In light of the persistent and increasing cyber threats, there is a continued policy focus on protecting the nation’s critical infrastructure.
The NTCA Cybersecurity Bundle is a comprehensive guide designed to help telco executives, board officers and operational staff develop a risk management approach to cybersecurity.
These three components are designed to work together to help improve your company’s cybersecurity readiness. NTCA members receive a discount.
The NIST Cybersecurity Framework
In response to presidential Executive Order 13636, on February 12, 2014, the National Institute of Standards and Technology (NIST) released the “Framework for Improving Critical Infrastructure Cybersecurity Version 1.0.”
The Framework is voluntary, based on existing standards, and designed to help owners and operators of critical infrastructure manage their cyber risk. The Framework applies to all 16 critical infrastructure sectors.
Making Sense of the Cybersecurity Framework
The CSRIC IV WG 4 Report
Subsequent to the release of the NIST Cybersecurity Framework, the FCC’s Communications, Security, Reliability and Interoperability Council (CSRIC) IV advisory council convened a working group to develop a sector-specific risk management framework for the communications industry.
On March 19, 2015, CSRIC IV approved the cybersecurity working group report. The report includes recommendations, resources, and guidance with regard to cybersecurity best practices for the private sector.
NTCA urges its members to review the report, in particular, Section 9.9 which contains simplified, practical guidance for small businesses. For more information, please see this NTCA Member Alert.
Using the NIST Framework/CSRIC Guidance
NTCA produced a webcast, "Creating a Proactive, Agile, and Adaptive Cybersecurity Strategy" on November 19, 2015 to discuss the risk-management approach to cybersecurity, as espoused by the NIST Framework and CSRIC guidance. An FCC representative shared the Commission’s perspective and expectations, and two NTCA members, technicians in the field, shared how they have used the NIST Framework approach to refine and improve their company’s cybersecurity posture. The webcast is for NTCA members only. Login is required to view.
The U.S. Computer Readiness Team (US-Cert), part of the Department of Homeland Security (DHS), distributes vulnerability and threat information on an almost daily basis. Be sure to sign up for their email notices.
Federal Trade Commission Authority
May 20, 2015: The FTC released a blog post on what a company should expect if it is the target of an FTC data security investigation.
June 30, 2015: The FTC published a guide to computer and data security for businesses.
DHS has issued guidance in regard to reporting cyber incidents to the government for further review.
CSRIC V WG 6 Report on Secure Hardware and Software
This CSRIC V Working Group 6: Secure Hardware and Software - Security-by-Design report provides voluntary recommendations and best practices to enhance the security of hardware and software in the core public communications network.
NEW Affinity Partner!
We all know cybersecurity is a topic we cannot continue to ignore. So NTCA has teamed up with Dynetics to offer members a discount on SelfAssure, a cloud-based, guided Cyber Risk Management tool that provides Cyber Risk Profile to characterize your readiness for today's cyber threats, industry-based cyber threat assessment and mapping your strengths and weaknesses to the NIST Cybersecurity Framework. For more information visit their website.
The omnibus spending package that Congress passed in late December 2015 included the Cybersecurity Act of 2015 – the result of combining House and Senate bills designed to foster greater information-sharing on cyber threats among private-sector companies and between the private sector and the government.
The Act establishes the Department of Homeland Security (DHS) as the portal for cyber threat information sharing with the government, provides for strong and clear liability and antitrust protections for those sharing information under the new law’s provisions, and aims to safeguard privacy by requiring removal of any extraneous consumer information prior to sharing cyber threat data. Also, the Act specifically bars agencies from using shared information to develop regulations, though it allows for shared information to inform the broader ideas behind a new rule.
Personal Safety & Security Resources
Please contact Jesse Ward, Director, Industry & Policy Analysis, at email@example.com or 703-351-2007.
Interested in getting more involved? If you are an NTCA member, please consider joining NTCA's cybersecurity working group by also contacting Jesse Ward.