As a result of this analysis, we have concluded that the functionality already available in BECS Network Orchestrator fullfils many of the requirements presented in the Statutory Instruments (SI), but that we also need to complement with new features. For example, BECS has a unique capability to store the desired state of all devices in it’s control.

To fully utilise this for TSA compliance, we have implemented  functionality that enables network wide configuration audits, which allow operators to identify and remedy any unauthorised changes.

In the following chapters we introduce the topics of the preliminary SI and how BECS can help you to comply.

In manually operated networks the competence is typically in the hands (or rather heads) of a few key employees. This makes it challenging to onboard new personnel leading to errors and, ultimately, security risks. When using BECS, the network is standardised and documented, meaning employees have easier to understand the network structure and the service delivery.

In addition, PacketFront Software provides extensive training making sure that your personnel understand the system they are working with.

By centralising and automating the network management you limit your exposure, as manual access to the network can be highly restricted, making it easier to control and protect.

Passwords and the communication with devices as well as the system configuration are encrypted. This means you can further limit the number of employees with access to sensitive data, even when they have the permission to operate the network. Besides limiting access, automation eliminates manually introduced errors reducing the number of unintended security vulnerabilities.

We have been assisting carriers in building networks for more than 20 years. We, together with the hardware vendors, can advise you on
best practices of how to build a robust and secure network. But designing the network is just the start of the journey. Maintaining it over time is more challenging - typically leading to deviation from network design as well as poor and lacking documentation.

The benefit of using BECS network orchestrator is that you enforce the design rules for the network structure all the way down to individual configuration lines. This makes sure that policies are enforced - reducing the risk of security compromises.

The SI requires operators to reduce dependencies on single suppliers and be able to securely change a supplier, if required.

BECS multi-vendor capabilities helps you secure the supply chain, whatever happens in the commercial, technical or political spheres. It gives you full flexibility to choose hardware suppliers, and to swiftly transit between suppliers without affecting your existing services or business logic. You simply download a new ‘Element Manager’, as we call them.

This is good news not only from the supply perspective, but gives procurement a powerful tool when comparing suppliers offers without technical lock-ins.

The SI defines how operators should manage and create best practices for security related administration, i.e. manage business procedures, roles, user rights and responsibilities.

The security measures should be reviewed annually to evaluate risks and results.

With the help of BECS network orchestrator you can limit and control read/write access to the network by providing individual or group level user rights based on factors like geography or network hierarchy.

Even if the SI specifically recommends automation as means of preventing security compromises, it is difficult to eliminate all manual changes. However, if these changes are done via BECS, it will show what the consequences of a change are prior to committing them into the network.

If the worst would happen, due to human error or malicious act, and the network is changed in an unintended or unauthorised manner, BECS can restore the parts of the network it is managing to the last approved state as it has a database with an always current desired state of the network.

The required copies of the network configuration can easily be achieved with regular backups of the BECS database.

Using BECS network orchestrator means that you have full control and traceability of who has accessed the network, when they did itand
what they have changed. As the changes are executed, the system automatically becomes your documentation, meaning that you have a real-time picture of your network down to details.

If an internal or external actor would manage to bypass BECS and do changes in the network directly, the network orchestrator’s audit tools will detect the changes and report them for further analysis. If deemed appropriate, it can also automatically rollback the changes.

Testing the security is the ultimate proof that you are compliant to Telecom Security Act.

Whether the testing is executed by your own employees or 3rd parties, the key personnel may not be aware of the tests in advance. Service providers must also give reasonable assistance to you and other relevant network providers in their testing and all parties must share information about security compromises.

The SI specifies a 14-day time limit for deploying patches for security compromises. This can be challenging to achieve if a patch is for devices that have been widely deployed in the network. It can also be impossible to know, or proof, that all devices are running the right firmware. With BECS you can do extremely fast and controlled upgrades and at the same time make sure that all devices connected to the network are using the intended firmware version.

And lastly: Remember that the penalties will not be applied as long as you can proof that you have taken appropriate and reasonable preventive actions.