July 25, 2023
Center for Cybersecurity Policy and Law
New Network Resilience Coalition Launches to Address Threats to Outdated Network Infrastructure on a Global Scale

WASHINGTON, D.C. - Industry leaders across networking, service providers and cybersecurity today announced the launch of the Network Resilience Coalition, an alliance focused on bringing together technology providers, security experts and network operators seeking to propose real-world solutions that dramatically improve the security of data and networks that support our global economic and national security. 

Software and hardware vendors spend tremendous amounts of time and effort to ensure that all products and services are as strong and secure as possible. Unfortunately, it is common for organizations to lack robust patching and vulnerability management programs or to not install critical updates in a timely manner, despite their availability.

Not only does failing to upgrade or update hardware and software systems put the individual organization at risk, it can lead to cyberattacks on a global scale, targeting aging network infrastructure, as evidenced by recent advisories from the UK’s National Cyber Security Centre and the U.S.’s  Cybersecurity and Infrastructure Security Agency as well as reports of state-sponsored activity

Technology companies must find ways to address the continued problem of software and hardware updates and patches not being implemented, while also encouraging organizations to have better visibility into their networks to better mitigate cyber risks. The Network Resilience Coalition was formed to help address these issues in an open and collaborative way and to help improve network hardware and software resilience on a global scale. By bringing together infrastructure vendors and major network operators who are experienced in deploying patches in a timely manner, the coalition aims to address network hardware and software resilience challenges and inform good policy.

Founding members of the new coalition consist of leaders who have been addressing this problem at its roots, including, AT&T Inc., Broadcom, BT Group, Cisco Systems Inc., Fortinet, Intel Corp., Juniper Networks, Lumen Technologies Inc., Palo Alto Networks, Verizon and VMware. 

“Network resilience is vital to the health of our economy and our interconnected world and there is a need to focus on how to improve the security of the larger ecosystem by all sides working together,” said Ari Schwartz, coordinator of the Center for Cybersecurity Policy & Law, a leading non-profit that brings together industry leaders with policymakers to find solutions that can help improve the digital security of networks, devices and critical infrastructure. “Too often we see organizations fall victim to a cyberattack because an existing critical update or patch wasn’t made.”

Coalition members will work together on a report that investigates the crux of these issues and produce clear, actionable recommendations for improving network security, for technology providers, technology users, and those creating or regulating security policy. 

About the Center for Cybersecurity Policy & Law:

The Center for Cybersecurity Policy & Law is an independent organization dedicated to enhancing cybersecurity worldwide by providing government, private industry, and civil society with practices and policies to better manage security threats. Established in 2017 as a 501(c)(6) nonprofit, the Center combines policy expertise with convening power to bring industry leaders together with policymakers, form coalitions, and launch initiatives that produce real-world outcomes.

Read Next

Risks Associated with IT Monoculture Needs Further Examination

IT concentration risk is a relatively new term but due to recent cyberattacks it has been front and center. To examine the issue the Center conducted an exercise to look at the threats of IT concentration risk and offer recommendations.

Addressing Concentration Risk in Federal IT

The Center conducted a multi-stakeholder tabletop exercise in April to explore a form of concentration risk where a single software, configuration, service, or hardware becomes dominant in an ecosystem.

CISA Promotes Secure by Design Principles with Industry Pledge

CISA announced its “Secure by Design Pledge,” a voluntary commitment by software manufacturers to work towards implementing several cybersecurity best practices.