Following Day 1 of TIA’s Member Meeting and Global Conference, Day 2 featured sessions on international standards, network security, software and more with experts who discussed the key issues from throughout our industry.
The opening Keynote address was from Doreen Bogdan-Martin who is the Director of Telecommunication Development at the ITU. In her address, recorded from Kigali, Rwanda, her remarks covered a wide range of subjects which opened on how the Covid pandemic demonstrated the critical importance of our networks as we saw millions of people lose their jobs and millions of children lose connections to their education.
In addressing the digital divide, Bogdan-Martin noted there are still an estimated 3.9 billion people in the world without access to broadband. She also reminded attendees that there are still hundreds of millions of people who technically have access but still encounter challenges like poor quality services and affordability.
Bogdan-Martin stressed it must be people who drive technology and not the other way around. This especially rings true when it comes to sustainability for our industry. To reduce our environmental impact, she described how reducing digital energy consumption was important but also increasing the use of renewable energy and recycling more electronics for a more circular electronic supply chain.
“Last year,” Bogdan-Martin said, “there was 53 million tons of electronic waste globally and only 20% of it was recovered and reused.” She cited the need for more e-waste oversight and governance but stressed that data was key for any new regulations.
Lastly, she discussed the ITU’s Partner2Connect Coalition and how it exceeded expectations with over 380 pledges so far. She described the hard work from the ITU who is working to build a more inclusive internet and working to get everyone access to broadband to ensure equal access to opportunity.
Following Doreen Bogdan-Martin was a panel discussion titled The Importance of Securing Critical Communications Infrastructure in a Connected World. The session opened with remarks from Dr. Allan Friedman, Senior Advisor and Strategist with the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Dr. Friedman opened his remarks focusing on transparency and how with the growing role of software, the need to know what exactly is in our networks is higher than ever. One concept that is gaining increased adoption across many sectors is the Software Bill of Materials (SBOM) – essentially a nutrition label but for software code instead of food or drink ingredients. He noted that critical infrastructure still operates without a library of system “ingredients.”
Dr. Friedman encouraged all organizations to explore SBOM and start using them for internal developments and for suppliers. He noted that while there is no standard SBOM approach, there are resources available to help from CISA, NIST (National Institute of Standards and Technology) and other organizations. He quipped that in today’s environment, it reminded him of the adage of “building the plane while we fly it.” He also made sure everyone knew the “S-B” in SBOM does not stand for “silver bullet”, meaning that can’t guarantee security, but it is still very important to start adopting.
One challenge for SBOM adoption Dr. Friedman highlighted was that since it was new, and not required to use, there is no existing demand for it and thus, companies are not going to widely adopt it without some level of incentive. Part of making SBOM usable for companies is to format the data in a machine-readable fashion that will allow for automation of scanning potential vulnerabilities.
President Biden issued Executive Order 14028 which Dr. Friedman believed was a first step. The log4j breach demonstrated the scale of risk that exists in our supply chains and Dr. Friedman explained how that woke up the world to the challenges we are facing. He believes open source is still an opportunity for hackers and cyber crime but that the risks are becoming much better understood.
At the end of his remarks, he highlighted the CISA Vulnerability Exploitability eXchange (VEX) and spoke to how our infrastructure needs more transparency to build and maintain trust. He believes all organizations, and especially those who operate critical infrastructure, should be using a minimum level of SBOM that includes things like the supplier, component name, version number, and source location.
Following Dr. Friedman’s remarks, the discussion was handed over to the panel which included Sanjay Macwan, Chief Information Officer and Chief Information Security Officer at Vonage and Bob Martin, Senior Principal Engineer from the MITRE Corporation and was moderated by Jamie Gibson, Vice President of Technology Sales and Engineering at Ribbon.
Sanjay Macwan described great challenges and opportunities that are coming as “software eats the world.” Everything from SaaS solutions used by an organization to their OSS/BSS platforms, all software should feature security by design at every stage of development. Bob Martin agreed and said that while companies have their supply chains, most software has its own supply chain and without SBOM or other tools, we’ll continue to have limited visibility.
Martin said “pedigree and providence” are becoming more important when it comes to software in the market. Another action organizations are taking is identifying software that is perhaps outdated and no longer receiving updates – a red flag for a potential vulnerability. Ultimately organizations need auditable data for when a breach occurs to reduce response times but Martin cautioned the audit capability would have to be set in a permission-based access role.
Gibson asked the panelists how public and private sectors can partner on the issue of security for critical infrastructure. Martin said SBOM is one way that is already happening and that Exec. Order 14028 can be looked to for what will eventually come from the public sector and policy side. Macwan highlighted that the focus on cyber security is improving for both sectors and one way it can get even better is to increase transparency and the sharing of threat and vulnerability information as a two-way street in that both sides have information that would be useful to the other.
Macwan also spoke to the important role of trade associations and standards development organizations like TIA who help bring the two sides together for meaningful engagement. Martin agreed and described the important work being done at TIA on the new SCS 9001 supply chain security standard which leverages measures like SBOM and helps organizations plan for their own zero trust architecture strategy. Martin cautioned, however, that Zero Trust is not a product or a service but rather a new approach or philosophy for most organizations.
The next session was a panel discussion on The Need for Continuous Improvement in Software driven, Agile and Open Networks. It featured guest speakers, Vivek Gaur, Head of Engineering at COLT; Vignesh Ramamurthy, Chief Architect from Infosys; Sankaran “Ram” Ramanathan, Executive Director of Network Support Systems for Verizon Wireless; and was moderated by Mike Regan, Vice President of Business Performance, TIA.
The panel opened the discussion on the challenging landscape for software development in networks and how the perception of complexity and skills needed to work in this field must be overcome. Vivek Gaur from COLT said the more modern software-driven networks offer better performance and integration into existing network technology stacks, but developer skillsets need to grow. Ram agreed and described how network engineers should have an end-to-end view because they are becoming more like internal integrators with more API’s, cloud services, and edge computing. Ramamurthy noted there are no longer vertically integrated networks as they become more containerized and disaggregated infrastructure.
Staying on the topic of integrations, Gaur noted the increased risk that comes with more connections and highlighted three fundamentals to keeping risk down: Automation (wherever possible/practical), quality partnerships with suppliers and customers, and interoperability of systems. Ram described the challenge of maintaining the 99.999 service quality levels as networks change and evolve. He noted that it should be part of a 3 to 5-year plan as service providers set their long-term goals for network upgrades and changes.
The conversation then shifted to Quality and KPI’s. Ram stated how perhaps some new KPI’s are needed as network exposure measurements are now emerging. He also noted that customer experience focused KPI’s can help with the aspects of maintaining 5-9’s levels of availability and seamless hand-offs.
Gaur described the current concerns for managing modern networks: complexity is now multi-dimensional and no longer “flat.” He talked about how going from hardware-centric models to software for better intelligence and virtualization capabilities because software is faster and easier to update than hardware. He said it also can help speed up the process for identification and repair of a fault. Ramamurthy described seeing the merging of traditional software development into network engineering. While it requires complex orchestration, automation is the key to success, especially pertaining to virtualization.
Lastly the panel was asked by Regan for their views on the use of open-source software by their suppliers. Ram opened with the notion that it is fine as long as there is good governance over when and how to use it and they always need to ask, “what would happen if [there was a breach].” He said suppliers should always make their customers aware if they use it, as it will improve transparency and build trust between the supplier and customer. Both Gaur and Ramamurthy weighed the pros and cons of open source and must be weighed on a case-by-case basis because it was too broad to generalize as good or bad. At the end of the day security teams should be aware of any and all open source being used.
The last session of the event was titled, “The Case for International Standards to Improve the Connected World” and featured speakers, Henry Cuschieri, Technical Group Director for ISO;
Mary Saunders, Vice President of Government Relations and Public Policy at ANSI; Dirk Weiler, Board Chair of ETSI, and was moderated by Ajit Jillavenkatessa, Senior Standards Policy Legal Advisor for Apple.
Jillavenkatessa opened the discussion by describing how standards work best when they are international and widely used. It helps companies gain new market entry and growth in addition to bringing general benefits to the end user or customers. Mary Saunders highlighted some new dynamics of standards development but also aspects like inclusivity, openness and integrity remain at its core. For U.S. standards policy, the priorities have evolved to favor cybersecurity, information security, and data privacy.
Henry Cuschieri added the U.S. membership in ISO shows it has a strong commitment to international standards work and he applauded the work done by ANSI, stating “technology knows no borders…and that’s good. It shouldn’t.” Dirk Wieler said the U.S. interactions between government and industry are strong and he would like to see more collaboration with standards development organizations under the ITU. Weiler also described how it may be time for standards themselves to evolve past just being a series of pdf documents, noting we have the technology now to transform how we write them.
The panel also brought up China’s increase in activity around standards development and their Standards Strategy, noting the government will choose whether the country uses local standards or international standards. Additionally, the panel cited the EU Standards Strategy, which was released in February, as it holds many recommendations as well as concerns, such as the use of standards in policy and law as it has the potential to blur the lines between the public and private sector’s responsibilities.
One of the biggest challenges in the international standards space is sustaining the number of professionals who volunteer in standards committees. Saunders says this has long been an issue but it’s only now getting the level of attention it should have. She also described the importance of mentor programs to help newcomers get acclimated to standards development as it can be overwhelming to join without someone to help guide the new volunteers.
Henry agreed and expressed concern as a wave of standards professionals are going to be retiring in the next few years and he also sees the challenge in attracting new volunteers. He mentioned the speed at which standards are developed can also be a hindrance as achieving consensus can take a long time with stakeholders around the world. Henry also described the importance of using colleges and universities to train students on standards and encourage their involvement earlier in their career.
Weiler concurred and cited that the EU Standards Strategy includes using schools to educate students on standards with Finland as a primary example. He said Finland was successful in getting more young volunteers than other countries because the companies are hiring earlier and training them on how to get involved in standards development.
The last point made by the panel on this topic was about how they are now seeing more than just engineers join in standards development, to which everyone agreed was a positive sign and were encouraged by how it could bring more diverse skills, views and input.
To watch any of these sessions on demand, visit our event page to register or return to the virtual event environment: https://tiaonline.org/2022-virtual-member-meeting-and-global-conference/