Enea Urges EU PEGA Committee: Broaden the focus beyond spyware to combat mobile surveillance threats and signaling infrastructure exploitation.

Enea recently highlighted the types of spyware used over mobile networks at a public hearing of the European Parliament’s PEGA Committee of Inquiry into the use of Pegasus and surveillance.

Rowland Corr, Vice President of Government Relations at Enea, was one of several industry experts invited to share his expertise at the Committee of Inquiry, which consists of 38 Members of Parliament.

The PEGA Committee was formed in March 2022 by the European Parliament to investigate spyware, particularly with the alleged targeting of journalists, lawyers, law enforcement officials, diplomats, and other people of influence in the E.U. Corr appeared at the Committee’s most recent hearing on March 16, 2023, and prefaced his contribution by urging the Committee to broaden its scope, highlighting the fact that other forms of spying beyond the use of spyware were steadily occurring over mobile networks that were relevant to the Committee’s concerns.

“Spyware is the tip of the iceberg in mobile telecom surveillance,” Corr commented. “Threat actors exploit vulnerabilities in mobile networks and governance gaps to execute unauthorized intrusions with impunity.”

Corr also pointed out that capability must be prioritized over mere compliance to combat the threat as the signaling security landscape evolves effectively. He continued, “This area of risk is not sufficiently understood, reported, or integrated at national levels. Critical infrastructure protection, cybersecurity, and national security all intersect when it comes to mobile network security. And the key to improving resilience may lie in emphasizing capability over compliance on the part of stakeholders – operators, regulators, or cyber agencies.”

Recently, the potential for access to EU-based infrastructure to be used by third-country actors as a tool for surveillance, separate from the use of spyware, has increased significantly. Corr continued to impress upon the Committee the importance of looking at surveillance threats beyond the primary use of spyware tools like Pegasus and, in parallel, focus on infrastructure as a whole:

“A key area of vulnerability is mobile telecoms signaling and the abuse of access to signaling infrastructure. To put this vulnerability into context as an area of surveillance risk – the use of mobile spyware weaponizes the personal device of the victim, and the use of mobile signaling weaponizes the network serving them. But in the hands of attackers, the mobile service becomes the cyber weapon.”

As 5G is adopted worldwide, there is a pressing need for secure interworking between protocols, network elements (across generations), and secure interconnections nationally and internationally. This represents an increasingly complex and critical area within electronic communications.