- AT&T and Ericsson are urging tighter industry-wide coordination to thwart cyberattacks
- Detection and eradication are getting far more difficult in the AI era
- Telecom CISOs are sharing threat intelligence and running joint cyber exercises to prepare for nation-state attacks
AT&T and Ericsson are delivering a message loud and clear that security-wise, things need to change in the AI era – and it’s going to take a broader, more coordinated industry effort to reshape how networks are built and defended.
Or, as AT&T CISO Rich Baich put it in a recent blog: “Security is a team sport.”
Ericsson Chief Product Security Officer Mikko Karikytö echoed that sentiment. “It sounds cliché, but it's actually something that is sometimes overlooked,” he told Fierce. “I think it’s so important that we are very tight-knit when it comes to the industry overall. Even more so now with this kind of transformational technology shift that we have with AI, open architectures and cloud technology.”
Team Telecom starts practice
The telecom team for tackling security is already getting assembled. As AT&T and Ericsson noted in a joint white paper released last week, AT&T helped bring together a group of CISOs from the telecom sector across North America, Europe and the Indo-Pacific region to collaborate on cybersecurity efforts.
This is a model largely based on the financial service sector. Baich, for example, worked for Wells Fargo before he served as CIO at the Central Intelligence Agency (CIA) and later joined AT&T. Mark Clancy, CSO at T-Mobile, previously worked at Citigroup and the Depository Trust & Clearing Corporation.
Last year, AT&T, T-Mobile and Verizon all participated in the first cyber competition co-hosted by AT&T and SimSpace that saw about a dozen companies facing off against a nation-state threat simulation.
“We're not just talking about it,” Baich said. “We're actually doing it. The idea is to develop an ecosystem that can embrace the innovation and be able to adapt to what's forthcoming.”
Risks made higher by AI
In their joint report, AT&T and Ericsson said that while AI can be used to detect suspicious activity far faster than humans can, AI systems can also be the subject of attacks through manipulated inputs or compromised supply chains.
Such risks are well-documented by organizations like the National Institute of Standards and Technology (NIST) and Open Worldwide Application Security Project (OWASP), but they remain difficult to detect in real time.
“You need to have that super solid base rock that you secure with your products and your configuration and then have effective monitoring and AI-powered analysis on top of that to be able to quickly determine if something goes wrong,” Karikytö said.
That said: "You should not forget the good old practices and just hope that some black box AI will save you," he added.
Lessons from Salt Typhoon
Salt Typhoon, the Chinese-led telecom hack that infiltrated myriad telecom companies in 2024, showed that when a sophisticated player like the Chinese gets inside a network, it’s extremely hard to get them out.
So, is Salt Typhoon completely eradicated?
“We investigated the attack and a prominent external cybersecurity firm verified that we contained the incident. We have not identified evidence of Salt Typhoon inside our network since that time,” Baich said. “But we remain vigilant.”
For someone from the outside looking in, it can all seem rather daunting. How can anyone get ahead of the bad actors that are lurking inside networks?
Baich is a big fan of learning from history. Recall the Morris Worm, released in 1988 by Cornell graduate student Robert Morris, who triggered the first major attack on the internet.
“You can plan, you can test, you can do everything. But with these emerging technologies, there's always going to be risk, but that risk was still there when we first started the internet too,” Baich said.
In other words, soldier on. Maybe the old cliché pertains to security, too: The early bird gets the worm.