The Communications Risk Show

The second season of The Communications Risk Show concludes with a special show where we review highlights from the series. Ed Finegold, Lee Scargall and Eric Priezkalns recap the big stories and ask the live audience for their views about emerging threats. For live shows and past recordings, visit https://tv.commsrisk.com Be sure to regularly visit our main site at https://commsrisk.com to stay informed about risks in the communications industry.

How much could comms providers increase their profits if they made better use of analytics? Is there a conflict between the apparent certainty of mining data and the inherent uncertainty of managing risk? These questions are addressed by Mike Willett, a Partner in EY’s data analytics and information management practice. Now based in Auckland, Mike has broad experience of working as a manager and consultant for telcos in more than 40 different countries, including 6 years as Director of Fraud and Revenue Assurance at Australian operator Telstra. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns. For live shows and past recordings, visit https://tv.commsrisk.com Be sure to regularly visit our main site at https://commsrisk.com to stay informed about risks in the communications industry.

Refiling has become a scourge on the telecoms industry, effectively serving as a tax paid by honest telcos to crooks, before it is passed on to consumers through higher charges overall. However, governments and law enforcement agencies pay no attention to this crime because of the mistaken belief that telcos who systematically cheat other telcos can sustainably lower prices paid by consumers. The authorities take no interest in refiling despite it being another version of the CLI spoofing that is now used by scammers to trick consumers. The failure to act in one domain has spilled over into a much worse societal problem because organized crime is indifferent to whether CLI manipulation is used to enable theft from businesses or from ordinary people. It has been left to telcos to counter this lawlessness, but there are techniques and technologies that can be used to detect and prevent refiling. Arnd Baranowski, CEO of Oculeus, joins us to explain the options available to honest telcos. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns. For live shows and past recordings, visit https://tv.commsrisk.com Be sure to regularly visit our main site at https://commsrisk.com to stay informed about risks in the communications industry.

How severe are the risks to the rest of society when hackers are determined to take networks down? Access to mobile networks and the internet has been a game-changer that has improved the lives of billions of people worldwide but this also means the disruption caused by a loss of service can be much more serious. What happens when individuals become dependent on networks for everyday tasks like paying their bus fare, doing their grocery shopping, obtaining credit, and interacting with the government? We talk about the fallout from the Anonymous Sudan attacks on Nigeria, Kenya and other countries, and the wider risk implications of becoming dependent on networks with two guests who will be familiar from previous episodes of the show: Kenyan telecoms consultant Joseph Nderitu, and Nixon Wampamba, currently at MTN Nigeria. Other topical news are also discussed by the show's three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns. For live shows and past recordings, visit https://tv.commsrisk.com Be sure to regularly visit our main site at https://commsrisk.com to stay informed about risks in the communications industry.

The global banking system may have already solved the problem of spoofed phone calls and online identities; the solution just needs to be explained to telco regulators and internet engineers. The story begins in the aftermath of the banking crisis of 2007-08, when the leaders of the G20 countries sought to prevent the same thing ever happening again by instituting a Financial Stability Board to monitor global banking. One challenge they faced is the impossibility of knowing how much financial risk is being taken unless you first know about all the banks that exist worldwide, and which banks own which other banks. This was addressed with the creation of the Global Legal Entity Identifier Foundation (GLEIF) in 2014. Some of the problems faced by the global comms industry have similar issues at root. For example, US agencies like the Federal Communications Commission would like to reduce illegal robocalls but they never had a registry of all the comms businesses that make and convey calls within the USA, and their attempts to build a registry for foreign telcos are unlikely to ever succeed. But what if the recipient of a phone call could tell who was phoning them because they were shown a secure digital signature that corresponds to the Legal Entity Identifier (LEI) of the originating business? Such a method could obviously be applied to stopping scammers from impersonating banks, but could also be adopted by many other businesses too, and could eventually be generalized so that everybody has their own identifier, using the same technology and series of codes. The potential to extend the telecoms use of the methods underpinned by GLEIF will be discussed with three expert guests: - Stephan Wolf, CEO of GLEIF - Timothy Ruff, blockchain pioneer and General Partner at Digital Trust Ventures - Randy Warshaw, veteran telecoms executive and CEO of Provenant Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns. For live shows and past recordings, visit https://tv.commsrisk.com Be sure to regularly visit our main site at https://commsrisk.com to stay informed about risks in the communications industry.

Divya Shridhar, an independent consultant who was formerly a rapidly-rising analytics and assurance manager with BT and Tech Mahindra, gives an interview about how to impress executives with insights gleaned from data, the ways she has overcome adversity in her personal life, and whether new technology will create new ways of finding revenue opportunities and cost savings. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns. For live shows and past recordings, visit https://tv.commsrisk.com Be sure to regularly visit our main site at https://commsrisk.com to stay informed about risks in the communications industry.

Quantum computers are difficult to build today, but their radically different design means they can rapidly crack encryption codes that would defeat any other computer. Many encryption algorithms that currently protect the privacy of electronic comms and banking transactions will soon be rendered ineffective. Comms providers already need to be conscious of the risks of messages being intercepted today just so they can be decrypted and exploited in future. We discuss the timescales for the evolution of quantum computing and the enhanced security measures already needed to protect our way of life with Ian Deakin, Principal Technologist at the Alliance for Telecommunications Industry Solutions (ATIS). Topical news items are also debated by the show’s presenters: Lee Scargall, a senior risk executive and consultant with considerable international experience; Eric Priezkalns, Editor of Commsrisk; and Sarah Delphey, formerly of Bandwidth and now VP of Trust Solutions at Numeracle.

Brazilians receive more unwanted calls than any other nationality. We discuss the reasons why with representatives of the Brazilian comms regulator, Anatel, before examining their radical plan to restore confidence in telemarketing calls. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

It is highly recommended that every network operator protects their security by having a signaling firewall, but some still suffer from lots of gaps in their defences. We discuss the reasons why comms providers fail to get comprehensive protection from their signaling firewalls with network security blogger Josué Martins, currently of Accenture and previously with Unitel and Samsung. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Consumers in some countries are inundated with scam and spam calls from overseas, many of which are spoofed to appear domestic in origin. The lack of integrity surrounding the apparent A-number of a call also means carriers get hit with refiling frauds. However, there is almost no international cooperation on how to tackle this phenomenon, and technologies which promised to validate calls across borders have delivered woeful results on the few occasions they have been tried. This is a problem for all telcos, but international carriers are especially concerned about the dangers of having to satisfy many contradictory rules and regulations from the different countries they serve. In this episode, Philippe Millet, Chair of the i3forum and previously a long-serving executive at Orange Group, joins us to talk about the launch of One Consortium, a new initiative that seeks to bring carriers and regulators together so they can agree a common roadmap for call validation. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

The first episode in the second series of The Communications Risk Show begins with a review of dramatic news stories that affected the communications industry during the break between seasons. And there has been a lot of drama! Examples include: Ireland rejecting STIR/SHAKEN; Ukraine police claiming to have confiscated hundreds of simboxes used to distribute propaganda; the hacking of cloud servers used by a Russian satellite comms provider; the US Cyber Safety Review Board wanting an ‘urgent’ transition away from sending passwords by SMS and voice; India launching a powerful unified consumer consent system for telemarketing; security vulnerabilities found in a comms system used by police forces worldwide; big analytics firms denounced for profiting from inaccurate call labels; opposition to a UK law that would interfere with end-to-end encryption; China accused of using eSIMs to secretly track the movements of the British Primeminister’s car; Islamists launching denial of service attacks on networks and mobile money in Nigeria and Kenya; the founder of Global Voice Group being barred from the USA; and a legal complaint from European privacy activists that could prevent US businesses developing databases that record the ‘reputation’ of individual phone numbers. These topics and any questions from the live audience are debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Sarah Delphey, Vice President of Trust Solutions at Numeracle and formerly the Director of Abuse and Risk Operations at Bandwidth, discusses the problems created when associating the identity of a person or an organization with a phone number and ​how ​the telecoms industry could restore trust in identity. Andrew Wong, COO of Japanese fintech business SORAMITSU, tells us about the use of distributed ledger technology to exchange information about scams. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

In this show we discuss the issues surrounding automated nuisance calls and the methods that could be used to help phone users identify who is calling them before they accept the call. The guests are: Professor Feng Hao of the University of Warwick, a recipient of a research grant into call authentication who has also given expert testimony to UK parliamentary committees; Pierce Gorman, whose 30 years of service in the network engineering teams of Sprint and T-Mobile US led to his playing a leading role in the implementation of STIR/SHAKEN; and Sathvik Prasad, Research Assistant at North Carolina State University, where he was a leading member of the team that conducted an award-winning study of robocalls. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Nation states have learned that they can disrupt, spy upon and threaten their rivals by infiltrating and subverting their communications networks. Such cyberattacks may be the prelude to a conventional military operation, as occurred when Russia invaded Ukraine. However, they typically occur as part of a more general strategy of gathering information and obtaining advantages that may be exploited later. There is a great deal of variety in cyberwarfare methods. On one end of the spectrum, North Korean hackers engage in the systematic theft of cryptocurrency which will be used to evade sanctions. This contrasts with the investments made by Russia and China in ships and weapons that could be used to cut submarine cables or disable satellites, and the competing investment being made by NATO to protect privately-owned communications infrastructure. Much of modern cyberwarfare is barely distinguishable from cybercrime, with freelance hackers being hired by nation states and given license to steal so long as they only target foreign governments, businesses and individuals. All of this places a greater burden on comms providers that would prefer to focus on competition within a free market than on a hidden form of warfare where the assailants are difficult to identify and almost never suffer any repercussions. Cybersecurity analyst Patrick Donegan helps us to navigate the threats posed by nation states. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Famous white hat telecoms hacker Karsten Nohl is our guest for an episode that focuses on the security risks created by migrating telcos and many other businesses on to the cloud. The use of standard cloud technologies like containers can deliver great efficiency and cost savings but they also mean that a hacker who discovers one vulnerability may be able to cause far more harm as a consequence. Karsten has a track record of discovering and demonstrating unexpected vulnerabilities in GSM and RFID systems. He is the Managing Director and Chief Scientist of his Berlin-based consultancy and think tank, Security Research Labs. Karsten also has experience working as a telecoms CISO for leading Asian operators Jio and Axiata. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

The little plastic circuit cards that people can take out of one device and place inside another have become synonymous with the mobile networking revolution but their time is drawing to an end as newer and more expensive devices exploit embedded SIMs, or eSIMs, which cannot be removed and which can be rewritten. Evangelists for eSIMS promise they will deliver numerous benefits, and their widespread use is already guaranteed as automobile manufacturers will rely upon eSIMs for the connected cars they are planning to build in ever-larger numbers. But no new technology is without downsides. One telco recently had to cope with a wave of worried customers who mistakenly believed they were the victims of SIM swap fraud after they pre-ordered new Samsung phones and somebody decided to switch their service to the eSIM in the new phones before the phones had been delivered to the customers! Other risks relating to eSIMs are the subject of conversation with John Davies of BluGem, a telecoms testing business that does a lot of work ensuring migrations to new network technologies always go as smoothly as planned. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

How can the latest technology detect and stop fraudulent network activities before telcos and their customers lose any money? Arnd Baranowski, CEO of Oculeus, shares his insights and answer questions from the live audience. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Elon Musk lifted the lid on the soaring scale of artificial SMS generation when he complained that bots were costing Twitter $60mn each year by pumping bogus two-factor authentication messages in the direction of crooked telcos. This then became a global story for information security professionals (and a lot of opinionated amateurs) when Twitter switched off the use of SMS for two-factor authentication of unpaid accounts. How serious is artificial SMS generation, does it spell the end for A2P SMS as a service, or are there other ways to prevent SMS pumping? These are the questions that are fielded by Tim Biddle, who is Sinch’s Director of Operator Relations for the UK and Ireland. Topical news items are also be debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Security Expert Silke Holtmanns discusses the transition to 5G networks and the risks these pose to network operators and customers. The specifications for 5G are meant to enhance security, but will all the benefits be realized in practice? Silke shares insights derived from her work as an advisor to clients in various countries and her experience as a contributor to the European Union Agency for Cybersecurity, ENISA. Topical news items are also debated by the show's three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Are communications providers ready to take on the responsibility for delivering more advanced financial services over the phone? Bank failures have occurred all over the world, raising fears that communications providers could also begin to fail if they lend money but are not subject to rules about capital reserves and competent regulatory supervision. But it would also be a mistake for governments to suffocate services like mobile money that have transformed the lives of millions of Africans, Asians and Latin Americans who were previously unbanked. How much financial risk is it acceptable for communications providers to take, how should they upgrade their own competence to deal with those risks, and how does the increasing popularity of online and mobile banking change the risk profile for frauds like SIM swaps? These are some of the questions debated with Joseph Nderitu, a Director at Integrated Risk Services. Joseph started his telecoms career at Safaricom and has since advised many of Africa’s leading operators on the risks surrounding the delivery of mobile money services and other financial services. Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.