Mike Regan: Embedding Resilience and Operationalizing Cybersecurity Across Information Communications

Both state and non-state actors conduct cyberattacks against critical U.S. infrastructure as part of long-term campaigns. For example, Volt Typhoon, a China-sponsored advanced persistent threat (APT) group, continues to infiltrate communications, energy, transportation, and water systems across the United States.

Resilient Critical Infrastructure

A one-day conference on securing vulnerable critical infrastructure

Broadband BreakfastBroadband Breakfast

Traditional, compliance-focused cybersecurity can’t effectively stop these sophisticated and continually evolving threats. That’s why organizations across the information and communications technology (ICT) ecosystem must avoid a prevention-only approach and adopt a comprehensive cyber resilience strategy.

Key requirements include the ability to withstand attacks, maintain operations during disruption, recover rapidly from intrusions and compromise—and communicate transparently with customers and stakeholders throughout the incident to preserve trust and ensure informed decision-making

This blog explains why countering nation-state-level cyber operations requires a strategic cybersecurity mindset. It highlights the expanding attack surface—from data centers to the intelligent edge—and outlines how organizations can achieve resilience at scale through TIA’s SCS 9001 global cybersecurity and supply chain security standard.

From perimeter defense to operational continuity

Cybersecurity has historically focused on bolstering digital and physical perimeter defenses, as well as complying with regulatory requirements. However, modern adversaries don’t just access systems and devices, they aim to disrupt operations at a massive level. These threats are no longer theoretical. Groups like Volt Typhoon and Salt Typhoon have already compromised multiple U.S. infrastructure sectors, including energy and communications, with the intent to disable or degrade services during future geopolitical events.

The shift to strategic, targeted attacks by U.S. adversaries requires a new mindset. The question is no longer whether systems can be breached, but how quickly and securely can they recover. Cyber resilience prioritizes operational continuity. It involves anticipating attacks, minimizing impact, and restoring trusted operations in a repeatable, verifiable way.

It spans people, processes, and infrastructure across cloud, core, and edge environments, from data centers to distributed IoT networks. For ICT providers, this means evaluating both internal assets and external dependencies such as hardware and software supply chains, AI models, and embedded devices.

Yet comprehensively implementing resilience can be challenging. The complexity of today’s ICT environments creates opportunities for threat actors, who often lurk undetected in systems for months by exploiting regulatory blind spots and cross-domain gaps. In a resilience model, recovery is a key performance indicator, not a fallback.

The expanding attack surface

Modern ICT systems are increasingly distributed, dynamic, and interdependent. As intelligence shifts to the edge, IoT devices such as smart sensors, cameras, and embedded controllers often operate with limited visibility and inconsistent security oversight.

These conditions create persistent soft targets for adversaries. Real-world threats extend across the physical supply chain. Tampered hardware, unvetted components, embedded backdoors, and disrupted logistics can all compromise system integrity. Without visibility into these dependencies, organizations struggle to plan for resilience or recover from attacks that originate outside their direct control and operational domain.

Software supply chains pose equally serious challenges. Vulnerabilities scale rapidly when components are pulled from public repositories, open-source libraries, or integrated without provenance checks. Generative AI introduces additional attack vectors: LLMs may expose sensitive data, suggest insecure configurations, or accelerate exploit development through automated code generation. Their reliance on opaque APIs and third-party training pipelines further reduces transparency and security oversight.

Supply chain interdependencies magnify these risks. A single compromised component or vendor can impact thousands of downstream systems. Detecting sophisticated threats is particularly challenging for small and medium-sized vendors, who often lack the tools, expertise, guidelines, and policy infrastructure available to larger organizations.

The 2019–2020 SolarWinds breach illustrates how even trusted partners may unknowingly host latent vulnerabilities. To maintain operational resilience when a vendor is disrupted or compromised, organizations must diversify their supplier base and avoid single-source dependencies.

Designing for disruption: A strategic approach to ICT system recovery

Organizations must strategically design resilient ICT systems to detect, withstand, and recover from disruption. Achieving these capabilities requires more than monitoring logs and patching known or common vulnerabilities. Many organizations operate complex, distributed environments where full patch coverage is difficult due to legacy software, disparate systems, and incomplete asset visibility. Moreover, some threat actors can reverse-engineer patches faster than teams can deploy them.

Resilience strategies prioritize recovery over theoretical prevention. Immutable backups are foundational as a single source of truth. When implemented correctly, adversaries can’t modify or delete them, even during ransomware attacks or insider compromise. These backups must be verified, routinely tested, and stored offsite to protect against both digital and physical threats. To further reduce risk, granular access controls and strict change management policies help prevent misuse of administrative privileges.

Driven by advances in AI and ML, automation plays an increasingly critical role in operational resilience. Detection and response platforms identify anomalies in real time, isolate affected systems, and trigger recovery workflows. When integrated with these backup systems, they form a closed-loop system that minimizes dwell time and reduces manual intervention. For small and medium businesses, AI- and ML-based automation also helps offset limited in-house cybersecurity resources.

Standardizing resiliency

Consistently achieving effective cyber resilience requires structured frameworks that guide planning, monitoring, response, and recovery. The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) has long served as a foundational model for enterprise cybersecurity strategy.

The updated CSF 2.0 significantly broadens its scope—introducing a new "Govern" function, expanding applicability beyond critical infrastructure, and emphasizing supply chain risk, privacy integration, and automation. It also deepens guidance on asset management, anomaly detection, containment, and backup integrity to support resilient, real-time response across diverse environments.

Nevertheless, today’s rapidly evolving and distributed ICT environments require frameworks that go beyond the enterprise and data center to address both digital and physical supply chains. SCS 9001 Release 2.0 delivers that broader scope. Developed by TIA, SCS 9001 is the first global cybersecurity and supply chain security standard purpose-built for the ICT industry.

Technology-agnostic, the standard aligns with evolving legislative requirements such as the BEAD's Cyber Supply Chain Risk Management (C-SCRM) requirements and the EU Cyber Resilience Act. Spanning cloud providers, network operators, device manufacturers, and integrators, SCS 9001 formalizes core resilience practices into a unified, proactive, and repeatable baseline. It outlines business impact analyses, continuity plans, supplier metrics, and backup strategies.

SCS 9001 also emphasizes restoring complete operational environments—data, source code, development tools, and build systems—essential for both production and R&D. These capabilities form the operational core of resilience: recoverable systems, validated processes, and data integrity under time constraints and pressure.

Mike Regan leads TIA’s QuEST Forum, focusing on business performance improvement initiatives. With over 30 years in engineering leadership, he has directed large teams delivering mission-critical communications products for top service providers, cloud platforms, and enterprises. His experience spans early-stage startups to global companies, with responsibilities across the full product lifecycle—from strategy and architecture to compliance, security, and operations. Mike holds a B.S.E.E. from Northeastern University, Boston. This Expert Opinion is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views expressed in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Resilient Critical Infrastructure Summit

A one-day conference on securing America's vulnerable digital infrastructure

Register for Resilient Critical Infrastructure