The TIA QuEST Forum Trusted Network Summit has wrapped up and given the industry and government attendees some insightful discussions and remarks on the big challenges and opportunities that ICT organizations are facing in the areas of quality and security. With technology, business and government expert speakers on hand, a variety of perspectives were shared to give the audience insights from service providers, suppliers and manufacturers, and regulatory professionals.
The opening keynote address was provided by Dr. Laurie Locascio, Director of the U.S. National Institute of Standards and Technology (NIST). Dr. Locascio opened her remarks emphasizing the importance of industry standards as an integral part of U.S. leadership in the technology sector. Additionally, she highlighted the valuable role of government by explaining the goals of the Chips and Science Act that will support US-based semiconductor manufacturing and development. More can be learned at CHIPS.gov.
Dr. Locascio also congratulated TIA QuEST Forum on formally launching SCS 9001 cyber and supply chain security standard and highlighted the important alignment with NIST’s related frameworks. She noted that we are all playing our parts to cultivate trust in our technology supply chains and between our businesses by helping both public and private sectors manage risk as best as possible.
Keri Gilder, Chief Executive Officer of Colt, a growing service provider based in the UK, followed Dr. Locascio with the industry keynote address. Keri gave very insightful remarks on the importance of quality and security and with an example from 1999 with the Melissa virus and how that could be viewed as a harbinger of what was to come later. Keri called out that when TL 9000 was created nearly 25 years ago that only 9% of households had the internet, and today with approximately 90,000 websites experiencing some sort of hack that TL 9000 is more relevant than ever.
Gilder noted that INTERPOL has reported a wide increase in cyber attacks during and following the pandemic and called out that 60% of supply chain based cyber-attacks exploited trust and Colt sees over 10,000 DDoS attack attempts per day. She went on to explain the rise in attacks is going to naturally result in an increase in regulations.
The CEO of Colt called on the industry to evaluate if doing business with high-risk vendors is worth continuing. Organizations are requiring more security controls in the supply chain for network solutions, including the enterprise SD-WAN and SASE, public infrastructure resources, and more.
Following Keri Gilder’s address was the first panel discussion, “Network Security Starts with the Supply Chain” which featured speakers Dave Harcourt, Chief Security Authority and Automation Director, BT; Brian Hintze, CISO for Americas Region, Fujitsu; Chris Poli, Sr. Director of Product Line Management, CommScope; and moderated by Clete Johnson, Partner, Wilkinson Barker Knauer, LLP.
Mr. Johnson opened the discussion on what and how government influences are starting to impact organizations around the world. Dave Harcourt from BT responded with insights on the UK’s Telecommunications Security Act which requires operators to demonstrate compliance with the regulation requirements. He went on to note that international consistency is needed because it is difficult for companies to meet different standards in different countries and regions.
Chris Poli from CommScope likened the new regulatory environment to when governments started requiring cars to have, and people to wear seatbelts and that a minimum baseline is needed for industry to use its own best practices. Brian Hintze with Fujitsu spoke to the Biden Administration’s Executive Order 14028 as a U.S. example of emerging regulations in this area but emphasized the importance of private industry taking the lead on developing the standards development for security of our connected technologies.
Chris Poli pointed out that network elements are being commoditized which is helping drive security requirements throughout networks and especially for software components. Dave Harcourt added on to the importance of software providence by pointing out that BT had suppliers who could not measure or report up on the impact of the Log4j breach and that the merging of telecom in IT environments is pushing the need for new requirements.
When it comes to complying with government regulations, the panel was hopeful that standards like SCS 9001 can help demonstrate compliance with regulations like TSA and EO 14028.
Deepti Arora, Mobile Networks Chief Quality Officer at Nokia delivered a keynote address on ICT Quality. She described continuous quality improvement is like security in that it’s a never ending journey. Deepti pointed out that many industries have created their own respective quality standards, such as automotive, aerospace, and ICT noting that for ICT, a driving factor has been zero tolerance for failure and auto-recovery or self-healing.
Deepti drove her point home with slides showing how end to end quality management leads to lower field outages, lower product returns, and higher customer satisfaction.
Following the keynote was a panel discussion on Surprising Results After 20+ Years of Continuous Quality Improvement. The speakers were Andy Caso, E2E Quality Director, Verizon; Jawad Khalid, Expert Engineer Resources and Quality Management, Etisalat by e&; Eric Simmons, Sr. Engineer Global Quality Systems, Corning; John Wronka, Global Vice President of Quality, DZS; and moderated by Brenda Bissell from ANSI National Accreditation Board (ANAB).
The speakers discussed how TL 9000 benchmarking data shows steady decline in critical field problems and what new initiatives continue to drive improvement. Andy Caso from Verizon talked about automation for testing and security scans, and now devops with more AI are driving meaningful improvements.
Jawad Khalid talked about how TL 9000 has adapted to cover modern networks over the last 20 years now accounting for sustainability and security when it didn’t when it first launched by the industry. Additionally, it now has product categories to account for more virtualization in ICT networks.
Eric Simmons from Corning talked to how the TL 9000 provided a foundation for ensuring customer satisfaction and hopes in the future it helps dig deeper into risk assessments to help transform organizations for the better.
John Wronka from DZS pointed out how TL 9000 QMS can help not just large enterprises but provide startups with a roadmap to maturity and help drive growth.
The final session of the day was called “Smart Buildings ARE Networked Systems” and brought perspectives from experts from around the smart building industry: Salla Eckhardt, Director of Digital Building Lifecycle and Innovation, Microsoft; Jeff Krull, Partner and Cybersecurity Services Leader, Baker Tilly; Ken Kurz, CIO & CISO, COPT; and the discussion was moderated by Rick Huijbregts, Global Lead Smart Cities, Stantec.
Moderator Rick Huijbregts opened the discussion with remarks on how most spaces have slowly gotten smarter through the use of IoT devices and networks in operations, however, the next step in getting smarter is figuring out what to do with the data and how to secure it.
Ken Kurz built on to this and flagged “smart” can mean a lot of different things to a lot of different people and then went into what his team calls the “brownfield problem” in that there have been modular component deployments without a full understanding of what’s in a building to know how to secure and protect it.
Huijbregts noted there is a flood of new solutions promising to solve every building owner’s problems but while new innovations are great, how to owners navigate the market of smart building technologies. He added that most owners would answer the following question the same way, “what is a smart building? A fully leased one.”
Salla Eckhardt shared her insights by asking a key question from a different perspective, “how much are we investing in physical vs. how much are we investing in digital?” She added how a smart building should be viewed as a platform for the users but more importantly, how can more connectivity reduce risk?
Jeff Krull made an important distinction for building owners and investors. When it comes to cyber risks, insurance for the building asset protection and insurance for cyber protection are different and that cyber insurance costs are very high, and that is if it’s even available at all. He added how complex security can be for a building with provisioning, access policies, guest and other transient users but explained it comes down to ensuring 3 things: people, process, and technology.
The panel then briefly got into the role of standards noting that there are security, resiliency, and cyber standards from NIST, TIA and many others. SPIRE is a smart building assessment and rating program administered by UL who uses a robust set of assessment criteria developed by a TIA industry work group. Ken Kurz noted that organizations like TIA provide the community environment to work together and bridge disconnects between stakeholders like designers, integrators, and others.
To learn more about TIA QuEST Forum and how you can get involved, visit: https://tiaonline.org/what-we-do/tia-quest-forum/