Some of the largest telecommunications companies are forming a coordinated alliance to strengthen cybersecurity defenses across the sector, reflecting growing concern over increasingly sophisticated attacks targeting critical communications infrastructure.
The companies involved — AT&T, Charter, Comcast, Cox, Lumen Technologies, T-Mobile, Verizon, and Zayo — are establishing a new body called the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC). The initiative is designed to create a trusted environment where security teams can exchange threat intelligence and coordinate defensive responses in real time.
Verizon’s chief information security officer Nasrin Rezai described the move as a significant step toward protecting national communications infrastructure. She emphasized that structured, real-time intelligence sharing allows the industry to build a collective defense capability that individual companies cannot achieve alone.
AT&T representative Dan Feldstein noted that the threat landscape has shifted rapidly in the past year and a half, with cyberattacks becoming more frequent, complex, and impactful. He said the new framework would help companies respond faster and improve coordination through updated tools and processes.
A shift toward industry-led defense
Cybersecurity experts suggest the formation of C2 ISAC reflects a broader shift toward industry self-reliance in threat defense.
Jacob Krell of Suzu Labs pointed out that telecom companies are now building the type of intelligence-sharing infrastructure that might have been more effective before major breaches occurred. He referenced advanced cyber espionage groups, such as Salt Typhoon, which have targeted telecommunications networks for intelligence gathering and surveillance.
Historically, telecom cybersecurity coordination was more closely tied to federal structures. However, critics argue that government-managed frameworks discouraged open information sharing at critical moments. Similar models in other sectors, such as energy and finance, already rely on industry-led coordination systems.
Krell also highlighted that reduced federal cybersecurity capacity and budget constraints have contributed to the industry taking a more independent role in defense coordination.
A “safe harbor” for intelligence sharing
Some analysts view C2 ISAC as a strategic response to the limitations of government-managed frameworks.
Jacob Warner of Xcape described the initiative as a private-sector effort to create a more flexible and less bureaucratic environment for sharing sensitive security telemetry. By operating outside traditional government channels, companies may feel more comfortable sharing early-stage threat data without fear of regulatory exposure or public disclosure.
This structure is intended to improve speed and trust, although it also reduces direct government visibility into certain threat intelligence streams.
Balancing agility and oversight
Security experts caution that while private-sector coordination can improve responsiveness, government involvement remains essential for broader threat attribution and national security coordination.
Ensar Seker of SOCRadar noted that industry-led groups tend to operate more quickly and encourage stronger collaboration between peers. However, he emphasized that government agencies still play a critical role in handling classified intelligence and orchestrating large-scale responses to nation-state threats.
He suggested that the most effective model is a hybrid system where industry-led sharing complements government oversight rather than replacing it.
Why telecom sees collective defense as necessary
Industry leaders argue that telecom networks are facing increasingly coordinated and persistent attacks that no single provider can effectively defend against alone.
Dave Gerry of Bugcrowd said that attackers have already been operating in coordinated ways for years, and telecom providers are now adapting to that reality by aligning their defenses more closely.
Other experts emphasized that telecom infrastructure — including 5G systems, signaling protocols, and backbone networks — has become a strategic target for both nation-state actors and financially motivated attackers.
Trey Ford of Bugcrowd described the formation of C2 ISAC as a response to the rising cost and complexity of defending against sector-wide threats, noting that no single company can achieve full visibility into attack patterns that span the entire industry.
He pointed to three converging pressures: the rise of AI-enabled cyberattacks, increased nation-state targeting of communications infrastructure, and the inability of individual firms to see cross-network threat activity in real time.
From information sharing to collective defense
Supporters of the initiative argue that structured intelligence sharing effectively turns cybersecurity into a collective defense system.
Shawn Edwards of Zayo said that when companies share indicators of compromise, attack methods, and operational lessons in a trusted environment, the entire industry becomes more resilient and better prepared to respond.
John Strand of Strand Consulting added that telecommunications infrastructure is under constant attack and that providers carry responsibility comparable to critical safety industries such as aviation. He emphasized that protecting communications networks is not only a competitive concern but a shared obligation across the sector.
Wrapping up
The creation of the C2 ISAC reflects a broader shift in how critical infrastructure sectors are approaching cybersecurity. Rather than relying solely on government-coordinated frameworks or isolated corporate defenses, major telecom operators are moving toward structured, real-time collaboration.
The underlying signal is clear: cyber threats targeting communications networks are now considered too complex, too frequent, and too coordinated for any single operator to manage alone. Whether this industry-led model becomes a template for other sectors will depend on how effectively it balances speed, trust, and coordination with the need for broader national-level visibility into evolving cyber threats.
