capex for Securing the S1
Operator customers have told us that the total capex for securing the S1
(encrypting the backhaul with IPsec) is about 3-5% of initial LTE investment. This
includes the following:
Network: First Office Application, network integration and acceptance
testing, operationalizing IPsec procedures into the BSS/OSS systems.
Security Gateway: Hardware costs and software licensing, system design,
lab testing, installation.
eNodeB/RAN: Additional licensing costs for IPsec feature, service blades
and/or reconfiguration design.
Backhaul: Additional capacity for IPsec overhead – estimated by NGMN to
be 14% on average.
Malicious Breach: Weighing Capex vs. Risk
Using three representative operator statistics, applying cost estimates from
Ponemon Institute and assuming 3% of the subscriber base is impacted by a
malicious breach, the following comparison can be made.
Figure 2. Cost of a single breach compared to S1 protection capex.6
As shown above, the cost of this single breach is 3-4 times that of the capex for
securing the S1 ($119 - $286, compared to $64-$76). This 4:1 ratio is conservative
compared to other expert analysis. Gartner Inc. analyst Avivah Litan stated that
the cost of the breach is far higher than the cost of security – estimating that for
every $5.62 businesses spend after a breach; companies could spend $1
Representative
Operators
Subs
(M)
Impacted
Subs (M)
$ per
capita
Cost
($M)
Initial LTE
Invest. ($M)
S1 Capex
(5%) ($M)
Asian Operator 63 1.9 $146 $276 $1,500 $76
UK Operator 20 0.60 $198 $119 $600 $30
“Average” Operator 60 1.8 $159 $286 $1,400 $64
4. STOKE®, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2014 Stoke, Inc. All rights reserved. Lit# 150-0046-001 4
7 http://www.programbusiness.com/News/Companies-Wrestle-with-the-Cost-of-Cybersecurity
8 http://blogs.gartner.com/john_pescatore/2009/07/24/financial-friday-the-cost-of-a-security-incident-is-usually-much-greater-than-preventing-it/
9 http://www.theaustralian.com.au/news/latest-news/its-war-say-experts-on-cyber-security/story-fn3dxity-
1227020457985?nk=17d87fac49af22bbd989a7b1a8dfbc06
10 Heavy Reading, “Mobile Network Outages & Service Degradations, October 2013
“According to an Information Age
survey, security is now among the
top three elements consumers use
to choose a mobile operator and
52% of consumer would switch
providers after a major data
breach."
beforehand on encryption and network protection to prevent intrusions and
minimize damage. 789
Here’s another example, comparing cost and risk from service disruption.
Service Disruption
Malicious hackers that gain access to the S1 link can also create network outages
or otherwise disrupt service by injecting large quantities of packets – a denial of
service attack attacks against the MME. Service disruption is known to contribute
significantly to subscriber churn. Security gateway can prevent these types of
intrusions through encryption, IKE and monitoring of signaling traffic levels. Heavy
Reading estimates that operators spend an average of 1.5% of annual revenues
dealing with the impact of outages and degradations.10
In 2011, a routine software upgrade triggered an 18 hour service outage in a
European LTE network, impacting all three million subscribers. This was not a
malicious breach, but still was costly to the company. The CEO was quoted as
describing the incident as “an operator’s worst nightmare…cost the company
almost $18 million.” That’s $1M per hour for three million subscribers, or
$0.33/subscriber/hour. Applying this cost ratio to the example operators
previously described, yields the results below. In this analysis, the cost of the
disruption is 4-5 times higher than the investment for S1 protection.
Figure 3. Cost of 18 hr. service outage compared to S1 protection Capex.
Weighing Costs vs. Risks
The mobile industry has witnessed both high profile malicious breaches and large
scale service disruptions in LTE networks. Evaluation of the business risks should
include both possibilities. Applying costs from the two previous estimates, the
annual cost of just one major malicious breach (Figure 2) added to the cost of one
major service incident (Figure 3) is up to 10X the cost of securing the S1 with a
gateway. This is shown below.
Representative
Operators
Subs
(M)
Hours of
Disruption
$ /hour
/sub
Cost
($M)
Initial LTE
Invest. ($M)
S1 Capex
(5%) ($M)
Asian Operator 63
18 hours $0.33
$378 $1,500 $76
UK Operator 20 $120 $600 $30
“Average” Operator 60 $360 $1,400 $64
5. STOKE®, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2014 Stoke, Inc. All rights reserved. Lit# 150-0046-001 5
“Lack of bulletproof or near-bulletproof
security will be a show
stopper when operators look to
drive the next generation of
revenue opportunities.”
Figure 4. Two Incident costs (breach + outage) compared to S1 capex.
Conclusion: S1 Protection is Worth the Investment
The analysis in this brief uses reasonable estimates of LTE investments and
reputable average business costs of breaches and outages to compare business
risk and investment. The result illustrates that a single breach or service incident is
4-5 more costly than the investment for protecting the S1.
The risk of increased churn could be considered an even higher concern than the
analysis presented. According to a recent Information Age survey, security is now
among the top three elements consumers use to choose a mobile operator - 52%
of consumer would switch providers after a major data breach.
Security vulnerabilities on the S1 are well documented by industry groups such as
3GPP and NGMN, but encryption of the backhaul is not mandated by standards
and its applicability left to the operator interpretation. Even for carriers with
trusted backhaul, the reputational risks may not be worth even the slightest
deviation from industry recommendations. With regulators increasingly requiring
public disclosure of security breaches, the wildfire spread through social media,
and increasing competition, operators are taking incalculable higher risks to their
strong reputation by not taking every reasonable precaution.
Finally, security is fast becoming a differentiator amongst carriers, especially with
their high value enterprise customers. At a Light Reading Security conference in
London in May of 2014, operators acknowledged that it was time to change
security from a checklist item to a service differentiator. Heavy Reading further
summarized the significance in a 2013 white paper:
“Lack of bulletproof or near-bulletproof security will be a show stopper when
operators look to drive the next generation of revenue opportunities.”
Stoke® Security eXchange™
STOKE® Security eXchange is a carrier grade, field proven solution, built from the
ground up to solve critical, performance impacting problems for mobile network
operators. Stoke innovative design and industry proven technologies enable cost
effective, concurrent operation of critical security and protection functions while
maintaining line-rate, high performance throughput.
Representative
Operators
Subs (M)
Risk ($M)
(One Malicious Breach Cost +
18 Hour Service Disruption)
S1 Capex
(5%)
($M)
Risk ($M)
compared to
S1 Capex
Asian Operator 63 $276 $378 $654 $76 8X
UK Operator 20 $119 $120 $239 $30 8X
“Average” Operator 60 $286 $360 $646 $64 10X