Cost of Cybersecurity Has to Be in the Budget
By Vinit Duggal, Chief Information Security Officer
In the 15 years that I have been at Intelsat, we have been able to maintain a strong cybersecurity posture across our networks. We created and evolved a program that has allowed Intelsat to integrate and embed security into the DNA of our culture. Ensuring availability and integrity of our services is a foundational expectation of our customers. Building and budgeting security at service inception through the entire lifecycle is vital to the success of our program.
Providing the level of security that satisfies customer expectations is a cost of doing business. When we design new services or make changes to installed systems, we view incorporating cybersecurity measures as a key part of the process, so that the cost is incorporated into our capital budgets. We also believe it is our responsibility to assess our ecosystem partners with the same rigor that we look at everything else, as they are vital components when enabling services. We use a combination of internal resources and third parties to evaluate each component of the service chain. If we discover vulnerable aspects to service we actively work with our partners and vendors to mitigate any exposure. Most importantly, a service is never rolled out until we are confident that it can securely run in production.
In the big picture, cybersecurity is not an exorbitant expense when addressed upfront (the opposite is true when companies have to address security after the fact), usually accounting for only modest percentage of our technology budget when we look at the total capital expenditures for services. We also are very careful about what and where we manage our spend. There are hundreds of security products on the market and we spend a lot of time looking at what solutions offer the best technical fit for Intelsat. The best solution is not necessarily the most expensive security product on the market.
We have varying degrees of segmentation in place for various aspects of network that depend on access needs. The most secure segment of the network is our flight operations, these command and control networks are managed by multiple layers of security and our spend focuses on preventative controls here. While our spend on our service provider network focuses on availability controls. Managing the various security paradigms allows Intelsat the flexibility to ensure security while maintain usability across the enterprise.
We truly believe everyone in the service chain needs to take security seriously, most importantly customers. This is of particular concern when dealing with government entities, who are often more focused on bottom line pricing than on the security of a system or service. If the government is going to hold a satellite operator or other provider responsible for security, evaluating security posture needs to be a material part of the bidding process.
The threat landscape that our industry faces today is very real. We are building solutions that are enabling an ever more connected ecosystem, ranging from connected car, planes and ships. Protecting against these active threats is a fundamental responsibility of service providers and quite frankly is not a challenge that can’t be overcome. Executive buy-in and funding are critical and in today’s world is simply the cost of doing business.