Document in French, published by the Agence nationale de la sécurité des systèmes d'information (National Information Systems Security Agency)
The telecommunications sector can be divided into several large families and in this regard includes a typology of varied actors ranging from electronic communications operators (OCE) to equipment manufacturers, including web hosts or Internet interconnection points. Central sector for many others, the sector telecommunications is qualified as “supercritical” due to the immediate and systemic consequences that an incident affecting him would cause.
Therefore, the major concern of organizations in the telecommunications sector is the availability of their services, sometimes to the detriment of data confidentiality and the integrity of information systems. For this sector massively targeted by cybercriminal actors for profit and state purposes for purposes of espionage or destabilization, the practice of “security through obscurity” is insufficient.
The size importance of operator networks, their heterogeneity following the continuous integration of new entities and the significant accumulated technical debt complicates their security and makes it even more crucial to take into account the threats targeting this sector.
Over the last three years, ANSSI has been informed of more than 150 security events, including nearly 50 incidents handled by the agency, affecting entities in the telecommunications sector. Two thirds of the events recorded affected strategic companies in the sector, including a very large proportion of regulated operators.
Certain incidents led to a significant operational commitment on the part of ANSSI.