The following transcript has been edited for length and readability. Listen to the entire episode here on The Broadband Bunch
Pete Pizzutillo:
Welcome to The Broadband Bunch, a podcast about broadband and how it impacts all of us. Join us to learn about the state of the industry and the latest innovations and trends. Connect with the thought leaders, pioneers, and policymakers helping to shape your future through broadband.
Pete Pizzutillo:
The Broadband Bunch at Mountain Connect 2021, brought to you by ETI Software, your zero-touch automation experts. By Calix, simplify, excite, grow. By DxTel, creators of the Harper Broadband Marketing Library. By ITK Solutions Group, the process first, technology second. And by Utopia Fiber, building a more connected nation.
Pete Pizzutillo:
Hey, this is Pete Pizzutillo, We’re back at Mountain Connect 2021. Got Kyle Glaeser from Underline speaking with us. And Kyle, thanks for joining us.
Pete Pizzutillo:
I had the opportunity to catch your conversation, your panel discussion on cybersecurity and I wanted to dig a little bit into it because as you know, there’s a lot of municipal leaders here, right? There are 30 or 40 different organizations that are just becoming, and they’re early in their understanding of broadband and what’s happening with funding and all the technology. And as we were talking about earlier is, we, as an industry, often are thinking advanced concepts, where a lot of other folks are just starting at square one. So, how can we, in your experience working with other municipalities and bringing people along, in terms of their learning curve, how can we do a better job of connecting into bringing people from point A to a more robust understanding?
Kyle Glaeser:
I think, from the perspective of a network owner and builder and operator, it’s incumbent upon us, when we first engage with the community, to take on that education. You shouldn’t engage with a community unless you’re willing to participate in crafting their technology plan for their future and you shouldn’t engage with the community unless you’re willing to help them understand the threat that is presented to them by increasing the number of entrances, virtually, into their community. And that’s IoT devices or just municipal connections at different buildings and all of those types of things. And it’s important to take some time and break down what are best practices for them, just in general, even today, with the networks they have, to secure themselves and to present to them some futuristic opportunities of what it would look like to take the human element out of it.
Kyle Glaeser:
And not have to have a super robust cybersecurity team in every single municipality because, at the moment, that’s not realistic.
Pete Pizzutillo:
From a resource or cost perspective. And I think you’re introducing a good part of the conversation around reliable broadband, right? I mean, a lot of the conversation up until, I would say, about two years ago was around access and what’s the minimum threshold of access if it’s 25,3. And then now we’re expanding that to say, well, you need to have higher capacity because there are fundamental services that need to reside on that platform. So, access and reliability but security is really scary, for me, just listening to some of the statistics and use cases and stories that have happened already, in terms of ransomware or even the story you guys told about what happened in Israel, that kind of fear can be crippling, right? So, how do we start working security into the conversation, both at a national lower level, without scaring people to a point of inaction, right?
Kyle Glaeser:
Well, I think the first thing we need to do is fire up the industry about it because that’s a big part of the problem is that the folks on our side of the table aren’t talking about it enough.
Kyle Glaeser:
We’re talking about it but not enough. And I think the best way to do that is to show them how it hurts. I think we need a fairly comprehensive national study that shows the financial cost of these types of attacks and how it affects, not just the people being attacked, not just the insurance companies, but also the ISP and the network owners. And start to layout where that responsibility lies. And, again, you show people how it hits their pocketbook and they start to pay attention very fast.
Pete Pizzutillo:
You guys mentioned a couple of things about the reactive posture, people are more comfortable of dealing with it post-attack and through insurance or whatever the recovery is there, but you guys are talking more about a proactive approach to security. Now, how are you guys working that into how you’re taking your products and helping your customers?
Kyle Glaeser:
Well, for us, we take it at the software level. We developed software-defined networking and solution on top of our network, that gives control of the network to the end customer in a very private manner. So, they’re able to decide what data belongs on the layer three public internets and what data should never be exposed to that risk. And to us, that’s a very simple way to solve that problem, it requires a lot of changes to how we build networks and deploy them and what kind of interfaces people can have to interact with the network, which is what we’ve taken on. But there’s going to have to be solutions for retrofitting networks that exist today and fixing that problem. And so, that’s a little more complicated.
Pete Pizzutillo:
Well, that’s a good point for our audience to understand the traditional network design deployment model and the innovative approach that you’re taking with software. So, how was it handled before? And now that you have more control, is it just a physical difference?
Kyle Glaeser:
It’s partially a physical difference.
Kyle Glaeser:
We do have a unique network architecture that allows for that partitioning of the network to be, essentially, air-gapped, I’ll say, you had to put air quotes around that because we’re touching the same switches at the end of the day.
Kyle Glaeser:
But on a more traditional network, in the past and currently, people who have the means, they typically just build an air-gapped network next to it, alongside it, during construction, which is a fine solution if you have the money, it’s probably the best solution if you have the money.
Pete Pizzutillo:
So, like two highways, one for your private data and one for public data.
Kyle Glaeser:
Exactly.
Pete Pizzutillo:
Okay.
Kyle Glaeser:
Money is the key issue here. And if there’s anything our industry knows is that we have to get creative when it comes to financing, we have to figure out how to use single platforms of infrastructure to serve multiple purposes. If we want to address markets that may not reach an ROI that’s appropriate for finance, otherwise.
Pete Pizzutillo:
Right. That’s interesting. The folks that you guys are dealing with, is it at a municipality level?
Kyle Glaeser:
Oftentimes, yes.
Pete Pizzutillo:
Oftentimes. And what’s driving their understanding or talking to you versus a traditional approach? Or are they still trying to balance out all the evaluation criteria to understand how they should be thinking about the problem?
Kyle Glaeser:
I think the part of our solution that has been most widely adopted by municipalities or what they like about it is that our costing model reflects that we’re sharing infrastructure. So, our infrastructure is, one, serving the residents and businesses of the community and then simultaneously presenting an internet style solution to, one, also those same businesses and residents but mostly to a municipality who needs that style of the network to securely deploy their smart city applications in the future.
Pete Pizzutillo:
Yeah. I mean, I love the two tenants that you brought up because I really think that’s the concern that I have with the flow of money coming in, right? And if you’d look forward 10 or 15 years from now and we’d look back on all the design choices that we made and nobody’s going to get it right out of the gate, right?
Kyle Glaeser:
Sure.
Pete Pizzutillo:
There are going to be a lot of different approaches to it but sustainability, affordability, security, to me, those are primary tenants that I would love to see the federal money attached to but I haven’t really seen much of that conversation, have you?
Kyle Glaeser:
No, not at all.
Pete Pizzutillo:
And it’s weird because I think in other industries, right? I come out of a financial services background and when trading systems went down, right? If you remember 5, 10 years ago, they just, glitches happen and systems go down for a couple of hours and it’s billions of dollars lost, right?
Pete Pizzutillo:
And then the SEC said, enough. We want to see some resiliency proof and security proof around the algorithms, the software that the trading organization would build, and consider proprietary. And they’re like, great, they’re proprietary, we don’t want to know trade secrets but if it’s going to operate and affect markets, you have to meet these thresholds. And I can’t speak that these have been 100% foolproof but there was definitely A, an awareness, B, kind of, an audit process that forced people to go through and verify that they were thinking that, and then it looks like it’s helped. I mean, is there a possibility, and who would be the federal authorities that would help us, kind of, take that? Is there a security agency? Or is it USDA?
Kyle Glaeser:
There are a few other agencies that I think are interested in American communities having more resilient, smart city infrastructure.
Kyle Glaeser:
And we have a strong partnership with the National Cybersecurity Center, so I won’t talk too deeply about that because I let them handle that side.
Kyle Glaeser:
I think, there’s a number of non-profits or activist organizations that are out there trying to set the precedent for what a secure smart city would look like. And they are engaged, at the federal level, with these entities and I’d like to see certain types of audits come out of it. There’s, to my knowledge right now, not really a good audit system for saying, here’s how secure your particular city is.
Kyle Glaeser:
And here’s the threat of these particular devices you’re placing out, here are the best practices of how you should secure yourself with these particular devices. And we have the infrastructure to start that, there’s a lot of national labs that these devices have to pass through.
Kyle Glaeser:
To be approved for use in the US but there’s a lot of legal reasons that that information isn’t exactly disseminated down to a municipality to say, well, here’s how the best way is to protect yourself.
Pete Pizzutillo:
We need a consumer report that helps people understand that. Maybe we can work on that. And get back to your original point about smart cities, that’s the concern I see too, I mean, the scale of the problem, right? You’re talking about municipalities and their population may grow and flux a couple of percentage points, who gets some new businesses and aid from institutions coming in but from the scale of devices, 5 years from now, it’s exponential, right? And as you mentioned, those are increasing the attack vector and that’s the scary part, that these folks need help trying to understand. It’s like, yeah, you can offer all those great things but each one of those things represents a specific risk that needs to be mitigated.
Kyle Glaeser:
One thing we like to say a lot is, we focus on narrowing the battlefield of cybersecurity.
Currently, it’s very broad. The surface plane of attack is all over the place and the community should ask itself or it should be incumbent upon the people who are building the network inside of that community to ask themselves and relay to the community what each new portion of the network and each new device, how broadly it changes that picture.
Kyle Glaeser:
And what steps we can take to, again, narrow it back down to the physical plane. The ideal is that your network should be secure from anyone except for somebody who’s right there in front of it with mal-intent, which that’s a different problem you will have to solve in your own organization.
Pete Pizzutillo:
Physical Security. So, thanks for giving your perspective. I would love to get you guys back and like you said, amplify the wake of the American municipalities up to the significance of this problem.
Pete Pizzutillo:
Just to, kind of, get that narrative going and at an industry level, start challenging the supply chain, and are you contributing to narrowing that field or not? So, thanks for joining us.
Kyle Glaeser:
Yeah, of course. And I would ask anyone listening to reach out to the National Cybersecurity Center, look at the programs they are putting together. They have great educational programs put up for legislators and city leaders to learn more about cybersecurity and the risks that are out there for their municipalities. Excellent resource, please use them.
Pete Pizzutillo:
That’s a great point, thanks for pointing that out.
Kyle Glaeser:
Sure. All right. Thanks, Pete.
Join us here on the web at The Broadband Bunch, to see the latest episodes, news, and information. The Broadband Bunch is sponsored by ETI Software, Utopia Fiber, DxTEL, Calix, and ITK Solutions
