Threats to telecom networks are becoming more frequent and unpredictable. This trend requires a fundamental overhaul of the traditional telecom risk management model. The increased frequency and severity of extreme weather events is leaving grids vulnerable to network outages. For example, back in 2012 Hurricane Sandy devastated Verizon’s Northeast network and basement-level communications hubs in Manhattan. A key mitigation for such risks is converting networks from copper to fiber because copper cable splice points are much more vulnerable to water damage.
Yet even fiber has its own vulnerabilities to flooding in the end faces, where the fiber connects to other network devices, as demonstrated when Hurricane Michael hit the Florida Panhandle in 2018 and caused major damage. In addition, cyber security vulnerabilities have also been found in 5G networks that could allow attackers to snoop on phone calls, and more latent vulnerabilities may exist.
Not only is the array of threats increasing but full-fiber and 5G networks are much more fragmented and difficult to protect than previous telecom grids. Distributed, software-defined digital routing and the decentralized distribution of 5G antennas and 5G base stations throughout populated urban areas create an even greater range of network vulnerabilities. This means new telecoms networks are more exposed to natural hazards such as extreme weather events damaging cables or antennas, as well as cyberattacks targeting digital routing or even higher-level network functions.
With full-fiber and 5G set to be the fuel of future social and economic growth, underpinning everything from smart cities to the industrial “Internet of Things,” telecom grids will require additional resilience to cope with today’s complex realities. Now more than ever, companies require a proactive and predictive risk management model that can continue to grow and evolve to keep pace with new threats to the network.
Beyond reactive defense
The unpredictable, varied, and fluctuating threat landscape means telecom operators must now go beyond reactive risk management and recovery and instead adopt proactive network resilience. They need the ability to swiftly identify the site and source of current hazards but also to predict and prevent future incidents.
Central to the entire effort is their ability to collect data from every part of the network, from workers to digital twins, effectively turning all network assets into sources of real-time threat intelligence.
Companies require rich data from across their workforce to provide a holistic picture of current hazards and mitigation strategies as well as absorbing and applying insights from previous incidents. This requirement demands network geospatial information systems capable of capturing and aggregating data from any network asset, from a 5G antenna to an employee smartphone, and matching this with accurate location data to reveal the locus and the solution for every problem. Accurate Systems of Record (SORs) and digital as-builts are critical to ensure a comprehensive and current risk overview. There is a clear need for open platforms that can absorb and amalgamate internal and external data, such as weather and climate change data. Such platforms are essential to provide a multifaceted risk picture that considers not only internal vulnerabilities such as exposed cables but external hazards such as storms and other extreme weather events.
Matching all telecom data with location data is necessary to contextualize threats, reveal interdependencies with neighboring infrastructure that could create shared vulnerabilities, and identify priority customers or communities to protect.
Some of the most proactive operators use geospatial data to create location-based threat dashboards containing historic and real-time data.
Yet many telecom operators lack the capacity to do this because their systems fail to fully capture live insights from both workforce and network assets. Network data is rarely held in an accessible, digital, and mobile-friendly format that is open to field workers or contractors. Many networks do not link all network data with location, which is critical to understanding risks in all regions of the infrastructure. And many smaller operators are not even documenting their network in a digital SOR. All too often, network data is also inaccessible to other departments or incompatible with important sources of threat intelligence such as local meteorological or ecological satellite data.
A resilient grid requires a transformation in the way that network data is captured and stored and how operators put this data to work.
Outlined below is a five-step roadmap to data-driven network resilience:
Step 1: Digitize and decentralize
Operators must first assess their existing network to create a resilient system that proactively anticipates and mitigates potential vulnerabilities and is agile enough to respond to new threats. Achieving this goal involves harnessing open, mobile-friendly geospatial information platforms that can harmonize information from a decentralized array of sources from sensors to field worker smartphones. The effort should extend to the use of open APIs to integrate location-based network data with information from external sources such as weather hazard data.
Step 2: Risk assessment and resilience
Assess the network to create a resilient infrastructure that mitigates single points of failure and network weaknesses. Companies should harness field workers and network assets to provide live, location-based intelligence that reveals the site and source of hazards to predict and preempt threats. Geospatial network information could be incorporated into virtualized telecom networks to help anticipate and avert threats in any location. This integration gives network operators greater insight into threats as the equipment itself can indicate risk or damage and allow operators to seamlessly reroute traffic through other virtual networks to prevent service failures.
Step 3: System resilience & security
Whether organizations adopt third-party cloud environments or bring such capabilities in-house, they must support geographic resilience, system redundancy, and the latest advances in cyber security. Critical network software must ensure data is duplicated and encrypted to eliminate single points of failure.
Step 4: Incident response
Have a company-wide damage assessment and incident response strategy across office and field staff. Organizations should create a live, location-based overview of both hazards and threats across the network. For example, Kansai Electric Power in Japan is working on an “outage dashboard” that provides a live picture of damaged or degraded assets or local hazards such as tornados. Incorporating this data into incident reports not only helps create more rapid and predictive maintenance of networks, but also encourages a forward-thinking risk management model that can draw on past incidents to inform future solutions. In this way, networks grow collectively stronger and smarter from every setback.
Step 5: Practice
Test your IT systems and operational procedures with regular drills to ensure the workforce is trained to expect the unexpected and assets are resilient to threats. Just as companies perform health and safety training, they should test and train all assets for network resilience. This practice will ensure that risk resilience is automatically baked into all processes, systems, and workers.
The threats facing the telecom industry today are unpredictable and changing at an ever-growing pace. However, by implementing the steps described here, telecom organizations are much better positioned to proactively manage their risk. Following the strategy laid out above can help to build a holistic, accurate, and timely view of the network that learns from past incidents and anticipates future risks, creating greater long-term resilience and flexibility to face the of myriad challenges ahead.
Jay Cadman is senior vice president, enterprise at IQGeo.
