RealTime IT News

FCC Panel Weighs Security Practices

The Network Reliability and Interoperability Council (NRIC) VI, chartered by the Federal Communications Commission (FCC) to focus on homeland security issues such as the sustainability of public telecommunications networks in the event of a terrorist attack or national disaster, met Friday to begin reviewing some 300 industry best practices ranging from increasing physical security at communications facilities to increased protection of proprietary information.

The 56-member NRIC is composed of representatives from the telecommunications, cable, wireless, satellite and ISP industries. NRIC members have until Dec. 20 to vote on recommendations to the industry that these best practices voluntarily be implemented.

In developing its best practices, NRIC's Physical Security Focus Group, led by Karl Rauscher, director, network reliability office, Lucent Technologies Bell Labs, and NRIC's Cyber Security Focus Group, led by Dr. Bill Hancock, vice president, Cable & Wireless, underwent a process that included a detailed vulnerability and threat assessment and identified the best practices currently in use by the industry to take necessary steps to improve security and mitigate associated risks.

The items considered Friday for securing a physical network included:

  • Technology -- Best practices for the application of new technologies to better mitigate the effects of an attack;
  • Access Controls -- Practices for access control methods and procedures to help ensure that unauthorized personnel do not have access to critical network infrastructures. Best practices include the development of formal procedures for assigning facility access and constructing physical barriers to prevent vehicular and pedestrian "tailgating," electronic surveillance at critical access points and changes to landscaping and outdoor lighting;
  • Personnel -- Best practices for security procedures and associated training including recognizing and reporting suspicious items and handling of proprietary information;
  • Design and Construction -- Best practices for new network and facility design and construction methods to help secure critical infrastructure:
  • Inventory Management -- Best practices and procedures for managing critical inventory to hasten restoration of service in the event of an attack. This includes best practices to establish procedures, including storage, handling, transfer and transmission;
  • Auditing and Surveillance -- Best practices for measuring and assessing security readiness in a communications firm, including physical inspection of equipment, network and software and plant locations; and
  • Elevate Internal Role of Security -- Best practices to elevate security as an integral part of strategic business planning.
  • "Homeland Security is a critical issue that touches every consumer in America. People want to know that in an emergency their calls will go through and they can reach loved ones. Every bit as important, our nation's communications network must be secure and protected to ensure that public safety, health, and law enforcement officials are able to respond and ensure the flow of information," said FCC chairman Michael Powell.

    Earlier this year, NRIC VI adopted an Emergency Assistant Agreement which provides the means by which industry carriers and service providers can elect to enter agreements to collaborate to restore service in the wake of an emergency. It also adopted industry emergency contact procedures and protocol to provide detailed contact information, procedures and protocol to members in times of emergency and to identify communications industry representatives who are essential to effective communications and Internet service restoration efforts.

    Powell chartered NRIC VI Jan. 7. Membership in NRIC was significantly expanded through NRIC VI to include corporate representatives from the cable, wireless, satellite and ISP industries. It also established four new working groups to address homeland security: Physical Security, Cyber Security, Disaster Recovery and Public Safety.