INDUSTRY INSIGHTS

Protect the S1 - Worth 10X the Investment

Risks Outweigh the Costs

Using accepted breach and

outage costs, compared to LTE

investments, the risk is up to

10X greater than the LTE S1

Investment.

Representative Operator

60M Subscribers

$1.4B LTE investment

$64M S1 protection capex

One-Time Malicious Breach

1.8M subs impacted (3%)

$159 per sub

$286M- one malicious breach

18 Hour Service Disruption

60M subs impacted

$0.33/sub/hour

$356M for 18 hours

Capex vs. Risk

One malicious breach + one

18-hour service outage

$646M – business risk

$64M S1 protection capex

Is IPsec secure backhaul worth the cost?

As mobile operators invest billions in LTE networks, the rise of security breaches

and service disruptions have exposed the new vulnerabilities of this all-IP network

and risk the high service standards and reputation so carefully constructed. One

can never have enough security and it costs far less for a hacker to attack a

mobile network than for an operator to protect against every foreseeable threat.

Operator must balance business risk against infrastructure investment and

rightfully demand fact-based analysis of the options.

In early LTE deployments operators debated whether or not to secure the RAN-

Core with a security gateway, if the backhaul was considered “trusted”. Today,

however, operators planning or launching LTE are intuitively convinced of the

necessity for the IPsec encryption that a security gateway enables, but still require

a more rigorous, quantified rationale.

How can an operator realistically weigh the business value of deploying a new

security element in such a rapidly changing environment?

This brief applies groundbreaking research from Ponemon Institute with actual

operator statistics to a representative operator scenario to determine that the cost

of security the backhaul (S1) is orders or magnitude less than even a single breach

or major service disruption.

Five LTE Network Domains Require Security

The RAN-Core (S1) interface is one of five LTE network domains that operators

must protect. Each of these five domains has unique vulnerabilities and requires

different protection mechanisms. Any security event that directly impacts

subscribers - records, private live communications, or service availability, will have

similar financial consequences to the mobile operator regardless from which

domain it was originated.

STOKE®, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2014 Stoke, Inc. All rights reserved. Lit# 150-0046-001 2

1 IBM Global Study on the Economic Impact of IT Risks, “Understanding the economics of IT, risk, and reputation”, November 2013. 2 http://www.forbes.com/sites/maggiemcgrath/2014/02/26/target-profit-falls-46-on-credit-card-breach-and-says-the-hits-could-keep-on-coming/

“Ponemon Institute further

estimates that the average total

cost for a malicious breach ranges

from $60 to $246 per capita,

depending upon the country, with

the highest costs found in

developed countries."

Figure 1. Operators must protect five network domains.

Business Costs of Malicious Breach

According to IBM study conducted with Ponemon Institute1, the direct costs (tech

support, forensics) of a substantial malicious security breach are only 22% of the

total cost of business continuity and IT security failures. The business costs - lost

productivity, lost revenue, brand damage and regulatory compliance activities – are

more significant, exceeding 75% of the total, and can be long term.

In the event of a widely publicized catastrophic failure (such as the 2013 Target

breach), costs can be significantly higher, with some experts estimating the total

cost of the Target breach will eventually exceed $18 billion.2

So far, the mobile industry has deservedly earned a strong reputation in the area

of security. There have been few publicly disclosed breaches and widely known

LTE service disruptions have been caused by non-malicious sources, such as

application-induced signaling storms or network failures during software upgrades.

But that was also true in the Target incident – the type of breach that occurred

(the intruders gained access to Target's cash-register systems through a

refrigeration contractor in Pennsylvania.) was unique. The general vulnerabilities of

the payment network had been recognized and even identified to management,

but waived off as improbably and not worth the cost. That kind of incident, after

all, had never happened before!

The Risk to Mobile Operators

Yet operators realize that LTE networks are particularly vulnerable and that those

risks are increasing. According to Arbor networks, 25% of operators surveyed have

seen DDoS attacks targeting infrastructure, including the RAN and backhaul –

STOKE®, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2014 Stoke, Inc. All rights reserved. Lit# 150-0046-001 3

3 Arbor Networks: “Worldwide Infrastructure Report, Volume IX”, 2013. 4 Ponemon Institute, “2014 Cost of Data Breach Study: Global Analysis”, May 2014. 5 http://www.zdnet.com/hackers-access-800000-orange-customers-data-7000025880/ 6 Calculation as follows: Base x 3% x $ per Capita = Cost; Initial LTE Investment x 5% = S1 Capex

“In a 2005 note to clients, Gartner

Inc. analyst Avivah Litan estimated

for every $5.62 businesses spend

after a breach, they could spend

$1 beforehand on encryption and

network protection to prevent

intrusions and minimize damage.

Today, she says, the ratio is about

the same."

double the previous year.3 Ponemon Institute further estimates that the average

total cost for a malicious breach ranges from $60 to $246 per capita, depending

upon the country, and with the highest costs found in developed countries.4 At

the rate estimated by Ponemon, the 2014 hack of 800,000 Orange subscriber

records (3% of Orange subscriber base5), cost the company about $161M.

Estimating the Capex for Securing the S1

Operator customers have told us that the total capex for securing the S1

(encrypting the backhaul with IPsec) is about 3-5% of initial LTE investment. This

includes the following:

Network: First Office Application, network integration and acceptance

testing, operationalizing IPsec procedures into the BSS/OSS systems.

Security Gateway: Hardware costs and software licensing, system design,

lab testing, installation.

eNodeB/RAN: Additional licensing costs for IPsec feature, service blades

and/or reconfiguration design.

Backhaul: Additional capacity for IPsec overhead – estimated by NGMN to

be 14% on average.

Malicious Breach: Weighing Capex vs. Risk

Using three representative operator statistics, applying cost estimates from

Ponemon Institute and assuming 3% of the subscriber base is impacted by a

malicious breach, the following comparison can be made.

Figure 2. Cost of a single breach compared to S1 protection capex.6

As shown above, the cost of this single breach is 3-4 times that of the capex for

securing the S1 ($119 - $286, compared to $64-$76). This 4:1 ratio is conservative

compared to other expert analysis. Gartner Inc. analyst Avivah Litan stated that

the cost of the breach is far higher than the cost of security – estimating that for

every $5.62 businesses spend after a breach; companies could spend $1

Representative Operators

Subs (M)

Impacted Subs (M)

$ per capita

Cost ($M)

Initial LTE Invest. ($M)

S1 Capex (5%) ($M)

Asian Operator 63 1.9 $146 $276 $1,500 $76

UK Operator 20 0.60 $198 $119 $600 $30

“Average” Operator 60 1.8 $159 $286 $1,400 $64

STOKE®, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2014 Stoke, Inc. All rights reserved. Lit# 150-0046-001 4

7 http://www.programbusiness.com/News/Companies-Wrestle-with-the-Cost-of-Cybersecurity 8 http://blogs.gartner.com/john_pescatore/2009/07/24/financial-friday-the-cost-of-a-security-incident-is-usually-much-greater-than-preventing-it/ 9 http://www.theaustralian.com.au/news/latest-news/its-war-say-experts-on-cyber-security/story-fn3dxity-1227020457985?nk=17d87fac49af22bbd989a7b1a8dfbc06 10 Heavy Reading, “Mobile Network Outages & Service Degradations, October 2013

“According to an Information Age

survey, security is now among the

top three elements consumers use

to choose a mobile operator and

52% of consumer would switch

providers after a major data

breach."

beforehand on encryption and network protection to prevent intrusions and

minimize damage. 789

Here’s another example, comparing cost and risk from service disruption.

Service Disruption

Malicious hackers that gain access to the S1 link can also create network outages

or otherwise disrupt service by injecting large quantities of packets – a denial of

service attack attacks against the MME. Service disruption is known to contribute

significantly to subscriber churn. Security gateway can prevent these types of

intrusions through encryption, IKE and monitoring of signaling traffic levels. Heavy

Reading estimates that operators spend an average of 1.5% of annual revenues

dealing with the impact of outages and degradations.10

In 2011, a routine software upgrade triggered an 18 hour service outage in a

European LTE network, impacting all three million subscribers. This was not a

malicious breach, but still was costly to the company. The CEO was quoted as

describing the incident as “an operator’s worst nightmare…cost the company

almost $18 million.” That’s $1M per hour for three million subscribers, or

$0.33/subscriber/hour. Applying this cost ratio to the example operators

previously described, yields the results below. In this analysis, the cost of the

disruption is 4-5 times higher than the investment for S1 protection.

Figure 3. Cost of 18 hr. service outage compared to S1 protection Capex.

Weighing Costs vs. Risks

The mobile industry has witnessed both high profile malicious breaches and large

scale service disruptions in LTE networks. Evaluation of the business risks should

include both possibilities. Applying costs from the two previous estimates, the

annual cost of just one major malicious breach (Figure 2) added to the cost of one

major service incident (Figure 3) is up to 10X the cost of securing the S1 with a

gateway. This is shown below.

Representative Operators

Subs (M)

Hours of Disruption

$ /hour /sub

Cost ($M)

Initial LTE Invest. ($M)

S1 Capex (5%) ($M)

Asian Operator 63

18 hours $0.33

$378 $1,500 $76

UK Operator 20 $120 $600 $30

“Average” Operator 60 $360 $1,400 $64

STOKE®, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2014 Stoke, Inc. All rights reserved. Lit# 150-0046-001 5

“Lack of bulletproof or near-

bulletproof security will be a show

stopper when operators look to

drive the next generation of

revenue opportunities.”

Figure 4. Two Incident costs (breach + outage) compared to S1 capex.

Conclusion: S1 Protection is Worth the Investment

The analysis in this brief uses reasonable estimates of LTE investments and

reputable average business costs of breaches and outages to compare business

risk and investment. The result illustrates that a single breach or service incident is

4-5 more costly than the investment for protecting the S1.

The risk of increased churn could be considered an even higher concern than the

analysis presented. According to a recent Information Age survey, security is now

among the top three elements consumers use to choose a mobile operator - 52%

of consumer would switch providers after a major data breach.

Security vulnerabilities on the S1 are well documented by industry groups such as

3GPP and NGMN, but encryption of the backhaul is not mandated by standards

and its applicability left to the operator interpretation. Even for carriers with

trusted backhaul, the reputational risks may not be worth even the slightest

deviation from industry recommendations. With regulators increasingly requiring

public disclosure of security breaches, the wildfire spread through social media,

and increasing competition, operators are taking incalculable higher risks to their

strong reputation by not taking every reasonable precaution.

Finally, security is fast becoming a differentiator amongst carriers, especially with

their high value enterprise customers. At a Light Reading Security conference in

London in May of 2014, operators acknowledged that it was time to change

security from a checklist item to a service differentiator. Heavy Reading further

summarized the significance in a 2013 white paper:

“Lack of bulletproof or near-bulletproof security will be a show stopper when

operators look to drive the next generation of revenue opportunities.”

Stoke® Security eXchange™

STOKE® Security eXchange is a carrier grade, field proven solution, built from the

ground up to solve critical, performance impacting problems for mobile network

operators. Stoke innovative design and industry proven technologies enable cost

effective, concurrent operation of critical security and protection functions while

maintaining line-rate, high performance throughput.

Representative Operators

Subs (M) Risk ($M)

(One Malicious Breach Cost + 18 Hour Service Disruption)

S1 Capex (5%) ($M)

Risk ($M) compared to

S1 Capex

Asian Operator 63 $276 $378 $654 $76 8X

UK Operator 20 $119 $120 $239 $30 8X

“Average” Operator 60 $286 $360 $646 $64 10X