CenturyLink

Kathryn Condello

Addressing Cyber Risks through Public-Private Partnerships

Today, we live in a world where everyone and everything are connected and it is this interconnectedness that has brought extraordinary enhancements to our professional and personal lives. The internet has quickly become the control system for both our virtual and physical worlds, and recent headlines attest that our critical infrastructure is under constant attack every day.

But this collective reliance on technology also creates dependencies and interdependencies that we as a nation have begun to address. For example, as one of the largest global internet backbone providers with customers in more than 60 countries, CenturyLink works vigilantly every day to protect our network against cyberattacks. The work we do is vital to the availability and security of not only our own network, but those of the customers we support as well. 

We place great emphasis on understanding the threats, risks and vulnerabilities within the global internet ecosystem, so we can better protect CenturyLink’s network, enterprise and customers. We gather these insights from our extensive visibility into the global IP ecosystem, as well as numerous sources within the industry, which include our peers, our vendors, fellow security providers, government agencies and customers. 

But some risks cannot be mitigated solely within this space. We rely on services from other critical infrastructure providers, like power, transportation and finance, for our operations and their operations can be impacted by cyber events. 

And if we rely on something, but don’t own it, control it or manage it, how do we make sure that our operations, and by extension our customers’ operations, are assured? In this rapidly evolving environment, CenturyLink addresses these “dependency” risks and develops mitigations through a series of public-private partnerships. 

In the private partnership arena, CenturyLink has a leadership role within the communications sector and addresses these issues on an ongoing basis with our peers. The problems addressed in these venues are generally intractable, or ones that cannot be addressed solely by one company or one sector. Current priority efforts are focused on the three critical “lifeline” sectors of power, financial services and communications. 

Recently, representatives from these sectors developed a catastrophic incident response plan designed to optimize our joint response for the betterment of both our customers and critical operations.  Building upon existing sector response plans, this protocol recognizes that there may be catastrophic events that surpass our individual resources to address, such as a cyber-induced, sustained power outage impacting large portions of the nation.   

While just a first step, this response plan recognizes that developing a joint course of action will likely produce a better result.  Over time, we will work to modify and integrate this protocol across all critical sectors, and then incorporate it into the U.S. government’s National Response Framework.    

CenturyLink is also actively engaged with the recently announced U.S. Department of Homeland Security (DHS) National Risk Management Center, where activities are currently focused on addressing cyber threats associated with potential compromises in the global supply chain.  These efforts are focused on developing a strategic framework to identify critical cyber supply-chain elements that might impact all critical infrastructure sectors and to foster secure and transparent supply-chain options.

Furthermore, CenturyLink has a 24/7 presence in the DHS National Cybersecurity and Communications Integration Center (NCCIC) and is also a member of the DHS National Coordinating Center. Through these public-private partnerships, CenturyLink has access to a full range of government and other critical infrastructure information on cyber threats and can both give and receive support in the event of an incident of national significance. 

These partnerships, which have been active for years, have already been instrumental in building a common understanding and greater depth of knowledge regarding the challenges we all face to protect our cyber ecosystem’s resiliency.

The next time you read about a cyberattack targeting our critical infrastructure, rest assured that these partnerships will help us collectively respond to protect our economy and our way of life.