Telecommunications Security

Apparently the FCC’s ongoing battle with the telecommunications industry over cybersecurity is well, ongoing.  I read an article this week that discussed the agency’s never-ending battle to convince private telecommunications firms to do something (or rather anything) about improving their overall technical security posture.  FCC Chairman Tom Wheeler gave a speech at the American Enterprise Institute last week in which he discussed the ongoing challenge (and I’m paraphrasing here) to incentivize private companies to step up and enact some form of cyberdefense for their networks.  I say “some form” only half-jokingly because one of the key points of Wheeler’s speech is that “90% of the recent security breaches could have been thwarted with the implementation of basic or intermediate security measures” (Sandoval, 2014).  This shocking fact gave me déjà vu from a report I helped author last year for the capstone course of my Cybersecurity Masters Degree.  Coincidentally, my final project involved assessing how various aspects of industry and security affected a fictitious telecommunications firm named Avisitel.  My portion of this project (see excerpt below) revolved around how the nature of telecommunications competition in the United States has created a perfect storm of inactivity which surprisingly has not lead to a catastrophic attack on one of our most critical infrastructure components.

Nature of Competition

On the surface, the telecommunications industry in the United States is a varied mix of technologies and providers.  In 2012, the United States Telecom Association (US Telecom) identified 1,662 separate firms (US Telecom, 2013).  These companies provide the gamut of technologies with the vast majority offering digital subscriber line (DSL) and/or fixed wireless services. Avisitel falls into this category offering mobile and landline telephone services as well as broadband cable.  In addition, according to data provided by the National Telecommunications and Information Administration (NTIA), 95.4 percent of America’s population has access to at least three wireless carriers and 88 percent were presented with at least two wired broadband options (US Telecom, 2013).  Although these statistics lend credence to the theory that the telecommunications industry is a highly competitive field, many critics disagree. 

Susan Crawford, professor at the Benjamin N. Cardozo School of Law in New York argues that America’s telecommunications infrastructure has been taken over by monopolists (Carr, 2013).  This in turn has led to a situation characterized by limited oversight, underdeveloped innovation and widespread consumer fleecing.  Crawford explains that four main companies control the majority of wired and wireless telecom services in the United States.  In markets covering approximately 50 million Americans, Comcast and Time Warner have complete control over broadband while Verizon and AT&T own 64 percent of all wireless services.  This in effect creates a broadband duopoly between telephone companies and cable TV providers (Hazlett & Weisman, 2011).   Although the 1996 Telecommunications Act was designed to foster increased competition in this industry, Crawford argues this law instead allowed telecom firms “…to simply divide markets and merge their way to monopoly” (Carr, 2013).  Now or in the very near future, this market environment will mean that the majority of Americans in metropolitan areas will only have access to a single provider of high speed data (Crawford, 2011). 

The nature of this competition has become problematic for the federal government in attempting to implement a national cybersecurity strategy.  Although US Telecom recognizes the increasingly important role the telecommunications sector represents to the American infrastructure, this has not stopped the industry from pushing back against cybersecurity initiatives.  The telecom association and other industry representatives failed to ratify a list of cybersecurity suggestions put forth by the Federal Communications Commission (FCC) (Yadron, 2013).  Officials argue that generic cybersecurity guidelines cannot be applied to their complex industry.  Moreover, the FCC’s advisory panel insinuates that government mandated reform of the private sector makes firms nervous.  Unobstructed by competition and benefiting from an economy of scale, telecom firms like Avisitel do not have the same oversight as companies in other industries.  As a result, successful implementation of current cybersecurity standards has solely been a voluntary effort.

References

Carr, D. (2013). Telecom’s big players hold back the future. The New York Times. Retrieved

from http://www.nytimes.com/2013/05/20/business/media/telecoms-big-players-hold-back-the-future.html?pagewanted=all&_r=0

Crawford, S. P. (2011). The Communications Crisis in America. Harvard Law & Policy

Review, 5(2), 245-263. Retrieved from http://www.acslaw.org/publications/harvard-law-

and-policy-review

Hazlett, T., & Weisman, D. (2011). Market Power in US Broadband Services. Review Of

Industrial Organization, 38(2), 151-171. doi:10.1007/s11151-011-9289-5

Sandoval, L. (2014). FCC: Companies must step up to improve cybersecurity or else. Tech Times. Retrieved from http://www.techtimes.com/articles/8460/20140616/fcc-companies-must-step-up-to-improve-cyber-security-or-else.htm

US Telecom. (2013). Broadband industry stats. Retrieved from http://www.ustelecom.org

/broadband-industry/broadband-industry-stats

Yadron, D. (2013). Internet providers persuade FCC panel against cybersecurity

recommendations. The Wall Street Journal. Retrieved from http://online.wsj.com/news/articles/SB10001424127887323639604578368722811930666