Eight of the largest US carriers stand up a joint cybersecurity group
Light Reading · Michelle Donegan · May 19, 2026 · source ↗
AT&T, Charter, Comcast, Cox, Lumen, T-Mobile, Verizon and Zayo are now working together in a communications cybersecurity group set up to share threat information and coordinate a faster collective response to attacks. It is, in effect, an ISAC-style body purpose-built for the carriers that carry most of the country’s voice and data traffic — eight competitors agreeing that the threat environment is now bad enough to warrant a standing forum rather than ad hoc back-channels.
The timing isn’t subtle. This follows the run of nation-state intrusions into US carrier networks that put signaling systems, lawful-intercept portals and subscriber data — the CPNI layer — squarely in the crosshairs. A shared early-warning mechanism among the biggest operators is the kind of structural response that’s hard to build inside any single company’s SOC, and the fact that direct rivals are pooling intelligence is the signal worth noting.
And it’s the right instinct, worth saying plainly: collective defense is how a threat class like this actually gets met, and eight fierce competitors choosing to formalize information sharing rather than hoard it is exactly the posture the moment calls for. A standing forum beats the ad hoc phone tree that preceded it, and the willingness to treat security as shared infrastructure rather than competitive advantage is a genuinely good sign. The honest caveat is one of execution, not intent — industry sharing bodies have an uneven record, and more than one ISAC has settled into quarterly briefings and bulletins that never move anyone’s response time. The value here will be made or lost in how the group operates, not in the announcement.
The encouraging part is that a group with this membership is well placed to reach further than classic network defense. The trust infrastructure behind call authentication and number integrity is an adjacent problem that keeps converging with network security — the same actors who compromise a carrier’s core are positioned to abuse the numbering and signaling trust STIR/SHAKEN assumes is intact. If the remit grows toward that calling-trust boundary, this is exactly the right table to defend it from.