Public health for the public network

Guillaume Lovet, Senior Manager, Threat Response Team, EMEA Fortinet Technologies

Fortinet Technologies on why the public mobile network is about as clean as the public sewerage system

Mass market LTE and 4G services and handsets are coming, just in time to help internet access for all ‘digital inclusion’ targets, which are in danger of stagnation. Western governments all seem intent on promoting democratic access to 100Mbps services among all citizens, as if greedily channelling so much personal bandwidth is some kind of constitutional human right.
Thirst is a relative measure it seems, yet, is quenching anybody’s thirst such a noble objective if the water you give them is not clean enough to drink?
As businesses and consumers, we are more dependent than ever on telco networks. Dropping connections or losing service on the mobile network used to feel like water off a duck’s back, whereas now it’s a punch in the face. We are constantly consuming; driven to squeeze every drop we can out of the network all day and all night.

Not only is this consumption dependency set to carry on growing, but so is our compulsion to produce. Applications, communications, data storage; we are flushing out as much of our own content into the network as we are pumping up off it.

On this basis it’s clear to see why, undiluted, the public network is about as clean as the public sewerage system. You drink it at your peril.
Mobile operators are in an unprecedented position of ultimate responsibility. A significant part of their revenues today comes from producing and supporting business IT services, using the public network as a key ingredient. What’s more, this is their future.

So if service providers wish to subscribe to the ideal that the pervasiveness of cloud-based IT services will compel business consumers to absorb increasing amounts of bandwidth as essential utilities, it is clearly incumbent upon them to start behaving like other utility providers. That ultimately leads down a path toward greater regulation. If it cannot be acceptable for one utility company to provide water containing traces of cryptosporidium, then why is it acceptable for another to provide service containing all manner of undesirable IP contagions?

An often quoted retort is that consumers take responsibility for what they consume over a ‘dumb pipe’. Why then, when dumb pipe water providers have been ensuring they carry no cholera for the last 100 years, does providing dumb pipe data carry no similar burden? Utility authorities need to impose some quality control. Who else can check what’s good for us?

Though radical, and even somewhat harsh on the wider operator community, this is a worthwhile proposal; and some kind of clean pipes manifesto, a serious opportunity. The objective is to stamp out IT security threats, and that cannot be achieved while responsibility for accomplishing it continues to be passed around the IT ecosystem like a hot potato. Personal health might not be directly affected by a data infection, but livelihoods mostly certainly would.

Indeed, operators have the opportunity to confront this individually by demonstrating leadership on this issue and taking customer sentiment with them. What better way of engendering customer satisfaction and loyalty to a trusted, utility service than by underpinning virtues of reliability and affordability, with trustworthiness. Utility industries are, by the very nature of handling critical life affirming (and by default, potentially life threatening) services, heavily regulated. Acting collectively to benefit their customers and their industry, they can share the burden, self-regulate more proactively, and draw away that potential sting.

In the UK, the overall cost of cybercrime to businesses alone is conservatively estimated at £22 billion a year. Much of that damage could only have been achieved by the insidious spectre of malware and web-borne threats, all of which are ultimately preventable. If more cloud-based services really do turn out to be the predominant IT delivery model, then there is no better opportunity to disinfect these threats at source.