ITU-T Recommendations

Recommendation ITU-T Q.3066 establishes a framework for enhancing the security of telecommunication networks against signalling-based attacks. It defines principles, detection methods, and mitigation strategies applicable to both legacy (e.g., SS7) and modern (e.g., Diameter, SIP, GTP) signalling protocols used across networks.
The Recommendation provides a structured threat model that classifies signalling attacks into four categories: simple single-request, single-protocol multi-request, multi-protocol, and cross-generational attacks. It identifies critical network assets at risk – such as subscriber location, international mobile subscriber identity (IMSI), international mobile equipment identity (IMEI) and call/session data – and specifies their exposure points within the network architecture.
Designed for network operators, equipment vendors and security solution providers, this Recommendation supports the implementation of robust, proactive defences at network interconnection points and internal trust boundaries. It is particularly useful for designing and operating signalling security gateways (SSGs), firewalls and OAM systems to improve network resilience and protect subscriber privacy.
NOTE – This Recommendation does not cover protection against non-signalling cyberattacks, end-to-end content encryption or cryptographic key management, which are addressed in other standards.