Mobile networks are now the backbone of our digital lives, but as their complexity increases, so do the security challenges they present.
In a detailed interview with Telecoms, Alex Leadbeater, Technical Security Director at the GSMA, explained how classifying mobile infrastructure as critical national infrastructure has influenced security strategies, how new technologies affect risk, and what defensive measures the industry is adopting.
Legacy systems continue to create security problems
Leadbeater pointed out that although 5G was built with security in mind, legacy systems remain a significant source of vulnerability.
“If you take it back 20 years, mobile technology was in its post‑GSM days, relatively new, pre‑Facebook,” Leadbeater recalled. “Move forward to 2025 and the mobile industry underpins almost everyone’s digital life.”
That evolution has added complexity to the ecosystem and introduced security constraints that were not considered when many older systems were designed.
“5G is excellent. It was designed with security features—principles such as zero trust are built in,” he said. “The problem is much of the supporting technology we still depend on, like SS7, wasn’t designed for today’s environment.”
Leadbeater explained that many 5G weaknesses stem from interactions with legacy systems. “If you build a greenfield, standalone 5G network, it’s pretty robust. The challenge is the coexistence with older technologies.”
Switching off problematic legacy systems would be ideal, but that is difficult in practice because many essential services—such as smart meters and long‑life IoT devices—still rely on older mobile standards.
An attack surface that keeps expanding
When asked how emerging technologies—Open RAN, network APIs, and non‑terrestrial networks—affect the attack surface, Leadbeater acknowledged that adding technologies inevitably grows potential vulnerabilities.
“Every time we add a technology we add APIs, more AI; new innovations always expand the attack surface,” he said. “That’s the reality of technological progress.”
Despite that growth, Leadbeater emphasized that core security principles remain effective.
“The landscape gets bigger and the number of ingress points for attackers grows, but the fundamentals of defence don’t change,” he noted. “We still rely on basic security controls, layered defence and good operational practice.”
He added that many newer components—including Open RAN and modern network APIs—have security baked into their designs, but successful protection depends on proper implementation.
“APIs, if implemented correctly, can be quite secure,” Leadbeater said. “The key issue is ensuring secure deployment and configuration.”
Collaborative defence through threat intelligence sharing
A major theme in the GSMA’s Mobile Telecommunications Security Landscape 2025 report is the use of “defensive force multipliers,” particularly industry‑wide threat intelligence sharing.
“A very good example is T‑ISAC,” Leadbeater explained. “The telecoms threat‑sharing ISAC we run brings together around 120 members.”
This collective approach lets operators exchange threat information and coordinate responses. Leadbeater cited the industry’s retrospective analysis of the FluBot malware outbreak as a case where shared intelligence improved detection and response.
“Looking at T‑ISAC data, we could see the trend even when mobile networks were not directly impacted because the malware targeted end IoT devices,” he said. “Working together, operators can identify unknown trends and ask, ‘What is this?’”
The GSMA also supports information sharing through its Fraud and Security Group (FASG), which brings operators and industry partners together to tackle threats like SMS blasters, SIM farms, and other fraud.
Strengthening supply chain security and resilience
On supply chain security, Leadbeater said the GSMA is updating its guidance to help operators better understand and manage supplier risk.
“A core recommendation is to know your network and extend that visibility into the supply chain,” he explained. “Some operators reduce supplier dependency by choosing fewer vendors, but that can concentrate risk—if everyone relies on the same supplier, a single disruption affects many.”
The GSMA’s security controls advise operators to ask detailed questions of suppliers and to adopt practices such as maintaining a Software Bill of Materials (SBOM). Leadbeater also highlighted the role of NESAS (Network Equipment Security Assurance Scheme) in improving equipment assurance.
Discussing resilience amid geopolitical tensions, he observed that telecom equipment sourcing is globally distributed—roughly balanced across European, Asian and US suppliers—and much of the underlying technology follows common standards like 3GPP.
“The fundamental technology is largely the same; differences are often limited to branding and support arrangements,” he said. This interdependence means operators must craft resilience strategies that consider geopolitical realities while ensuring continuity during natural disasters or other disruptions.
Proactive threat hunting and the role of human factors
The GSMA report emphasizes proactive threat hunting as essential to staying ahead of attackers. Leadbeater said continuous testing and active threat hunting are critical operational practices.
“Security is often about the last attack you defended against,” he commented. “If something passes a test today, it may still be vulnerable tomorrow.”
He noted regional regulatory differences—such as privacy rules in Europe—that can limit certain types of security analysis, like inspecting content for signatures, which affects detection capabilities compared with other regions.
Leadbeater also stressed that human behaviour remains one of the largest vulnerabilities. “Many incidents are human‑triggered: people click on malicious links or are tricked into actions that enable attacks,” he said.
Preparing for 6G security challenges
Looking ahead to 6G, Leadbeater described the evolution as continuous rather than revolutionary, with security considerations that build on lessons from previous generations.
“6G is part of a continuous evolution from 5G; we’re extending capabilities rather than making a sharp break,” he explained.
Although 6G standards are still in early development, Leadbeater identified priorities such as API security, hardening AI components, and better integration of satellite communications.
“5G doesn’t treat satellites as native components very well; 6G is likely to integrate satellite links more naturally, as if they were another cell site,” he said. He also expects 6G to adopt quantum‑safe algorithms from the start, reducing future cryptographic risk posed by quantum computing.
Industry collaboration remains essential
As mobile networks continue to support critical infrastructure worldwide, Leadbeater underlined that collaboration across the industry is crucial to address fast‑evolving threats.
The GSMA is expanding its security activities—this year’s MWC included the largest set of security content it has ever presented, including a security summit and an AI hackathon.
Through initiatives such as T‑ISAC, FASG, and ongoing standards work, the mobile industry is strengthening defensive capabilities while managing the complexity of global telecoms infrastructure. The goal, Leadbeater said, is to reduce opportunities for attackers through strong controls and practices—though he acknowledged the industry still has progress to make.
See also: US charges 12 Chinese nationals for ‘reckless’ cyberattacks
Want to learn more about cybersecurity and cloud technologies from industry leaders? Cyber Security & Cloud Expo runs events in Amsterdam, California, and London and is co‑located with other major tech events covering digital transformation, IoT, blockchain, and AI. Explore upcoming enterprise technology events and webinars from TechForge to find sessions and discussions relevant to operators, security teams, and technology leaders.