Attacks and Vulnerabilities
Critical infrastructure
News
Reports

CSCC works with gov’t partners to understand, mitigate security risks in communications sector

February 24, 2022
CSCC works with gov’t partners to understand, mitigate security risks in communications sector

The U.S. ​​Communications Sector Coordinating Council (CSCC) said its members have entered into new alliances with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in its Joint Cyber Defense Collaborative (JCDC) effort, while also formalizing and expanding their participation in the Enduring Security Framework (ESF) working group. The council is uniquely positioned to understand and mitigate security risks in the critical communications sector.

Launched in August, the JCDC initiative brings together public and private sector entities to unify deliberate and crisis action planning while coordinating the integrated execution of these plans, the CSCC said in its annual report on Wednesday. The ESF is a public-private partnership led by CISA and the NSA along with the U.S. Department of Defense (DoD), intelligence community, and industry partners. The working group is focused on understanding and responding to threats and risks to the security and stability of U.S. national security systems and critical infrastructure. 

The report said that its CSCC members will in the year ahead continue to participate in the Federal Communication Commission’s (FCC’s) rechartered CSRIC VIII, focusing on 5G network and software security, engage with DHS CISA and the DoD on the development of 5G testbeds, and focus on efforts to secure the supply chain.

The CSCC coordinates industry engagement with the U.S. government on cyber and infrastructure security, resilience, and risk reduction. It works towards protecting American communications critical infrastructure and key resources while ensuring that its communications networks and systems are secure, resilient, and rapidly restored after a natural or man-made disaster. It also coordinates with industry participants in the National Security Telecommunications Advisory Committee (NSTAC) and the Communications-Information Sharing and Analysis Center (NCCIC). 

CSCC also said that cybersecurity attacks continued to rise through 2021, both in terms of threat vectors, numbers, and consequences. Additionally, the adoption and integration of the Internet of Things (IoT) are creating a complex mesh of cyber-physical systems, which expands attack surfaces. 

Working on national security priorities, the CSCC continued working towards securing the supply chain across multiple workstreams and engaging across federal agencies to promote concerted efforts and a consistent approach to supply chain risk management (SCRM). This included briefing the White House on feedback from over 200 entities representing all five segments of the communications sector to the extended continued effort as co-lead of the DHS information and communications technology (ICT) SCRM task force and is preparing for more engagement in the coming year, according to the report. 

Wireless carriers are transitioning to the fifth generation of wireless technology (5G) at a record pace, and CSCC members are uniquely positioned to understand and mitigate security risks. Three years after the initial launch, 5G networks are now available to more than 91 percent of Americans, the report said. “​​Carriers continue to collaborate with each other and government to monitor, assess, and mitigate security threats, further demonstrating the industry’s commitment to enhancing protections from cyberattacks,” it added. 

CSCC members also prepared for the National Telecommunications and Information Administration (NTIA) its ‘National Strategy to Secure 5G Implementation Plan’ and participated in listening sessions, covering a host of topics including standards, open RAN, information sharing, and security. It also aligned with the CISA on mitigation efforts to ensure the opportunities of 5G are realized and engaged in the development and operationalization of CISA’s strategy. The agency also worked with the DHS Analytics Exchange Program (DHS AEP) to issue a report cataloging the security implications of 5G technology. 

The CSCC also provided an assessment of the position, navigation, and timing (PNT) risk, which is critical for the functioning of American critical infrastructure and used for civil, commercial, and military use. The ubiquitous use of global positioning navigation as the primary source of PNT information makes sectors vulnerable to adversaries seeking to cause harm by disrupting or manipulating Global Positioning System (GPS) signals. PNT efforts are particularly critical in light of the Russian test of its new anti-satellite technology and threat to attack NATOs 32 GPS satellites last November. 

In 2021, CSCC partnered in a DHS effort to strengthen PNT for critical infrastructure sectors, including a coordinated PNT vulnerability risk assessment for the communications sector. “Based on input from the five segments, it was determined that the communication sector faces minimal risk to critical functions or general operations, even in the face of PNT disruptions or outages,” the report said. 

CSCC members also provided technical advice on a broad set of cybersecurity legislative proposals, including regular engagement with Cyberspace Solarium Commission staff, members of Congress, and congressional staff. In addition to testifying on incident response, CSCC members provided subject matter expertise on other issues including systemically important critical infrastructure, cybersecurity statistics, information sharing, 5G, and the global semiconductor shortage.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations