Long before anyone knew who Edward Snowden was, Deutsche Telekom had been one of the most vocal and active telecom operators on network security and data privacy issues. Now the operator wants to turn its security experience into a service advantage.
Deutsche Telekom AG (NYSE: DT) was one of the first operators to implement IPSec in its LTE networks, ahead of operators in South Korea and the US, and it also led the way with deploying the latest A5/3 encryption standard in all its mobile networks in Germany.
The revelation of extensive US government surveillance activities was an extra impetus for Deutsche Telekom to bang the security drum even louder. For an operator that is still 32% owned by the German government (the state directly owns 14.5% of the company and state-owned bank KfW owns 17.4%), the allegation that even Chancellor Angela Merkel's mobile phone was being monitored is a mighty big deal. So much so that the company is the chief proponent of the controversial proposal to create what it calls an "Internet of Short Distances," in which Internet traffic with senders and receivers in Europe (specifically, the Schengen Area) stays in Europe. (See Euronews: Merkel Moots US Data Bypass and Euronews: Prism a Wake-up Call, Says DT.)
But one of the results of Snowden's revelations is greater awareness among the general public about privacy and security. And that's what Deutsche Telekom is hoping to tap into with new products and services that are aimed at alleviating the growing security concerns of its customers.
"As we see a much higher sensitivity for security issues among our customers, we are convinced that we can make data privacy and security a unique selling point," says Thomas Tschersich, senior vice president technical security at Deutsche Telekom, in an emailed reply to Light Reading.
To that end, the operator has started offering an encrypted e-mail service through the "E-mail Made in Germany" initiative. It has also been working with Mozilla for the last year on a project called "Future of Mobile Privacy," whereby the Firefox OS is customized so that users can individually define their privacy settings and determine their level of data protection. Users can decide how much location data is given to app vendors, for instance. Some of these types of functions will be embedded in upcoming versions of the OS, although the operator did not specify when the features would be available.
And judging from the operator's showing at last month's CeBIT technology fair in Hanover, Germany, there are more security services and devices up its sleeve, including early warning systems for customers; the CipherCloud encryption tool for enterprises to protect their data before it is sent to the cloud; a malware protection app for smartphones, a so-called "two-sphere" smartphone that operates in either a secure, closed mode, or open mode, an encryption app for business users; as well as the "SiMKo3" super-secure smartphone that has a security level of "Classified -- for official use only" as certified by the Federal Office for Information Security (BSI).
"We've made security a design principle," says Tschersich. "We integrate security and privacy into the early stage of the product and system development."
Attacks arise everywhere; no need to panic
When it comes to the day-to-day task of defending its networks, Tschersich explains that DT has a Security Dashboard that monitors output from 180 sensors -- so-called "honeypots" -- that it has deployed worldwide in order to attract attacks onto systems that are isolated from its actual network infrastructure. In this way, the operator can monitor the risk situation on the Internet.
According to Tschersich, the Security Dashboard shows that attacks arrives from all over the globe.
"They appear every second, daily up to 800,000 times," he says. "The latest novelty in trends is the rising number of attacks against smartphones."
Using its sensor network, DT simulated a "jailbroken" iPhone (that is, an iPhone without security limitations, he explains) that was connected to the sensor network. The iPhone was attacked 300,000 times per year, and once per day with success, according to Tschersich, with attackers trying to extract contact information from the address book.
Tschersich said that the main reasons for all attacks are outdated software products.
"Too many users still don't consider their smartphones as high performance devices which have to be protected like the computer at home," he says. "There's no need to panic, though: 90% of the attacks can be averted successfully through properly maintained, updated systems."
— Michelle Donegan, contributing editor, Light Reading