In the first part of this series I discussed some of the challenges that emerge when investing in cybersecurity. I also touched a little on some benefits beyond risk reduction.
In this section I want to highlight the broader communities served by communication providers. Those communities have technology dependent businesses and organizations. Or those organizations have business processes that are becoming more and more dependent on technology and the internet. If you have been to one of the NTCA events in the last few years then you’ve heard about Smart Rural Communities. High speed broadband in those communities offers many benefits to businesses, education institutions, municipalities, and medical services. At the same time those technologies open the door to cybersecurity risks.
The NIST cybersecurity framework and the threats from cybersecurity seem daunting for communications providers. Imagine the local farmers deploying unsecured webcams to monitor grain elevators, and children that are telecommuting to virtual classes on family computers full of financial information. The risks might not be the same as for communications providers but many of the customers they serve and hope to encourage greater use of high speed broadband could be caught unaware of the cybersecurity threats they face.
In general our communities are facing many cybersecurity risks. Each community also has critical infrastructure that needs securing against cyber threats. Many of the reasons communications providers focus on cybersecurity is because they play a vital part of the critical infrastructure, possibly as components of the Emergency Alert System.
There are other critical infrastructure pieces or organizations in the community and they are likely less versed in cybersecurity. Broadcast stations can to lack up to date security for their EAS equipment and other broadcast equipment. A French national network was shutdown by ISIS last April 2015, an FM station had its RDS system hacked (the digital descriptions messages about which song is playing), and the EAS systems of a number of stations were hacked in 2013 to broadcast Zombie attack messages.
As you can imagine securing those systems and other critical infrastructure is a concern to Homeland Security. Many of those organizations may lack cybersecurity experience or follow best practices. So not only are communications providers at risk, their communities, and the critical infrastructures in those communities are as well.
In the next part of this series we will look at what communication providers are doing to mitigate cybersecurity risks and how they might help their communities with those activities.