CSE Statement re: media reporting on SS7 vulnerabilities
Signalling System 7, or SS7 is a legacy telecom protocol widely used by telecom service providers not only in Canada, but around the world. The security issues surrounding SS7, have been known for some time and have been reported on publicly since they emerged in 2008. CSE’s role is to provide advice and guidance to help protect systems of importance to the Government of Canada. With this in mind, CSE has been actively working with Canada’s telecom industry to address issues related to SS7 to develop best practices, advice and guidance that can help mitigate the risks associated with SS7.
In addition to advice and guidance related to specific issues such as SS7, CSE provides the government of Canada with extensive cyber security advice and best practice recommendations including, for using mobile communications devices safely. As recently as this past summer, CSE met with federal political parties, Parliamentarians, provincial governmental officials and provincial electoral bodies to provide guidance and advice on mobile device usage. This advice is available to all Canadians and can be found on our Mobile Security webpage
Chief, Communications Security Establishment