Telecom infrastructure faces daunting risks, TATA CSO says

As CSO for one of the world's largest telecom companies, Adam Rice knows just how easy it is to bring civilization to its knees. Here's what his company is trying to do about it.

. What's this?

By , Senior Editor

January 28, 2011CSO

WASHINGTON, D.C. -- On Nov. 26, 2008, when terrorists launched multiple coordinated attacks across Mumbai, India's largest city, the bad guys at one point walked right past what would have been a choice target -- one of the major cable centers for TATA Communications.

Adam Rice, CSO for the global telecom giant, knows his organization dodged a bullet that day. In fact, people took refuge from the attacks in that building.

The reality is that TATA faces similar risks all over the globe, and for Rice, managing the risks are a big task. And he knows that at the end of the day, there's only so much they can do to avert catastrophe.

"If you want to do real damage to the global economy -- to civilization, for that matter -- the cables are a big target. It would be impossible to prevent every type of attack, and our security and risk management program takes that into account," said Rice, who compares TATA to "the AT&T of India." Though based in Mumbai, the company has offices in such places as London, Singapore, New Jersey and Quebec.

The company also has the distinction of being one of those who showed up on WikiLeaks.

Also see "The 25 most dangerous cities for offshore outsourcing"

During an interview at the Washington D.C. Hilton, site of this year's ShmooCon security conference, Rice went over the procedures TATA has in place to minimize risk and keep a major piece of the global infrastructure functioning.

He describes it as a heavy mix of both physical security measures (heavy, reinforced doors, posted guards, barriers around buildings) and IT security (VPNs, vigorous patch management, two-factor authentication, change and configuration control).

  • For examples of the kind of physical security measures Rice refers to, see "Protecting Joe's office."
  • For a look at how folks on the physical and cyber security sides can work together, click here.

    • TATA relies on a variety of security vendors to protect its critical assets. To help with regular risk assessments and vulnerability scanning, for example, the company uses Nessus, Qualys and Core Impact.

    Rice also identifies RedSeal Systems as a major piece of his security program. The San Mateo, Calif.-based vendor describes itself on the company website as "a leading developer of security assurance software for medium to large organizations. RedSeal software enables organizations to continuously, comprehensively and automatically assess and strengthen their cyber-defenses before they are attacked. In addition to in-depth understanding of overall security posture, RedSeal delivers continuous compliance with regulations such as PCI, FISMA, and SOX, and actionable steps for risk remediation."

    What is Tech Briefcase?
    TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
    Bookmark content
    Speed up your research efforts with content across the web.
    Search and Store
    Find the white papers you need. Create folders for any topic.
    View Anywhere
    Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
    Don't have an account yet?
    RESOURCE CENTER