According to the IBM X-Force 2020 report, over 8.5 billion records were compromised in 2019, more than a doubling compared to 2018. Ransomware was up 67% in Q4 of 2019 in a year on year assessment. This happens across a multitude of industries, ranging from government to healthcare, manufacturing, and telecom.
For Telenor, the threat actor situation is no different from other sectors mentioned in the report. Telenor’s critical infrastructure for both IT support systems and the mobile network in business units across Telenor’s nine markets are under constant attack from the same threat actors mentioned in IBM’s report – and the number of attacks is increasing. In 2017, Telenor made the decision to establish a global program to strengthen the security posture and capabilities in the different business units in order to be able to detect, resist and if required evict threat actors attacking our networks.
The initiative was a targeted approach to achieving this goal, using established concepts called “business driven defendable architecture”. In short, this concept uses a targeted and more focused approach to achieve better results with fewer resources. Trying to solve every gap and every problem in the security posture would both be costly and have a low probability to solve the actual challenges. The main pillars of a business driven solution to security are as follows:
Identify where the main assets “crown jewels” and business opportunities are
Defense strategy should be built tailored to those particular assets and business opportunities
Determine the gaps between AS- IS security posture and Target – closing the gaps
Defendable Architectures as first introduced by Scott C. Fitch and Michael Muckin at the Lockheed Martin Corporation, applying threat intelligence during the design, build, run and defend phases of infrastructure lifecycle and management. Combining the targeted approach with threat intelligence design, security controls, and functions specifically tailored to the assets and the adversaries attacking them.
With the establishment of the program, the different business units did the identification process of what assets were critical for their operations and mapping them according to business impact in case of a breach. A core team of experts from Telenor’s Global Business Security and IT Architecture team was preparing the strategies and implementation plans to be applied to those critical assets and the surrounding infrastructure.
The implementation plan consisted of several delivery packages:
Technical security uplift: Closing the technical security gaps in IT operations, by addressing best practices such as NIST and through those implementing security controls
Secure infrastructure Operations: Actively manage and control all hardware and software to prevent unauthorized access for critical systems:
Security Monitoring: Ensure sufficient visibility for both the local and global SOC/CERT services
Secure Infrastructure: Building a secure infrastructure (data center) to support defendable operations of critical systems
Secure IT infra Services: Deploying the services needed in secure infrastructure for full functionality like DNS, remote access, etc.
Secure EUC: Building a tiered active directory according to industry best practices with secure clients for access to critical systems
Migration: Securely and controlled migration of critical systems from current infrastructure into secure infrastructure if applicable
After the core team completed the implementation plan, delivery packages were handed over to the business units. Local operations and security units started planning and execution immediately after.
Starting from 2018, as a result of this work, the security posture improved significantly in several business units, with a number of security vulnerabilities and incidents dropping significantly.
The following articles on security will go into the depth of the individual pillars of defendable architecture on how to design, build, run and defend an organisations infrastructure with the methodology used, the concepts of threat intelligence, threat modelling, risk assessment and how to apply these for the “right” level of targeted security controls.
Interested in more? Read the second article in this series about Defendable architecture: Security Architecture Design Phase