The communications infrastructure has long been integral to peoples' everyday lives, but in recent years, with rise and rapid advancement of mobile phone and tablet technologies, it has become everpresent. And now, as the internet of things adds more devices to the network — things that have never been networked before, such as household appliances and automobiles — the shape of the threat is changing.
"When we look at the cyber threat that's posed to critical infrastructure, we really need to look at the new dimension beyond the typical information technology environment and more around operational technologies – those things that control the widgets in gears and gadgets in our world today," said Robert Jennings, global practice manager for critical infrastructure protection and cybersecurity at Verizon. "We live in what we call a 'hyper connected world' and because of that we could pretty much say that we're probably at the worst point in history from a security standpoint."
Special Multimedia Report
The infrastructure that connects the world's communication networks – the fiber and switches that carry calls and data from one point to another – is the same infrastructure that delivers malware to unsuspecting users and enables hackers to take control of computers remotely. Failure to protect communications infrastructure compromises all other facets of the digital age, including other critical sectors.
"When we look at the communications sector in particular, you have an industry that really is the backbone for everything else," Jennings said. "It's the hub when it comes to connectivity. It doesn't matter whether it's voice, the internet, data connectivity, video – all of these things rely on the communications infrastructure."
A large-scale cyberattack that cripples communications infrastructure would have wide-ranging effects.
"It's about more than just making a phone call," said David Henning, network security director for Hughes Network Systems. "It's about being able to find where you need to go if you need directions somewhere; it's about being able to look up that email and cross-reference something; it's about being able to do a search and find more information about what you want to know – when my kids ask me questions about things and I don't know the answer, I've got a device in my pocket that I can pull out and ask it and go on and find thousands of answers. The ability to communicate has become such a critical piece of our lives and if that were to be suddenly taken away by some type of attack, a lot of people would be stuck."
The threat is real, Henning said, but the attacks and vectors aren't much different than what's being seen in other sectors.
"As far as security challenges go, there really in my opinion isn't anything unique to the communications sector compared to other sectors," he said. "When you're dealing with information security challenges, you're facing all the same types of threats, the same type of vulnerabilities."
The difference is communications companies have visibility into the very infrastructure those attacks are happening on. That visibility puts the sector at the fore of cyber defense.
"When things go terrible in any other industry, they're going to rely on communications," Jennings said.
And the communications industry has a lot to offer. Companies have a built-in self interest in having strong cybersecurity but have also found an additional business model born out of those capabilities.
The communications sector has spent years looking "at not only how to protect its infrastructure – it needs to – but the most valuable asset is our customers and if we can't secure their data we're not going to be in business very long," Jennings explained. "There have been significant improvements in security, proactive improvements. These are things that we not only leverage to protect our internal infrastructure and thereby some of our customers but now we've actually begun to offer these things to our customers to help them better protect themselves, as well."
Those offerings range from managed security services for customer companies to more advanced capabilities – like those offered to government agencies through Homeland Security's Enhanced Cybersecurity Services (ECS) program – to annual breach reports and threat information sharing.
That vertical collaboration will be key to securing the future and government will have a role, Henning said.
"I think it's an easy argument to make that constitutionally the government has a requirement to provide for our security and defense and they certainly do that in the physical sense. If we were fielding the same level of attacks of a physical nature every day that we see in the cyber world, people would be going crazy. The raw volume of it all would be completely overwhelming.
"In the cyber realm, I'd like to see more of that same mindset," he continued. "Protecting U.S. citizens from foreign interests as you're traversing the internet and using communications, while still maintaining the freedoms and everything else that we enjoy."
As more everyday things become connected through communications infrastructure – the rise of the Internet of Things – it will be incumbent on sector leaders to ensure security.
"There's a responsibility for Verizon and the organizations that provide the devices that are at the edge," Jennings said. "Verizon is working – and has a responsibility to as part of the communications infrastructure – to make sure that edge devices, those things that are attaching to it all the way down to the circuitry on the board level, from the time it's manufactured all the way through the connectivity environment to the backend are secure."
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.