FCC Panel Weighs Security Practices

Representatives from telecom, cable, wireless, satellite and ISP industries review measures to protect nation's communications services from attack.

by Roy Mark of www.internetnews.com [December 10, 2002]

The Network Reliability and Interoperability Council (NRIC) VI, chartered by the Federal Communications Commission (FCC) to focus on homeland security issues such as the sustainability of public telecommunications networks in the event of a terrorist attack or national disaster, met Friday to begin reviewing some 300 industry best practices ranging from increasing physical security at communications facilities to increased protection of proprietary information.

The 56-member NRIC is composed of representatives from the telecommunications, cable, wireless, satellite, and ISP industries. NRIC members have until Dec. 20 to vote on recommendations to the industry that these best practices voluntarily be implemented.

In developing its best practices, NRIC's Physical Security Focus Group, led by Karl Rauscher, director of the network reliability office at Lucent Technologies' Bell Labs, and NRIC's Cyber Security Focus Group, led by Dr. Bill Hancock, vice president of Cable & Wireless, underwent a process that included a detailed vulnerability and threat assessment and identified the best practices currently in use by the industry to take necessary steps to improve security and mitigate associated risks.

The items considered for securing a physical network included:

• Technology—Best practices for the application of new technologies to better mitigate the effects of an attack

• Access Controls—Practices for access control methods and procedures to help ensure that unauthorized personnel do not have access to critical network infrastructures. Best practices include the development of formal procedures for assigning facility access and constructing physical barriers to prevent vehicular and pedestrian "tailgating," electronic surveillance at critical access points, and changes to landscaping and outdoor lighting

• Personnel—Best practices for security procedures and associated training including recognizing and reporting suspicious items and handling of proprietary information

• Design and Construction—Best practices for new network and facility design and construction methods to help secure critical infrastructure

• Inventory Management—Best practices and procedures for managing critical inventory to hasten restoration of service in the event of an attack. This includes best practices to establish procedures, including storage, handling, transfer and transmission

• Auditing and Surveillance—Best practices for measuring and assessing security readiness in a communications firm, including physical inspection of equipment, network and software and plant locations

• Elevate Internal Role of Security—Best practices to elevate security as an integral part of strategic business planning

"Homeland Security is a critical issue that touches every consumer in America. People want to know that in an emergency their calls will go through and they can reach loved ones. Every bit as important, our nation's communications network must be secure and protected to ensure that public safety, health, and law enforcement officials are able to respond and ensure the flow of information," said FCC chairman Michael Powell.

Earlier this year, NRIC VI adopted an Emergency Assistant Agreement which provides the means by which industry carriers and service providers can elect to enter agreements to collaborate to restore service in the wake of an emergency. It also adopted industry emergency contact procedures and protocol to provide detailed contact information, procedures and protocol to members in times of emergency and to identify communications industry representatives who are essential to effective communications and Internet service restoration efforts.

Powell chartered NRIC VI on January 7, 2002. Membership in NRIC was significantly expanded through NRIC VI to include corporate representatives from the cable, wireless, satellite, and ISP industries. It also established four new working groups to address homeland security: Physical Security, Cyber Security, Disaster Recovery, and Public Safety. NRIC VI is chaired by Richard C. Notebaert, Qwest chairman and CEO.

— End