Key Takeaways
- Eight major U.S. telecom carriers – AT&T, Charter, Comcast, Cox, Lumen, T‑Mobile, Verizon, and Zayo – have launched the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC), a private‑sector‑only forum for real‑time cyber threat intelligence.
- The C2 ISAC board is composed of each member’s chief information and security officer, with AT&T CISO Rich Baich serving as chairman.
- Information shared will span tactical indicators (e.g., malware signatures, anomalous traffic) to strategic assessments (nation‑state campaigns, emerging vulnerabilities).
- Unlike older telecom ISACs that address physical security and natural disasters, C2 ISAC focuses exclusively on cybersecurity and operates without government or regulator participation to reduce legal friction.
- Valerie Moon, former CISA chief strategy officer and FBI veteran, is the executive director overseeing day‑to‑day operations.
- Members cite the need for speed (“phone a friend” analogy) and reduced friction in sharing, modeling the effort after mature private‑to‑private sharing practices in finance and defense.
- Threat analysts warn that adversaries are shifting from episodic, non‑destructive incursions to persistent, destructive attacks, underscoring the urgency of coordinated industry defense.
Formation and Membership of C2 ISAC
Eight leading U.S. telecommunications operators have come together to establish the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC). The founding members are AT&T, Charter Communications, Comcast, Cox Communications, Lumen Technologies, T‑Mobile, Verizon, and Zayo. By pooling their resources, these carriers aim to create a trusted platform where cyber threat data can be exchanged swiftly and securely. The initiative reflects a growing recognition that the scale and sophistication of attacks on critical communications infrastructure demand a collective response rather than isolated, company‑by‑company efforts.
Leadership Structure and Governance
Governance of C2 ISAC rests with a board comprised of the chief information and security officers (CISOs) from each founding operator. AT&T’s CISO, Rich Baich, has been appointed chairman of the board, providing strategic oversight and helping to set the organization’s priorities. This leadership model ensures that the group’s direction is shaped by those who are directly responsible for defending their networks. Baich emphasized that the board will facilitate “trusted forum” interactions, enabling members to pick up the phone and obtain immediate insight from peers when suspicious activity is detected.
Scope of Information Sharing
The type of intelligence exchanged within C2 ISAC will range from tactical to strategic. Tactical sharing may include indicators of compromise such as malicious IP addresses, malware hashes, or unusual network traffic patterns that warrant immediate investigation. Strategic sharing will cover broader trends, including nation‑state campaigns, emerging vulnerability trends, and long‑term risk assessments. By encompassing both granular technical data and high‑level threat analysis, the ISAC aims to equip members with the context needed to prioritize defenses and allocate resources effectively.
Differentiation from Existing ISACs
While several telecom‑focused ISACs already exist—most notably the Communications ISAC (COMM‑ISAC) established in 1984—C2 ISAC distinguishes itself in three key ways. First, its mandate is exclusively cybersecurity‑centric, whereas legacy ISACs also address physical security, natural disasters, and other non‑cyber threats. Second, C2 ISAC is a private‑sector‑only entity; government agencies and regulators will not hold membership or voting rights, although the group intends to collaborate closely with them. Third, the organization seeks to streamline information flow by avoiding the complex legal and regulatory hurdles that often accompany public‑private sharing arrangements.
Operational Model and Executive Leadership
Day‑to‑day operations of C2 ISAC will be managed by Valerie Moon, who has been named executive director. Moon brings a wealth of experience from her tenure as chief strategy officer at the Cybersecurity and Infrastructure Security Agency (CISA) and a lengthy career at the FBI, positioning her to bridge the gap between private‑sector needs and public‑sector insights. Under her leadership, the ISAC will establish secure communication channels, regular threat‑briefing schedules, and incident‑response playbooks that members can activate collectively when a cyber event unfolds.
Rationale: Speed, Friction Reduction, and Real‑World Analogies
The driving force behind C2 ISAC is the need for rapid, unimpeded sharing of threat data. T‑Mobile’s senior vice president of cybersecurity, Mark Clancy, described the initiative as a means to “reduce the friction” that currently hampers timely exchanges among operators. He invoked the metaphor of “wisps of smoke”—small, ambiguous anomalies that may precede a larger attack. By enabling a member to “phone a friend” and ask whether others are observing the same signal, the group hopes to achieve faster triangulation of threats, distinguishing criminal activity from nation‑state incursions before damage spreads.
Insights from Financial and Defense Sectors
Clancy pointed to the financial and defense industries as exemplars of effective threat information sharing. Those sectors have long maintained both private‑to‑private and private‑public venues for exchanging cyber intelligence, allowing them to stay ahead of adversaries. In contrast, telecommunications have historically relied more heavily on public‑private partnerships, which, while valuable, can introduce delays due to clearance processes and bureaucratic oversight. By adopting a private‑only model initially, C2 ISAC seeks to emulate the agility seen in finance and defense, thereby improving the sector’s collective situational awareness.
Evolving Threat Landscape and Strategic Implications
At the FCC’s Cybersecurity Workshop for Telecommunications Carriers, Mitre CTO Charles Clancy outlined how the threat environment is shifting. Traditional defenses were built around the assumption of episodic, non‑destructive nation‑state probes aimed primarily at espionage. However, Clancy warned that future adversaries are likely to employ persistent, destructive campaigns designed to disrupt services, degrade confidence, or cause physical damage to infrastructure. This evolution necessitates a move from reactive, point‑in‑time defenses to continuous, collaborative threat hunting and response—exactly the capability that C2 ISAC aims to provide.
Conclusion and Future Outlook
The launch of C2 ISAC marks a significant step toward a unified defensive posture for U.S. telecommunications carriers. By formalizing real‑time intelligence sharing, reducing sharing friction, and focusing exclusively on cybersecurity, the group hopes to create a resilient network capable of withstanding increasingly sophisticated attacks. While the current membership is limited to eight U.S. operators, Chairman Rich Baich indicated openness to eventual expansion to international telecom providers. As threat actors grow more persistent and destructive, initiatives like C2 ISAC may become indispensable safeguards for the nation’s critical communications backbone.