A successful cyber attack on a telecommunications operator could disrupt service for thousands of phone customers, sever Internet service for millions of consumers, cripple businesses, and shut down government operations.
And there’s reason to worry: Cyber attacks against critical infrastructure are soaring. For instance, in 2012, the US Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security, processed approximately 190,000 cyber incidents involving US government agencies, critical infrastructure, and the department’s industry partners. This represents a 68% increase over 2011.
Telecoms operators are adept at protecting their networks. It’s also true that cyber adversaries employ the telecom infrastructure as their primary transport for most attacks – and, as such, they rely upon a robust network. Consequently, adversaries who seek to attack telecoms are typically limited to anti-establishment hackers or nation-states seeking to use advanced persistent threats (APTs), according to Jamie Barnett, senior fellow of the Potomac Institute for Policy Studies and co-chair of the telecommunications group for Venable LLP, a law firm in Washington DC.
“That’s not to say that telecom organisations are not under attack every day. They are,” says Barnett, a retired US Navy admiral who also has served as chief of the Public Safety and Homeland Security Bureau of the Federal Communications Commission (FCC). “But as long as the bad guys and nation-states want the Internet to work as a means of carrying their malware, attacks, and criminal endeavors, the telecoms can handle the attacks. But they are still vulnerable.”
Today’s cyber adversaries are constantly sharpening and evolving their capabilities to exploit new vulnerabilities. Addressing these threats will require that telecoms operators approach activities and investments with comprehensive, up-to-the-minute knowledge about information assets, ecosystem threats, and vulnerabilities.
Operators have made longstanding contributions to critical infrastructure and technology innovation, and our research indicates that they are prepared for some, but not all, of today’s information security challenges. The Global State of Information Security® Survey 2014, a worldwide study conducted by PwC, CIO magazine, and CSO magazine, polled 456 telecommunications executives to measure and interpret how they combat today’s cyber threats.