Partners: Can Physical Security Become A Differentiator For Carriers?

When it comes to security, nothing is 100 percent foolproof. While many carriers protect themselves against a wide variety of cyberthreats, the recent West Coast outages caused when underground cables were cut have brought physical security into question. It’s also opening the door for providers to review their own physical security measures to avoid learning the hard way, and even tout it as a differentiator for customers.

There could be a silver lining to physical attacks in the form of a new business opportunity, said Chris Poe, chief innovation officer of Atrion Networking, a Warwick, R.I.-based IT solution provider and Level 3 partner. Poe noted that it will be interesting to see if providers could find ways to beef up their own physical security across transmission lines and leverage those upgrades as a differentiator.

Andrew Pryfogle, senior vice president of cloud transformation for Petaluma, Calif.-based Intelisys, said he believes that many end customers would be more than willing to pay for the assurance that their carrier networks offer higher levels of protection and security than the competition. ’A well-timed and well-placed attack on fiber assets could have devastating affect. That fear ... could absolutely be leveraged into a big competitive advantage for a carrier that seizes on that opportunity,’ he said.

[Related: Real Cutting Edge: More Focus Needed On Physical Threats To Carrier Networks]

But just how vulnerable is a carrier's infrastructure to a physical attack? According to Pryfogle, many carriers already take extraordinary measures to protect their fiber networks. AT&T, for example, monitors its physical network 24/7, and the carrier houses its equipment in secure facilities, he said.

Still, thousands of miles of cable can’t be protected against every vulnerability. ’When designing a fiber network, you have to take into account the eventuality of a fiber cut, regardless of the cause,’ Pryfogle said.

Bryan Sartin, director of the RISK team at Verizon Enterprise Solutions, said that physical attacks are unique because they are indicative of an emerging -- and disturbing -- trend toward activism. ’Activist attacks are more about deny, disrupt, [and] destroy, and to do that, they have critical infrastructure in their crosshairs,’ he said. ’Cyberattacks aren’t the only game in town, and activist attacks are where we are seeing the real growth [in this type of threat],’ he noted, referring to Verizon’s 2015 data breach investigations report.

There are many motivations for physical attacks, including revenge, political gain and even religious reasons, he said. Unlike cyberattacks, physical disruptions can also happen purely by mistake when cables are accidently disturbed.

While physical attacks are often considered less sophisticated than their cyberattack counterparts, they do require manpower. There are layers of physical security measures necessary to shield the fiber, which is usually very well secured and located where special access is typically required to reach the infrastructure. ’Think of the different layers of crowdsourcing of different actors that have to be involved or the social engineering that’s involved to pull this [kind of attack] off,’ Sartin said.

Sartin declined to comment on Verizon’s physical security measures around its infrastructure.

Like end customers, channel partners usually don’t have insight into the security measures a carrier has in place to protect their infrastructure. But given the current security landscape and the different threats that are emerging, additional training and security are needed, said Dennis Kellam, vice president of sales for Unified Connection, a Melville, N.Y.-based Verizon-exclusive partner. ’Given cost, [however,] this won’t happen. Banks don’t pay for guards until after they are robbed,’ he said.

While details of physical security measures might be scarce, some partners are happy with how these attacks are usually handled. ’Every time this happens, the carriers have responded very quickly, minimizing the affect. In our experience, this type of attack may only affect a small pool of the customer circuits, one or two customers,’ said Carlos Morales, president of Pleasanton, Calif.-based Blu Telecommunications, a Verizon and AT&T partner.

For Verizon, using physical security measures as a way to attract new partners and customers isn’t necessarily part of the road map. Should a carrier have its infrastructure breached, the provider should understand how the attack happened and what kinds of countermeasures it should add to the security strategy, Sartin said.

’You have to learn from it, improvise, and take the right steps so it can’t happen again in the short term, and figure out what long-term security measures need to come into play,’ he said.

PUBLISHED JULY 9, 2015