The conflict in Ukraine has seen mobile phone locations used to identify targets for missile attacks, pleas for satellite dishes from Elon Musk’s Starlink to keep the Ukrainian government connected, rogue operators springing up in occupied areas and the Russian Army relying on simboxes for communication. Expert insight into the security implications for comms providers is provided by Cathal Mc Daid, CTO at Enea AdaptiveMobile Security.
Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.
Transcript (auto-generated)
Hello, this is the Communications Risk Show and I'm Eric Priezkalns. Each Wednesday we talk live to risk experts from around the world of electronic communications, streaming the show to our website and through LinkedIn and Twitch. We broadcast live so you can also put your questions to the expert guests. Just type your question or comment into the box immediately beneath the streaming window on our website at tv.commsrisk.com. Messages on the website are anonymous, so add your name to the message if you want me to read it out. We do respect your privacy, which is why we don't collect lots of personal data, but it is nice to know who's watching, so please include your name if you're not shy. Today's guest will be Cathal Mc Daid, Chief Technology Officer of Enea AdaptiveMobile Security. He'll be telling us about the impact that the war in Ukraine has had upon telcos in the region, how they've been able to keep running during extraordinarily difficult and dangerous circumstances, and the tricks that have allowed rogue Russian mobile operators to establish themselves in occupied regions despite international sanctions. But before we bring on Cathal, let me introduce my co-presenters, Ed Finegold and Lee Scargall. Ed joins us from Chicago in the USA. He's an author, analyst, and strategic advisor to tech and telecom businesses. And Lee joins us. He's in Jordan in the Middle East today. He's worked in executive management and freelance consulting for a wide range of communications providers, not just in the Middle East, but also in Europe, the Caribbean, and Asia. Welcome, Ed. Welcome, Lee. It's great to have you back both on the show today. And before we start talking about the big wide world of communications, I want to talk about what success we've had with our own communications. Since last week, when we had episode one of the show, there's been more than 1,500 viewers for episode one of the show. We've smashed the record for the old show Rag TV, which never quite reached a thousand viewers, even though it was measured over a two-week period instead of just one week. Any guesses, Ed, Lee, why we've been able to make this breakthrough in the number of viewers this time around? It's Lee's good looks without question. That's what it has to be. No, we had Lee on the show before, so that can't possibly be the reason. It has to be Ed's good looks. You don't think it's the scintillating chat and the deep insight that you're both bringing to the show? No, let's give you some credit, Eric. I mean, you've been planning this, talking to people about it, promoting it, getting everybody organized, haranguing us to be ready to be on, you know, that takes a lot of energy. So it's your credit to you. Now you make it sound like a setup, like I wanted you to praise me then. It's not because of that. It's because we're three interesting guys who say it the way we see it. And we like guests who do that too. And you don't get that anywhere else. Certainly not on the internet, not even in most live conferences. You don't get people saying the way you say. So thank you, everybody who's been watching. We really do appreciate the number of viewers we've had for the show. It's been absolutely fascinating, exciting to see them racking up. But let's get straight into the topical stuff, because that's what they're watching for. Amazing story that's come out of the USA. So I don't know if you're going to have a particular perspective on this, Ed, but I'm also really keen to hear Lee's point of view on this too, because I'm noticing I feel strongly about it. A defamation lawsuit has been lodged against a gentleman called David Frankel and his business ZipDX from a telco, which says he has scared away other carriers from carrying their traffic because of what they say are unsubstantiated accusations that they've been carrying, handling illegal robocalls. Now Avid Telecom says the damage to their business is worth multiple millions of dollars, and their court submission explicitly referred to two carriers, NUSO and Intelliquent, refusing to carry Avid's traffic as a result of David Frankel's intervention. Let's start with you, Lee. Let's pick on you first here. Has the FCC walked into a trap by encouraging carriers to stop doing business with other carriers based on hearsay because neither the FCC nor prosecutors were able to accumulate hard evidence of law breaking relating to illegal robocalls? Well, it appears there's a can of worms which has been opened up by this case, doesn't it? So, you know, if you look at Stair Shaken, it hasn't even been around for that one either. And now you see these carriers, they're suing third parties for defamation and loss of earnings. But all I can say is the USA, it's well known for its litigation culture. So I'm pretty certain this won't be the last lawsuit. But yes, yes I do. I think the FCC, they've like unwittingly kind of created some intended consequences here. Ed, what's your point of view from your side of the Atlantic? I mean, there's unfortunately there's so many things to think about on this case, you know, since I read your article that have nothing to do with the core problem of robocalling, right? And kind of have everything to do with the scuttlebutt or gossip or individuals around it and how they behave in US courts. And one thing that struck me after reading your article was, you know, so someone could file a defamation suit completely legitimately in a situation like this. Let's be clear about that. But if we go with, I think the word of your piece and the assumptions behind it, it's that the defamation suit is effectively like a horizontal attack on a vertical issue, right? Where the issue was, you know, you're involved in robocalling, you're part of this problem, let's get at it. And the defense of it was sort of this horizontal, it wasn't so much a no, we're not robocalling, it's more a how dare you, right? Which in certain perspectives can I sort of, I think can create a negative connotation of its own, right? So the whole thing stinks when you look at it from the outside. And again, I think unfortunately, when you get into that kind of wrangling, what is it? It seems like we're, you have to, but like you end up focusing on a forum of a lot of people who may be of questionable ethics arguing with each other about where our line is run, as opposed to solving the problem that robocalling is victimizing people in the United States. I want to bring Lee back in on this one, though, because we could pick on the USA, but I don't think this is a USA-specific problem in the sense that there has always been a problem in the industry, and it's gotten worse over time, where there is a degree to which everybody wants to say that they know who the bad actors are. So there's a lot of gossiping, a lot of rumour-monging, a lot of pointing of fingers when you're talking quietly amongst closed little cliquey circles, but then actually taking the action against the bad actors is impossible, or proves to be impossible, because no one can actually deliver solid, hard proof up to a standard. And then you end up in these ridiculous situations where, surely, Lee, you've seen this in practice, telcos are chasing each other's tails because they start to almost like pointing their fingers left and right, backwards towards, he's the bad one, no, he's the bad one, no, he's the bad one. And of course, a regulator can't possibly tell who's being honest and who's being truthful, and they agree, it's because there's a lot of telcos that will point their finger, but they're not 100% clean either. Yeah, I mean, you can draw a similar parallel to, say, Wangiri, which is something, well, we all suffer a lot from Wangiri. We all have our suspicions who's doing it, right, but we just don't have that evidence because they hide behind other carriers, the way it's all set up, you have carriers connected to carriers, and they don't disclose who's sending them the traffic. But we all have a pretty good idea, I think, you know, we all mix in the same circles. We tend to know who these people are, but we just, we can't prove it. Not being able to prove it. We'll come back to this topic in a moment. First, now here's a message from our series sponsors, Blue Gem. Blue Gem is a global provider of testing services for telecoms, government, and software businesses, creating real events like voice data and even satellite calls using real network devices that allows Blue Gem to give insights into a number of key areas, such as service assurance, fraud management, billing accuracy, and product management. Blue Gem are a pioneering company, and they've developed satellite call solutions to support the growing demand for satellite capacity and transitional services. They can measure in precise detail how much satellite call usage is consumed and fully reconcile switching billing records to provide independent test evidence. Fraud management is also one of Blue Gem's key areas where they can contribute to your business. With Blue Gem, you can detect different types of bypass fraud, including CLI refiling, OTT, and SIM boxes via Blue Gem's end-to-end CLI verification service. Test from an expansive range of global network groups, which include real subscriber SIM cards, PSTN fixed lines, and VoIP to detect the presence of SIM boxes. So whether you want to ensure your customers are able to use 5G networks, eSIM, or satellite services, or you want to get CLI verification to tackle SIM box fraud, then you should call upon the experienced team of specialists at Blue Gem. Now back to the guys. And, you know, actually, when I was reading through Blue Gem's stuff there, I was thinking to myself, what you don't tend to get is you don't tend to get a lot of regulators actually going and checking things in real life. They tend to rely upon telcos to tell them things when perhaps they could be doing more independent testing as you could imagine. And I've got comments coming in here about this as we speak here. So Lorenzo from Subex wants to join in with the conversation. He's saying flash calling is fraud. It is designed to bypass A2B SMS termination charges. It relies on CLI manipulation and abuses mobile network operators, signaling resources, security part. There are no real reasons why a CSP should allow flash calling traffic to be terminated on their network. And Timo once again writes in cheers from Canada. We're always glad to have Timo watching the show. So guys, is there an extent to which perhaps, Lee, I'll throw this one to you first. Is there an extent to which regulators have fallen into a trap where they just rely upon telcos to tell them what's going on and they don't have any independent source of data themselves? I have to disagree with that one, Eric. I think that's, in particular in the UK, that could be the case. However, you know, places around the Middle East, a lot of the regulators out here, they do their own testing. That's certainly my experience around from this region. Also as well in Asia as well. I think you've got, it happens in the Philippines as well. So I don't think that's just the case. I think it just depends on, you know, each country each to their own. You're quite right. I'm glad you're correct to me because I was thinking about countries like the USA, but yes, that's a good point. Ed, perhaps the USA should take a leaf out of the book of some of these other countries and the regulator, instead of just mandating gathering information, could implement some systems. I mean, the F.C. spends an absolute fortune on all kinds of subsidised services and encouraging competition and intervening in the market. Would it not be sensible to spend a small number, a few million, on perhaps doing some testing of these things to see who's really doing the fraud and who's not? Yeah, I mean, so two things. One, I think if you want to talk about having a revamp of how, probably not every single thing that the FCC does, but some of the things that impact the most leading edge or the most bleeding in terms of problem right now and taking a look at are there ways, and look, the Department of Justice has done this with the way that they do research into cryptocurrency related crimes and use modern tools and modern analytics to follow blockchain trails and piece things together. And they've done so, come up with a forensic process using technology for that very effectively. So as in parallel, can you say, should the FCC be looking at asking the same things? I think they probably should be. And I would imagine there's someone there who owns an office that says they are. I'm not that deeply familiar with it these days, honestly. The thing that jumps out at me, they'll go into your point about whether a regulatory or any agency that's been reporting data collections dependent on the source. One of the things that this area feels like there could be an epidemic of is there's a lot of unknown unknowns and we like it that way. And as soon as someone shines a light on those unknown unknowns, people get very, very nervous. And there could be nothing afoot, but I bet you there's a lot of carriers who for the sake of making a buck, have their businesses have grown organically in one way or another over time. They haven't looked too closely. And now that someone says, Hey, what about this? Have you looked closely at it? That becomes very scary when it's, Ooh, I don't know. And I don't necessarily know how to look for it. I don't know if I want to look for it. And what else does that do? And it might be better to just try to be quiet about it. And I could see that sort of an epidemic in this area. I think that would make it. I mean, coming back to David Frankel, and he's a gentleman I've spoken to in person. What strikes me about the situation, not picking aside on who's right or wrong in this particular defamation case. But what strikes me about this situation is that we have a situation where because the FCC doesn't have its own resources to determine the facts, you're effectively outsourcing to people like David Frankel, the information gathering as to what's happening on networks, what crime is taking place. In fact, he and his business, ZippedX, are very unusual status in the sense that they're the only business that's ever offered themselves up as an alternative to the traceback group that does the work in tracing back these fraudulent illegal robocalls in the USA. It's a process where nominally, because the way it's set up, a choice is made each year, and who should be selected for that year to provide that service, but very clearly was set up with one particular consortium in mind. And he, perhaps because he sees himself as some kind of crime-fighting figure offered to provide that service to, he's always been turned down, but it's offered to provide that service to, and clearly is injecting himself into the conversation by saying he's finding out things about what's going wrong on networks, crime that's taking place. Now, Lee, I wanted to bring you up on this, because some of the things that David said, though, I don't necessarily think are all that correct. And this work causes me worry that the source of information that we're turning to in the private sector may not always have their own facts straight. So one of those was that he said to the FCC, and he said this, he said this publicly elsewhere as well, he told the FCC that you could distinguish calls made by people and calls made by machines by the average duration of the calls. So just look at the average duration of traffic. And if the average duration is more than two minutes, well, that's got to be conversational traffic. And if it's less than two minutes, then you know machines must have gotten involved, because only when machines get involved, do you start to see such a low average duration of traffic. Lee, what's your take when you see someone espousing a rule like that? So I did a bit of research on this Eric, and I actually found, came across this infographic. Hopefully, Matt's got it on the screen now. Now, what this shows, it's the duration of voice calls between males, females, their friends, and to the kin, and at different times of the day. Now, what's actually interesting about this infographic, I think it shows something that we've all known for a very long time, and that's females really do like to talk, right? Oh, steady on. We want to get a broader audience with women as well as men, not enough steady where you're going now, Lee. Does the data substantiate what you're saying? So when a female, when she's talking to her friend, right, if it's in the evening, right, that's by far the highest duration, that's around about nine minutes. Whereas when the men talk, it doesn't really matter who they're talking to, or any time of the day, it's generally less than two minutes. So what you're saying is David Frankel, when he says two minutes, anything less is a machine, men are like machines. If it was a man-only network, we'd all be considered the same as machines. Well, by his definition, then yes. So, you know, pretty much half the traffic would be classed as robo calling when it isn't. However, I can see some kind of logic to what he's trying to say here. So if you look at, if you take the average of all of the calls that are made during the day, probably across all the time bands, then yes, probably that is great for human when they make a call, that's probably more than two minutes. But as I've just explained, it's not as straightforward as what he claims it to be. Yeah, it does seem far too simple to me. And I don't think a rule like that is helpful because even if it was generally true, if you announce that's the rule that you're using in practice, all that's going to happen is the fraudsters are going to understand what you're looking for and blend in that illegal traffic with legal traffic, and they're going to achieve the two minute threshold, and then you're back to where you were when you started. It's not that difficult to blend illegal traffic with legal traffic. It requires a bit more effort. And so if they know, if they know that that's what's happening, then they will then, you know, if they know that's not happening, they won't make the effort. But if they know it's happening, it's not that hard to make the effort. Now, let's talk about Ed, you're in the USA. So one of the stories I hear from the US industry insiders is that the public appears to be appreciating actually that there's been significant improvements in the tackling of illegal robocalls. And that's why complaints to the FCC have fallen in practice in recent moments. Does that sound right to you? Is there an impression? I know you can't speak for everywhere in the USA, but in your part of the USA, in Chicago, is the thing on the streets of Chicago that robocalls are, are there fewer robocalls than there were in the past? No, no, I haven't heard any. I haven't heard fewer complaints from people about, you know, looking at their phone again, you know, when you're talking to someone, I think smishing it in my own personal experience. I think the SMS side of it's up a little bit. I was saying earlier that definitely a correspondence between anytime you see a breach announced that's related to a brand that you have or have had a subscription with that you're getting a text that they probably a bunch of them fishing for your account credentials in one fashion or another. So no, I haven't seen it fade. I think if I could chalk it up to anything, and we mentioned this in a chat prior to the show, but if I could chalk it up to anything, you know, there's fads come and go, the United States, it's very fast. And things capture the public's attention. And I think that there was a brief moment there where the public started getting a sense that there was a relationship between the rise in scams, especially around real-time payments, because that hits people where it hurts, you know, and that there's a relationship with that and robocalling. And there was some noise being made about regulations related to that on Capitol Hill, especially Elizabeth Morin spent a lot of time publicizing, you know, this message that banks should be more liable or put more friction in the process, you know, when it comes to real-time payments to help, you know, stem the tide of scams and there needs to be more information. So suddenly there was a lot of attention around that particular set of crimes. But then this whole other bigger set of crimes happened. And I think that that has probably captured people's attention even more in the meantime. And I'm talking about FTX and SVB and sort of all these cons that have come out of Silicon Valley and obviously now affecting the global financial system. I think those have now captured the public's attention and made robocalling suddenly less important today. I'll put it that way. That's right. Yeah, that's a good point. I agree with you. I, when people say that there's been fewer complaints to the FCC, I think that's them engaging in wishful thinking. Not because that there are not fewer complaints. I'm sure that the statistics bear out that there's fewer complaints to the FCC. It's just the case that there's only so many times a human being is going to complain about something before they give up complaining. You wouldn't expect the number of complaints to stay steady. So I think the industry is definitely in danger of telling itself the story it wants to hear here. Anyway, let's get back into the world of facts. And I want to share with our viewers another one of our recurring weekly features, the Symmetry Prism Fact of the Week. Each week, we share an interesting fact supplied by the team at Symmetry Solutions and their Prism fraud intelligence service. This week's fact is about an explosion in the number of phone numbers being advertised for use with SMS fraud. Since its inception in 2013, Prism has always provided valuable insights into the number ranges used for voice fraud. But recently, the Prism team has identified many more numbers being offered to criminals for use with SMS. Now the team has a database with 1.8 million numbers specifically offered for crimes using SMS. New numbers are being captured at the rate of a couple of hundred thousand per month now. So for a limited period, Symmetry are providing a free trial of their SMS fraud intelligence database to permanent comms providers. If you want to take advantage of the trial, then learn more from their website, symmetry solutions.co.uk. That's the message from our sponsors back to the topical chat recently reported a bit of a change of subject list, but I'm keen to get your view building up for bringing on Cathal to talk about these issues with state-sponsored interference in telecoms operators. Recently reported that Deutsche Telekom is going to fulfill a 64 million euro contract with Germany's train system by buying network kit from Huawei, even though the German state is expected to soon ban Huawei and ZTE equipment from 5G networks. So we have an interesting situation here where there's this worldwide movement, but not 100% unanimous support for reducing the amount of exposure of networks to Chinese network equipment. And yet the Germans, Deutsche Telekom, not a small telecoms company by any stretch of the imagination, a big player in the industry seems to be quite happy to keep on buying from Huawei. Lee, to you first, are the Germans soft on telecom security? Now I don't think they are soft on security, Eric. They're going to ban Huawei and ZTE shortly, which is the right thing to do. I think the problem here is that Germany's information security agency, which is known as the BSI, they say they're not aware of any law that determines railway systems to be critical components. Now, I'd strongly disagree with that because I think railways should be part of the country's critical national infrastructure. I mean, it is in the UK. Look, I think this is a good example of where the law in Germany needs to catch up, right, to protect sectors like railways from cyber security threats. Ed, your take on this, your reading of the new cold war and its impact on telecoms before we bring on Cathal to talk a bit more about it. The thing that actually spins me on this, Eric, is if I think about the way the decision gets made, right, in this environment, you know, the environment we've had the last five years, you know, talking national security environment, international security environment, you know, that the decision is made that made this story a story, right, that Huawei equipment was put in that position and something that is national infrastructure, I agree with you, Lee. And if I bookend that from a tech market point of view against what's happening with ORAM, with open RAN, and the intent of creating like an open, you know, richer supply market for 5G, that's what's mind blowing to me, is to have the degree of lip service towards fostering that kind of an environment that's, I think, it can be taken to an extreme degree, but the concept is beneficial to the industry of having a rich supplier market for 5G, right. But then have the decision land there, given the national, the international security market is just mind boggling to me, I can't understand how that lands without sort of accusing someone of doing something really, really untoward. Yeah, I have to say, I don't entirely agree with Lee here, I think the Germans are soft on telecom security. I think you can dress things up in technical standards and the rest of it, but in the end, commercial decisions are important to where this money go, who you're building up as being the people you rely on. We're in the middle of a war over things like silicon chips right now. We know why we're in the middle of a war on silicon chips. Why would you then want to take some of your money and hand it to a player on the other side of it? We just threw this out, the reason why Russia was prepared to invade Ukraine is because they have been built up with Western money buying Russian resources, Russian oil, Russian gas. Why would we want to start pouring money into developing the resources? The reason why the network manufacturing side of things is in a state is because we have not been building and making the technology in the West. We've become dependent upon countries that can start exerting power. And that's why when we started to panic about things like TikTok now, let's get TikTok off government phones, we know about, say, whenever you infiltrate any layer of a system, a telecom system, a communication system, then you're in trouble for the whole thing. Whether it's Pegasus software where you've got, you know, actually on the app itself or whether you've got the core of the network infiltrated. So I disagree with you, Lee. I think the Germans, they are continuing to just be short term in their business outlook and are not seeing the world strategically as a series of threat actors that now need to be handled very differently to the way we've been handling them in the past. But Eric, just to come back on that, I think BSI, I think they want to ban it. But the problem is they don't have the legal framework that's that's not in place right now for them to do it. They have to change it, obviously. But how long do you have to go into a cold war before people start waking up? Anyway, we could go on about this all day before we bring on... Well, it's a stunning procurement decision. I agree. Yeah. Yeah. So before we bring on today's guest, Cathal Mc Daid, here's another of our regular weekly features. Each week, Jeffrey Ross of Core Authentication Fraud Prevention and Geolocation Specialists, 1Route, will take us around the world in our phone. I think Katherine may elect Jeffrey's destination this week as it's Katherine's homeland, Ireland. Roll VT. Hey, everyone from 1Route. I'm Jeffrey Ross, and this is the world in your phone. Let's talk about Ireland. Known for its gorgeous and diverse landscapes, it's obviously called the Emerald Isle. Did you know, though, that during the COVID pandemic, about half the population worked from home? This obviously put quite the demand on both mobile and fixed line networks. But in true Irish fashion, they met the needs by investing back into its country's infrastructure and networks. Ireland continues to invest heavily into the next generation connectivity, along with fiber throughout the country. A fun fact, though, Ireland is home to the headquarters for OneRoute. Something else that you might find interesting is that Irish pubs are an important part of its life. Now, it might be a bit of a stereotype, but a drink is not just a drink. Instead, it represents an enduring part of the country's culture. Another thing Ireland's famous for? Its food. Now, I can tell you personally, Shepherd's Pie, that's where it's at for me. Be sure to go to YouTube and subscribe to 1Route to catch up on all of our other videos. And watch the 1Route Roundup, where we spotlight individuals making a positive difference in the telecom industry. Last little fun fact about Ireland, apparently they invented Halloween. So my kids definitely thank you for that, Ireland. Eric, over to you. Now let's introduce today's guest, Cathal Mc Daid, Chief of Technology at Enea AdaptiveMobile Security. Prior to their acquisition by Enea AdaptiveMobile had already established an impressive reputation for identifying vulnerabilities exploited by telecoms hackers, including state actors. Cathal has distinguished himself since the invasion in Ukraine by keeping an incredibly close eye on the impact of the war on the supply of telecom services to people living in that region. Welcome, Cathal. Thank you for joining us on the show. It's a pleasure to have you here. And I can tell you now that your fans have been champing at the bit, waiting for you to come on the show to tell us about, to expand upon these fantastic articles you've been writing about the situation in Ukraine. So we really appreciate you coming on today's show. At the outset of the war, it seemed like Russia hoped to drive their forces right into Kiev, take control. How was it to start with your analysis of what's happened in Ukraine? How important was it for the Ukrainians to keep their networks functioning at that point in time? And how were they able to do that? How have you been able to keep their networks up and running during all of this situation? Oh, thanks, Eric. And thanks for that introduction. I hope I don't disappoint too many people here. Yeah, so that's been the focus of a lot of our research over the last year, to understand the use of telecom networks in Ukraine. It's not just for its academic uses, we want to take all the learnings from it. So looking from the outside, clearly, I'm not Ukrainian, I haven't been to Ukraine yet, I have been invited. It's really come from, they've taken a variety of decisions, not just recently, but over the last couple of months, which immediately enabled them to have a lot of resilience. So I had the privilege about two weeks ago, presenting in Mobile World Congress with one of the other presenters was a CTO, Kyivstar, one of the Ukrainian operators. And he was explaining that roughly around October, November last year, they started preparing a lot, a lot of redundancy, secondary headquarters set up in the West Ukraine, because they understood that if it was going to be invasion, they have to anticipate all the possibilities, wouldn't necessarily might be a border skirmish, it might go into much further in the country. And as it turned out, those are some very present and quite accurate assumptions. So what they've done is that they've put in place a whole huge amount of work beforehand, redundancy in their command and control centers, for the telecoms, building up lists of what they're required. And then from my perspective, the really interesting thing is what happened immediately afterwards and then directly after the war. So there is a whole series of decisions that not just individual operators in Ukraine, but whole telecom, Ukrainian telecom community made all the way from small things such as reallocating frequency bands to allow more coverage, moving up to decisions that they made to do things like blocking of inbound roamers from Russia and Belarus, which is a huge decision. And then to another one, which no country had ever really done before, they enabled national or emergency roaming throughout the country. So this allowed every subscriber in Ukraine to actually use, in certain regions initially, use mobile networks from the other operators. And so those were like, when you look back at it, like really groundbreaking decisions, which in my opinion, did not get anywhere near as much recognition as it should have at the time, because maybe everybody's waiting for the cyber war, but those are big decisions that enabled them to keep their mobile networks up and functioning. And then not least again, like I said, the CTO from Cavestar was presenting, the telecom crews from these operators who were literally risking life and limb to keep their networks up and running, being in situations that you or I or anybody else who works in telcos will probably never experience our lifetime to keep their systems up and running. So those incredible decisions that they've made, incredible acts of bravery at times, all contribute to having these networks up and functioning and then contributing for their society. Would you say that in some ways that they've now established ways in which operators, other countries, other administrations should look and learn from the experience that if something happens to them. So of course, at the outbreak of the war, the Baltic states, which have obviously got a difficult relationship with Russia, I'm sure we're looking at happening in Ukraine, but maybe also places like Taiwan, when you look at what's happening with their relationship with China, do we expect that there will be numerous other telcos and numerous other countries perhaps learning from the experience and trying to replicate and prepare themselves if needs be by following the Ukrainian model? Absolutely. I think if you're working for a regulator and looking at resilience or even telecom operators and you're not following what's happening in Ukraine, I would say you're not doing your job because the lessons that I learned there at great cost in many circumstances are absolutely critical because it is a sad thing to say, but in the middle of a war and a warfare situation, people find out very quickly what works and what doesn't work. And so Ukrainians have found out and they've had to then deploy these systems, which then work. So let's put some examples. In many cases, the Ukraine is far advanced, way ahead of most countries and operators. As I mentioned, like national roaming, if you put that in comparison, after Hurricane Sandy a number of years ago in the United States, national roaming was only switched on after several weeks in that area where Ukraine managed to feed on for one country in those regions much faster. Many parts of Europe don't even have the legislation in place to enable national roaming or things like cell broadcast. I know the UK, they're starting to do some tests with cell broadcast. Ukraine managed to start to roll out and test and deploy cell broadcast much, much quicker now it has in advance of many European countries. And that's not even to speak about things about disabling roaming inbound countries. How many countries in Europe or in the world today will be able to switch off all inbound roamers from two of their largest neighbours in a few hours? I would say many of them would find it very difficult to do. So the lessons that we learned from Ukraine today will be affecting how we plan and design mobile networks, I would say, for the next five to 10 years easily. Or at least how we should be doing it. If we're not doing it, perhaps we should be learning lessons because obviously we have problems with network resiliency, as you mentioned, natural disasters, but sometimes there's no natural disaster. It's just a man-made disaster takes networks down. So talking about people not planning for a crisis situation, one of the remarkable things that seemed to have been occurred, and I'm keen for your take on the true extent of it, was that the Russian military seemingly didn't have the capacity to stay in contact with their own troops. And there were reports that they used SIM boxes to carry some of their military communication traffic across civilian Ukrainian networks. How seriously should we take those reports? Yeah. And when you first hear it, it sounds incredible and you're somewhat incredulous, but actually when you think about it and the circumstances that actually arose, it does actually start to make a bit of sense as to why this bizarre situation would ever arise. So to step back a moment, as we all know at the start of the war, Russian forces move very quickly across the border in certain parts of it. And doing so, there's been many reports in that some situations is that they move so fast that the communication and military communications wasn't actually set up in parts. And Russian forces, they have a long history of reusing civilian communications. For example, in Georgia, in their invasion of Georgia, they did reuse the Georgian mobile network. In that circumstance, actually Georgia, what it should have done, but never did, was they never actually disabled rumors from Russia or Belarus. So what actually happened was when they moved so far forward, then they would have tried to use their own mobile devices and their own mobile sims, but they didn't work anymore. So what they actually had to do is to maintain this communication system, is to use a Ukrainian sims. Now you may say, is it crazy for a military to use mobile phone at all? Well, there's also many reports at that time that they found encryption, it was very difficult for them to set up communications, very difficult then to get communications back to the headquarters. In many cases, there are a lot of reports of them using apps like telegram and so on. So let's say they're going to use these systems, what they've tried, what there's also a lot of reports of them stealing or robbing Ukrainian sim cards. And as well as that, we know from some comments from the information gold mine, it is the Chechen General Katerov, where he keeps making these comments he really shouldn't, but he said that they had a whole collection of Ukrainian sim cards, clean sim cards, which they collected beforehand. And they clearly were building up this resources to use it. But then they have an issue because what has actually happened is that Ukraine has been essentially monitoring the phone calls, which are going out from new sim cards to ringing back to Russia. And you've probably seen these intercepts of some of these terrible conversations, people talking about war crimes and so on. So the Russian staff would realize that any phone calls to make in this manner will be actually intercepted. So to try to bypass this, the logic is, is that then they were trying to ring up a SimBox, which is located somewhere in Ukraine, and then that will convert that to IP, can send it back to Russia. Again, if you were to start out thinking that the second or as the class of themselves, the second army in the world will end up using SimBox for military communications, then you'll be pretty incredulous like I would. But when you add up the set of circumstances that has happened, it can actually make sense. So I don't have any reason to disbelieve it. I'm sure there's more. I mean, there's a lot of more stories like that might come out, but it's certainly that was something which when you add up all the circumstances, there's our circumstances guys here. It's very, very credible. I believe. I want to bring Lee and Ed back into the conversation here. So what extent have you found, Lee and Ed, that this has changed your perception in terms of the extent to which telecommunications providers are on the front line? Have we been complacent about the extent to which these kinds of businesses will be attacked in the prelude to war, during war, and need to be prepared for the worst all the time? So I mean, it's communications, right? It's part of the critical national infrastructure, which we were talking about earlier. They are. They need to be protected. That's the first thing. But you were talking about business continuity there. And especially how the regulators, if they're actually watching this and not actually acting upon it, then, you know, they need to write and that's something which, you know, when I'm wearing my risk management hat, also, I look at business continuity as well. And I'm taking away from this personally, myself, I need to go back and we need to start planning for something like this in its eventuality, because you never know what could happen, even if it's just a natural disaster, and it's not war. But yeah, but surely, but I won't bring you in now, Ed, surely, the problem here we have is that we have a mentality where war is conducted between countries which have borders. And yet in cyberspace, the borders are not the way we imagined them. In terms of where the countries are, you can be attacked from anywhere to anywhere. Now, the US has perhaps been leaders in perhaps taking national security for telecommunications operators more seriously than most countries. But with that in mind, Ed, is there still more that needs to be done? Are we at the right level? Are we still not preparing ourselves for a war mentality, because networks will come under attack, whether it's state agents, or criminal agents, or really a blurring of the tuna? Yeah, I mean, what Cathal was saying really strikes me in terms of, you know, Cathal, you're making the point where, you know, if you're a regulator, and you're not watching what's happening in Ukraine, you're not, you know, familiar with the actions, the positive actions they've taken, you know, you're not doing your job, and I think that's a really good point. I might even say that probably the job to do is to get together and lay out and ask, you know, like, Cathal, what does that look like? So there's a legal framework, there's a tactical framework, there's a red alert, so to speak, that says, hey, when you hit red alert, here's the five things you should do first, like some of the blocking that you're talking about, the number blocking, the sim blocking that you're talking about, Cathal, or whatever those steps are, you know, just trying to give a playbook for this sort of thing, right, that makes sense. That's put together by people who understand it and are responsible, right, I mean, ideally, it feels like that's needed. And I don't think that there is a lack, in the US at least, of sort of definition, right, but communications infrastructure is critical. Broadband infrastructure has been declared critical infrastructure like electricity and water that was part of the big infrastructure bill that was passed and the broadband act that went with it, right, so that piece at least is in place in the US, but I think to Cathal's point, that definition of, okay, well, what is the just-in-case playbook, clearly it's needed. And Ukrainians are writing it for us and I hope we pay attention, now apologies to everyone who's been sending in questions and comments, it's been really difficult for me to keep up with them, they've been coming in so fast, I'm just going to read out a few very quickly now. Any comments on the Russian attack on Vyasat right at the beginning of the war to try to cripple Ukrainian internet services? I think, you know, I think you've got the reading of the room in terms of the participants in this call. We need to be anticipating this and if I think about the experience in, say, Estonia and the cyber attacks on Estonia, perhaps the Estonians wouldn't be surprised at what happened at the start of the war and there's been some complacency in other countries that have chosen not to be hardening their networks, preparing their networks in anticipation that attacks can happen at any point in time and I think this links back to what we were saying about what was happening in Germany, where a degree of naivety is no longer acceptable. We have to anticipate that attacks could come from any direction in any way and another comment here that I'm just going to read out, I'm sorry, apologies, don't have time to read out all of them, are you aware if Ukraine has been using the emergency cell broadcast to send messages to Russia's troops? So I wasn't aware of that, sounds like a propaganda gambit to me but a question that I have for you, Cathal, in terms of propaganda is that the Ukrainian police says they've conducted raids against SIM farms, which they say were being used to create bogus internet accounts, messaging accounts, spreading pro-Russian propaganda. One police announcement referred to raids which captured 300 GSM gateways and 100,000 SIM cards used to run 1.5 million bogus accounts. I've also heard though some industry insiders questioning why such propaganda would require the use of SIM farms and therefore effectively questioning whether the Ukrainian police are being honest in their accounts of what's happening. Cathal, what's your opinion in terms of the likelihood that SIM cards and SIM boxes are being used during this war to spread propaganda? Yeah, it's interesting, I mean I actually showed that video of that amazing, that huge SIM farm actually in my presentation two weeks ago and the number of SIM cards was staggering. I think it is plausible and it comes about for a few different reasons. One, first of all, there's actually I believe 45 SIM farms which were found by Ukrainian police last year, so that wasn't an isolated one, they're capturing these multiple, multiple times. And also if you look back in time, sadly I do, is that even before 2022 there have been reports of captures of SIM farms multiple times by Ukrainian police. This is before the resumption of this conflict, so it's not as if these are new things which have been just advertised during this conflict, this stage of conflict. It has been talked about for a few years now and anytime I see the scale of these SIM farms to make some of the SIM farms that we work up against in fraud or SMS or voice fraud seem quite small by comparison. So what's been explained to me is the purpose of these SIM farms and I've seen that some of these are multi operators in Ukraine to collaborate to try to find these, is that they want the Russians or they want people to sign up for Ukrainian devices so they perceive as if they are Ukrainians as opposed to Russians and so that then they begin to influence decisions or they're on Facebook or so on. So that's the criteria. I can understand people say what's the point if you just do this from Russia but it's actually good to use Ukrainian SIMs and if they're trying to do that in Russia with Ukrainian SIMs then you know there's a whole other set of issues that would be detectable there. So I don't see any reason why Ukrainians would exaggerate that and also considering this was happening before the war and announcing this as well was also being used for propaganda. Again like many other things we'll only get all the facts when the war is over or maybe possibly many years after it but I wouldn't see any reason why that wouldn't actually be the case. And to go back to your point, that person that made a question about propaganda text messages, yes this does happen on both sides actually but not only using cell broadcasts which that is one I've heard about but basically Ukrainians have been advertising for the Russian troops for sending text messages giving them locations to surrender their tanks and there has been a few occasions where it has actually happened. It shows you that we have to have a much more sophisticated layered understanding of how warfare is going to be conducted. We're not in the middle ages anymore where you just line up a group of men on one side, a group of men on the other side and they run at each other with sharp objects. Propaganda war, the war in terms of changing people's feelings about things, the war in terms of changing the support, the backing in other countries to provide the resources needed to fight the war, this war is working on so many levels now and yet telecommunications operators are at the heart of the battleground. The war is being fought on our networks as well, it's not just in the physical fight for territory, it's the digital territory, the online territory that's being fought for too. Now in terms of the importance of networks, you've written in fact about the philosophy, the mindset of the Russian forces in terms of how they see the importance of setting up networks. So, last year one of your articles, the greatly accelerated speed and the sheer number of Russian mobile operators deployed in wartime conditions showed the high priority for Russia to roll out mobile connectivity in a war zone. This indicates the importance to the Russian telecom networks, to have Russian telecom networks in these occupied areas, moving beyond the purely civilian nice to have to a necessity. Why do you interpret, so you're clear about what you see as the importance of networks in terms of the Russian strategy, but why do you interpret the rollout of Russian operators in occupied territory being as rapid as you characterise it? What makes it so surprising that we have Russian networks up and running as quickly as they have? How does it compare to say what you would have expected in the past or what's happened elsewhere? Yeah, so that was trying to make sense of these separatist or illegal Russian operators that Russia was deploying in occupied southern Ukraine. So the step back a moment in Crimea when the Russians took over Crimea, it took them about two years to set up four mobile operators there. But what's actually happened over in occupied southern Ukraine since the start of 2022, they've expanded to existing separatist operators, which they set up there many years ago. And then they set up two new completely ones. This is over a matter of a couple of months. So unlike Crimea, which is the middle of a war, they're expanding two operators, setting up two entirely new ones in the midst of a conflict. And in some of these places, they now have coverage where they don't have running water or electricity. So we talked about critical national infrastructure. Maybe in the past, telecommons might be seen as maybe not as high in a critical list of some of those others, but the Russians clearly see it as high, if not highest, because they're rolling us out in some of these places, which, like I said, doesn't have running water, electricity. And if you were doing this for civilian purposes, you'd only probably have one operator. You don't need four operators. That's more operators than many countries have. So this is something you're doing in the midst of a war zone, faster than occupying an adjacent region whereas in peacetime. And then there's all these reports of the use of mobile networks by Russian units and so on. So the conclusion I was taking from it is that these definitely have a dual purpose. Not only obviously for civilians and for military, but also if the Russians wish to communicate with collaborators or these officials to put these new state governments in this area, they need some way to communicate with them as well. They can't give them military radio. This marks them out. So for many, many reasons, they need not one, but four, and also for redundancy. So now everybody watches everybody. The Russians also have a form of national emergency roaming between these new operators that they've set up. So they've got resilience on one side, they've got multiple operators, and they've got security that they're trying to reuse each other as well. So from my perspective, it's also very unusual to say, but yes, I won't say an army matches as far as its mobile networks, but this is something that's happening in this region. And in terms of the speed, do you think they've learned from past experience about how to do this more rapidly? Yes, I think so. With some of our research, we could definitely see at least technical connections between these new separatist operators and what they already had deployed in Crimea. And I guess, I mean, a lot of people ask questions about where, how to get this equipment in or how to set up your own mobile operator. It turns out there's a variety of conflict zones around the world where mobile operators now come into being, what's happened in Nagorno-Karabakh, it's also happened in places like Libya. Separatist mobile operators, I'm quite interested in myself, but they do arise a lot more than you would actually think, but with practice becomes you improve your performance as well. So this is clearly what's happened here as well. I think people who are outside of telecoms industry will probably be completely mystified that there can be such a thing in the world as a rogue phone operator, because you can call them and they can make calls and they're connected to other phone operators. Is there any reason to believe that the success in rolling out these Russian operators in occupied parts of Ukraine is a representation of a failure of Western sanctions? I wouldn't say so. It's very hard to police this from all sectors. And I would imagine a lot of this equipment which has come over has actually came over, was acquired a lot of it before 2022, before the invasion started. Now this isn't to say this won't have an effect, material effect, possibly on the Russian operators. So far what we've seen is that these new separatist operators are primarily 2G and 4G, they're skipping 3G in many cases, 2G for the range, 4G for the data. And so if they're maybe cannibalizing this material or maybe acquired from other outside non-Western sources. But as we've seen, it can be very difficult to manage the track of all the equipment around the world. There's numerous reports of Western chips ending up in devices in use in the war. And even if it doesn't go to Russia, it can go via countries into via Russia. So I wouldn't say it's a failure of Western sanctions. I don't expect that Russia was planning on rolling out these additional mobile operators if the invasion had gone to plan, they would simply have reused the existing ones, but then they've had to change their plans. So this is possibly a plan B or plan C. So it's, again, unexpected, but it's not something we've seen this extent of before, but we have to recognize it. Now, Timo from Canada has written in a comment here about the use of Starlink providing internet service everywhere in Ukraine. He says they auditioned for the US government and Pentagon as to what a distributed satellite network can do in real time. Again, we've been talking here about the rapidity in which a mobile network has been rolled out is now satellite communications also going to be a game changer for this blurred line between civilian and military communications in future. And what's your feeling is about the importance of Starlink in terms of the services provided by Elon Musk's company to keep the Ukrainians connected. Is it a lot of hype or did it make a big difference? Yeah, and this goes to Starlink and Elon Musk, always gets people quite animated. Look, I won't answer from my perspective, from the Ukrainian side, the Ministry of Digital Transformation and they've gone on the record as stating that this has made a huge difference, especially troops on the front line. And there's been many reports of them using Starlink to communicate back to headquarters and so on. And also on the telecom side, many operators now in Ukraine have trialed the use of Starlink as a form of backhaul. Again, this is something which hasn't really been done outside, I believe, other than Japan, but certainly first time in Europe, this form of backhaul when the cables get damaged so they can just reuse this to get communications back. So based on what we've seen in Ukraine, it has made a big difference. But I don't understand why people would think it wouldn't because it's a form of a communication which doesn't rely on cables, it's got much longer range than telecoms, but it can fit in different places. And I do think that the use of Starlink networks as an adjunct is also going to be the future of how countries will look at the preparation. You can't rely on having power, Ukraine has big issues for a period of time around Christmas having power. You can't rely on having power all the time, you can't rely on having cables undamaged. So you have to look at all these different methods and that method which has made a difference to Ukraine. If I put it this way, would Russia have liked equivalent system, we can be sure that they would. Absolutely. And in fact, I just want to bring Lee in here because Lee's got some very strong opinions about things like submarine cables being cut and the strategic importance of protecting them. Lee, do we now expect that we need to start worrying a bit more about satellites being shot out in the sky? Yes, I think we should do. I think you shouldn't really be taking anything off the table these days, Eric. It's pretty clear is that, you know, the prelude to this is to take over the telecommunications or to deny, you know, people access to communications. So yes, I think we have to be very wary of that, Eric. And Ed, in terms of Starlink, we've seen some manoeuvres by some American politicians to start saying, we're going to use satellite communications to give people unfettered free. The word freedom gets used a lot in debates like this. The freedom of the internet without it being censored in countries like Cuba. Do you see this, the use of satellites as being a big stick that's going to be used by countries like the USA in future in order to challenge regimes they don't like? I mean, I don't know that I can speak to the policy piece and it certainly makes sense that they might be, put it this way, it certainly makes sense, are going to be used for defence. And I think the US put its nickel down on that. I mean, that's why the Space Force was created, as much as it already snickers a little bit when they hear Space Force. And effectively, I was speaking with a national security expert who's a mutual friend of ours just the other day about this very issue. And he was making the point that effectively what they did was they took the piece of the Air Force that was responsible for things in space and made it its own force to give it its own prioritisation because there's definitely an awareness, right, of the communications landscape, the warfare landscape, things are going to be happening in space. And for the reasons you're talking about, right, it's not excluding fighters battling Thai fighters, it's satellite communications, first and foremost. And I think the other thing I looked at, I'd say quickly, is if you look at the number of LEO launches in the last handful of years, and those that are already scheduled, I mean, it just keeps multiplying. There's more and more birds going up all the time. And that's why I wonder if the Chinese and the Russians are going to spend more and more efforts in working out how to disable and to tilt the balance backwards rather than allow a big, big lead to be established by the strategic competitor. But I don't think we can answer all those questions. And I'm so sorry to everybody who submitted a question today, we haven't had time to read it out. But obviously, Cathal has been a very popular guest, and he stirred up a lot of interest and stimulant. And we've talked about the history of this war, and particularly the communications war being written after the war is over. Will you be the one writing it? Cathal, are you going to keep on writing some more articles for us to keep us up to speed? Maybe post piece them all together, create an anthology for us afterwards? And like my marketing department, I'm way behind as it is. Yes, I mean, we do further research planning to come out. It's won't answer when it's come out soon. But yeah, I mean, I hope to keep on track. I mean, I think everybody should. And again, like I said, I mean, I'm not Ukrainian, I feel sometimes a bit uncomfortable trying to tell their story. But it's a story that until they can or tell it, a story that should be told because they're doing incredible things. And it just shows how important the areas that we work in telecoms is. It's not nice to have, it's critical to have. I think you're absolutely right, though, I would also say, having somebody who's not Ukrainian tell the story at least takes away the argument, the criticism that it's a prejudiced point of view, a partisan point of view, to have somebody who can perhaps look at it independently and chart, it's also powerful. So I would keep on doing what you're doing, Cathal, we do appreciate it, the audience appreciates it. Thank you very much for joining us on today's show. Thanks very much. So that's it for today's show. Ed Lee and I will return next Wednesday when we'll be discussing security for networked consumer products with David Rogers MBE, recently reelected chair of the GSMA's Fraud and Security Group. We'll be live on Wednesday, 29th March at 4pm UK, 6pm Saudi Arabia, 10am US Central System. Changes because of daylight savings don't be caught out if you're going to watch us live. Why not save the show to your diary by clicking on the link in the Communications Risk Show webpage so you don't need to worry about time zones, or better still, subscribe to Communications Risk Show broadcast schedule and have every weekly show uploaded to your diary automatically. Thanks again to today's guest, Cathal Mc Daid, Chief of Technology at Enea AdaptiveMobile Security. Thanks also to my wonderful co-presenters, Ed Feingold and Lee Scargall for sharing the fruits of their experience and to our hardworking producers of the show, James Greenley and Matt Carter. You've been watching the Communications Risk Show. I'm Eric Priezkalns. You can visit the show's website, tv.commsrisk.com, to replay last week's episode about corruption and regulation and recordings of all our past interviews. Or visit our main website at commsrisk.com for news and opinion about risks in the comms industry and do check out the useful and free resources of the Risk and Assurance Group from their website at riskandassurancegroup.org. Thanks for watching today. We'll see you next Wednesday.