HUMAN NETWORK: How Cybercriminals and Spies Threaten to Attack Your Remote Cellular Network

5G/6G & Fixed Wireless Access/Mobile EvolutionHuman NetworkNetwork Transformation/Edge Compute/IoT/URLLC/Automation/M2MProfessional Development/LeadershipSmart HomeTowers

Intelligent Site Management:

As owners, operators, and end users of networks that carry the backbone of our country’s communication system, every moment of every day, you are being probed, analyzed and attacked. Hackers are assessing the Internet and wireless networks to see if there’s something of value that can be stolen, vandalized, or destroyed. They’re looking for information on physical assets as well as digital footprint. This white paper explores how cybercriminals, both large and small are attacking you and what you can do to lessen your risk

The security of the United States depends on its critical infrastructure, which includes:
• Electrical grids
• Internet
• Wireless and wireline networks

As insightful commentators have noted, if the web goes down, the world goes back to 1996. If the electric grid goes down, the world goes back to 1896.

The owners, operators and end users of these networks demand high levels of reliability and meeting contractual Quality of Service (QoS) goals. From petty crooks to criminal masterminds, criminals of any stripe can impact your operations. For example:
• Unplanned truck roll to replace copper stolen from a ground bar at a tower site
• Re-roll when the technician realizes that he left the site keys back in the office
• Another re-roll when the technician discovers that the thief also broke a lightning rod, threatening the safety of the entire crew.

The US government and companies in the remote networking industry like Westell are actively responding to these threats. Today’s electrical grid is dynamically being transformed from an analog, physical network to a digital, virtual “smart grid” supported by smart meter technology.

The advantages of digital infrastructure for power companies and consumers are tremendous, but crooks are taking advantage of the increased complexity and interconnectedness. With each new technology comes new vulnerabilities that need to be secured and protected.

Addressing the Challenge
To better address these risks, President Barack Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” in 2013, which established that “[it] is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”

In enacting this policy, the Executive Order calls for the development of a voluntary risk-based Cybersecurity Framework — a set of industry standards and best practices to help organizations manage cybersecurity risks. The resulting Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.

The framework is made up of 5 major steps: identify, protect, detect, respond, and recover. Each step is risk adjusted to reflect which risks are more or less important in a specific environment. For example, cell tower sites often have much more theft and vandalism than data centers built in suburban office parks.

Similarly, each of the 5 major steps needs to be instantiated with the assets that are needed to manage the big risks. The assets include in-building assets, outside sites assets, and human assets.

Cyber Security: It’s Not All in the Cloud
The reality is when we hear the term “cyber,” we think of the virtual world of bits and bytes. Yet that virtual world is built on physical assets, buildings, network towers, power lines, hardware servers, and even HVAC systems that are all vulnerable to threats. Any company considering a comprehensive review of its data security has to consider 3 distinct locations:
1. In-building locations
2. Outside sites
3. Human assets

In-Building Locations
The first line of cybersecurity defense is ensuring that your physical assets are protected. Whether you’re in a hut taking an inventory of assets or climbing a tower disguised as a tree, the question of security is more than having a guard at the gate. Most companies have some form of site access security.

The dual challenge is ensuring that the monitoring systems are functioning and those responsible for monitoring are doing their jobs. Furthermore, the more security is outsourced in an effort to maintain costs, the more likely you are to have multiple points of failure. While your employees may live up to your highest expectations, in today’s distributed working environment the reality is that often times the solutions to the biggest cybersecurity problems are solved in the simplest ways. Assessing and quantifying the risks in each of your physical locations is essential. Security is successful only if you’re keeping the bad guys out while the good guys get their work done.

Outside Sites
Maintaining remote sites, especially low activity ones like a cell tower, is a perennial problem. Often situated miles from the nearest service center, when there’s a problem it can sometimes take hours — and cost thousands of dollars — to get resolved. What is even worse is if you’ve taken reasonable precautions to prevent unauthorized access to your site, vandals, thieves and ne’er-do-wells may still break in and steal high value equipment that can bring services to a halt.

As more and more towers are outfitted with remote monitoring systems and are reaping the benefits of improved productivity, the tower companies recognize that in the wrong hands, visibility and access could be very dangerous.

The frequency of theft of goods like copper, diesel fuel, portable generators, etc., goes up when prices of global commodities go down and/or goods are easily fenced. These property crimes include Robbery, Burglary, Stolen property, Trespass, Vandalism, Assault, and Fraud.

Some cell tower owner / operators systematically track property crime. They sort by severity, frequency, and value of the crime, review felonies vs. misdemeanors, and whether any people were hurt, not just property. When appropriate, they report crimes to law enforcement and insurance agents

Transformers contain approximately 50 pounds of copper with the potential to yield $100 for copper thieves at current prices in 2016. The economic impact of theft can be much greater than cost of replacements. Further, if physically stolen, the crime may result in thousands of dollars in damages, replacement costs, and
environmental cleanup.

For example, if a copper grounding bar cost $140 and can be “fenced for $10” but it costs $1,000’s to replace, plus labor, lost revenue, and knock-on effects (such as the site may be at risk by being improperly grounded). Keeping the bad guys out through adequate prevention is important, and so is tracking equipment if it is stolen. Inventory controls, electronic tagging and tracing the resale market are all tools in a company’s arsenal. (2)

1. “Between 2007 and 2015, the global price of copper ranged between $1.25 and $4.50 per pound. Thus, the price of 50 pounds of copper in the cell tower’s transformer ranged from $63 to $225.”

2. — believes copper theft is a dangerous problem for national security

Human Factors
The smartest link in the security chain may also be the weakest. Employers have to trust their workers; there is no reasonable alternative. However, all too often, employers fail to realize that risks posed by trusted personnel are highly dynamic and must be actively managed. Often, employers assess employee risk only once – at the time of hire. Unfortunately, employees with decades of tenure are capable of the unthinkable if they’re having trouble making the mortgage payment next month. Moreover, as employees’ roles change, their access to sensitive information and level of supervision must be re-evaluated to actively manage the acceptable level of risk. Just last year, for example, not properly vetting an employee’s security access allowed a low-level HSBC employee to steal data that affected 24,000 clients – 15% of its client base.

In any system where humans play an integral role, vulnerabilities due to human nature will permeate. Any realistic security system creates redundancies and redoubts that address both technical and human vulnerabilities. The best security systems also mitigate the consequences of the admittedly inevitable breach.

Cybersecurity Framework Components
The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Profiles, and the Framework Implementation Tiers. Each Framework component reinforces the connection between business drivers and cybersecurity activities.

The Framework Core
The core consists of 5 components outlined below:

1. Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

2. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

3. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

4. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.

5. Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.

The Framework Profile
The Framework Profile articulates the results of Framework Core activities. In simpler terms, the Profile summarizes the outcome of a cybersecurity assessment across a broad spectrum of capabilities, including asset management and data security. As a result, the Profile provides a strategic view of an organization’s alignment of cybersecurity standards to critical business operations and risk tolerances. Implementing a Profile enables an organization to accurately report current (“as is”) and target (“future”) states, depict progress towards the target state, and clearly communicate cybersecurity risks to internal and external stakeholders.

As the Framework subcategories represent general cybersecurity practices, supplementing the Framework with additional industry-leading guidance, such as NIST 800-53 or ISO 27000-series controls, affords greater precision in determining whether or not specific requirements have been met.

The Framework Implementation Tiers
Implementing the NIST Cybersecurity Framework is no simple endeavor. Developing methodologies and conducting assessments of people, processes, and technologies take time and resources. But as headlines routinely report, malicious actors are fastidious in their attempts to steal data and disrupt daily operations. Organizations must be equally vigilant in their efforts to repel these attacks.

To be certain, new vulnerabilities will continue to emerge, and threat actors (humans or machines) will regularly endeavor to exploit potential security gaps. Understanding your organization’s approach to cybersecurity is the first step in identifying the aspects in need of remediation. In this regard, creating a Framework Profile will equip leaders with the information required to make timely, risk-based decisions to improve cyber defenses.

Hindsight is 20/20 after a security breach. Investing in deeper insight now can better prepare your organization to succeed across a full range of cyber capabilities — from protecting valuable assets to comprehensive post-incident recovery.

Creating a Plan That Integrates 5 Steps With Risks and Locations
(Please see the complete White Paper at for this table of information.)

Industry and governments have responded to these cyberthreats by establishing councils to alleviate the threats. For example, U.S. Communications Sector Coordinating Council (CSCC) is one of 16 councils that other companies can join or monitor.

The Communications Sector
Today’s global communications infrastructure is a sophisticated system of complex technologies working together to deliver essential and innovative services to customers around the world. Modern communications networks are the backbone to the Internet and other key information systems, and include broad capabilities across wireline, wireless, satellite, cable and broadcasting infrastructure.

Communications is one of 16 critical infrastructure sector coordinating councils, and CSCC works in partnership to ensure that communications systems and networks are secure, resilient, and rapidly restored, in the event of an incident.

Wireless: Wireless technology consists of cellular phone, paging, personal communications services, high-frequency radio, unlicensed wireless and other commercial and private radio services.

Cable: The cable industry is composed of approximately 7,791 cable systems that offer analog and digital video programming services, digital telephone service, and high-speed Internet access service.

Wireline: Over 1,000 companies offer wireline, facilities-based communications services in the United States. Wireline companies serve as the backbone of the Internet.

Satellite: Satellite communications systems deliver advanced data, voice, and video communications, transmitting data from one point on the Earth to another.

Broadcasting: There are more than 14,000 radio and 1,700 television broadcasting facilities in the United States, sending broadcasts through the air to a frequency network of transmitters.

CSCC members represent communications sector critical infrastructure owners/operators and their designated trade associations. Communications sector infrastructure is a complex system of systems that incorporates multiple technologies and services with diverse ownership. Member companies include Association of Public Television Stations, AT&T, Cisco Systems, CTIA – The Wireless Association, Hughes, Juniper, National Association of Broadcasters, and many others.

ADDITIONAL READING: 7 Reasons Why Visual Hacking Is Becoming a Bigger Risk
1. To increase productivity of cell site technicians, many organizations are creating open workspaces without walls and cubicles, sometimes with no office at all, e.g., in my new Ford F150 truck, at Starbucks with free Wi-Fi, at McDonald’s for the all-day breakfast menu and $1 coffee, or at home in my home office.

2. As a result, sensitive and confidential data may be visible to prying eyes or remote logging of database queries, keystroke trackers, and other snoops.

3. In general, organizations are better able to enforce access policies for electronic documents in a consistent fashion across all users than for paper documents.

4. Employees or contractors often are not aware of what types of information are sensitive or confidential and should be protected from individuals with malicious intent.

5. Many organizations do not have a strict policy for securing paper documents both within the office and at offsite locations.

6. Employees often neglect to shred or dispose of sensitive paper documents in a secure manner. Confidential paper documents thrown in a trash bin, left in a communal printing tray and at an office desk are particularly vulnerable to visual hacking.

7. Sensitive and confidential documents are frequently accessed in public locations because of the increasingly mobile workforce.

ADDITIONAL READING: Tower Theft Continues in Utah
As reported by Inside Towers, tower theft in Utah has been an increasing problem. Another robbery occurred in Tollgate Canyon, Utah, where someone stole more than $5,000 worth of copper wire from a cellphone tower, reports the Park Record.

It is still an open investigation as there are no current suspects. Detective Kacey Bates said there was a similar occurrence a few months ago, “At this time there is no connection that we know of between the two incidents,” Bates said. Because of the value of copper, and related trespassing offenses, the suspect could be facing elevated theft charges.

The tower is located near Forest Meadows Drive in Tollgate Canyon. Verizon Wireless, T-Mobile and Crown Castle were the victims, according to the report.

Last accessed April 6, 2016)

ADDITIONAL READING: AT&T offers $7,500 reward for info about 250-foot tower that collapsed after vandalism in Texas
AT&T Mobility is offering a $7,500 reward for information about one of its cell towers that collapsed after it was vandalized in the town of Denison, Texas, according to police in the area. Although theft of equipment at cell sites is becoming more common, wholesale vandalism — especially the kind that brings down towers — is much rarer.

The 250-foot tower’s support cables appear to have been cut down early one morning earlier this month in Denison, a town on the border with Oklahoma. According to local TV station KXII, AT&T said the vandalism caused around $1 million in damage. The station also reported that the Denison Police Department does not think any equipment was stolen from the tower. Thieves often steal copper grounding bars, cable, fiber, and other gear from cell towers to sell on the black market.

AT&T installation crews erected a temporary cell tower but it will take around 3 months for the tower to be permanently replaced. AT&T said the $7,500 reward will be given to individuals providing information leading to an arrest and conviction in the case.

The authors are Brian Brouillette, SVP, Intelligent Site Management & Worldwide Services, Westell Technologies, and Bill Crandall, Spearfish Innovation.

Copyright © 2016 by Westell, Inc. All Rights Reserved. Westell, ClearLink, Kentrox, and Optima Management System are registered trademarks of Westell, Inc. All other names are trademarks of their respective owners. Information is correct at time of printing and is subject to change without notice. Westell, Inc. is an Equal Opportunity/Affirmative Action employer. For more information, and to read the complete White Paper, please email or visit and download the free whitepaper at

About Human Network Contributor

If you're interested in placing an article in the Human Network section, please email Karen Adolphson, Managing Editor, ISE magazine at