Eight of the leading communications companies in the United States have created a new cybersecurity alliance that aims to improve threat intelligence sharing within the telecommunications industry, amid growing concerns about AI cyberattacks, state-sponsored espionage, and infrastructure attacks.
The new cybersecurity partnership, the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC), has been launched by eight leading US communications firms, including AT&T, Verizon, T-Mobile, Comcast, Charter Communications, Cox Communications, Lumen Technologies, and Zayo.
The telecommunications industry fears that none of the companies have sufficient presence to effectively monitor and respond to increasingly coordinated cyberattacks. According to the founding companies, the increasing involvement of AI is contributing to both the sophistication and the magnitude of cyberattacks.
Rich Baich, the Chief Information Security Officer of AT&T and the first chairperson of the C2 ISAC board, believes the communications sector is experiencing “more sophisticated and persistent” cyberattacks.
This group is a reflection of a broader movement towards cooperation driven by the private industry rather than relying on the Communications Information Sharing and Analysis Center (COMM-ISAC), a cooperative effort between the private industry and the federal government.
The new cooperation effort will take place within the business community, independent of the federal government.
The timing is not accidental
Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, at Suzu Labs, says: “The companies that Salt Typhoon compromised are now building the sharing infrastructure they needed before the compromise happened. Telecom was the only major critical infrastructure sector whose information sharing body sat inside the federal government rather than being industry run.”
Krell says that arrangement discouraged candid exchange at exactly the moments it mattered most. “T-Mobile’s own CSO acknowledged publicly that carriers withheld threat data that turned out to be connected to larger campaigns. Financial services and energy solved this problem years ago. The telecom sector is arriving late to a model the rest of critical infrastructure already depends on.”
He says the timing is not incidental. “CISA has lost nearly a third of its workforce and faces a $495 million budget cut. The CIPAC coordination framework has been shuttered. C2 ISAC joins the Alliance for Critical Infrastructure as another case of industry organising its own defence because federal capacity is no longer guaranteed. Sharing intelligence is the easy part. Acting on it faster than the threat evolves is the part that matters.”
Jacob Warner, Director of IT at Xcape Inc, adds: “This massive telecom consolidation effectively signals that the private sector is seizing control of its own operational defence grid to bypass slow, risk-averse federal bureaucracy. By establishing a private-sector-only consortium away from the legacy, government-managed COMM-ISAC, these hyper-competitive carriers are creating a safe harbour to share highly sensitive, early-stage telemetry without the chill of immediate regulatory scrutiny or Freedom of Information Act exposure.
The primary gatekeepers can no longer defend in silos
Warner says for enterprise risk leaders, the creation of C2 ISAC serves as a stark warning that core communication foundations, specifically 5G orchestration, signalling protocols, and transit backbones, are under such aggressive nation-state and AI-driven bombardment that the primary gatekeepers can no longer defend them in silos.
“Security executives must exploit this shift by auditing their external edge exposure, updating their disaster recovery playbooks for multi-carrier cross-operator dependencies, and demanding that their managed service and telecom providers provide direct visibility into the technical indicators validated by this new alliance.”
Warner offers several critical takeaways
- Sovereign-level threats require industry scale: When carriers like AT&T, Verizon, and Lumen band together, it is a direct response to highly advanced threat actors, such as Salt Typhoon, moving laterally through transit links that no single carrier fully controls.
- Bypassing the bureaucratic bottleneck: Moving threat intelligence operations outside of CISA’s direct house allows carriers to share actionable telemetry and operational vulnerabilities at the speed of an incident, unencumbered by federal administrative latency.
- Supply chain visibility mandate: Enterprises must weaponise this development during procurement, demanding that their telecommunications providers actively consume and prove compliance with C2 ISAC’s shared defensive playbooks.
“When eight bitter telecom rivals suddenly agree to share their internal security playbooks, it is not an act of corporate charity, it is a clear sign that the house is on fire and the fire department is out of water,” he ends.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.