Communications-ISAC – The Critical Infrastructure Protection & Resilience North America interview

Ben Lane, CIPRNA event manager, met Chris Anderson Principal Advisor for National Security & Emergency Preparedness at Lumen Technologies and the recently re-elected 2024 Industry Vice Chair of the Communications Sector Information Sharing and Analysis Center.

Chris will be speaking on two panels at CIPRNA 2024:

CI Interdependencies and Cascading Effects in Community Situational Awareness: https://ciprna-expo.com/session/ci-interdependencies-and-cascading-effects-in-community-situational-awareness/
Communications Sector Symposium: https://ciprna-expo.com/session/communications-sector-symposium/

The following is a transcription of their conversation.

Ben Lane

In a few words describe your current role and positions.

Chris Anderson

I am the principal advisor for National Security and Emergency Preparedness at Lumen Technologies, a major carrier, and tier one ISP in the United States. In addition to my work at Lumen, I am also one of two elected leaders of the Communications ISAC. In my role there, I work across a range of communications companies and sub-sectors within comms focused on national security and emergency preparedness.

Ben Lane

Can you explain what the Communications ISAC is for those who do not know and its roles and its objectives?

Chris Anderson

The Communications ISAC is partly like the other sector and sub-sector ISACs – it is an information sharing and analysis center. The ISACs are focused typically on an industry, a target market, sometimes by geography and/or like-minded companies that face similar risks, which have similar preventative measures. They share information amongst themselves to make themselves more secure and resilient. We gather information, analyze it, sanitize it, and disseminate it back out. But that is just a subset of the things that the Communications ISAC does. For one thing, it traces its lineage back to 1984 when it grew out of a need in the US to coordinate between the United States government, DOD, the National Command Authority, and the Regional Bell Operating Companies.

Before the breakup of AT&T, it used to be that the government could coordinate comms by picking up the phone and calling AT&T. When AT&T broke up, there was a need to coordinate more closely with many other companies. By presidential edict, the government is required to run a joint government industry operations center that is focused on these communication missions. This layers on additional missions for the Communications ISAC. Probably the most important part is working closely with our federal government partners on continuity of government, continuity of operations, the ability for our government at the senior levels to be able to communicate in all kinds of crisis. I mean, this was built during the Cold War, and that level of crisis!

Accordingly, we have a very strong incident response mission that we coordinate with Homeland Security and FEMA and a cyber incident response mission, and this has become more and more important to resilience. We also work closely with DHS through the Communications ISAC on a variety of priority telecommunication services, and those range from telecommunication service priority, which is an FCC regulation that requires under certain circumstances that carriers either provide prioritized provisioning of new circuits related to national security and emergency preparedness or restoration of those critical circuits if they go out.

Additionally, wire line and wireless service have specific prioritization programs, so in a scenario where communications lines are congested, first responders, and government officials can access those lines with prioritization.

We are one, I think, of only two ISACs that has government partners integrated into the core of the ISAC; whether that’s CISA, the Cybersecurity and Infrastructure Security Agency, the Federal Emergency Management Agency, Transportation Security, or the Department of Defense and Department of Justice.

Our regulator participates in our ISAC, the Federal Communications Commission. So, the Communications ISAC is its own unique thing, and it is exciting to be a part of it.

Ben Lane

It is a wide range of work. Can you define the main developments and changing threats that you are seeing presently within your sector?

Chris Anderson

The core of our work grew out of the old telephony system, both wire line service and wireless service that now of course involve big data, huge pipes.

Then there is the cable industry, which grew out of entertainment providing cable TV. They provide critical back haul for local and other critical infrastructure owner operators, including sometimes the communication sector itself.

We also work with the broadcasters. This is a critical element when you look at disaster resilience and the ability to use TV and radio to send messages out to the citizenry.

Then there is the satellite segment. There is a lot of stuff that satellites do outside the sphere of comms, but still have a core communications mission.

All those interconnected, modern communications grids are super dense, and they are meshed. They connect to each other at a lot of different points and certainly are not 100% bulletproof but that mesh network creates a resilient backbone for overall communications. That backbone is globally interconnected, and that implies a couple of interesting things that we must take care of.

Number one, the biggest providers -the tier one ISP backbones– interconnect with each other, but also very small participants such as rural wireless providers. These are also global networks. That means we are connected to countries that do not necessarily have our best interests at heart. It is also important to understand that even though the Communications ISAC members do a fantastic job of working together for the common good and defense of the network, it is still a fiercely competitive industry and is really driven by market forces. It requires a huge amount of investment, and that investment needs to have a return.

It is also a constantly evolving space. Almost everything these days gets digitized, packetized, and sent as streams of bits and bytes. Networks are increasingly software defined, so they are much easier to rapidly reconfigure. Cloud and edge technologies are becoming increasingly important in the way that networks operate. Certainly, artificial intelligence is on everybody’s mind in a lot of ways. AI can really help facilitate the smooth operation and design of networks. It can also help the bad guys to be able to target vulnerabilities, but then as the wheel keeps turning, it also helps the good guys identify the bad guys.

We spend a lot of time looking at natural disasters from a “what’s the vulnerability standpoint,” to mobilizeg the sector to help reconstitute after a major hurricane or an earthquake or a wildfire. We certainly keep track not just in the US but globally of physical attacks against critical infrastructure. We had a central office here in the United States, in Nashville, and someone attempted to blow it up. They were unsuccessful, although they did damage it for several days and impacted comms in a regional aspect. We saw attacks on 5G telecommunication towers throughout Europe and a little bit here in the US. It is a big physical network and therefore vulnerable to those kinds of physical attacks.

The topic I should have led with, given our subject matter at the CIPRNA conference, is our cross-sector dependencies. As a sector, we are hugely dependent upon commercial electricity, and luckily that has been robust and resilient for the most part. Where electricity is not resilient or where we do have temporary regionalized outages, we then become very dependent on liquid fuels and being able to deliver diesel and gasoline to run onsite generation.

Certainly, the transportation networks and the IT companies that create all our equipment are probably our biggest cross-sector dependencies.

Cyber for comms is an interesting issue. There are those that seek to compromise data and those that seek to deny service. So, on the data side, we are really concerned about APT actors developing crazy new malware systems to target our networks. Increasingly, they have gotten a lot stealthier, and they use what we call “Living off the Land” techniques where once they gained access to a network, they are now using your own network tools, your own ways of operating against you to maintain persistence.

Ben Lane

What keeps you awake at night?

Chris Anderson

I think we are used to the normal response to disasters and the “noise” level of cyber-attacks, if you will. We are pretty good at running our networks, keeping them up, and keeping resilient. The thing that keeps me awake is a well-funded, well-resourced, technologically savvy nation state competitors who decide to target either communications itself or those other sectors that we rely on in a massive campaign, at scale. So, we could see a long-term, nationwide power outage driven by a cyber-attack or a sustained campaign against the backbone of the internet. I think in the Cold War days, we spent a lot of time looking at nation state rivalries and how that might play out, and I think over the last 20 or 30 years as a nation, we haven’t focused on a massive nation state powered attack, or how would we respond and how would we be resilient in the face of that.

Ben Lane

This will be an important topic that will be discussed in further detail at CIPRNA this year. Thank you for your time. We look forward to seeing you in Lake Charles March 12 to 14 where you will be speaking in the following sessions:

CI Interdependencies and Cascading Effects in Community Situational Awareness: https://ciprna-expo.com/session/ci-interdependencies-and-cascading-effects-in-community-situational-awareness/

Communications Sector Symposium: https://ciprna-expo.com/session/communications-sector-symposium/

Chris Anderson

I am really looking forward to it. Thank you.