The following transcript has been edited for length and readability. Listen to the entire discussion here on The Broadband Bunch. The Broadband Bunch is sponsored by ETI Software.
In this episode, we speak with TM Forum analyst, Ed Finegold about his research into broadband as a critical infrastructure. TM Forum provides an open collaborative environment along with practical tools and information to help its members in their digital transformation initiative. This is the first interview of a series discussing his research covering service providers’ business and technology, operations, and emerging broadband services. In this episode, Ed discusses:
Craig Corbin:
Hello and welcome to another edition of The Broadband Bunch, along with my colleague, Jeff Boozer. I’m Craig Corbin, thanks so much for joining us. 33 years ago, a group of eight companies joined to collaboratively solve systems and operational management issues with OSI protocols. Today, TM Forum has more than 850 member companies, including all 10 of the world’s top 10 largest telecommunications service providers, that collectively generate $2 trillion in revenue, serving more than 5 billion customers across 180 countries. TM Forum provides an open collaborative environment along with practical tools and information to help its members in their digital transformation initiative. Today, we launch a series of conversations with noted tech author, reporter, and analyst in global communications, Ed Finegold. In his role as a contributing analyst to TM Forum, Ed publishes research covering service providers’ business and technology matters, including customer experience, operations, and emerging services. It is a pleasure to introduce tech author and analyst, Ed Finegold. Ed, welcome to The Broadband Bunch.
In your recent work, you’ve covered cryptocurrency, digital financial crimes, customer experience automation also one of the primary topics for today’s conversation, that’s broadband as critical infrastructure. I think given what’s transpired over the last 18 months, that might be a huge understatement. Your thoughts on that?
Ed Finegold:
We’ve seen obviously the acceleration of a few trends and there’s a lot of data coming out about that now, just in terms of the people and businesses rely on broadband, on connectivity, on things digital, right, to conduct business and learn and communicate and get entertainment and every other aspect of life. And the things that you don’t see upfront as much are the heavy industry things that are happening as well and becoming more dependent. And then the third piece is in all the language in the US around the infrastructure bill, broadband has been defined as critical infrastructure, alongside things like water and power. It’s not really speculation anymore. It’s here. And so I think it’s important to ask, what does that mean? What does that mean for operators?
Jeff Boozer:
You have the advantage with your role in the industry, of seeing things from a different perspective and oftentimes have insight into trends and motives and things that are happening in the industry. The view of connectivity has evolved into this critical infrastructure thing over the last 18 months. If you’re a service provider listening today, what’s the one or two trends you see out there that I really ought to be paying attention to?
Ed Finegold:
One of the conundrums that come up, right, is the fact that on the one hand, we’re talking about broadband as critical infrastructure, and on the other hand, I think what a lot of operators face, is people want to take it for granted, right. And so many businesses and technologies now are being built … Products are being built and launched with the idea that connectivity is just going to be there, right. People want to take it for granted. Those two things run in stark contrast to each other. And for the operator, it presents a little bit of a situation where you’re a referee. You may be doing your job best if no one notices that you’re there. The good news though for operators, is obviously you have just an increase in demand, not just in terms of pure usage of what people want to use broadband for and apply it for and even what that terms mean … Obviously, what that term means is diversifying but the number of services that rely on it that are the fabric of society. What does it mean when we get into critical infrastructure?
Power grids, power generation, water, anything having to do with water, whether that’s anything from watering crops to making sure people get drinking water, all sorts of heavy machinery use cases, especially industries like mining that have been using autonomous vehicles for a while and are starting to push that now. Things like control over navigation or control of waterways, canal locks, that sort of thing. Farming, food distribution, and all of that going in the same direction as your expectation that you know when your dinner’s going to arrive at your house, those things all get lifted on the wave so that there’s an expectation of, “Okay, the connectivity is going to be there and we’re going to have real-time control over it and be able to get all the data we want out of it and be able to move data back and forth to the cloud, right.”
Then maybe making decisions about our real-time control over things, right. That’s the progression that’s happening as each one of these different industries digitalizes itself and starts to use broadband and connectivity in more sophisticated ways. And so I think as a result of that though, right, it raises the stakes if we don’t just look at the technology part of this, which obviously is fun to discuss but we look at the business side and the risks and what does it mean as we wade into services that maybe we haven’t been that tied into before? I think there’s a lot of questions that need to be asked Jeff, really from a business perspective.
Jeff Boozer:
You mentioned a couple of things in there that basically imply … If I’m talking about digital or I’m talking about some of the use cases you were just describing, the implication there is that we take connectivity for granted in all of this. And if that’s the case, how do you see that impacting operations or maybe even take it a step above broadband operations but how do you see that impacting some of the things that I, as a manager, an executive at a broadband company, what should I be focusing on in terms of my business?
Ed Finegold:
I’ve done a lot of work in telecom operations for a long time. And most of the discussions I’ve had with folks in operations over the years obviously tend to focus on things like running the business from a process point of view and making sure services get lit up on the network and they function, right, those kinds of things. And I think where the stakes get raised here and where it becomes a business priority, right, is that now that thought of operations or the network of the service that’s provided, what it encompasses is bigger. And so I think for me, the easy way to look at what that means, is to look at what can happen when things don’t work the way they’re supposed to. And so sometimes on these things, the argument is, “Well, that’s not really the service provider’s problem or their part of the service.”
I think that that’s … Let’s not look at it that way. Let’s look at, “All these things are interdependent and interconnected and underpinned by broadband and by service provider networks in most cases. What are the risks that then those things tie to?”
For example, Colonial Pipeline is an example, right. The disruption to the Colonial Pipeline, at some level, that’s enabled by broadband, right. Sure, it was ransomware guys that are trying to get crypto, all those types of things but the vector at the end of the day is that it’s connected, right. It’s all connected. They’re a way to control this and shut it down so that people with physical access to it can have control over it, right. Interesting. Jump over to crypto for a minute, right. Craig mentioned earlier, I’ve been getting pulled in all these directions, so it makes for this broader perspective.
We see a couple of things with crypto. I just mentioned one of them, which is ransomware attacks using crypto for ransom, the other being money laundering and there’s been a lot in the news about crypto being used for money laundering. The tide is starting to turn on that a little bit. That’s a different subject as the technology gets better understood but still what you have, is that this new technology has emerged, right. It really is very dependent on connectivity when you think about how blockchains and how crypto works and how exchanges work. And then the criminal’s ability to hide within that, to obfuscate where funds are, who they are, abusing KYC, know your customer, by inventing new forms of synthetic IDs that digital enables are … All these things are connected.
And then another one more directly, which gets into I think, where the operator is maybe more … Evidently in the chain of liability, is that you have a lot of account takeover fraud. Bank accounts, right, are being taken over and emptied by obviously unauthorized persons. And part of the scheme is using false number ports to get there. Just another example of where all the things that we want to create to make connectivity easier and better, there’s a history of them being used as a vector for wrongdoers, right. And so what that takes me to and Jeff, please interrupt me too but that takes us to is, what’s on the minds of regulators? What’s on the minds of people that make the rules?
For an operator, you’re looking at services in these different areas that are very tech-centric, right. Something like cryptocurrency, well, what regulations are you then exposed to because you’re in the chain of data, right? You’re in the chain of the transactions. Those concepts aren’t new to operators but the rules are … It’s a lot of new rules to have to follow, they’re changing, they’re not always well-defined. And if you want to ask who’s liable in various scenarios, that’s unknown because there’s no precedent for it, right. It hasn’t quite been figured out yet. Is an operator liable for something that happens in an application that’s using its infrastructure, even in an indirect way? If they contribute to some kind of catastrophe or some kind of problem that happens, are they liable? Uncertain, right. Those are the big questions. Yeah.
Jeff Boozer:
You seem to be implying or suggesting that security needs to become … And I mean security in the big sense, capitalist sense, needs to be a function of the network going forward.
Ed Finegold:
Yeah, I think … It can’t be separate. And I think traditionally, operations folks haven’t necessarily focused on that. Network people have had to do more but yeah, security has to be central to that. And I’ve certainly seen data that seems to me, a lot of CSP leaders agree, right, that the importance of security has increased on their radar substantially in the last several years but I think in addition to that are regulation … GDPR is a good example, right. Anything that has to do with data privacy is now increasingly governed, right. And governed differently in different jurisdictions. That’s a big one to navigate.
We’re seeing similar things happening in banking, right. I mentioned crypto before. Really, a cryptocurrency exchange is … From a certain perspective, it’s one form of the service provider in an open banking ecosystem, right. Now, we’re seeing banks starting to get mandated to provide APIs, right, to allow essentially over-the-top services for them or with them. Crypto exchanges are one example of that but you have a whole ecosystem expanding there, right. And all kinds of new exposures that are occurring in that market. And then that exposes you to lots of new regulations that are evolving, that has to do with knowing your customer, protecting personal data, monitoring transactions because of sanctions and money laundering rules, and all those kinds of things, right. Again, the more interconnected I think these things become, the more there’s a question of who’s responsible for which compliance and then who’s in the chain of liability? And that’s really, a big open question right now, I think.
Jeff Boozer:
Yeah, that’s interesting because in an industry that is so disparate with lots of different carriers interconnected but managing their own world and this overlay of liability and security associated with it, is there a forum or any industry-wide mechanism that’s picking up and dealing with this risk issue as you’re describing it, around security and regulatory issues, et cetera. Are there any forums or groups out there that are zeroed in on this?
Ed Finegold:
There has to be someone. And I can’t say that I’m the be-all authority on any organization that’s focused on it but in the organizations, I have worked in, I think for a few years, there’s been an increasing set of voices saying, “Hey, we need to be talking more cross-industry.”
And a lot of that is revenue and product-driven, right. For telecoms especially, we need to know better how we’re going to … How can we be the connectivity partner to guys that want to put mining robots out in the field, right? Those kinds of discussions, a lot of times in 5G venues but a lot of times what happens is that discussion happens within the industry and not with players external to the industry. I would imagine that that’s a need in general and it’s certainly a need that’s becoming more in focus now because where the problems happen is always at the seams, right. Whether it’s deliberate or not, meaning that if you study digital fraud, the digital fraudsters are always looking to attack a seam between companies or between industries.
I imagine the same is probably true in cyber to some extent. It’s certainly where the failures can happen, is when people don’t communicate between these imaginary walls, right. And I think that’s part of the concern here, is we’re doing new things, we have more parties involved. How do we make sure that we’re communicating in a way … I’d say two-fold. One, that we’re communicating in a way that everybody has the information and the control they need to do what they need to do but two, that we’re covered, right. That from a compliance point of view, like, “Yeah, we have complete visibility over our operations and our network. We know what’s happening. We know what the events are. We track them, right. And we also know their relationship to the services they support.”
And those are concepts I think, that is… Those are not new in telecom but being critical infrastructure certainly puts them in a much more serious light, right, for why we need those kinds of fancy capabilities we’ve talked about in catalyst programs for 10 years.
Craig Corbin:
You are listening to The Broadband Bunch podcast. Our presenting sponsors, thanks to UTOPIA Fiber, building a more connected nation, DxTEL, creators of the Harper broadband marketing library, and by your zero-touch automation experts, ETI Software Solutions, this is the first in a series of conversations with tech author and contributing analyst to TM Forum, Ed Finegold.
Ed, so much of what you and Jeff have looked at already in the conversation is extremely important but concerning, especially about awareness of the need for knowing what the current situation is with regard to security. And in particular, I know we all had to go through recently, a set of updates on our laptops because of whole insecurity there and it seems like every day, it’s another story. This is not going away anytime soon, will only continue to grow. Your thoughts.
Ed Finegold:
One of the interesting things that come out of this is I wrote a book in 2008 with Richard LaFave, who was the CIO of first, Sprint Nextel, and saw them through that merger. And one of the things that always stuck with me that he said was that “Software … When you’re a CIO or CTO, back then the hardware was … The light was red, the light was green. If it was red, you put her in a new box, it’s green. It’s binary and you’re satisfied with it. The software side is more like black magic, right.”
And that always stuck with me. Now, we have everything going to the software side and I can see where operations and network folks get very frustrated at the idea that it’s like, “I always used to know where all my boxes were and what was connected to what. To some extent, I had this physical grip on it.”
People shrug and say, “Well, the cloud and the AI will take care of it.” Right or, “The cloud will do it and the intent-based thing will do it.” That’s a really radical shift in how people think about and operate networks, but I think for this subject when it comes back to, is you may virtualize things and put them out in the cloud and have this hybrid setup but you got to know where everything is running and what it’s supporting at any given time and have that visibility. I do think that’s really important in this shift to anything that’s going to be called critical infrastructure.
Jeff Boozer:
One last follow-up on the discussion around security and some of those things before we move on, we’ve mentioned the meet points as being vulnerabilities. And we’re talking about critical uses in enterprise at the moment on some of these things, as well as the need for standards or privacy protection and data protection, et cetera. Do you see any of that driving some network consolidation or oversight or some sort of body, for lack of a better word, that tries to normalize some of this across all of the disparate carriers that are out there?
Ed Finegold:
I think it depends on the jurisdiction, right or the geography is the challenge. If you’re asking … Are you asking about what I think will happen in the US or what I think will happen on a global basis?
Jeff Boozer:
I think probably using that description I did, it’s more of a North American, US issue, I think at this point.
Ed Finegold:
Traditionally, the US tries … Relative to other markets, it can be very hands-off about these things, right. Data privacy is obviously one of them, the open banking movement that I mentioned earlier is something that’s very market-driven in the US and is not being driven by mandate at this point, as it is in the EU and in the UK. I think, generally speaking, the US can be a little bit more hands-off from these things, which is good and bad but I think that a company of any size, right, still has to be concerned about where you or your customers might be operating and whether or not you’re exposed to things like GDPR, right. Or you’re facilitating payments, what does that mean, right? It doesn’t have to do just with where you’re based but where you’re providing service and who you’re providing it to and where they are and do you know who they are, right? Those kinds of issues.
Jeff Boozer:
As a service provider, I’m likely to face having to make some decisions that are relevant to my company and I face the issue that other companies that I partner with as part of my ecosystem, are likely to take different paths. And therefore, we’re going to have a future of trying to reconcile all these different choices across these domains, to provide end-to-end security.
Ed Finegold:
What do you mean by security, right because security could mean data security? It can mean access security to key systems, right. All those different types of security but what we see … I’ll just use open banking as an example because I did some work there recently. In open banking, there’s a lot of concern over data privacy. That’s probably the highest one because you’re talking about sharing bank customers’ data in order to provide superior, over-the-top services in theory but you’re talking about access to data. You’re also talking about money flows, right. And you’re talking about money flows internationally, which then get exposed to a lot of different types of regulations. And so what the folks that are trying to regulate open banking are trying to get out ahead of, is making sure that the players in the ecosystem understand, what are the rules and what are the requirements? And that they also, “Hey, you’re in this ballgame now, now you’re subject to money laundering requirements, right.”
And to things like, know your customer checks and a lot of data preservation and protection types of processes, right, that are required and have to be put in place. And so I think whether you’re driven by regulation or not, I think we’re operating in a digital world where you have to know who everybody is and who has access to what and what’s running what, what’s connected to what. There’s no level of visibility that would be bad for you to lack, so long as that source of visibility is compliant with whatever the regulations are for data privacy, right.
Jeff Boozer:
The lesson to all of that is, be aware of your exposure and risk.
Ed Finegold:
Yeah, for sure. And in an environment where you have a lot more obstruction going on, right. In terms of where your data is and who people are and where things are running and all those types of issues.
Jeff Boozer:
We’ve established that connectivity is becoming even more critical and there are issues around that as a business we need to look at but one of the things that I’d like your thoughts on and your insights on, is how is all this changing customer expectations and requirements and how does that impact me as a service provider?
Ed Finegold:
That’s the thing that jumped out at me as I was researching this. And it goes back to where we started talking about this dichotomy between broadband being critical infrastructure and it being some … And connectivity being something that people want to take for granted or companies want to take for granted. And so when I came at it from the customer side and I was looking at, for example, airports, large farms, industrialized farms, mining, those kinds of industries, heavy industry, capital intensive type industries, here’s what came out. 100% uptime, right. Every story you read, every use case, all of them are going to say, “I cannot have a disruption to production. I’m putting more things that are reliant on networks, on connectivity, and on a round trip to the cloud may be for decision-making, I’m loading more and more of that on as part of my operation and I can’t have any disruption, right. To some degree, I need a hundred percent uptime.”
Real-time control over physical heavy machinery is another one, right. What comes with that hundred percent uptime is, “I actually need to be able to control the sprayers in my fields or my mining equipment, canal locks, right, pipelines.”
Any of those things that are now being automated or connected for software-based remote control. Real-time access, real-time control, no latency, is really important. And the more critical the service, the more important that no latency can be. Another one I just mentioned, fast round trips to and from cloud services, right. We know across industries, everybody’s moving stuff to the cloud, moving workloads to the cloud, taking advantage of new applications that are based in different clouds, taking advantage of advances in analytics, if not AI, for decision-making to manage really big data sets and get insights out of them and then make decisions that have a positive financial impact for them and do that as quickly as possible within a safe threshold, right. That’s this major trend across all these different industries. Well, all that’s loaded onto the connectivity as well and the expectation is that those round trips back and forth to whatever cloud you’re in, that has some control responsibility for operation is going to work, right.
Here’s another one, which is low price points per device. That’s another one that came up in a lot of interviews, that one of the disconnects may be between operators now and folks that actually want to consume IoT applications in remote areas especially, right. Struggle a bit with connectivity, don’t really have a lot of secondary connectivity options, and are also struggling with even if they have the connectivity, the price per connected device can be $5 a month or even a dollar a month and it’s too high. And when you look down at the economics, it’s something like, “How much yield do you get out of a field of some certain crop?”
That’s been another one, is low price points for devices, obviously. And then the last one Jeff, I would just say I think comes up the radar more, is redundancy and disaster planning needs to be there. And it needs to be there for customers that probably don’t even understand what it is but you’re talking about things, right, where you can’t have a, “Well, our central region data center’s down. We’ll tell you when it’s back up.”
No, not for these applications. There has to be good old engineering of redundancy and disaster recovery built into it.
Jeff Boozer:
Right. I think what you’re highlighting to me or what I hear highlighted, is the differentiation in understanding your customer base, based on user connectivity and device connectivity, which I think is something that at least in our work as well, that distinction is one that we try to bring up in conversations quite frequently and get the management teams and carriers and service providers to understand the distinction between that, especially as we move forward into a 5G, 6G world, which is all about devices and connectivity and AI and machine learning, all those things. That’s interesting that that’s what’s popped up on your radar screen as well.
Ed Finegold:
Yeah. And I think about in my lifetime, how we’ve gone from … I remember when we had an AT&T, right, pre-bill, right. The pre-bill breakup right. AT&T phone that you had in your house and that was connected to the phone network and they didn’t let you have any other phone because there was so much concern about introducing anything not native basically, to the network, right. To now, where we’re on the other side of it and saying, “Well, we want to build virtual 5G networks out of interoperable components from lots of different vendors, right.”
Just in my lifetime, it’s gone completely the other way. And so now, we’re dealing with, “Okay. Well, what does that all mean, right? We can reap a lot of benefits from it but what problems do we create for ourselves in the process?”
Jeff Boozer:
It’s a completely different environment, for sure. We’re almost out of time but for today, hopefully, you don’t mind, we devised a bonus question we’d like to toss out for your thoughts and then to get some other people thinking. Let’s give it a shot at that. Is there any lesson for broadband service providers looking at the Texas experience with the grid failure back this past winter? It seems as broadband becomes more, a critical service in the economy, a utility in a lot of senses, like electricity, that there is an implication, some planning, and management capabilities for broadband to meet the high demand in emergencies or crises or just unexpected usage due to outside influences. What do you think about that? Are there any lessons to be learned?
Ed Finegold:
I think it’s a good object lesson and I’d say … If I want to pull two threads together, you look at the object lesson, that grid failure and think about … Again, the dependencies of various services on broadband and what happens if you have a major broadband outage that then overloads a lot of other things, right? And then you think about the daisy chain of that, so similar type of scenario. My understanding … And so this is the other thread, my understanding is that network virtualization was either conceived originally or at least accelerated by the need for that kind of response. I know for NEC in Japan, in response to the original Fukushima nuclear disaster, where there were a lot of network outages and there was difficulty in communicating obviously, in getting emergency services where they needed to go and a lot of the other knock-on effects that occurred.
And so a lot of the initiative to build virtualize networks is to make these networks effectively … Couldn’t fail, as long as there’s some kind of physical or obviously, RF connectivity somewhere, the network could pick itself up and move somewhere else and have all its functions running. And that was the birth of this NFV concept. I think that type of need was anticipated and the technology effectively exists, right. The question is, is it deployed deliberately and in the right way with that problem set in mind, right? And I think it has to be. In the context of what we’re talking about, if networks are supporting critical service and they’re underpinning that power grid along with the gas pipeline and what have you, then they have to be designed with overcoming that kind of catastrophic failure in mind. And the separate discussion, if you were talking about broadband bills and what have you, you’d love to see that that was a requirement, right.
Craig Corbin:
I’d love to be able to explore that in the next conversation. Guys, this has been a phenomenal start to the series of conversations and so much food for thought with what you have covered today. Jeff, I loved that bonus question. That was a wonderful segue therefrom the reference to the need for resiliency because it is such a big part of the equation. And already guys, I can’t wait for the second in this series of conversations. Quick thoughts from both of you before we wrap up. Jeff, I’ll start with you.
Jeff Boozer:
Ed has highlighted some things that are or should be at the forefront of management and service providers thinking about the implications of security and the implications that we just touched upon in the onus question. I think that virtualization, that five-nines reliability, and accessibility that is common in the utility world versus where we’re headed in broadband, is a really key point.
Craig Corbin:
Excellent. Ed, to you, sir.
Ed Finegold:
Yeah, I agree. And I think we’re taking a new generation of technology, the software revolution that we’re seeing, it’s enabling us to do a lot of things and that’s exciting. And now, we need to weave the two worlds together, the world of the new and flexible, fast-paced technology that we’re able to use but still grounded in some fundamental engineering principles that address the issues that we were talking about today.
Craig Corbin:
Fantastic. Guys, cannot wait for session number two in this series of conversations. A quick thank you again to our presenting sponsors, UTOPIA Fiber, DxTEL, and ETI Software Solutions. On behalf of Jeff and Ed, I’m Craig, thanks so much for letting us be a part of your day. We’ll see you next time right here on The Broadband Bunch. So long, everyone.
