TPG Telecom brings red and blue teams, partners under cyber CoE

TPG Telecom has stood up a cyber centre of excellence in Sydney to focus on finding vulnerabilities in telco and IT equipment, developing exploits and applying mitigations.

The centre - known as the CCoE - officially launches today, although it has been in setup mode for a number of months, courtesy of a “significant” investment, general manager of technology security Lee Barney told iTnews.

It will host the telco’s existing red and blue teams, representatives from Ericsson, Nokia and TCS on 90-day rotations, and researchers from UNSW.

It’s anticipated that the vendors will each have three people - mostly R&D resources - sat in the CCoE at any one time.

TPG uses Ericsson in its core, Nokia equipment for its radio access network and TCS for internal systems and platforms. 

The red and blue team resources pre-date the CCoE but have been brought together to work out of the new centre.

The new capability being incubated at the centre is around exploit development, Barney said.

“The issue we have is that nation states are getting way too interested, not just in telco in terms of what we care about, but also within critical asset infrastructure,” he said.

“We rely on our partner agencies in the Australian Signals Directorate (ASD) to share intelligence with us as they find it, and they are fantastic and definitely share what they have, but we also need to move much faster in terms of the individual exploit development for [the vendor] equipment that we have.

“If we can go and work out what exploits can be triggered, we can work out mitigations to put in place, and that mitigation can be code development or something as simple as a new rule to go into a SIEM.”

While exact numbers will fluctuate, it’s likely the CCoE will host 20-plus people at any given time.

The first vendor resources are expected to be working onsite from January 2025. 

In addition to testing telco and IT equipment and systems, the CCoE “will also put physical security to the test, ensuring access to critical sites like data centres and operations centres are secure and protected against hackers’ ever-evolving arsenal of tools,” TPG Telecom said in a statement.

Barney, together with senior red team manager Jason Ford, told iTnews that the intent is to openly publish as much of the CCoE’s work as possible, and/or to share it with other telcos.

An early piece of work involves testing AI/ML to detect smishing - SMS phishing - messages on TPG’s network.

Barney said that the algorithm TPG had developed was able to delineate between legitimate and scam messages with 95 percent accuracy using a test dataset.

“We’re looking at executing this on live data in the very near future,” he said.

Just as CBA has done in open sourcing a tool to help banks and others stop payments to scammers, TPG intends to offer what it produces openly as well.

“One thing I’m adamant [about] is security should not be a differentiator between different telcos,” Barney said.

“Once we find something, we share that intelligence. 

“We’re not going to hold onto this AI we’re developing. If [others] are interested and want to use it, they can have access to it and copy the approach.”

Ford - for whom the open-sourcing of research was described as a keen interest - said TPG wanted to “improve the security of telco infrastructure.”

“That includes the RAN, transmission, and the backend servers,” he said.

“What we’re able to do through this approach of working with our partners is all of our partners including ourselves [will] work through the secure software development lifecycle (SSLDC) framework.

“We have a good level of maturity when it comes to making sure that products we buy are shipped securely, and that when we implement them, it’s done so securely. 

“What I believe the gap in the SSLDC is, is that it’s always timeboxed. There’s always the limitation of needing to get security testing done by this amount of time, and being practitioners, we always have that [thought] in the back of our minds when we finish a pentest or an engagement of, ‘If I had more time, what else could I do?’ 

“That is basically what the CCoE allows us to do: to take that step further and really look under the hood at everything.”

TPG Telecom brings red and blue teams, partners under cyber CoE

TPG Telecom brings red and blue teams, partners under cyber CoE

TPG Telecom brings red and blue teams, partners under cyber CoE

TPG Telecom brings red and blue teams, partners under cyber CoE

TPG Telecom brings red and blue teams, partners under cyber CoE