The U.S. telecom sector is bolstering its cybersecurity efforts to coordinate with the creation of a new private ISAC by U.S. Telecom giants to combat AI-enabled cyberattacks and state-sponsored espionage campaigns as well as emerging risks to the nationโs communications infrastructure.
It is well to be noted that some of the nationโs largest telecommunications providers developed the Communications Cybersecurity Information Sharing and Analysis Center, or C2 ISAC, in order to establish a more private environment for exchanging cybersecurity intelligence. Founding members consist of AT&T, Charter, Comcast, Cox, Lumen, T-Mobile, and Verizon as well as Zayo. The chief information security officers of these companies will be members of the organisation’s board.
The private ISAC has a new executive director,ย Valerie Moon, who is theย former senior official with responsibilities for the Cybersecurity and Infrastructure Security Agency โ CISA as well as the Cyber Division of the FBI.
As per the chief security officer at T-Mobile and also aย board member of the C2 ISAC, Mark Clancy,ย the private ISAC was designed for the transforming threat environment.
โThe main driver for us is our recognition that the threat environment has evolved, and we as a sector and private entities need to evolve and really keep up with the pace and velocity at which thatโs happening,” Clancy said in a conversation with the Cybersecurity Dive.
Clancy said theย response of the industryย to Salt Typhoon showed telecom companies the necessity for more direct collaboration. He added, โThe need for us to collaborate on a private-to-private basis really became amplified.”
The Telecom Industryโs Rapid Path to Intelligenceย
The telecom industry has established information-sharing efforts via the Communications ISAC, or National Coordinating Center for Communications, but that group is different from most ISACs since it is embedded in the federal government within theย CISA, as opposed to being a separate private entity.
That government connection, Mr Clancy said, made some telecom companies cautious about divulging confidential cybersecurity intelligence.
He said, “There’ve been concerns and hesitations about it.”
The private ISAC by U.S. Telecom giants hopes to address those issues by restricting engagement to industry members and prohibiting government agencies from accessing its internal communication channels. Organisers hope that this structure encourages a freer flow of threat intelligence at earlier phases of investigations between companies.
โWhen you have public-sector entities involved, thereโs more review and deliberation about what gets put into that channel,โ opinedย Clancy, who noted the updated arrangement allows companies to be a bit more raw and upfront in terms ofย sharing information.
Over time the telecom operators felt they had grown too conservative about sharing information by means of the current Communications ISAC. Companies also often withheld lower-level threat signals that were later found to be tied to larger offensive campaigns, said Clancy.
He further said, โWe were being too restrictive in what we were sharing,โย adding that some supposedly isolated activity was “in fact connected to bigger activity.
Moon stressed that the private ISAC is not a substitute for the current Communications ISAC. Instead, the two organisations will probably exist side-by-side, with the older one continuing to handle larger operational issues, like threats to physical infrastructure.
Moon said that “we really see this as a complementary effort. When you think about each of these companies and their adherence to ensuring that the privacy of their data is very much at the forefront of their minds, they see this as a trusted space.โ
Private ISAC May Go Beyond Threat Sharing
Telecom sector information-sharing initiatives have already been helpful in fighting cybercrime along with network abuse. An example involved detecting SIM boxes, devices that cybercriminals typically utilise to send out large volumes of spam calls and text messages that are extremely hard to block.
T-Mobile discovered some signs of SIM box activity and exchanged them with other telecom companies so they could detect and prevent the same kind of activity on their networks.
Clancy says that malicious infrastructure is frequently hosted across multiple providers, so mitigating these threats requires coordinated action, and in order to find out whatโs going on, you have got to look across both sides.
In addition to direct threat intelligence, telecom firms have swapped operational best practices and defences by means of established partnerships. Clancy recalled another telco had taught him an effective way to deal with residential proxy networks.
Clancyย said, โI learned a technique for dealing with some of the residential proxy networks from another operator that was really clever. And Iโm, like, Yeah, weโre going to go do that.โโ
While the private ISACโs immediate priority is enhancingย information sharing surrounding AI-driven cyberattacks as well as network threats, its leaders are also thinking about broader future features. Clancy said the group might one day create shared automation platforms along with collaborative technologies which would be simpler to coordinate behind theย closed doors than in regulatory structures led by governments.
The organization may also look at participating in organised cybersecurity operations like botnet takedowns, but Moon said those discussions are in their infancy.
โIt just depends on what the operation is and where the authorities lie and what we are trying to accomplish,โ she said.
Moon said the private ISAC is indeed in its early stages,ย indicating that multiple long-term objectives are still being talked about.
Another open question is the expansion of membership. The present-day founding members are some of the biggest companies in the telecom world, but Clancy admitted they will need greater involvement to be most effective.
โThere are more than eight companies in the communications sector, and so we wonโt be fully effective until we increase that membership base,โ Clancy said.
The announcement of the private ISAC also comes amid considerable uncertainty about federal cybersecurity programs. Budget cuts and staff reductions, as well as changing priorities for government agencies, have caused many private-sector organisations to rethink how they manage their cybersecurity defence efforts.
Clancy says, โObviously, whatโs happening in the public sector informs what we need to do,” referencing the issues that involve government investment and agencies along with legislative processes.
He also urged the Department of Homeland Security to speed up initiatives to substitute the obsolete Critical Infrastructure Partnership Advisory Council framework that used to offer industry and government stakeholders a private venue for discussions.
The private ISAC also intends to keep in touch with federal agencies but will be autonomous. The group will share significant intelligence directly with government partners or by means of the current Communications ISAC framework, Clancy said.
โWe could have a more freewheeling private-to-private conversation and we could distil the useful, important bits and push them over to the government side,โ he said.