The NIST Cybersecurity Framework and its 98 subcategories can appear daunting to the typical resource constrained, independent telecommunications company. Fortunately for its membership, NTCA has been working with NIST, the FCC and its members to make sense of the NIST Cybersecurity Framework. They have also been tracking and providing input to the FCC’s cybersecurity working group, (Communications, Security, Reliability and Interoperability Council (CSRIC) IV advisory council) which recently issued a report (PDF) about how the NIST Cybersecurity Framework relates to communications providers.
Cybersecurity was a major topic at the 2015 IP Possibilities conference and, in the above video, Jesse Ward, NTCA’s Industry and Policy Analysis Manager, summarizes insights from the various speakers. Ward, who has been been NTCA’s voice on cybersecurity, points to Bill Trelease of Delhi Telephone and how they took a very pragmatic approach to cybersecurity by creating simple block diagrams of how they connect to customers with critical infrastructure. They can then focus their security hardening efforts on the various elements in those block diagrams.
As Jesse suggests, a big part of the Framework is documenting processes to help illuminate where there might be security holes. In many ways, it is reminiscent of ISO900x processes for manufacturers. And, like those processes, it might even be a competitive edge for the provider, if it helps create a more trusted environment as well as a consistent operation.
Stay tuned for additional coverage on this topic.
Coverage of the 2015 IP Possibilities made possible by NTCA.


