NTCA is committed to working with the public and private sectors to ensure that rural telecom providers have every tool at their disposal in order to efficiently and effectively secure their networks from cyber attack. As such, the association offers the following resources to assist your company as it seeks to protect network assets, and employee and customer data.
In response to the evolving cyber-threat landscape, industry leaders and policymakers have coalesced around a dynamic, flexible, risk-management approach to cybersecurity. This new approach allows a network operator to optimize its security investments, and as a secondary benefit, is consistent with policymakers’ expectations for critical infrastructure providers.
The NIST Cybersecurity Framework
The NIST Cybersecurity Framework is the preeminent resource to assist operators with developing a risk-management approach to cyber threats.
In response to presidential Executive Order 13636, on February 12, 2014, the National Institute of Standards and Technology (NIST) released the “Framework for Improving Critical Infrastructure Cybersecurity Version 1.0,” more commonly known as the NIST Cybersecurity Framework, and it has since been codified into legislation with the Cybersecurity Enhancement Act of 2014 and supported by President Trump in his May 2017 Executive Order.
The Framework is voluntary, based on existing standards, and designed to help owners and operators of critical infrastructure manage their cyber risk. The Framework applies to all 16 critical infrastructure sectors.
Sector-Specific Guide for Small Network Service Providers
In the summer of 2018, NTCA convened a Member Advisory Group to evaluate Version 1.1 of the NIST Cybersecurity Framework and adapt the framework to meet the needs of small network operators. The resultant report provides simplified, practical guidance for small network service providers; it explains, in basic terms, how small network service providers can digest and apply Version 1.1 of the NIST Cybersecurity Framework to their operations, while simultaneously providing flexibility for individual companies to suit their unique needs, characteristics and risks.
Of import, the NTCA Member Advisory Group evaluated the 108 subcategories included within the framework and grouped them into high-priority, mid-priority and low-priority listings or “profiles.” The high priority/first-step profile contains 29 subcategories or best practices from the framework, and this culled list may be a useful starting point for a small network operator that is seeking to undertake a more formalized and structured risk-management approach to protect its core network and critical infrastructure and services from cyber threats.
CSRIC Best Practices for Small, Rural Providers
The FCC encourages small and rural communications service providers to review and consider implementing, where appropriate, 23 specific best practices recommended by CSRIC to improve network reliability and as appropriate for your network operations.
The CIS Critical Security Controls
The Center for Internet Security (CIS) Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to respond to today's attack landscapes. A principal benefit of the CIS controls is that they prioritize and focus on a smaller number of actions. Learn more about the CIS Controls and how this approach can align with the more macro-level risk-management guidance provided by the NIST Cybersecurity Framework and endorsed by policymakers.
America’s cyber adversaries move with speed, stealth and increasing sophistication. To keep pace, information sharing is a vital resource for critical infrastructure security and resilience, improving the cybersecurity preparedness and response of private and public organizations. Learn more about how you can engage in various cyber information sharing venues:
The U.S. Computer Readiness Team (US-Cert), part of the Department of Homeland Security (DHS), distributes cyber vulnerability and threat information on a regular basis, often several times per week, for free to subscribers.
InfraGard is a partnership between the FBI and members of the private sector which expedites the timely exchange of information, and promotes mutual-learning opportunities relevant to the protection of critical infrastructure.
State and Regional Fusion Centers
Fusion centers operate as state and major urban area focal points for the receipt, analysis, gathering, and sharing of threat-related information between federal; state, local, tribal, territorial; and private-sector partners.
NTCA’s Cybersecurity Working Group
NTCA’s Cybersecurity Working Group offers a venue for members—network operators and technical consultants—to communicate and collaborate in a trusted setting, and exchange cyber vulnerability and threat intelligence information. The group is limited to 40 participants on an annual basis, and it meets virtually on a monthly basis.
Information for Your Customers
Creating a culture of cybersecurity is critical for all organizations and is a responsibility shared among all employees and network users. Your subscribers may find the following resources helpful as they strive to become more informed, aware and resilient in regard to cyber threats:
NTCA Cybersecurity Bundle
The 2018 NTCA Cybersecurity Bundle is a comprehensive guide designed to help your company develop a risk-management approach to cybersecurity—your company’s best defense against a proactive cyber adversary. This approach is scalable and flexible to address the evolving threat environment, and your needs and resource constraints. It also is consistent with the guidance provided within the NIST Cybersecurity Framework. The bundle consists of four robust resources, which are designed to be read and used sequentially.
Useful Websites and Documents
NTCA hosts a number of events throughout the year including the annual NTCA Cybersecurity Summit and webinars. Check out our latest events and see if cybersecurity issues is on the agenda.