Some of the larger and more influential technology companies and network operators are joining together in a new effort to improve the resilience and security of the infrastructure on which enterprises and consumers rely.
The new alliance is known as the Network Resilience Coalition and comprises many of the major tech players, including AT&T, Broadcom, BT Group, Cisco, Fortinet, Verizon, and several others. The group aims to bring together the major stakeholders that share responsibility for the security and resilience of the global network and work toward solutions to the biggest challenges they face. The coalition is associated with the Center for Cybersecurity Policy and Law, a nonprofit that brings together policy experts and technologists.
Part of the new resilience push will be to encourage organizations to be more diligent about patching and updating the software in their environments. For even a modestly sized company, patching is not a quarterly or even monthly task. It’s like doing laundry in a household with triplets; it’s a constant part of life. Updating to the latest software or firmware release to eliminate newly discovered vulnerabilities always sounds like a great idea, but there are plenty of mitigating factors that can delay patch deployment. Time and available resources are common hurdles, as is the possibility of breaking a dependency.
“Any link in the chain could be the reason why you have an outage tomorrow if you handle it improperly,” said Brad Arkin, chief security and trust officer at Cisco.
“There are customers who have products that they can’t patch ever for reasons that make sense in the context in which they’re operating.”
But the security and reliability of the global network depends not on one organization or even a small handful of them, but on everyone who connects to it doing their part.
“Network resilience is vital to the health of our economy and our interconnected world and there is a need to focus on how to improve the security of the larger ecosystem by all sides working together,” said Ari Schwartz, coordinator of the Center for Cybersecurity Policy & Law. “Too often we see organizations fall victim to a cyberattack because an existing critical update or patch wasn’t made.”
As part of the new effort, the coalition also will seek to inform policymakers about the challenges to building more resilient infrastructure and how legislation and government policy can aid that work. While most of the critical infrastructure in the United States–and elsewhere–is privately controlled, government policy has a significant effect on the way network operators and tech companies handle it.
Initially, the Network Resilience Coalition members will work to develop a report that details the major challenges and outline recommendations for addressing them, both for policymakers and for tech providers.