Home   News   Archived News    Press Releases 2004

Trust, Cooperation, & Flexibility Are Secrets To NCC Telecom ISAC Success

Arlington, Va., January 15, 2004 - The National Coordinating Center Telecommunications Infrastructure Information Sharing and Analysis Center (NCC Telecom ISAC) operates much like the framework of interconnected and interdependent network systems that make up the telecommunications industry. Just as carriers swap voice and data traffic with one another, the NCC Telecom-ISAC depends on the swift exchange of information among industry representatives and between industry and the Government. But unlike the competitive nature of the telecommunications industry – where companies battle each other for the consumer’s dollar – the NCC Telecom ISAC operates in a cooperative and trusted environment. Representatives from all segments of the telecommunications sector work with and rely on each other to achieve a common objective: to help safeguard the telecommunications infrastructure from all hazards, ranging from cable cuts to natural disasters to information network attacks and terrorist attacks.

The 32 members (29 companies and 3 associations) of the NCC Telecom ISAC, as well Government sources and other liaison partners, feed information and requests into the 24x7 Watch and Analysis Operation, which manages the entire Telecom ISAC information sharing process and provides the central analysis function for the ISAC. Information shared may deal with vulnerabilities, threats, intrusions, anomalies, and mitigation responses, or may simply offer a forum for requesting information from the rest of the NCC Telecom-ISAC membership.

NCC Telecom ISAC members place a high premium on preserving the culture of trust they have established, as all of the information received from members of the Telecom ISAC is deemed sensitive and proprietary and only the originator of information may approve its release to anyone or any entity. “The reason that the NCC Telecom ISAC is successful is that we have a trusted relationship between industry and Government, and that began with the National Coordinating Center for Telecommunications,” said Air Force Lt. Col. Frances Wentworth, who is the NCC Telecom ISAC Program Manager. Adds Ms. Ernie Gormsen of Verizon Communications, the NCC Telecom ISAC Industry Chair, “the trust did not develop overnight. Because we know each other so well and collaborate on a daily basis, we end up trusting the individual more than the corporation.”

Although the ISAC concept is a relatively new development, the foundations for the NCC Telecom ISAC’s trusted environment have been in place since 1984 with the establishment of the NCC, part of the Department of Homeland Security’s National Communications System’s (NCS). The private sector created ISACs in response to the issuance of Presidential Decision Directive 63 in 1998, which proposed that various sectors of the national economy establish ISACs, including the information and communication sector.

In light of the fact that the NCC had already been performing the functions of an ISAC, the NCC was officially recognized as an ISAC in January 2000. Since then, the NCC Telecom ISAC has quickly evolved into an important conduit for sharing information related to the protection of the Nation’s homeland, national, and economic security interests. Its watch and analysis operation became 24x7 in September 2001. Also, because it draws on the technical expertise of the telecommunications sector, the NCC Telecom ISAC has become a central hub in facilitating the management and resolution of information network incidents. In 2002, for example, the NCC Telecom ISAC provided a member company with its first notification of the NIMDA worm, resulting in the successful defense of the company’s networks. That same company, in turn, was the first to notify the ISAC of problems associated with the simple network management protocol. Most recently, the NCC Telecom ISAC assisted in the mitigation of the Blaster worm and SoBig virus. “There’s a common misperception (outside the industry) that telecom is only about the telephone,” said Lt. Col. Wentworth. “Telecommunications doesn’t mean telephone. We use the definition of telecommunications from Federal Standard 1037c, and our concept of operations describes the telecommunications infrastructure as the framework of interdependent telecommunication networks and systems, including both physical and software components, by which the telecommunications industry conducts, transmits, or receives information of any nature, by wire, radio, optical, or other electromagnetic systems.”

Lt. Col. Wentworth said this broad definition is reflected in the membership of the Telecom ISAC – companies that provide telecommunications or network services, equipment, or software to the communications and information sector – including wireline, wireless, satellite, and Internet service providers and vendors; software providers, system integrators, and telecom professional organizations/associations. “Together,” she said, ”they have a broad reach into the industry.”

NCC Telecom ISAC members say it has evolved in connection with the rapid changes in technology and the threat environment. “We are not focusing so much on individual circuits these days,” said AT&T’s Harry Underhill, the NCC Telecom ISAC Industry Vice-Chair, longtime NCC participant, and resident member of the Telecom ISAC. “Much of critical infrastructure protection is now considered to be National Security and Emergency Preparedness (NS/EP) communications.”

Members of the NCC Telecom ISAC also point out that because the threat environment is constantly in flux, there is no such thing as a typical day. One day, the most pressing matter might be assessing the aftermath of a hurricane; the next day, members could find themselves working to determine the source of a potential cyber attack. Sometimes, NCC Telecom ISAC members react to a host of potential hazards all at once. A good example is the confluence of events that transpired last August 14. On that Friday afternoon, while NCC Telecom ISAC members busily shared information related to computer viruses and a looming hurricane off the coast of Texas, a massive power outage affected large parts of the northeastern United States and eastern Canada. This was the largest blackout in North American history, affecting an estimated 50 million people and covering an area of approximately 9,300 square miles. It also affected 100 power plants, of which 22 were nuclear power plants, and several critical infrastructures, including telecommunications, banking and finance, energy, and transportation.

The NCC, the Federal Emergency Management Agency, and Department of Transportation coordinated the supply of fuel and generators to the affected areas to ensure that communications systems remained online. The NCC also communicated with Industry Canada and Canada's Office of Critical Infrastructure Protection and Emergency Preparedness to obtain information regarding the incident.

During the outage, members of the Telecom ISAC coordinated extensively with the North American Electric Reliability Council, which represents the Electricity Sector ISAC. It was an excellent example of ISAC-to-ISAC coordination and mutual support. As Ms. Gormsen notes, “The only constant in our daily operations is that we are constantly establishing a dialogue.”

Members point to the NCC Telecom ISAC’s integration of industry representatives, Government partners, and support contractors as one of its biggest advantages. While some ISACs’ members and operational staff are separate, the Telecom ISAC operates physically within the walls of the NCC, allowing for easy collaboration and trust-building between its industry members, the Government, and the contractor watch analysts, including the occasional impromptu hallway meeting.

The location also enables its resident member representatives – those who are physically stationed within the Telecom ISAC – and also some of the representatives in the local area to interact personally on a daily basis with each other and with the Government staff and contractors that manage the NCC’s 24x7 watch center.
Lt. Col. Wentworth stresses, however, that the Telecom ISAC’s non-resident and geographically distant members are just as integral to its success as the resident members. “It is ultimately irrelevant as to who is here physically – it is more about who is in touch,” she points out. “Residents members do get the added benefit of personal company contacts and relationships, but all members – resident or not – are available at all times, interact with the watch analysts, and with the Government operations staff, and participate in our weekly conference calls.”

Another big advantage that the NCC Telecom ISAC enjoys is that companies do not have to pay to become members because the U.S. Government funds the NCC Telecom ISAC’s 24x7 watch and analysis operation and its member companies pay their representatives’ salaries. This arrangement is largely credited with fostering the widespread participation of the telecommunications industry in the ISAC. Mr. Underhill said that while this model is a perfect fit for the telecommunications industry, he cautions about applying it to other ISACs. “I don’t think there’s a one-size-fits-all model for other ISACs,” he said. “We communicate all day with each other because we have to – our networks are connected. I am not sure we can say this about the other infrastructures – we do this out of necessity.” And Lt. Col. Wentworth says the structure of the NCC Telecom ISAC is a win-win relationship. “We can’t begin to measure the pro bono benefits that the Government gains,” she adds. Mr. Don Smith, Manager of the NCC and NCC Telecom ISAC Government Chair, concurs, saying,“…the Government can’t put a dollar value on what we get from industry and what they bring to the table. They’re integrated into the process and extend out to other telecommunications security forums.”

Indeed, several NCC Telecom ISAC members also lend their technical and operational expertise to the policy task forces of the President’s National Security and Telecommunications Advisory Committee and to the NCS Network Security Information Exchanges. Members say it is a natural fit and a good leveraging of synergies. “Sometimes a solution to a policy matter may be operational in nature - it’s kind of a closed loop,” notes Mr. Underhill. And as Ms. Gormsen explains, ISAC members must also stand ready to reach back to their companies for various reasons, such as for additional technical assistance or for general relationship-building purposes. “A lot of what we do is ensure relationships and trust within our companies, just as we have to maintain trust within the ISAC,” she said. “Just because we are resident members does not mean we are just NCC or ISAC centric,” explained Mr. Underhill. “Our role has a lot to do with building and maintaining relationships with our companies.”

Going forward, members of the Telecom ISAC recommend maintaining the status quo with regard to its structure and operation. “The NCC Telecom ISAC has worked very well,” said Lt. Col. Wentworth. “The goal should not be to break the community of trust.”

Privacy Policy