The U.S. telecom sector is strengthening its cybersecurity coordination efforts with the launch of a new private ISAC designed to help major communications companies respond more effectively to AI-powered cyberattacks, state-backed espionage campaigns, and emerging threats targeting national communications infrastructure. 

The Communications Cybersecurity Information Sharing and Analysis Center, known as the C2 ISAC, was created by some of the country’s largest telecommunications providers to establish a more confidential environment for exchanging cybersecurity intelligence. The founding members include AT&T, Charter, Comcast, Cox, Lumen, T-Mobile, Verizon, and Zayo. The chief information security officers from these companies will serve on the organization’s board. 

The newly formed private ISAC will be led by Valerie Moon, a former senior official with both the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI’s Cyber Division, who has been appointed executive director. 

According to Mark Clancy, chief security officer at T-Mobile and a board member of the C2 ISAC, the evolving threat landscape was a major factor behind the creation of the private ISAC. 

“The main driver for us is our recognition that the threat environment has evolved, and we as a sector and private entities need to evolve and really keep up with the pace and velocity [at which] that’s happening,” Clancy said in an interview with Cybersecurity Dive. 

Clancy explained that telecom companies recognized the need for more direct collaboration during the industry’s response to Salt Typhoon. “The need for us to collaborate on a private-to-private basis really became amplified,” he added. 

Telecom Sector Pushes for Faster Intelligence

Although the telecom sector already participates in information-sharing initiatives through the Communications ISAC, also referred to as the National Coordinating Center for Communications, that organization differs from most ISACs because it operates within the federal government under CISA rather than as an independent private entity. 

According to Clancy, that government affiliation created hesitation among some telecom companies when it came to sharing sensitive cybersecurity intelligence. 

“There’s been concerns and hesitations about it,” he said. 

The new private ISAC aims to address those concerns by limiting participation to industry members and excluding government agencies from its internal discussion channels. Organizers believe this structure will encourage companies to exchange threat intelligence more openly and at earlier stages of investigations. 

“When you have public-sector entities involved, there’s more review and deliberation about what gets put into that channel,” Clancy explained, adding that the new arrangement allows companies to be “a little more raw and early in sharing information.” 

Over time, telecom providers realized they had become overly cautious in the information they shared through the existing Communications ISAC. Clancy acknowledged that companies often withheld lower-level threat indicators that later turned out to be connected to broader malicious campaigns. 

“We were being too restrictive in what we were sharing,” he said, noting that some seemingly isolated activities were “actually tethered to bigger activity.” 

Moon emphasized that the private ISAC is not intended to replace the existing Communications ISAC. Instead, both organizations are expected to operate alongside each other, with the older structure continuing to focus on broader operational concerns such as physical infrastructure threats. 

“We really see this as a complementary effort,” Moon said. “When you think about each of these companies and their adherence to ensuring that the privacy of their data is very much at the forefront of their minds, they see this as a trusted space.” 

Private ISAC May Expand Beyond Threat Sharing

Information-sharing efforts within the telecom sector have already proven valuable in combating cybercrime and network abuse. One example involved the detection of SIM boxes — devices commonly used by cybercriminals to generate large volumes of difficult-to-block spam calls and text messages. 

After T-Mobile identified indicators connected to SIM box activity, the company shared those findings with other telecom providers, enabling them to locate and block similar operations on their own networks. 

Clancy noted that addressing such threats requires coordinated action because malicious infrastructure often spans multiple providers. “In order to figure out what’s happening, you’ve got to look at both sides,” he said. 

Beyond direct threat intelligence, telecom companies have also exchanged operational strategies and defensive techniques through existing partnerships. Clancy recalled learning an effective method for handling residential proxy networks from another telecom operator. 

“I learned a technique for dealing with some of the residential proxy networks from another operator that was really clever,” he said. “And I’m, like, ‘Yeah, we’re going to go do that.’” 

While the immediate focus of the private ISAC is improving information sharing related to AI-powered cyberattacks and network threats, its leaders are also considering broader future capabilities. Clancy suggested the group could eventually develop shared automation platforms and collaborative technologies that would be easier to coordinate privately than through government-led regulatory frameworks. 

The organization may also explore involvement in coordinated cybersecurity operations such as botnet disruptions, though Moon said those discussions are still in early stages. 

“It just depends on what the operation is and where the authorities lie and what we are trying to accomplish,” she said. 

Moon described the private ISAC as being “in its nascent stages,” adding that several long-term objectives remain under discussion. 

Membership expansion is another unresolved issue. Although the current founding members represent some of the largest companies in the telecom sector, Clancy acknowledged that broader participation will be necessary for maximum effectiveness. 

“There are more than eight companies in the communications sector, and so we won’t be fully effective until we increase that membership base,” he said. 

The launch of the private ISAC also coincides with significant uncertainty surrounding federal cybersecurity programs. Budget reductions, staffing cuts, and shifting priorities across government agencies have forced many private-sector organizations to reconsider how they coordinate cybersecurity defense efforts. 

“Obviously, what’s happening in the public sector informs what we need to do,” Clancy said, referencing challenges involving government funding, agencies, and legislative processes. 

He also encouraged the Department of Homeland Security to accelerate efforts to replace the now-defunct Critical Infrastructure Partnership Advisory Council framework, which previously supported confidential discussions between industry and government stakeholders.

Despite operating independently, the private ISAC still plans to maintain communication with federal agencies. According to Clancy, the group intends to share relevant intelligence either directly with government partners or through the existing Communications ISAC framework.

“We could have a more freewheeling private-to-private conversation [and] we could distill the useful, important bits and push them … over to the government side,” he said.