Why we’re part of CONCORDIA – Europe’s largest cybersecurity consortium
Last summer, Ericsson formally joined the largest major European cybersecurity consortium, CONCORDIA, which has a mission to establish an EU-integrated cybersecurity ecosystem for digital sovereignty in Europe. Read more about our collaboration below.
Funded by the European Union's Horizon 2020 research and innovation program, the CONCORDIA consortium represents both academia and industry, whose joint aim is to champion security collaboration across the EU and drive forward essential research and innovations needed to create a common cybersecurity ecosystem.
At Ericsson, we believe that our competence and domain knowledge will be critical to building the collaborative, integrated eco-system which will benefit both industry and society across Europe. To that extent, we are working proactively on many levels to maintain and develop the security and reliability of telecom networks.
In collaboration with CONCORDIA and several mobile operators, we are currently developing a telco threat intelligence platform that includes machine learning (ML) and AI-assisted technologies for detecting, sharing and exchanging threats in 5G networks, and enable intelligent processing of ML/AI threat information and privacy-preserving ML/AI.
This major pilot is being launched to address the cybersecurity questions that will inevitably arise – from both a political and technological perspective – as our society becomes increasingly digitalized and connected.
Telecom industry in CONCORDIA
There are several industry sectors represented in CONCORDIA: finance and insurance, defense, e-health, transportation and mobility, and the telco industry, which is represented by Ericsson, Telenor, Telecom Italia and Telefónica. These telco industry representatives are currently developing a pilot platform in collaboration with partner universities who are researching 5G security. CONCORDIA has stressed the importance of protecting 5G networks against threats that have been highlighted in various research and industry reports.
A ML/AI-assisted threat intelligence telecom pilot
One serious threat stems from the fact that 5G will enable massive deployment of IoT networks, potentially inviting large-scale attacks which naturally need to be prevented. Hence, one of Ericsson’s main interests in CONCORDIA is researching machine learning (ML)-assisted technical solutions for efficient prevention and detection of malware and botnets in mobile networks.
But, detecting and blocking malicious IoT devices and actors in a 5G network is not enough, as those malicious entities could still roam and attack other networks. Real-time data including threat intelligence information needs to be shared between telco companies so others can take proactive measures against attacks.
Cyber Threat Intelligence (CTI) platforms are important enablers for rapidly sharing the so-called Indicators of Compromise (IoC’s) between telco players. Classical examples of IoC’s include malicious IP addresses or hashes of malware binaries, but in a telco context it may also include traditional identifiers (such as MSISDN and IMSI) including their geolocation and – within the context of 5G –new standardized identifiers such as GUTI and SUPI for subscribers or PEI for mobile equipment.
Another challenge the telco group will address is how to process huge amounts of new IoC’s shared in real-time by open source and commercial CTI platforms, which makes it difficult to select which ones are relevant for a specific industry sector. For instance, a malicious host attacking a bank for fraud purposes in southern Europe is not relevant for a mobile operator in northern Europe.
The telco group aims to develop ML/AI-assisted solutions that can contextualize, enrich and prioritize IoC’s for communication service providers. Such a functionality would make CTI platforms more agile and efficient in responding to threats by reducing the window of opportunity for adversaries. The challenge here is to find suitable IoC features that can help rank the importance for a given sector e.g. the geolocation where the threat is originated or the reputation of the CTI source that is reporting the threat.
Finally, the telco pilot also considers cases where service/content providers collect information in violation to privacy legislations like GDPR e.g. without user consent. Information about such service/content providers could be rapidly propagated via CTI platforms so that consumers or privacy agents can take measures to prevent information from being leaked.
A state-of-the-art threat intelligence platform from Europe
One of the most widely used CTI platforms is MISP, whose development and evolution is financed by the European Union. CONCORDIA has selected MISP as the suitable CTI platform for an ambitious deliverable – a European Threat Intelligence pilot. The important criteria for this selection was the truly open source nature of the MISP platform, its modular architecture and its support for distributed MISP instances that can interconnect and share threat intelligence information under the owner’s control.
MISP has attracted the attention of many state and industry sectors around the globe, and many are using MISP in their daily threat management processes. MISP will also be the platform for the telco pilot, and will be connected with the European MISP to share and exchange telco threat intelligence based on the detection of IoT and privacy threats. The finance and insurance sector also plans to conduct a similar pilot.
While the bulk of CONCORDIA’s work is focused in cybersecurity, academic privacy research and research and development, they also have other collateral activities:
- Closing the gender gap in cybersecurity by driving awareness and promoting women – who account for only 24% of the cybersecurity workforce
- Investigating the economic aspects of cybersecurity by proposing models that can quantify the adequate level of investment in risk management: an important mechanism for communicating with stakeholders, decision makers and cyber insurance companies
- Increasing cybersecurity awareness and developing cybersecurity competence through offering courses, training and cyber-ranges in various locations in Europe
Liaising with other EU cybersecurity organizations, standardization bodies and national agencies
Following and influencing legislation and regulation of cybersecurity and privacy
Providing business/legal counselling and funding to potential cybersecurity startups
CONCORDIA in a nutshell
CONCORDIA started in January 2019 as a four-year cybersecurity project funded by the European Union's Horizon 2020 research and innovation programme under grant agreement no. 830927, initially with 42 partners. Over time CONCORDIA has attracted more members and currently consists of 46 partners, with nine more prospective partners, coming from 19 countries in a balanced 50-50 representation from academia and industry.
In addition to CONCORDIA, the European Union is funding three more cybersecurity projects: ECHO, SPARTA and Cybersecurity for Europe, with the main common objective of building a strong cybersecurity competence network throughout the EU, based on the wide cooperation between research and industry. This initiative was launched to overcome industry fragmentation across the EU by pooling Europe's cybersecurity expertise to implement a common vision of a more secure digital Europe.
You can follow the CONCORDIA activities, advances and events in social media
To read more insights, visit our telecom security page.
In another Ericsson Research post, we also present an overview of the 3GPP 5G security standard.