Amidst all the hoopla about all the funding that the government has made available for broadband, one area that’s still under the radar for many stakeholders is cybersecurity requirements for participation in the funding programs. But Jill Canfield, general counsel and vice president of policy for NTCA – The Rural Broadband Association, sees a big change coming in that regard.
“I will be surprised if there is a single program involving critical infrastructure that doesn’t have a cybersecurity requirement,” said Canfield in an interview with Telecompetitor.
The biggest federal source of broadband funding will be NTIA’s Broadband Equity Access and Deployment (BEAD) program, which has a budget of $42.5 billion for deployments in unserved rural areas. The funding will be administered by the states at the direction of NTIA, and Canfield noted that NTIA has issued rules for the BEAD program that require the states to require network operators applying for funding to attest that they are abiding by the cybersecurity and supply chain risk management guidelines established by the National Institute of Standards and Technology (NIST).
A big topic of debate in coming months will be about what exactly funding applicants must do, Canfield predicts. Will it be sufficient for applicants to say that they comply with the NIST framework? Or will they have to provide additional detail?
Broadband Cybersecurity
In either case, NTCA’s small rural network operator members are well prepared to meet cybersecurity requirements, as cybersecurity has been a key focus area for the organization, Canfield said.
“Small broadband providers are ready to comply,” said Canfield.
According to Canfield, participation in CyberShare: The Small Broadband Provider Information Sharing and Analysis Center (ISAC) program is an excellent means of meeting anticipated cybersecurity requirements. NTCA established CyberShare in 2017 as a pilot program with funding from the Department of Homeland Security that was managed through the National Institute of Hometown Security.
Based on the interest seen in CyberShare, the decision was made to launch the program as a product, which is now used by about 85 companies.
Participants get a daily email outlining dozens of threats compiled by a third party. The email also details what to do to mitigate each threat, and participants have the opportunity to discuss threats with other participants to get advice on how to handle any issues that do arise.
“They learn a lot from each other,” Canfield said.
Other program benefits include a twice monthly call with guest speakers or a discussion of a high-level threat.
The Rural Wireless Association recently became a CyberShare co-sponsor and NTCA expects to make a similar announcement soon.
“We want to raise awareness beyond NTCA,” Canfield said.
With that goal in mind, Canfield recently hosted a webinar with the executive director of the Cybersecurity and Infrastructure Security Agency (CISA) that was sponsored by multiple provider associations and drew 200 attendees.
Canfield noted that information sharing (ISAC) groups similar to CyberShare exist for other critical infrastructure, including electricity and water. And CyberShare appears to be well positioned as the key ISAC for small broadband providers.
Additional information about CyberShare is available at this link.
