By Jesse Ward
November 2017
Last month in Kansas City, Mo., more than 180 small, rural telecommunications providers gathered at NTCA’s 2017 Cybersecurity Summit to discuss the latest developments within the cybersecurity field, including innovations in policy, process and technology. The event was especially well-timed given the Department of Homeland Security had designated October as Cybersecurity Awareness Month.
A month later, we stand with our government partners in observing the importance of Critical Infrastructure Security and Resilience Month.
Small, rural telecommunications providers are truly critical infrastructure providers that operate mature IT and communications networks to connect their rural communities with the outside world, enabling rural consumers to benefit from online commerce, education, public safety and health care services, to name a few. Unfortunately, as critical infrastructure providers, your company is an easy target for bad actors who wish to do your staff, customers and networks harm. Of course, it is very easy to say, “Don’t be a target,” but cybersecurity is a complex field, as threats are evolving, becoming more sophisticated and proliferating throughout the ecosystem.
In Kansas City, attendees participated in a first-of-its kind tabletop exercise to discuss specific and common cyber incidents. This exercise allowed attendees to put the knowledge they have into practice, and test their incident response capabilities. Further, the activity allowed participants to engage with one another and learn from their peers within the industry.
If you did not have the good fortune to join us last month and participate in this ground-breaking exercise, rest assured: There is no better time than today to review your company’s existing cybersecurity practices. However, NTCA recognizes that the issue can be overwhelming. Where do you start? How do you know whether you have “enough” security in place? How can you, as a nontechnical senior manager, evaluate and oversee your company’s cybersecurity preparedness? It can feel like a daunting project, especially for small telecom providers with extremely limited financial, staff and technical resources.
Remember, you goal should not be to eliminate all cyber risks and threats. Rather, consistent with industry best practices, risk-management principles and the NIST Cybersecurity Framework, your company should strive to mitigate risk, reducing the likelihood that an event will occur, or the consequences if the worst happens—and to manage the risk in a cost-effective manner?
NTCA understands this is a wholesale shift in cybersecurity policy and practice; risk-management remains a nascent concept for small, rural communications companies. To meet your needs, NTCA has developed a variety of resources to assist small, rural telecommunications providers with improving their cybersecurity readiness, including:
- The NTCA Cybersecurity Bundle: a comprehensive guide designed to help telco executives, board officers and operational staff develop a risk-management approach to cybersecurity.
- NTCA Cyber Source, a biannual, online publication, which provides timely news articles related to operational, technical and policy issues, in addition to highlighting resources that may assist your company with protecting its network, infrastructure and assets. The inaugural issue is available for purchase now.
- And the NTCA Cybersecurity Working Group. For NTCA members only, the working group provides guidance for the association; serves a test-bed for new projects and ideas; and, perhaps most importantly, provides a venue for members to collaborate and share cyber-threat intelligence and best practices.
In addition to developing member resources, NTCA continues to advocate on your behalf through various public-private working groups, including the Communications Information Sharing and Analysis Center (Communications-ISAC), which enables network operators and government agencies to exchange cyber-threat information, and the Communications Sector Coordinating Council (CSCC), which coordinates with policymakers and other government agencies on planning and policy. NTCA Chief Executive Officer Shirley Bloomfield is a member of the FCC’s CSRIC advisory council, which develops industry best practices, and I serve as a member of the CSCC executive committee and as the chair of the CSCC Small and Mid-Sized Business Committee.
NTCA looks forward to working with you in 2018 to ensure your company—and your customers and suppliers—have the resources to identify, protect, detect, respond and recover from cyber threats. Please mark your calendars now for NTCA’s third annual Cybersecurity Summit, October 21–23, 2018, in Dallas, Texas.