AT&T is fighting back against claims made by the FCC that the telecom community lacks the capability to protect consumers and business customers from cyberattacks.
The FCC recently issued a white paper on “Cybersecurity Risk Reduction” that raised several issues around the role of internet service providers (ISPs) in cybersecurity.
According to the regulator, the rising tide of cyberattacks over the past decade signals a new approach is needed.
Specifically, the FCC said that because large ISPs hold strong market power, cyber threats are not relegated to those providers alone. Consumers could be caught in the middle because they might not be able to choose an ISP that has better or different security practices.
Second, the FCC said that individual service providers can’t overcome marketwide barriers in order to strengthen security. The regulator suggested that “broader action” may be needed “by voluntary industry associations and/or by government action” to improve cybersecurity preparedness in the communications industry.
“When deciding how much to invest to reduce cyber risk, the cost-benefit analysis of ISPs naturally considers the risks to the firm,” the FCC said in its paper. “Unfortunately, relying on market forces alone fails to adequately weigh the risks imposed on third parties who rely on the networks and services they provision. A cybersecurity gap confronts the public.”
AT&T disputes 'bold assertions'
However, AT&T disagrees with the FCC’s assertions about its cybersecurity capabilities.
In a blog post, the service provider takes issue over two claims the FCC made in its paper: service providers like AT&T don’t have the incentives to protect its network and customers from cyberattacks, and the regulator’s authority over cybersecurity.
“The Bureau makes bold assertions but doesn’t provide any evidence that there are a lack of incentives for carriers to protect their networks from cyberattacks,” said Chris Boyer, assistant VP of global public policy for AT&T in the post. “Instead it relies on already-debunked assumptions that there is inadequate competition in the broadband marketplace, and then leaps to the conclusion that ISPs therefore won’t invest in protecting their networks and customers from cyberattacks.”
Being a large carrier, AT&T said it has employed a staff of security experts to analyze network traffic 24/7/365 to understand and identify emerging threats.
Today, AT&T has eight global security operation centers and holds 179 security and privacy patents. In order to keep up with new threats, AT&T has a “fleet” of cybersecurity experts, and it is actively training and retraining employees to increase its security staff.
On an average day, AT&T said that the telco’s security experts see more than 30 billion vulnerability scans and 400 million spam messages "cross its global IP network every day." Interestingly, the increase of Internet of things (IoT) devices over the past three years has driven a 3,198% rise in vulnerability scans.
Boyer said, “we’re well aware of the threats to our network and our customers, and are taking meaningful steps to counter these risks.”