2 Strategies for Protecting the Telecommunications Sector

John Sullivant

S3E–Sisters Three Entrepreneurs Security Consultants Company, West Hollywood, California and Magallanes Associates International (MAI), Thousand Oaks, California

2.1 Introduction

To provide for the economic and national security of America, it is essential that we establish and maintain a telecommunications capability adequate to satisfy the needs of the nation during and after any national emergency. We now live in a world that is increasingly more dependent on information and the technology that allows us to communicate and do business globally, at the speed of light. Information has always been time-dependent but is more so today than ever. The composition of the telecommunications sector evolves continuously due to technology advances, business and competitive pressures, and changes in the marketplace and regulatory environment. Despite its dynamic nature, the sector has consistently provided robust and reliable communications and processes to meet the needs of businesses and governments [1].

2.2 Background

2.2.1 A Historical Perspective

The Telecommunications Sector has evolved from a predominantly closed and secure wire-line telecommunications network focused on providing equipment and voice services, into a diverse, open, technologically sophisticated, highly interconnected, and complex industry with a wide array of infrastructure that spans critical aspects of the US government, economy, and society.

Three distinct policy events have shaped the course of the modern-day telecommunications industry. The first event was the 1984 court-ordered breakup of AT&T [2], a company that controlled the majority of the local and long distance markets. The second event was the passage of the Telecommunications Act of 1996 [3], which opened local PSTN (public switched telephone network) service to competition. It required incumbent carriers to allow their competitors to have open access to their networks. As a result, carriers began to concentrate their assets in collection facilities and other buildings known as telecom hotels, collection sites, or peering points instead of laying down new cable. Internet Service Providers (ISPs) also gravitated to these facilities to reduce the costs of exchanging traffic with other ISPs. Open competition has caused the operation of the PSTN and the Internet to become increasingly interconnected, software-driven, and remotely managed, while the industry's physical assets are increasingly concentrated in shared facilities. The third event was the horrific attacks of 2001, which led to sweeping changes in the reorganization of the US government with the creation of the US Department of Homeland Security (DHS), the realignment of security responsibilities of several government agencies under this new entity, and a wave of laws and national actions aimed at redefining the importance of the telecommunications and other sectors, and their threat environment. Homeland security is a concerted national effort to prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, and minimize the damage and recover from attacks that do occur [4].

In response to the attacks of 2001, the DHS issued a National Infrastructure Protection Plan (NIPP) in June 2006. This plan establishes a bold, comprehensive unifying structure and overall framework for the integration of national critical infrastructures and key resources protection efforts, into a single National Security Program. It requires designated lead federal agencies to work with the private sectors to address how sector stakeholders should implement the national strategy and protection measures, and how they can improve the security of their assets, systems, networks and functions [5].

The telecommunications sector, the theme of this chapter, is one of the 18 major industries identified in the NIPP as a National Critical Infrastructure. These sectors are diverse, operate in every State and affect every citizen, private and public entity, and the government at every level. The National Telecommunications Sector-Specific Plan augments the NIPP and describes the collaborate efforts between state, local, and tribal governments; nongovernmental organizations; and the federal government to secure the sector from a terrorist attack or other disaster. The plan offers a road map to prioritizing protection initiatives within and across the sector to ensure risk mitigation by lowering vulnerabilities, deterring threats, and minimizing the consequences of attacks and other incidents [1].

2.2.2 What Makes Up The Telecommunications Sector?

The Communications Sector is integrally linked with the Information Technology (IT) Sector. In general usage they are often referred to and incorporated under the common name “Telecommunications Sector.” Driven by twenty-first century technology transformation and convergence, the Communications and the IT Sectors are becoming more closely aligned with telecommunications and eventually will merge into one entity. For the purposes of this chapter we will consider that merging to have taken place. The Telecommunications Infrastructure Sector [6] is a complex system of systems that incorporates multiple technologies and services with diverse ownership. More than 85 percent of telecommunications-related assets, systems, and networks are owned and operated by the private sector. Some owners and operators are government or quasi-government entities.

The infrastructure includes wire-line, wireless, satellite, cable and broadcasting, and the transport networks that support the Internet and other information systems. The sector provides voice and data service to public and private users through a complex and diverse public network infrastructure encompassing the PSTN, the Internet, and private enterprise networks. The PSTN provides switched circuits for telephone, data, and leased point-to-point services. It consists of physical facilities, access tandems and other equipment. The physical PSTN remains the backbone of the infrastructure with cellular, microwave, and satellite technologies providing extended gateways to the wireline network for mobile users. The Internet and private enterprise networks are key resources, comprising the domestic and international assets within both the IT and Communications Sectors, and are used by all other sectors to varying degrees.

2.2.3 How Do We Secure the Telecommunications Sector?

Much of the expertise required for planning and taking action to protect telecommunications assets lies outside the federal government, including precise knowledge of what needs to be protected [7]. The sector has historically factored natural disasters and accidental disruptions into network resiliency architecture, business continuity, and emergency preparedness planning strategies. The interconnected and interdependent nature of these service provider networks has fostered information sharing, cooperative response, and recovery relationships for decades. Since one service provider network problem nearly always impacts the networks owned and operated by other network providers, the community has a long-standing tradition of cooperation and trust, even in today's highly competitive business environment. Owners and operators have always been responsible for protecting their physical assets against unauthorized intruders. These measures, however conventionally effective in the past, generally have not been designed to cope with significant military or terrorist threats or the cascading economic and psychological impacts they may entail [8]. Such planning to defend against a terrorist attack is a relatively new phenomenon for the industry. With the wide range of operators and owners, companies, technologies, and government interests that make up the telecommunications community, it is important to find common ground in establishing sector security goals. Despite any initial variances in agreeing on a single strategic security vision, much headway has been made and new security enhancement initiatives continue to emerge as new technologies are developed and employed. Moreover, the telecommunications sector recognizes that other critical infrastructures are highly dependent on its services for basic operations. In this respect, interconnection, interoperability, and security are achieved through technology standards, regulations, carrier agreements, and inter-carrier cooperation, enabling the infrastructure to operate effectively and rapidly restore networks after a disaster. Resiliency is achieved through the technology, redundancy, and diversity employed in the network design and by customers who plan for and employ diverse and resilient primary and backup communications capabilities [9]. Although industry partners maintain and protect the core backbone of the network and share assets and systems, and the facilities connecting these assets to the customer premises, customers are largely responsible for developing and employing mitigation strategies for access to their portion of the network through continuity of operations planning [10].

2.2.4 What are Critical Telecommunications Infrastructure Systems and Assets?

The U. S. Patriot Act defines critical infrastructure as “systems and assets, physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on national security, national economic security, national public health and safety, or any combination of these matters.” Telecommunications, IT, and cyber space systems, functions and assets fall under this definition [11].

2.2.5 What is the U.S. Policy on...