Signaling security is national security: A telecom wake-up call

This Industry Viewpoint was authored by Tomas Hedqvist, Senior Director Product Marketing, Enea

Telecom networks are no longer just pipes for communication. They are strategic assets and strategic targets. In the last decade, mobile infrastructure has taken on a new geopolitical significance. From espionage and influence operations to battlefield coordination, communications networks have become critical national infrastructure (CNI). Reflecting this shift, mobile services now contribute $6.5 trillion annually to the global economy, according to the GSMA, and it is a number that is expected to continue to grow. This level of contribution to the economy underscores the central role mobile networks play in society and in socioeconomic development. Their importance to national security and digital sovereignty cannot be overestimated.

This reality brings an uncomfortable question. How well are mobile networks and users protected from geopolitically motivated threat actors, and what does it mean for states and mobile operators if signaling vulnerabilities are still left exposed?

Critical national infrastructure in the geopolitical spotlight

Rising geopolitical tensions have underlined just how critical communications are to national resilience. Secure networks are essential for everything from coordinating emergency responses to enabling government and defence operations. Governments now view telecoms not just as private infrastructure, but as part of a broader security architecture.

That shift has inevitably brought more scrutiny. Together with energy, telecom is widely regarded as the most critical sector because of how it underpins the functioning of nearly any other infrastructure, such as water, transport, finance, and healthcare. National regulatory authorities in Europe, the US, and Asia are now applying fresh pressure on mobile network operators (MNOs) to increase security.  

A prime example of stricter security regulations is Germany’s KRITIS law. It requires operators of essential services, including telecoms, to implement specific security measures and report major disruptions. This is an illustration of regulators’ increased concern to protect mobile networks and other critical national infrastructure. However, while regulation can set the direction, the real responsibility rests with operators to act decisively while securing their networks and reducing exposure to potential threats.

Espionage in plain sight

The most immediate threat comes from espionage. Signaling protocols can be exploited to silently intercept SMS messages, locate and track high-value targets, and bypass two-factor authentication. Attackers can accomplish all of this without the subscriber ever realizing it, and in many cases, without the operator noticing it until much later. For state-sponsored groups, the ability to track diplomats, journalists, or political figures is a powerful pedal in information warfare.

Exploiting signaling can also be a tool for adversaries to sow doubt and confusion, for example, by distributing misinformation through SMS messages or deliberately causing service outages.

Why old vulnerabilities persist

If the danger is so well understood, why do these vulnerabilities remain? The short answer is that telecom networks are complex, layered, and built over decades of investment. Protocols like SS7 were designed in an era when security was not a priority and the use case implied mutual trust. Unfortunately, newer signaling protocols, including Diameter and GTP-C, have inherited many of these design flaws. They remain deeply embedded in the infrastructure that keeps mobile networks running.

Simply ripping them out is not feasible. Operators must continue supporting multiple generations of technology at once, from legacy 2G and 3G systems to the latest 5G deployments. That interconnectedness means that even as networks evolve, vulnerabilities are carried forward. Attackers don’t need to discover new weaknesses; they can continue exploiting those already known, applying new bypass techniques whenever signaling defenses come in their way.

A threat that won’t disappear

Some in the industry hope that 5G will mark a clean break from the past. But that is hugely optimistic. In reality, 5G roaming is nowhere on the horizon, leaving the door open to signaling-based attacks through international roaming. The result is a persistent, evolving threat. Signaling attacks are not relics of a bygone era; they remain an active risk that will persist in the telecom landscape for years to come.

The imperative for action

So what must be done? First, MNOs need to recognise that signaling security is not just a technical detail – it is a national security issue. Every network and interface lacking adequate protection is a potential avenue for espionage or disruption.

Second, waiting for regulatory mandates is not a viable strategy. Regulation plays an important role in setting standards and ensuring consistency, but compliance should be a baseline, not the end goal. Signaling security needs to be adaptive, meaning it must constantly analyse, understand, and track threat actors and their tactics, techniques, and procedures as these evolve much faster than regulations ever can. The true responsibility lies with operators to take proactive measures to secure their signaling protocols.

Finally, operators must view signaling security as a viable imperative. Beyond national security considerations, subscribers expect their communications to be private and their data safe. Breaches erode trust, damage reputations, and can have lasting financial consequences. While many security-minded operators are continuously improving their signaling security, as many as half have not even started.

A wake-up call

Signaling security is not just a technical concern, it is central to national security, subscriber trust, and commercial resilience. Networks remain exposed due to legacy protocols like SS7, and attackers continue to exploit these weaknesses to track targets and bypass security. Even as 5G and future technologies roll out, interworking with older systems means these vulnerabilities persist. Regulators can set standards, but the ultimate responsibility lies with operators to proactively secure their networks and protect sensitive data whilst safeguarding their users.

Securing signaling infrastructure must become a top priority now, before the next crisis exposes just how vulnerable we really are.

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: Industry Viewpoint · Security · Wireless