Telcos and vendors tackle lax network security strategies

  • Outdated network infrastructure is a heightened security risk
  • Critical security updates are often not installed in a ‘timely’ fashion
  • A new alliance has been formed to tackle the issue
  • AT&T, BT, Cisco, Intel and Verizon are among the initial members

AT&T, BT and Verizon, along with big names from the vendor community such as Cisco, Intel and Juniper, are among the companies to have joined a new industry alliance, the Network Resilience Coalition, which is focused on ensuring that network infrastructure is as secure as it could, and should, be. 

Communications networks comprise systems sourced from many companies and are nearly always a mix of state-of-the-art and legacy systems, but one of the few things these systems all have in common is that they need to be secure. And according to the founding members of the new coalition, “it is common for organisations to lack robust patching and vulnerability management programmes or to not install critical updates in a timely manner, despite their availability.”

Failing to upgrade or update hardware or software can not only put an individual organisation at risk from security threats but “can lead to cyberattacks on a global scale, targeting ageing network infrastructure,” they noted in this announcement

The coalition members – AT&T, Broadcom, BT, Cisco Systems, Fortinet, Intel, Juniper Networks, Lumen Technologies, Palo Alto Networks, Verizon and VMware – aim to “propose real-world solutions that dramatically improve the security of data and networks that support our global economic and national security.”

And, it seems, these real-world solutions are really all about identifying processes that ensure technology updates are actually installed and that all organisations have security strategy programmes that are recognised and implemented. “By bringing together infrastructure vendors and major network operators who are experienced in deploying patches in a timely manner, the coalition aims to address network hardware and software resilience challenges and inform good policy,” the members noted.  

The first work item for the coalition members is to produce a report that offers technology developers, users and regulators “clear, actionable recommendations for improving network security.”

“Network resilience is vital to the health of our economy and our interconnected world and there is a need to focus on how to improve the security of the larger ecosystem by all sides working together,” noted Ari Schwartz, coordinator of the Center for Cybersecurity Policy & Law, a non-profit body that aims to improve the digital security of networks, devices and critical infrastructure. “Too often we see organisations fall victim to a cyberattack because an existing critical update or patch wasn’t made,” he added. 

And industry analyst Ron Westfall of The Futurum Group noted in this blog that he’s “encouraged to see the tech community collaborating to specifically address the nagging issue of updating hardware and software on a more consistent and systematic basis.” The coalition’s founding members “provide the global ecosystem and channel influence essential to swiftly broaden multi-organisation collaboration as well as boosting industry-wide awareness. The diverse nature of the coalition, including operators, chipmakers, security specialists, networking vendors and hybrid cloud providers, is key to assuring improvements in vulnerability management as well as overall cybersecurity administration,” noted Westfall. 

The formation of the coalition comes only days after IBM published its latest Cost of a Data Breach Report, which shows that the average cost of a data breach reached $4.45m in 2023, representing a 15% increase over the past three years. “Detection and escalation costs jumped 42% over this same timeframe, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations,” noted IBM in this announcement

- Ray Le Maistre, Editorial Director, TelecomTV