The sector of telecommunications, is one of the most important constituents of the United State national infrastructure. It plays a significant role in national security. The sector provides public utilities, industry, direct commutation and public utilities. Such services, together with inherent communications infrastructure are vital factors in maintenance of modern socio-economic life. Without doubt, a significant number of industries for example media and finance industries could not possibly be maintained in their current form without modern telecommunication services. Other sectors like retail and manufacturing cannot operate in their current scale and with high level of effectiveness that is seen without telecommunication services. In the same manner, the government would have difficulty maintaining regular services offered to the nation without modern networks of telecommunication. Additionally, advanced telecommunication services are needed in the management of national defense and to respond to disasters as well as other emergencies.
Regardless of the noble role the telecommunication sector plays, the sector’s computer infrastructure and networks necessary to support information-based socio-economic life in the US is subject to cyber-attacks. Cyber threats can either be malicious or accidental or in some instances, involve attacks by individuals, organized groups or foreign states. Such attacks, often are driven by political interests, ill will and desire for monetary gains. Cyber security threats involve stealing monetary resources or services, stealing information or damaging communications hardware or software (Caffrey & WanderPolo, 2013, p. 34). Cyber security attacks can be aimed at disruption of other industries or services dependent on functioning of communication services. The purpose of this paper is to analyze cyber security threats that are connected to telecommunications sector and reviewing effectiveness of cyber security technologies the sector employs. Specifically, the first section will analyze dependence of the sector on cyberspace and vulnerabilities that crop from this dependence. Additionally, we will evaluate relevant laws and regulations that are related to cyber security in this sector, the main regulation industries offering oversight and societal importance of the sector. Section two of the essay is going to discuss nature of competition within the sector. Additionally, we will analyze and identify recent news story related to the sector and which illuminates the issue of cyber security in the region (Hagihara, 1985, p. 85).
2.0 Analysis of Telecommunications Sector Cyber Security Threats
2.1 Dependence on Cyberspace
In the last couple of decades, the sector of telecommunication in the US has gone through significant transformation mainly closed wire line telecommunication, specialization in voice capabilities and provision of devices into a highly competitive, diverse, open and interlinked sector with satellite, wireless and cable capabilities. Demands by consumers and the need for business to stay competitive has resulted to convergence of traditional circuit switched networks that have packet based broadband and Internet Protocol networks. Many providers of telecommunication and networks have developed the capacity to provide video, data, text and voice transparently to different kinds of devices which are used by end-users (Barron, Hickey & Bart, 2007, p. 10). Today, mobile devices have capability of accessing web-based services and this is just an example of dependence of communication sector on cyberspace. The scope, scale, and character of convergence in networks had changed fundamentally and continues to change the prioritizing, planning and eventual delivery of communications (Barron, Hickey & Bart, 2007, p. 10). Packet-switched platforms have also resulted in better abilities placed on the networks and they are heavily dependent on intelligent end user devices to carry key functions. In the new converged environment, communications take place over cyberspace. The internet today, is a main resource to companies in telecommunication sector. The internet is inclusive of resources from both information technology and telecommunications sector. Telecommunications sector in the past, was focused on the telephone but today, it incorporates internet because of infrastructure convergence which serves both telephone voice and data traffic (Barron, Hickey & Bart, 2007, p. 10).
2.2 The Sector’s Vulnerabilities Due to its Dependence on Cyberspace
In the last couple of years, cyber threats have become more targeted, severe and complex. The information structure which includes telecommunication networks have become extremely vulnerable. The telecommunication sector has continued to be targeted by cyberspace criminals who are not known at unknown locations (Wohlstetter, 2001, p. 25). Their aim is exploiting and potentially destructing or disrupting activities within the sector. A single cyber-attack on Telecommunication Company when delivered effectively disrupts thousands of communication services to clients (US Telecom, 2014, p. 1). The potential of disrupting services for thousands of clients through use of a single attack is what makes companies within the sector of telecommunication and affiliated sectors attractive targets. Cyber-attack on telecommunication sector infrastructure is an occurrence that is not going away and it will continue to get more dangerous and complex as the internet ecosystem continues to develop.
Cyberspace criminals make use of the telecommunication infrastructure as the ideal means for transporting majority of their attacks. Therefore, they are dependent on a network that is healthy (Lobel, 2014, p. 2. In the same manner, criminal with the intention of attacking companies within the telecommunications sector by use of Advanced Persistent Threats (APTs). This is what makes companies in the sector vulnerable since attackers use the internet as the main source for transporting their malware and attacks. Presently, large companies in the sector with global operations have redefined themselves as technology companies (Lobel, 2014, p.2). For example, they develop mobile apps used to make VoIP calls and storage of data on cloud services (Bahtiyar & Caglayan, 2013, p.90). Capabilities of cloud computing coupled with mobility have led to creation of new frontiers of vulnerability for firms within the telecommunications sector which exposes them to numerous risks that are similar to those the technology company faces. Among areas that present major levels of vulnerability relate to hijacking of internet route also known as IP hijacking. Cyberspace criminals also compromise Internet routing tables in order to gain control over data packets. In the same manner, the telecommunications supply chain also increase vulnerability level (Lobel, 2014, p. 2). The chain of supply includes control layer equipment such as software, middleware and computer software. Components of computer equipment are manufactured and designed in different areas of the globe (Chee-Wooi et al, 2008, p. 1840). Firms within the telecommunication sector therefore are exposed to significant security problems since the control layer for telecommunication is linked to manufacturers of software and patches. The location of a manufacturer may generate security questions for operators in the telecommunication sector. For instance, it is possible for an entire network to be shut down using telecommunications control layer (Lobel, 2014, p.3)
2.3 Major Relevant Regulations and Laws
The federal laws have proven to be significant in addressing the issue of cyber security despite its complexity. It entails both satisfying proper federal law and federal systems in order to safeguard nonfederal systems. No legislation has been put into place, however, there are various statues enacted in order to address the varying aspects of cyber security. Some of these acts include:
2.3.1 The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984
Its responsibility is hindering several attacks on central computer as well as those used by international commerce and financial institutions.
2.3.2 The Computer Security Act of 1987
Under this law, the NIST (National Institute of Standards and Technology) were given responsibility of coming up with security standards for federal computer standards (Brechbuhl, 2010, p.90)
2.3.3 The Communications Privacy Act of 1986
It is comprised of several statues controlling verbal, electronic and wire communications. These statues work together with the Fourth Amendment of the U.S constitution that protects individuals from seizure and search.
2.3.4 The Health Insurance Probability and Accountability Act of 1996 (HIPPA)
The aim of this act is promoting competition in all markets. It states consumers are supposed to enjoy protection from monopoly abuses in specific markets so long as the abuses do not exist in present market. It also states the regulatory framework is supposed to ensure that industries and firms do not export their monopoly powers in other markets. It demands competition should be created in local markets before it is allowed in long distance. Implementation of the 1996 Act took necessary measures towards bringing change in telecommunication market. The Act envisions interrelated networks that are made up of complimentary elements comprised of both competing and complimentary services. The act uses both structural and behavioral instruments to attain its objectives. The act also attempts to lessen regulatory obstacles of rivalry and entry. It permits interconnection of telecommunication network and nondiscrimination to allow competitors to enter into the market and compete favorably.
2.4 Regulatory agencies that provide oversight
2.4.1 Federal Communications Commission
Its responsibility is regulating global and interstate communications by radio, satellite, cable, wire and television in all fifty states, the District of Columbia as well as United States territories. The agency attempts to deal with opportunities and challenges related with fast evolving advances in international communication, it focuses in: encouraging modernism, competition and investment in broadband facilities and services. Additionally, the agency also revises media regulations in order to promote defense of the nation’s communication infrastructure.
2.4.2: The National Association of Regulatory Utility Commissioners (NARUC)
This was established in 1989 and is a non-profit organization that aims at representing state public office commissions who control the utilities offering services such as telecommunications, transport, energy and water. Members of NARUC include all the 50 states, the District of Columbia, Virgin Islands and Puerto Rico. A large number of state commissioners get selected to their positions by their legislature or governor while the other fourteen states are voted.
NARUC’s objective is serving the interest of citizens through improving value and efficiency of public service regulation. Members of NARUC, under state law are charged with the mandate of ensuring these rates are offered at rates and conditions that are rational, fair and nondiscriminatory for all the customers (NARUC, 2014).
2.4.3 Public Commission in every State
The Public Service Commission is dedicated towards ensuring customers access services that are most vital such as electricity, natural gas, wastewater and safe water in a dependable and reasonable manner.
2.5 Societal Importance- effects on society
Involves engineering which reduces level of trust among people and other cyber methods used to agitate, propagate ad terrorize some groups in society (Balan, 2013, p. 190). The development of information and communication technologies has mass communication and its mediums at a place that is well known in modern society. In our current society, new media changes from social and internet communication to electronic chat rooms and any malfunction can have a great impact on individuals (Sales, 2013, p. 32). The cyber threat that is most popular is identity theft and majority of people in society are not aware of how they can avoid these kinds of attacks on their identity. It is anticipated the internet will form part of conflicts in the near future. The internet as well is used highly in battled as the medium of influencing global opinion or public opinion of a specific country. Communication that is internet based can be used to spread information as well in a manner that ethnic identity, cultural values ad religion of a specific group can be attacked.
Use of computers by users also plays a crucial role in cyber security environment. This is because the US population owns a large percentage of the communications and computer technologies in the globe, the large probable pool of vulnerable systems can be opted by botnets. This kind of exploitation makes the process of dealing with cyber-attacks quite complicated since the botnets can be situated with the US territories or may be under possession by citizens.
3.0 Review of the Effectiveness of the Cyber security Technologies/Policies Employed by Telecommunication Sector
3.1 Nature of Competition
The telecommunication sector in the United States, traditionally had been regulated. Regulation is used to date in certain areas of the industry. The notion of regulation is of great importance since telecommunication service markets was a natural monopoly which implied another competitor would not be able to survive in the market. The telecommunication sector is comprised of firms transmitting voices and data between devices. The importance of the industry is analyzed based on revenue generation. Until the start of the 1990’s, the industry was a monopoly and the Federal Communication Commission (FCC) regulated it. The monopolistic state of the sector meant the prices were determined by regulatory bodies once businesses complained of increased costs (Davis et al, 2006, p. 10).
During the mid-1990s, several changes took place in the sector and they affected the current state of the industry. The telecommunication Act was implemented in 1996 and its aim was reforming the telecommunication sector in order to enhance competition. It allowed new firms entrance in the sector to boost competition. Introduction of new network enabled VoIP and Cable providers to bring products of wireless telephony. The impact this had was realization of rise in market share of CLEC (Competitive Local Exchange Carrier) providers from 4.6 percent to 17.1 percent in 1999 and 2006 respectively.
The availability of different kinds of technologies such as fiber optics cable, wireless and Internet Telephony resulted in major changes in the industry. These new technologies also led to changes in the behavior of consumers and paved the way for new entrants into the industry. Cost structure of new companies is also low compared to that of existing firms. The different competitive factors also have an effect on telecommunication sector and can be analyzed through use of porters 5 forces framework.
3.1.1 Threat of Entry
Before the mid-1990, there were entry barriers into the industry due to large amounts of capital needed to cover expenses and uphold physical network to the client’s premise (Davis et al, 2006, p. 12). Firms, additionally were supposed to get license from FCC which was a tiresome and expensive affair. As such, the majority of companies in the sector were monopolies controlled by government and subject to heavy taxation and price controls. Deregulation and Telecom Act of 1996 offered reduction in barriers since new competitors were not expected to have personal networks. Changes in technology also contributed towards reduction in restrictions for example, Internet Telephony was a way through which several firms joined the industry without incurring fixed costs. Some of these entrants included Vonage, which begun selling its product in 2003.
3.1.2 Supplier Power
The suppliers in the industry are producers of fiber optic cables, network equipment and telephone switching. Some of the names well known in the sector include Cisco, Nokia, Motorola, Nortel and Tellabs. With capability of surplus and demand reduction, the suppliers lack the ability to discuss with telecom behemoths (Luther, 2010, p.23). There is also an increase in the demand in present years since most clients are installing networks that are fiber-based.
3.1.3 Power of Buyers
With entry of new farms, there are different technologies in the industry, purchasing power of buyers has also risen. Consumers are able to access different kinds of communication for example, instant messaging and email.
2.1.4 Threats of Substitutes
Technological breakthroughs result into introduction of substitute’s products and services. Some offer good services and they have reduced the importance of fixed line phones (Moran, 2013, p. 10). The substitute products include Satellite, Mobile phones, Email, Instant Messaging and IP Telephony. The most ideal way of communicating among the young people is known as Skype. This has led to reduced costs in wireless phones on an annual basis and it makes consumers very convenient and mobile as such making the fixed phone line outdated.
3.1.5 Industry Rivalry
New companies have ventured into the sector of telecommunication resulting in business rivalry which leads to prices reduction in the entire sector. There is also change in voice offerings into commodities which makes business buy from whoever is selling at a cost that is lower.
Ai, C., & Sappington, D. (2002). The Impact of State Incentive Regulation on the U.S. Telecommunications Industry. Journal of Regulatory Economics, 22(2), 133-159. doi: 10.1023/A:102058342746.
Bahtiyar, Ş., & Çağlayan, M. (2013). Security similarity based trust in cyber space. Knowledge-Based Systems, 52290-301. doi:10.1016/j.knosys.2013.08.012
Balan, S. (2013). Information Society: Content, Manifestation, Socioeconomic Implications. Internal Auditing & Risk Management, 8(2), 187-196.
Barron, D. M., Hickey, J. M. & Bart, D. (2007). Communications: critical infrastructure and key resources sector-specific plan as input to the national infrastructure protection plan. Ft. Belvoir: Defense Technical.
Brechbuhl, H., Bruce, R., Dynes, S., & Johnson, M. (2010). Protecting Critical Information Infrastructure: Developing Cybersecurity Policy. Information Technology for Development, 16(1), 83-91. doi:10.1002/itdj.20096
Caffrey, T., & WanderPolo, M. (2013). A Brave New World Awaits: The Elder and Special Needs Law Practice of The future. NAELA Journal, 9(1), 115-133.
Chee-Wooi, T., Chen-Ching, L., & Manimaran, G. (2008). Vulnerability Assessment of Cybersecurity for SCADA Systems. IEEE Transactions on Power Systems, 23(4), 1836-1846. doi:10.1109/TPWRS.2008.20022
Davis, L., Anderson, R., & Steinberg, P. (2006). Understanding Cybersecurity. Risk Management (00355593), 53(5), 44.
Epstein, R. A. (2013). Can Technological Innovation Survive Government Regulation. Harvard Journal of Law & Public Policy, 36(1), 87.
Hagihara, K., Masuzawa, T., Tokura, N., Ikeda, M., & Wada, K. (1985). Vulnerability of a Communication Network with a Satellite. Systems & Computers in Japan, 16(4), 19-28.
Lobel, M. (2014). Security risks and responses in an evolving telecommunications industry. Retrieved on 12 March 2014 from: <http://www.pwc.com/gx/en/communications/publications/communications-review/cyber-telecom-security.jhtml>.
Luther, F. D., Brown, Connor, K., Hanson, I., Madden, C., Patterson-Shuman, A., & Sharpe, G. (2010). Using Emerging Digital Technologies and Traditional Resources to Promote Cybersecurity: An Annotated Bibliography. Delta Kappa Gamma Bulletin, 77(1), 22-27.
Moran, T. H. (2013). Dealing with cybersecurity threats posed by globalised it suppliers. Policy, 29(3), 10-14.
National Association of Regulatory Utility Commissioners (NARUC) (2014). About NARUC. Retrieved on 12 March 2014 from: http://www.naruc.org/about.cfm
Sales, N. (2013). Regulating Cyber-Security. Northwestern University Law Review, 107(4), 1503-1568.
The Federal Communications Commission (2014). What we do. Retrieved on 12 March 2014 from: <http://www.fcc.gov/what-we-do>
US Telcom (2014). Cybersecurity. Retrieved on 12 March 2014 from: <http://www.ustelecom.org/issues/cybersecurity>
Wohlstetter, J. C. (2001). The Vulnerability of Networks. Regulation, 24(4), 50.