TELSAFE: Telecom Security Assessment
- TELSAFE is a telecommunications security assessment framework that integrates qualitative context definition with quantitative probabilistic risk modeling.
- It employs a modular six-step process, using tools like event-tree analysis and CVSS metrics to convert security gaps into actionable risk scores.
- The framework minimizes expert bias by deriving likelihoods from empirical data and aligning with standards such as ISO 31000 and ITU-T X.1055.
Searching arXiv for TELSAFE-related papers to ground the article in the provided and recent literature. TELSAFE most directly denotes the TELecommunications Security Assessment Framework, a hybrid framework for security gap quantitative risk assessment that combines a qualitative assessment phase with a quantitative probabilistic phase in order to identify and prioritize risks arising from gaps between security standards and their practical implementation (Siddiqui et al., 9 Jul 2025). In the supplied arXiv literature, the label also appears in two adjacent safety-oriented contexts: a telecom-integrated wireless sensor network for environmental and safety monitoring in mines (Srivastava, 2010), and a safety realignment study for telecom-tuned LLMs described as a TELSAFE study within "SafeCOMM" (Djuhera et al., 29 May 2025). Taken together, these usages associate TELSAFE with end-to-end safety, security, and remote-monitoring problems in telecom-linked systems, although only the 2025 framework paper formally defines TELSAFE as a named risk-assessment framework (Siddiqui et al., 9 Jul 2025).
1. Disambiguation and nomenclature
In the arXiv materials considered here, TELSAFE is not a single universally fixed term. The clearest formal expansion is given in "TELSAFE: Security Gap Quantitative Risk Assessment Framework" (Siddiqui et al., 9 Jul 2025), where TELSAFE is defined as TELecommunications Security Assessment Framework and is presented as a new hybrid risk assessment framework employing probabilistic modeling for quantitative risk assessment.
A second usage appears in the technical summary of "SafeCOMM: What about Safety Alignment in Fine-Tuned Telecom LLMs?" (Djuhera et al., 29 May 2025). There, the summary refers to the work as the TELSAFE study, using the label to denote safety realignment methods for telecom LLMs rather than a standards-gap risk framework. A third, earlier safety-oriented context is provided by "Towards Greener and Safer Mines" (Srivastava, 2010), which develops a wireless sensor network integrated with a telecom network through a gateway for mine environment monitoring and distant administration.
| Usage in supplied literature | Core object | arXiv id |
|---|---|---|
| TELSAFE | Security Gap Quantitative Risk Assessment Framework | (Siddiqui et al., 9 Jul 2025) |
| TELSAFE study / SafeCOMM | Safety alignment in fine-tuned telecom LLMs | (Djuhera et al., 29 May 2025) |
| Telecom-integrated mine safety system | Wireless sensor network for environmental and safety monitoring | (Srivastava, 2010) |
This distribution of meanings suggests that TELSAFE functions both as a formal framework name and as a broader safety-and-security signifier in telecom-adjacent research. The formally specified encyclopedic referent, however, is the framework of (Siddiqui et al., 9 Jul 2025).
2. TELSAFE as a security gap quantitative risk assessment framework
The 2025 TELSAFE framework is motivated by the observation that gaps between established security standards and their practical implementation have the potential to introduce vulnerabilities, and that these gaps may expose systems to security risks unless they are addressed through security risk management strategies aligned with well-established strategies and industry standards (Siddiqui et al., 9 Jul 2025). The framework is designed to remain faithful to ISO 31000/IEC 31010/ISO 27005, and in the telecom use case also ITU-T X.1055, by mapping each internal step to a defined technique (Siddiqui et al., 9 Jul 2025).
TELSAFE combines the flexibility of qualitative analysis with the rigor of fully quantitative probabilistic risk assessment (Siddiqui et al., 9 Jul 2025). Its stated purpose is to identify and prioritize security risks born of standards-versus-implementation gaps, while eliminating the influence of expert opinion bias through data-derived likelihoods and arithmetic risk combination rather than subjective ratings or fuzzy logic (Siddiqui et al., 9 Jul 2025).
The framework is organized as a modular, six-step process split into two phases. Phase I: Qualitative Assessment contains QS.1 Context Definition, QS.2 Risk Factor Identification, and QS.3 Risk Analysis (Qualitative). Phase II: Quantitative Assessment contains QM.1 Risk Scenario Development, QM.2 Risk Modeling, and QM.3 Risk Evaluation (Siddiqui et al., 9 Jul 2025). Each step has a specified goal, techniques, and deliverable.
In QS.1 Context Definition, the goal is to establish scope, assets, and decision criteria such as risk-tolerance, business objectives, and regulatory mandates. The deliverable is a formalized assessment boundary describing which systems, protocols, or services are in scope and what risk levels are acceptable (Siddiqui et al., 9 Jul 2025). In QS.2 Risk Factor Identification, TELSAFE catalogs risk factors such as missing mandatory controls, unpatched software modules, or weak cryptography APIs, yielding a prioritized list of gap-induced vulnerabilities and their exploitation conditions (Siddiqui et al., 9 Jul 2025). In QS.3 Risk Analysis (Qualitative), the framework enumerates possible consequences including CIA breaches, data loss, and service outage, producing draft risk scenarios with narrative threat paths and an initial severity-only rating (Siddiqui et al., 9 Jul 2025).
The quantitative phase then transforms these narratives into a structured probabilistic model. QM.1 Risk Scenario Development adopts Event-Tree Analysis (ETA) as the core representation, optionally combined with FTA or LOPA for complex interdependencies (Siddiqui et al., 9 Jul 2025). QM.2 Risk Modeling assigns numeric probabilities to event-tree branches using frequency-based probability estimation from historical/CVE data and uses CVSS/EPSS for impact scoring (Siddiqui et al., 9 Jul 2025). QM.3 Risk Evaluation combines likelihood and impact into a single risk score and compares the results to organizational thresholds, producing a dashboard where scenarios are sorted by descending risk (Siddiqui et al., 9 Jul 2025).
3. Event-tree formalism and quantitative model
At the core of TELSAFE is a standard event-tree construction over basic events, each with a finite set of mutually exclusive outcomes (Siddiqui et al., 9 Jul 2025). The framework defines:
- as the th basic event
- as the outcome space for
- as the event base
- a path as a single chain containing one outcome from each event, with possible paths (Siddiqui et al., 9 Jul 2025)
TELSAFE derives the probability of an outcome purely by counting occurrences in a historical dataset :
with the guarantees
0
(Siddiqui et al., 9 Jul 2025).
For path likelihood, TELSAFE uses either an independence assumption or full conditioning. Under independence,
1
and with conditioning,
2
(Siddiqui et al., 9 Jul 2025).
Impact is computed by reusing CVSS v3.1 confidentiality, integrity, and availability impact metrics:
3
where each of 4, 5, and 6 lies in 7 and maps None/Low/High to 8 per CVSS spec (Siddiqui et al., 9 Jul 2025). TELSAFE also allows optional impact normalization:
9
(Siddiqui et al., 9 Jul 2025).
The final risk score is defined as
0
with optional display normalization
1
(Siddiqui et al., 9 Jul 2025).
The framework overview additionally notes an optional 95% confidence interval for estimated event probabilities,
2
but explicitly states that this is not in the original TELSAFE paper (Siddiqui et al., 9 Jul 2025). This distinction is important because it separates the framework’s baseline formulation from later or auxiliary statistical elaborations.
4. Bias elimination, standards alignment, and methodological claims
A defining claim of TELSAFE is that it eliminates the influence of expert opinion bias (Siddiqui et al., 9 Jul 2025). The mechanism for this claim is methodological rather than rhetorical. All likelihoods are obtained from observed frequencies in empirical logs, including incident databases, CVE/EPSS histories, and risk registers; impacts are taken from industry-standard CVSS metrics or other published scales; and aggregation is performed through direct arithmetic multiplication rather than subjective weighting or fuzzy logic (Siddiqui et al., 9 Jul 2025).
The framework therefore characterizes itself as bias-free in the specific sense that different analysts supplied with the same data and formulas would produce identical 3 values (Siddiqui et al., 9 Jul 2025). This is a strong reproducibility claim. A plausible implication is that TELSAFE is intended for contexts where traceability, auditability, and cross-organizational comparability are more important than analyst-specific judgment.
TELSAFE also presents itself as standards-compliant, transparent, modular, and scalable (Siddiqui et al., 9 Jul 2025). Standards compliance refers to cross-referencing each step to ISO 31000, IEC 31010, ISO 27005, and ITU-T X.1055. Transparency refers to the simplicity and auditability of equations (1)–(10). Modularity refers to the possibility of substituting or augmenting ETA with FTA or LOPA. Scalability refers to the use of large CVE sets or proprietary incident logs as direct input to the event-tree engine (Siddiqui et al., 9 Jul 2025).
The limitations temper these claims. TELSAFE requires sufficiently large, relevant historical or CVE/incident data to estimate outcome probabilities reliably; it can suffer from path explosion when many events have many outcomes; the independence assumption in equation (7) may not hold; baseline TELSAFE does not yet output path-level uncertainty bars; and static probabilities may not reflect emerging zero-days without periodic retraining (Siddiqui et al., 9 Jul 2025). These limitations indicate that the framework’s objectivity depends materially on data quality and structural modeling choices.
5. CVE-TELSAFE use case in telecommunications
To demonstrate real-world applicability, the TELSAFE paper presents CVE-TELSAFE, a use case for telecom settings including 5G/6G equipment, core network elements, OSS/BSS (Siddiqui et al., 9 Jul 2025). The data sources are NVD, CISA’s Known Exploited Vulnerabilities (KEV) list, and EPSS probabilities. The harvested fields include CVE ID, CVSS base score, exploitability/impact subscores, EPSS score and percentile, KEV flag, and the 7 CVSS attack-vector/complexity/privilege/user-interaction/scope/CIA-impact metrics (Siddiqui et al., 9 Jul 2025).
The preprocessing step numerically encodes categorical variables, for example Attack Vector = {Physical, Local, Adj-Net, Network} \rightarrow {0,1,2,3}, Base Severity {Low, Med, High, Crit} \rightarrow {0,1,2,3}, and CIA impact {None, Low, High} \rightarrow {0,1,2} (Siddiqui et al., 9 Jul 2025). An excerpted record for CVE-2024-7593 includes BaseScore 8.6, ExploitScore 2.2, EPSS_pct 0.83, AV 3, AC 0, PR 1, UI 0, S 0, 4, 5, 6, and KEV 0 (Siddiqui et al., 9 Jul 2025).
The qualitative phase in the use case defines the context as “Software components shipped in 5G gNodeB firmware”, identifies risk factors such as misconfigured authentication, weak TLS stacks, optional cipher suites omitted, and missing rate-limit controls, and includes a representative causal scenario: “Authentication bypass → unauthorized data access → privacy breach.” (Siddiqui et al., 9 Jul 2025).
The quantitative phase then builds an event tree of 7 events, one for each numeric column in 8 that influences likelihood; computes 9; derives 0 via equation (7); computes 1 via equation (9); and evaluates 2, followed by normalization to 3 (Siddiqui et al., 9 Jul 2025). For CVE-2024-7593, the example values are
4
(Siddiqui et al., 9 Jul 2025).
The reported numerical findings show that the bulk of CVEs cluster at 5, but approximately 7% exceed 0.8 (Siddiqui et al., 9 Jul 2025). Ranking by 6 therefore highlights critical, widely exploited flaws for urgent fix. The use case is presented as evidence that TELSAFE can prioritize remediation without relying on subjective panels because all probabilities and impacts are derived from published CVE/CVSS/EPSS data (Siddiqui et al., 9 Jul 2025).
6. Related TELSAFE-associated safety systems and telecom AI safety
Although the formal TELSAFE framework is cyber-risk oriented, the supplied literature also places the term in relation to other safety architectures.
The earliest relevant system is the mine-monitoring prototype in "Towards Greener and Safer Mines" (Srivastava, 2010). That work develops a four-layered system consisting of sensing, network, gateway and application, bridged to the outside world via a telecom interface (Srivastava, 2010). The sensing layer uses an Atmega128L microcontroller (7.3728 MHz, 128 KB flash, 4 KB RAM) with TMP-275 temperature, APDS-9300 ambient-light, and XBee IEEE 802.15.4 2.4 GHz radio components (Srivastava, 2010). The network layer adopts a tree topology in which leaf nodes report to cluster heads and cluster heads forward to a base station, emphasizing multi-hop forwarding with minimal redundancy and simplified aggregation (Srivastava, 2010).
The prototype defines a configurable sampling interval and reports that the demo used 5 s (Srivastava, 2010). It also specifies local threshold logic for gas monitoring,
7
with a programmable threshold such as 1000 ppm CO (Srivastava, 2010). Heads and the base station monitor incoming alarm flags, and on any high flag the gateway pushes an alert SMS or e-mail instantly (Srivastava, 2010). The lab setup reports packet success values between 94% and 98% across the listed nodes (Srivastava, 2010). This system is not named TELSAFE in the paper title, but it constitutes a telecom-integrated safety-monitoring architecture that is conceptually adjacent to later TELSAFE usage.
A different line of work appears in "SafeCOMM: What about Safety Alignment in Fine-Tuned Telecom LLMs?" (Djuhera et al., 29 May 2025). Its summary describes a TELSAFE study focused on how supervised fine-tuning or continual pre-training on telecom datasets can erode previously aligned refusal behavior (Djuhera et al., 29 May 2025). The study evaluates safety degradation with DirectHarm and HexPhi, defining harmfulness as
8
and using Llama-Guard-3-8B as the safety judge (Djuhera et al., 29 May 2025). Quantitatively, Llama-2-7B-Chat on TeleData (600 k samples) rises from 5.0% / 2.0% harmfulness on DirectHarm / HexPhi to 36.7% / 20.1% after SFT, while Llama-3-8B-Tele-it after CPT reaches 78.2% / 73.0% (Djuhera et al., 29 May 2025).
The study proposes three post-degradation defenses: SafeInstruct, which injects harmful-question-to-safe-refusal pairs during SFT; SafeLoRA, which projects LoRA updates into a safety subspace using
9
and a cosine criterion 0; and SafeMERGE, which merges a telecom adapter and a safety adapter with
1
for layers where 2 (Djuhera et al., 29 May 2025). For Llama-2-7B-Chat on TeleData, the reported outcomes are QA acc 38.7%, DirectHarm 8.5%, HexPhi 7.3% for SafeInstruct; 37.3%, 10.2%, 8.5% for SafeLoRA; and 38.5%, 6.9%, 5.1% for SafeMERGE (Djuhera et al., 29 May 2025). For Llama-3-8B-Tele-it (CPT), SafeMERGE yields QA acc 33.9%, DirectHarm 14.3%, HexPhi 11.1% (Djuhera et al., 29 May 2025).
These works do not redefine the 2025 risk framework, but they show that TELSAFE-associated discourse spans physical safety monitoring, telecom-network integration, and safety alignment in telecom AI systems.
7. Interpretation, misconceptions, and future directions
A common misconception would be to treat TELSAFE as a single monolithic system spanning mines, cyber-risk assessment, and telecom LLM alignment. The supplied literature does not support that interpretation. Instead, it supports a narrower statement: TELSAFE formally names the security gap quantitative risk assessment framework of (Siddiqui et al., 9 Jul 2025), while related safety-oriented uses occur in the surrounding telecom literature [(Siddiqui et al., 9 Jul 2025); (Djuhera et al., 29 May 2025); (Srivastava, 2010)].
Another misconception would be to equate TELSAFE’s elimination of expert-opinion bias with elimination of all modeling uncertainty. The framework explicitly notes limitations involving data dependency, path explosion, possible failure of the independence assumption, the absence of path-level uncertainty bars in the baseline method, and the fact that static probabilities may not reflect emerging zero-days without periodic retraining (Siddiqui et al., 9 Jul 2025). TELSAFE therefore removes one class of subjectivity while leaving open ordinary statistical and structural uncertainties.
The future directions stated for the framework include integrating probabilistic model checking (PRISM), hybridizing with AI/ML anomaly detection for context definition or event-dependency discovery, automating the CVE-to-tree pipeline through a live feed from NVD/EPSS, extending confidence intervals through Bayesian updating (Dirichlet priors), and incorporating cost-benefit or decision-analytic modules such as CBA and multi-criteria decision making atop raw 3 scores (Siddiqui et al., 9 Jul 2025). These extensions preserve the central TELSAFE premise that risk management should remain both standards-grounded and quantitatively reproducible.
In that sense, TELSAFE occupies a specific place in current telecom-oriented research: it is a framework for converting standards-implementation gaps into explicit, data-derived risk scores, while adjacent literature extends the same safety-and-security concern to remote sensing infrastructures and telecom-specialized LLMs [(Siddiqui et al., 9 Jul 2025); (Srivastava, 2010); (Djuhera et al., 29 May 2025)].