Here on The New IP, there is no need to declare "SDN and NFV enabled services will revolutionize the telco industry" or predict "SDN and NFV technologies are the future of networking." Even though we still see such headlines, as industry insiders and experts we all know this was established more than two years ago.
The state of the market today is such that most Tier 1 and Tier 2 telcos in competitive markets have already formulated their SDN and NFV strategies. Many are in advanced stages of conducting some form of proof of concept (PoC) testing and have already deployed NFV on their core network. What we hear from the optimistic telcos is they expect to begin rolling out new virtualized IT services to their enterprise customers by the end of the year. The more cautious said they will need until sometime in 2017 to be ready to launch new services based on SDN and NFV technologies for vCPE and mobile edge computing. As a side note, what is interesting is that telcos in highly competitive markets are under more urgent pressure to begin generating revenue streams from new virtualized services, while telcos in less competitive markets are content to move forward at a slower pace.
A World of Worries
Concerns over cybersecurity vulnerabilities inherent to the use of SDN and NFV technologies -- including exposure to hacking, malware and similar cyber attacks that existing telco networks are properly protected against -- concern many telcos in advanced stages of SDN and NFV plans.
What we hear a lot of lately -- say the past three to six months -- are concerns from telcos over the security of SDN and NFV enabled networks. It has been well documented that SDN and NFV infrastructures offer telcos and other communications service providers the benefits of openness, remote programmability, agility, and similar advantages of IT-like networks. However, this similarity to IT networks that makes SDN and NFV networks advantageous for telcos also makes them vulnerable to the full range of cyber attacks that target IT networks. The discussion regarding these cybersecurity concerns is growing, although not much has been done about it yet.
The feedback we are currently getting is that the concerns over the cybersecurity vulnerabilities inherent to the use of SDN and NFV technologies, including exposure to hacking, malware and similar cyber attacks that existing telco networks are properly protected against, are occupying the attention of many telcos in advanced stages of their SDN and NFV plans.
Here are four examples of these cybersecurity risks:
• Both data plane and control plane management are now in software and not hardware-based microchips (application-specific integrated circuits or ASICs). This software is much more vulnerable to denial of service (DoS) and distributed DoS (DDoS) attacks.
• The control and management planes of each device and each function are open for remote operations as well as user self-service. This creates a pinhole vulnerability that can be exploited and used as a venue to launch a cyber attack.
• Once malware resides on the network inside the perimeter, it propagates easily across virtual machines and hosts as there is no mechanism to monitor it.
• Each host has many VMs and each represents a pinhole for the attack and propagation of infectious items. Each VM is an entire virtual host with its operating system, software and drivers, including third-party software. Each component represents a threat, including open source and third-party software updates.
Generally speaking, telco security professionals currently do not have to contend with these cybersecurity issues as telecom networks are traditionally closed infrastructures protected by readily available and mature security solutions.
These vulnerabilities and exploits are real and certainly need to be addressed. However, with a standard industry approach or an acceptable solution that appropriately minimizes risks, these cybersecurity vulnerabilities associated with SDN and NFV will not prevent the adoption of these technologies and the services that they enable.
The point of all this is that telcos and the industry are progressing with their plans for SDN and NFV and the cybersecurity concerns associated with the technologies is the next issue that will need to be addressed.
— Gal Ofel is the Head of Software Solution Product Line Management at Telco Systems. Gal is responsible for the company's SDN and Distributed NFV software products and ecosystem. Special to The New IP.