THE PRESIDENT’S

NATIONAL SECURITY TELECOMMUNICATIONS

ADVISORY COMMITTEE

 

 

 

 

 

 

 

 

 

 

 

CONVERGENCE

TASK FORCE REPORT

 

 

 

 

 

JUNE 2001

 

Executive Summary

Telecommunications carriers are implementing cost-effective packet networks to remain competitive in the evolving telecommunications marketplace and to support wide-scale delivery of diverse, advanced broadband services.  However, because of their large investments in public switched telephone network (PSTN) infrastructure, carriers are initially leveraging the best of both infrastructures, resulting in a period of network convergence during the transition to the next generation network (NGN).

 

The President’s National Security Telecommunications Advisory Committee (NSTAC) Convergence Task Force (CTF) examined potential national security and emergency preparedness (NS/EP) implications of this indeterminate, developing public network infrastructure.  The resulting information, provided in the CTF Convergence Report, is designed to enable the President and NS/EP entities to make informed recommendations to address the ability of the evolving public network (PN) to reliably support NS/EP communications requirements.  Specifically, the report addresses—

 

·          Potential security vulnerabilities of converged networks including those of the control space

 

·          The realistic possibility of widespread outages of converged networks (resulting from focused failures) and the associated implications

 

·          Ongoing standards development efforts in support of NS/EP priority requirements in the converged network. 

 

Analysis of these issues also addresses concerns expressed by prominent Government officials regarding the possible impacts of the evolving network environment on NS/EP communications.  More specifically, at NSTAC XXIII, Mr. Richard Clarke, National Coordinator for Security, Infrastructure Protection, and Counter-terrorism, expressed concern about the lack of understanding regarding single points of failure (e.g., physical or cyber) in the Nation’s network infrastructure and the subsequent NS/EP implications.  Furthermore, Dr. Neal Lane, former Director, Office of Science and Technology Policy (OSTP), in response to the June 2000 NSTAC Information Technology Progress Impact Task Force Report on Convergence, recognized that the changing network environment requires consideration of the possibility of widespread outages in converged networks and in the evolving NGN and its potential NS/EP implications.  Dr. Lane subsequently requested NSTAC’s assistance in considering those matters.

 

As a result of its analysis, the CTF believes the PSTN is becoming increasingly vulnerable as a result of its convergence with packet networks.  The open environment of packet networks provides ample opportunities for individuals to gain access to, manipulate, and steal sensitive information transmitted via the PSTN.

 

Furthermore, the interoperation of the intelligent network of the PSTN with Internet Protocol (IP) networks via gateways presents additional vulnerabilities.  Specifically, the unreliability of existing gateway screening capabilities, the lack of security guidelines for interconnection, and the lack of control and authentication mechanisms for network management traffic, are all matters requiring further attention.  Malicious activity directed at signaling gateways could precipitate network disruptions and impact overall network availability and reliability.  Moreover, the Internet Protocol does not accord higher priority to “in-band” signaling messages.  As a result, network congestion might not be circumvented in converged networks by using conventional NS/EP priority access and transport mechanisms.  Additional analysis related to these vulnerabilities is required to gain further understanding of possible consequences.  Also, the scope of analysis should be broadened to include convergence of wireless data networks with the PSTN.

 

Possible remedies for these vulnerabilities include those discussed at a recent NSTAC and OSTP Research and Development Exchange.  They include implementation of signaling firewalls at network gateways and embedded security capabilities that are defined through standards.  The CTF also believes that industry and Government must cooperate fully to address these vulnerabilities and implement subsequent remedial tools. 

 

Regardless of the aforementioned vulnerabilities, the evolving NGN ultimately must offer the NS/EP community quality of service (QoS) and reliability, protection, and restoration (RPR) features analogous to those of the PSTN.  To help achieve this goal, converged network security and reliability concerns must be properly addressed by developing an understanding of evolving network technologies and applications through coordination in various forums, such as the NSTAC and standards bodies.  The Government must foster cordial working relationships with NGN carriers, such as Internet service providers (ISP) and competitive local exchange carriers (CLEC), and encourage their participation in NS/EP forums.  Perhaps most importantly, the Government should specify security requirements in packet network-related procurements in an effort to attain network reliability commensurate with that of the PSTN.

 

As the NGN evolves and advanced, broadband services proliferate, the Government must remain actively involved in pertinent activities of standards bodies, helping define and ensure the consideration of NS/EP requirements.  Such involvement will help encourage industry to address NS/EP requirements, including extension of NS/EP priority services (such as Government Emergency Telecommunications Service [GETS] and Telecommunications Service Priority [TSP]) to an IP environment as required, while concurrently attending to societal demands for advanced network services.  These efforts would ensure consideration of NS/EP requirements early in network design processes, avoiding the need for costly retrofitting.  The Government should continue participating in working group activities related to NS/EP issues.  These include those in the Internet Engineering Task Force (IETF) Signaling Transport Group addressing decoupling of call control from bearer channels in packet networks and those in the International Telecommunication Union Telecommunication and Standardization Sector (ITU-T) addressing implementation of an International Emergency Preference Scheme (IEPS).

 

For its part, industry should strive to employ cooperative risk assessments to help mitigate converged network vulnerabilities.  At a minimum, risk-based, policy-driven, and economically justified key remedies should be adopted to curb network threats.  The best methods of addressing network security risks involve analyzing systematic risk and remediation measures, ensuring stakeholder commitment and cooperation, sharing best practices, and researching and deploying new security measures.  Also, broad industry participation in the NSTAC, the Government Subgroup on Convergence and any other appropriate mechanism is important to facilitate effective information sharing on emerging network vulnerabilities and to provide ongoing NS/EP recommendations to the Federal Government.

 

To further address emerging network concerns, the CTF examined the issues of points of failure and possible widespread outage occurrences in converged networks.  Past NSTAC analyses supplied foundational material for this analysis.  In previous reports, the NSTAC stated that the resilient features of the PTSN and the diverse architecture of the Internet makes it unlikely that any single point of failure would cause a regional or national network disruption in either infrastructure. 

 

However, the CTF recognizes a fundamental change in the emerging PN, wherein network vulnerabilities and possible points of failure could impact service availability and reliability rather than creating network component failures.  Services such as voice over IP and bandwidth reservation capabilities could be essential to NS/EP operations in the future and subsequently could be impacted by packet network weaknesses.  Therefore, the Government should not become reliant on nascent IP services without thoroughly analyzing their potential vulnerabilities.  Further analysis of this issue is required.

 

The CTF requested and also participated in a National Coordinating Center for Telecommunications (NCC) single point of failure exercise.  The results of this exercise supported the findings of the initial NSTAC PSTN and Internet widespread outage reports.  Participants concluded that a scenario could not be envisioned, even in the converged network environment, in which a single point of failure could cause widespread network disruption.  The participants found it more likely that any potential single points of network failure would have only local or “last mile” impacts and that preventive and remediation measures would require end-user coordination with carriers to ensure the needed network diversity. 

 

Despite the encouraging results of the exercise, the CTF believes definitive assertions cannot be made regarding the implausibility of a national-level network failure.  Unknown potential network failure points could exist and result in unforeseen network disruptions and service outages.  Detailed network data sharing between Government, industry, and academia is essential to further understanding the converging networks and achieving more accurate network modeling and simulation techniques to analyze vulnerabilities and their impacts.  Additional exercises should be scheduled to further analyze the NS/EP implications of network vulnerabilities as the NGN evolves.

 

The transition to the NGN also requires adoption of a formal process for sharing network data and vulnerabilities to address Government NS/EP concerns as they arise.  The Information Sharing and Analysis Center (ISAC) for telecommunications, located at the NCC of the National Communications System (NCS), could facilitate such a process.  Specifically, industry and Government should utilize the ISAC for assessing threats and developing suitable risk-mitigation strategies.  Furthermore, amid the increasingly complex PN environment, industry has indicated a willingness to investigate the need for formal plans to assist carriers in recovery efforts during disasters.  Successful plans would likely involve use of coordinating mechanisms, such as private networks, and would rely on Government support for such mechanisms.

 

NSTAC Recommendations to the President

Recommend that the President, in accordance with responsibilities and existing mechanisms established by Executive Order 12472, Assignment of National Security and Emergency Preparedness Telecommunications Functions, direct the appropriate departments and agencies, in coordination with industry to—

 

·          Specify network security, service level, and assurance requirements in contracts to help ensure reliability and availability of NS/EP communications during network convergence and in the developing NGN

 

·          Ensure that standards bodies consider NS/EP communications functional requirements during their work addressing network convergence issues, including security of PSTN-IP network Signaling System 7 (SS7) control traffic and development of packet network priority services

 

·          Plan and participate in additional exercises examining possible vulnerabilities in the emerging PN and subsequent NS/EP implications on a national and international basis

 

·          Utilize the NCC-ISAC to facilitate the process of sharing network data and vulnerabilities to develop suitable mitigation strategies to reduce risks.

 

NSTAC Recommendations to the IES for Consideration in the NSTAC XXV Work Plan

Recommend that the IES—

 

·          Examine the NS/EP security and reliability implications of the convergence of wireless data networks with the PSTN and traditional wireless networks

 

·          Support the efforts of the Government Subgroup on Convergence as requested by the Government in accordance with NSTAC’s charter

 

·          Further examine converged network control space-related vulnerabilities, including those of signaling and media gateways, and analyze possible NS/EP implications.

 

 

 

 

I

Text Box: Terms of Reference Convergence refers to a 3-to-5 year period of NGN evolution during which traditional circuit-switched networks (including the Advanced Intelligent Network [AIN]) and IP-based data networks will coexist and interoperate to enable end-to-end transmission of voice communications, until packet-based networks subsume circuit-switched networks. The Next Generation Network is a public, broad-band, diverse, and scalable packet-based network evolving from the PSTN, Advanced Intelligent Net-work (AIN), and Internet. The NGN is characterized by a core fabric enabling network connectivity and transport with periphery-based service intelligence.

n the past, the public network (PN)[1] consisted primarily of the narrowband, mature, public switched telephone network (PSTN) and separate Internet.  Now, the PN increasingly consists of converged networks, the transitional stage toward next generation networks (NGN).  Converged networks comprise circuit switched networks interoperating with broadband packet-based Internet Protocol (IP) networks.  Compared with the PSTN, IP networks are less mature, less understood, less secure, and more feature rich.  In this evolving network environment, industry and Government must strive to identify and remedy associated network vulnerabilities to ensure continued security, reliability, and availability of the communications capabilities of the national security and emergency preparedness (NS/EP) community.  Furthermore, the ambiguities of evolving networks and the rapid pace of technological progress necessitate continual and swift industry and Government evaluation of concomitant NS/EP communications requirements and prompt implementation of solutions to satisfy those requirements. 

 


The President’s National Security Telecommunications Advisory Committee (NSTAC) gives the President the information to make informed decisions with respect to critical NS/EP communications.  Once informed, the President can make recommendations to address the ability of evolving networks to reliably support NS/EP communications.  Recently, the NSTAC’s Convergence Task Force (CTF) began examining possible NS/EP implications of the evolving public network infrastructure.  Specifically, the CTF is examining potential converged network security vulnerabilities, including those in the control space; the realistic possibility of widespread converged network outages and associated NS/EP implications; and standards development efforts to support NS/EP priority requirements in the converged network.  The initial results of these efforts are provided herein to assist the President and Government in making informed decisions to fulfill NS/EP requirements in the near-term. 

 

THE MOVEMENT TOWARD

A NEW PUBLIC NETWORK

 

S

everal factors are influencing carrier business decisions to implement packet networks.  Foremost, economic considerations compel carriers to employ a single packet network-based NGN to support both voice and data traffic.[2]  It is no longer feasible to maintain separate networks for voice and data.  Per-minute charges for voice services have dropped faster than minutes-of-use has risen.  At the same time, bit-per-second use of data networks has increased faster than prices for access have decreased, which has increased revenue.[3]  These trends combined with annual reductions in prices for IP network equipment enable carriers to maintain earnings required to build high-bandwidth networks.[4]  However, because carriers have enormous investments in PSTN infrastructure, they must initially leverage the best of both infrastructures in support of new services. 

Text Box: Terms of Reference Advanced services are those generally requiring digital information transmission rates (bit rates) that are significantly higher than the nominal 56 kilo-bits/second which can be transmitted through an or-dinary, high quality telephone voice circuit. (NTIA, Advanced Telecommunications In Rural America, 2000, p. 5.) Broadband refers to the capability of supporting at least 200 kilobits/second in the consumer’s connec-tion to the network (“last mile”), both from the provider to the consumer (downstream) and from the con-sumer to the provider (upstream). (FCC, In the Matter of Local Competition and Broadband Reporting, Report and Order, CC Docket No. 99-301 [rel. March 30, 2000] supra note 8, at 22.)

The increasing demand for advanced broadband services is another factor influencing migration to NGNs.  According to a recent National Telecommunications and Information Administration (NTIA) report, advanced network capabilities and their sustained high data rates are becoming ever more important as businesses and consumers increasingly rely on the Internet and on sophisticated applications incorporating audio and video.[5] Furthermore, NTIA claims that availability of advanced telecommunications will become essential to the development of business, industry, and trade, as well as distance learning, telemedicine, and telecommuting; therefore, the rate of deployment has implications for the economic development of our Nation’s communities and the welfare of Americans.[6]

 

From a business-case perspective, continued implementation of packet networks to support wide-scale delivery of diverse, advanced broadband services is necessary to secure carrier competitiveness in the evolving telecom marketplace.  The open and distributed nature of packet networks also enables rapid deployment of applications and services, permitting carriers to satisfy customer demands/requirements more quickly than in traditional circuit-switched networks. This service creation capability, characterized as more edge-based, indicates a shift from the closed and centralized PSTN service creation model exemplified by the Advanced Intelligent Network (AIN).  While IP networks might eventually enable a richer, more powerful suite of telephony services, carrier investment in deploying Signaling System 7 (SS7) makes it more practical to develop new services by leveraging existing SS7 capabilities than by building data voice services from scratch.[7]  Therefore, carriers are currently seeking to bridge the control space of the disparate networks via gateways.  However, the movement toward convergence of packet networks and the PSTN during transition to the NGN could present new network reliability and vulnerability concerns. 

 

CONVERGED NETWORK VULNERABILITIES

 

I

n the evolving public network, it is difficult to define causative vulnerabilities and potential impacts. Because converged networks are based upon less mature and less secure packet networks (when compared with the PSTN), the first challenge is to fully understand security weaknesses and the likely implications if those weaknesses are exploited.  Therefore, to better understand industry views of the evolving public network infrastructure and potential associated vulnerabilities, the CTF obtained numerous briefings from industry representatives. 

 

Understanding Emerging Networks            

As indicated in Figure 1, the NGN will be a complex, diverse network.  According to this depiction, the emerging NGN will unify multiple legacy and new services into a single backbone network consisting of IP running over an Asynchronous Transfer Mode (ATM) network using Multi Protocol Label Switching (MPLS).

 

Text Box: Figure 1. Sample Depiction of an NGN Architecture
ATM is a network technology that supports multimedia communications such as realtime voice and video as well as data.  MPLS enables IP-ATM integration, traffic engineering, and establishment of virtual private networks.  MPLS also provides tools to engineer quality of service (QoS) features into the network.  This is important because in a converged PSTN-IP network environment, different services have different reliability, protection, and restoration (RPR) requirements, as well as different QoS requirements (e.g., throughput, latency, guaranteed delivery). 

 


Essentially, services crossing multiple networks must rely on cooperation at each network-to-network interface (NNI) to provide end-to-end RPR and QoS.  MPLS enables the policy-based networking needed to achieve this.  Policy-based networking uses a network management paradigm with centralized databases for rules to enable distributed policy enforcement at the network element level.  Such a system would help simplify operations with uniform control, translate service-level policy to network control functions, and permit scalability.

 

Text Box: OPTICAL NETWORKING AND NS/EP The era of optical networking has begun. By incorporating state-of-the-art wavelength division multiplexers in transport networks, it is possible to simultaneously send many information signals over a conventional optical fiber line. This technology has increased the usable bandwidth of these lines from 10 Gigabits per second to hun-dreds of Gigabits per second. Continuing advances in optical fibers and transport equipment will increase the num-ber of possible high bit rate information signals that can be sent, making terrestrial Terabit per second optical fiber lines possible in the near future. But high capacity, high channel count systems are just one aspect of the emerging optical network. Individual network elements will be interconnected in sophisticated topologies and will function collaboratively to monitor network performance and to mitigate network failures. The newest and most innovative feature of optical networks will be the capability to automatically establish optical connections, i.e., optical information transmission paths, using signaling methods similar to those in today’s circuit switched networks. These Automatic Switched Optical Networks (ASON) will provide flexible end-to-end paths for broadband data and voice services such as IP-based and ATM-based services. Given the flexibility inher-ent in an ASON and the bandwidth it provides, these networks can serve as a powerful means for maintaining essential telecommunications services during emergency conditions or periods of network congestion. Although ASON lies in the future, the enabling technologies are the subject of much current work within the telecommunications standards community, especially the T1X1 technical subcommittee in the United States and the International Telecommunication Union (ITU). Now is the time for ensuring that the options for emergency opera-tions and secure access of optical networks are considered by the telecommunications standards community. -Tobey Trygar, Telcordia
Other technologies, such as optical networking and wireless data networks will likely contribute to the composition of the NGN.  Please see the insert above for a discussion of optical networks and Appendix A for information on the wireless Internet revolution. 

 


The potential composition and functionality of emerging networks foretell a major challenge facing converged networks: synchronizing the high reliability, performance, and security standards established in the traditional voice network with those of data networks.  Switch reliability in today’s PSTN is at 99.999 percent; on average switches experience less than 5 minutes of downtime per year.[8]  Meanwhile, data network infrastructure (including access routers and core routers and switches) reliability is at 99.8 percent, resulting in a 17.5 hour-per-year average downtime.[9]  It is reasonable to assume services such as automatic geographic location of 911 callers,[10] and priority access and transport features similar to Government Emergency Telecommunications Service (GETS) could transfer to packet networks.  If this is the case, such networks must be reliable and secure to Text Box: GETS gives NS/EP users priority access to local and long distance net-works and specialized processing for NS/EP calls. support mission-critical operations.  Greater downtime could significantly interrupt NS/EP communications, as well as availability of NS/EP services.  Therefore, to give the NS/EP community the levels of network and service reliability and security analogous to those of the PSTN in the evolving networks, many network technology and policy considerations need to be thoroughly vetted by industry and Government. 

 

The first step in this process is to develop a more thorough understanding of evolving network technologies and applications through coordination in various forums such as the NSTAC and standards bodies.  As this is achieved, associated vulnerabilities can be more readily identified through industry-employed mechanisms, such as risk assessments, so that the potential threats to NS/EP communications are fully considered and remedies instituted. 

 

Establishing Risk Baselines                        

In adopting a framework for risk assessments, it is first necessary for each network provider to establish a risk baseline consisting of a defined set of parameters to help understand what potential risks exist and which risks, if any, they are willing to bear.  For instance, one could posit that a network may be at risk if the network has vulnerabilities.  Vulnerabilities may be unknown, or known and identified.  Threats could exploit these vulnerabilities to damage that network.  The measure of risk thus becomes a function of the potential damage and the level of threat.  As vulnerabilities are identified, industry can determine their potential for damage and prioritize efforts to reduce the risks.  As always, when industry makes essential decisions regarding what remediation to implement, the remediation’s cost and complexity must be considered in parallel with the level of potential damage.  Furthermore, any information in threat assessments from law enforcement or the intelligence community can be an important component in the remediation decision.  Industry can use such threat information to prepare to mitigate known vulnerabilities.

 

A representative from a prominent infrastructure consultant described a methodology for analyzing the security risks of converged networks.  First, one must accept the notion that the PSTN is becoming increasingly vulnerable because of convergence with packet networks.  Consequently, because the security measures implemented to protect these networks might not keep pace with technological growth, substantial risks are possible.  These increased risks precipitate the need for systematic, cooperative risk analyses to help prevent PSTN and IP network outages from occurring.

 

Specifically, risk analyses of converged networks are necessary because network convergence exposes both voice over Internet Protocol (VoIP) users and PSTN users to new dangers.  For example, deliberate attacks are a significant factor in the availability of Internet service today because all components are interconnected; and attacks can be mounted from anywhere in the network. As a result, packet networks are subject to several fundamental security problems, including sniffing, spoofing, message altering, message duplication, message interception, and subversion of innocent hosts to multiply attacks.  These vulnerabilities are extended to the PSTN as convergence occurs, wherein service disruptions and performance degradation could result from malicious acts such as denial of service attacks.

 

Additionally, the distributed nature of IP networks may increase the opportunity for cyber attack by allowing greater access to critical and enhanced PSTN systems.[11] The increased accessibility of packet networks enhances the potential for activities such as masquerading, wherein individuals could gain access to, manipulate, and steal sensitive information from PSTN components by using the identity of an authorized user.

 

Consequently, converged networks have additional sources of potential vulnerabilities that the PSTN alone does not have.

Text Box: Converged Network Components Signaling Gateway A device that converts SS7 messages from the PSTN into various protocols required by packet networks and vice versa. Media Gateway A device that converts analog voice signals into various protocols required by packet networks and vice versa. Examples of media gateway devices include VoIP gateways. Media Gateway Controller (MGC) (also refer-enced as a “softswitch”) MGC is a device that controls media gateways and provides call control and network resource man-agement. The MGC integrates control functions (including the ability to process IP, digital subscriber line, ATM, and frame relay protocols in the same unit) and SS7 capabilities. (Information referenced from www.techweb.com/ encyclopedia) Adequate risk assessments require examination of various converged network infrastructure components for potential vulnerabilities.  Various types of gateways are used to link PSTN and IP networks and facilitate transition of signaling messages across the different platforms.  These gateways also present a host of potential vulnerabilities.  VoIP supporting gateways, for instance, could greatly increase the susceptibility of the PSTN to security breaches and network performance degradation.  Techniques such as flooding gateways with spurious messages to disrupt their operations could impact communications across the networks.  Also, by spoofing address sources, unauthorized individuals could access secure components of the PSTN via gateways.  Moreover, the addition of these new components to an existing architecture and the resulting greater signaling traffic loads increase both the number of network elements that must be secured and the potential points of failure.[12]  Therefore, establishing a risk baseline related to the gateways, identifying their critical vulnerabilities, and subsequently adopting securing mechanisms for remediation is of paramount importance to help ensure network reliability in a converged environment.

 

Securing the Control
Space of Converged Networks                      

A major concern of the CTF is the interoperation of the intelligent network of the PSTN with IP networks via signaling gateways.  As this occurs, IP networks could present those with malicious intent a “back door” into the control space of the PSTN, which could enable malicious activities such as insertion of false SS7 messages.  If unauthorized parties gain access to a signaling gateway, they could disrupt or suspend its operations, alter its routing tables, or use it to forward false communications to other signaling gateways.[13]  Such activities could precipitate network disruptions and impact overall network reliability and availability.  Also, if the operations of a media gateway controller (with SS7 capabilities) were maliciously targeted, all customers whose service depends on that controller would likely experience service disruptions to include Enhanced 911 and NS/EP services.[14]  Because the media gateway controller will likely play a critical role in the NGN, and because of its coordinating function among other network elements, security mechanisms are vital to sustain its reliability.  Further investigation of potential controller vulnerabilities is essential to fully understand possible NS/EP implications. 

 

Another matter of concern involves the coupling of call control with bearer channels in packet networks.  In the traditional PSTN, the SS7 network is an out-of-band signaling system that provides call setup and call services separate from the actual transport of the voice data.  However, in IP networks, the network intelligence data is transmitted over the same infrastructure as the data itself.  Therefore, in IP-based networks, signaling messages are not accorded any higher priority than any other data or voice traffic in the network.  During periods of congestion, signaling messages are as likely to be blocked or dropped as any other messages.[15]  In a converged network, such events could impact availability and reliability of the GETS service, which relies on the signaling network for functionality. 

 

The Government should closely monitor standards bodies’ efforts to address decoupling of call control from bearer channels in packet networks, including those of the Internet Engineering Task Force (IETF), ITU Telecommunication Standardization Sector (ITU-T), and International Softswitch Consortium.

A recent NSTAC and Office of Science and Technology Policy sponsored Research and Development (R&D) Exchange[16] addressed network control space vulnerability issues affecting converged networks.  The exchange participants, including telecom and information technology (IT) industry members, and academia, commented that control space vulnerabilities could result from a number of factors.  Primary causes cited include the inadequacy and unreliability of existing gateway screening capabilities, inadequate firewalls, the lack of security guidelines for interconnection, and lack of mechanisms to control or authenticate network management traffic and routing on the network.[17] 

The attendees offered several solutions for such inadequacies including the following key preventive measures:

 

·         Adopting effective gateway “signaling” firewalls

·         Ensuring embedded security capabilities are defined through standards

·         Ensuring producers of commercial-off-the-shelf security products are made aware of customer security requirements

·         Encouraging third party evaluation of products to ensure compliance with security requirements.[18] 

 

The CTF concurs with these recommendations. 

 

Coordination with Standards Bodies                      

Expanding upon the standards solution discussed at the R&D Exchange, the CTF believes current standards bodies’ work regarding converged network reliability and security is of preeminent importance to NS/EP communications. The IETF has created various task force subgroups to address such converged network issues.  Currently, the IETF Signaling Transport Group is studying how telephony signaling is carried over the Internet.  It is important that Government, including the National Communications System (NCS), which is responsible for ensuring reliability of NS/EP communications,[19] be actively involved in such groups, to ensure consideration of NS/EP requirements, including GETS.

 

The NCS is already contributing to activities of numerous standards bodies such as the European Telecommunications Standards Institute, Telecommunications and Internet Protocol Harmonization over Networks (ETSI TIPHON) group.  ETSI TIPHON is examining several security issues related to convergence, including identification and authentication procedures for emergency calls, and issues related to cyber attacks and malicious intrusion into networks. 

 

The NCS is also active in ITU-T efforts regarding recommendation E.106, Description of the International Emergency Preference Scheme (IEPS).  IEPS recognizes the requirement for priority communications among governmental, civil, and other essential users of public telecommunications services in crisis situations. IEPS, which is similar to GETS, would give authorized users priority access to and transport of NS/EP-related calls on an international basis within the PSTN and integrated services digital network (ISDN) infrastructures.  A goal of the ITU-T is to encourage integration of IEPS services through execution of service level agreements (SLA), with service providers using standard capabilities inherent in the infrastructure.  In other words, the current standards efforts seek to avoid costly retrofits for service providers (as realized through GETS) and encourage business practices whereby customers pay only for those services received.  Moreover, if demand for such services materializes, service providers might be able to identify a market for priority services beyond the scope of Government NS/EP telecommunications (e.g., priority telecommunications services for doctors).

 

The NCS notes that numerous issues related to extension of IEPS to IP networks are also being addressed by standards bodies like the IETF.[20]  Issues include identifying packet flows for IEPS, interfacing emergency communication processes in existing telephony services with IP-based services during convergence, and adopting a broad range of emerging IP-based services (e.g., electronic mail and instant messaging) to enhance IEPS operations.  The NCS expects that security measures for protection of IEPS communications (e.g., authentication), protection of the data stream, and procedures and processes for handling IEPS communications will have to be developed.

 

The CTF agrees that the Government needs to carefully consider several standards-based issues as the converged network emerges, including the business case for implementing NS/EP services in this environment, how the services would be deployed, and how supporting SLAs would be developed.  The NCS will continue to support these efforts. 

 

Ultimately, as major standards bodies recognize NS/EP priority requirements, it is important to ensure they become part of new standard interface requirements so that GETS calls, for instance, can continue to be recognized during network migration and convergence, and to avoid costly and insecure retrofitting of requirements.

 

As the NGN evolves and as advanced services and broadband networks proliferate, the Government will need to continue working closely with industry and standards bodies to forge an understanding of NS/EP requirements in general, to encourage industry to recognize a need for balance between societal demands for services and the needs of the NS/EP community, and to ensure requisite NS/EP standards are defined and deployed.

 

ADOPTING SOLUTIONS

 

B

ased on the information obtained from industry as outlined above, the CTF believes a dichotomy exists between societal and governmental requirements for emerging converged and broadband network services, such as VoIP.  Carriers are quickly implementing packet networks to realize cost savings and to remain competitive in the rapidly evolving telecom market.  As a result, every possible reliability and security implication cannot be fully realized and mitigated.  Also, at this time, many users are willing to accept certain network reliability and security deficiencies in exchange for use of advanced and “free” or economic services, such as streaming video and VoIP.  Conversely, from the NS/EP community perspective, there is a need to harmonize the high reliability and security capabilities afforded over the PSTN with those of the converged networks to ensure reliable end-to-end mission-critical NS/EP communications capabilities. 

 

In today’s competitive telecommunications environment, the need for rapid innovation and the lack of a clear return on investment for network-based, NS/EP-related services often preclude consideration of these services during technology development.  In addition, competitive local exchange carriers’ (CLEC) and Internet service providers’ (ISP) lack of familiarity with traditional network capabilities and a working knowledge of technical capabilities related to NS/EP services introduces another element of uncertainty to the process.  Therefore, the CTF believes it is important to inform these industry parties about the importance of NS/EP services and requirements and encourage them to participate in such forums as the NSTAC to promote cordial working relationships. 

 

Also, the CTF believes industry should at minimum attempt to adopt key remedies that are risk-based, policy-driven, and economically justified to help curb network threats in general.  These remedies might stem from a defined set of baseline needs related to physical and environmental concerns (i.e., the network framework), personnel concerns (i.e., insider threats), and technical aspects of emerging networks.  The CTF realizes, however, that network risks must be prioritized according to the severity of the threat and associated mitigation costs, and it might not be feasible to justify expenditures required to alleviate certain risks. 

 

In addition, carriers and network hardware and software vendors alike can employ various mechanisms to help facilitate near-term remediation.  For instance, software architects can define processes for security tracking and maintenance. Service providers and equipment vendors can define operating environment requirements for call management agents and identify platform configuration requirements.  Also, implementation of security mechanisms such as installation of firewalls for VoIP applications, signaling protection mechanisms such as encryption, and access control and non-repudiation features are all important factors. 

 

From the Government’s perspective, issues involving the reliability and security of GETS in a converged network environment must be resolved.  Because it was designed to operate in the PSTN, GETS might not function optimally in packet networks.  Furthermore, despite efforts to augment GETS operational processes and security and reliability mechanisms for such networks, the rapid pace of technological network advances will likely require constant implementation of requisite features to ensure continued GETS functionality.  However, unless similar priority features, with parallel ability to meet NS/EP functional requirements, are implemented in packet networks, it might prove riskier to abandon GETS than to try to augment it for use in the NGN. 

 

It is important for Government to further examine issues related to convergence to ensure NS/EP requirements are satisfied as the transition to the NGN continues.  In relation, in its December 2000 report, the Government’s Convergence Task Force (USG CTF) recommended the establishment of a Subgroup on Convergence to examine NS/EP implications of the expanded capability and opaque reliability of the emerging NGN.[21]  Their concerns should be fully articulated to industry to make certain they are considered as the NGN infrastructure is developed.

 

Similarly, industry, through mechanisms like the NSTAC, should continue drawing upon its knowledge of emerging network vulnerabilities, including control space security issues, to provide ongoing NS/EP-related advice and recommendations to the President.

 

In summary, the best methods of addressing network security risks are to analyze systematic risk and associated remediation measures, ensure stakeholder commitment and cooperation, share best practices, and research and deploy new security measures. 

 

Also, tabletop exercises, wherein industry responds to hypothetical network vulnerability and outage scenarios, are effective for identifying possible issues of concern to the NS/EP community.  The CTF participated in such an exercise to analyze the possible consequences of converged network vulnerabilities.  The findings of the exercise are noted in the following section.

 

COULD CONVERGED NETWORK VULNERABILITIES LEAD TO A WIDESPREAD OUTAGE?

 

A

t the June 2000 NSTAC XXIII meeting, Mr. Richard Clarke, National Coordinator for Security, Infrastructure Protection, and Counter-terrorism, expressed concerns about potential single points of failure, both physical and cyber, in the Nation’s evolving network infrastructure. He questioned whether such points of failure, if exploited, could have the potential to cause widespread network disruptions and subsequently impact NS/EP communications.  Also, Dr. Neal Lane, former Director, Office of Science and Technology Policy (OSTP), in a letter to the NSTAC Chair, expressed concern that the changing network environment requires consideration of the possibility of widespread outages in converged networks and the evolving NGN as well as the potential NS/EP implications.  The CTF considered both issues. 

 

Types of Network Failures

The CTF believes there are severity points/levels in today’s network with changing probabilities of failure depending on size: national-level failure; regional-level failure; local-level failure; and last-mile failure (see Table 1).

 

For the purposes of the discussion related to focused failures, the CTF addressed only national and regional-level failures.  Local and last-mile critical points-of-service issues do not have the potential to create regional outages and should be addressed by each facility manager in conjunction with the local service providers.  The CTF also supports the Government’s Joint Program Office (JPO)—Special Technical Countermeasures (STC)[22] efforts to address potential local and last-mile issues in relation to NS/EP entities.

 

Likelihood of a Widespread Outage            

In two reports,[23] the NSTAC addressed the likelihood of a widespread outage in both the public telephone network and the Internet in the context of national and regional level failures.  These reports offered conclusions relevant to the CTF’s current analysis. 

Text Box:

 


Widespread PSTN Outage                           

According to the initial report, while the PSTN’s evolving technologies provide an expanding array of services and features and facilitate network robustness, these same technologies can introduce vulnerabilities.  Moreover, standards and interoperability testing play a critically important role. 

 

However, the initial report noted that the U.S. telecommunications industry has designed the PSTN to preclude single points of failure above the local switching level through both logical and physical diversity.  (In the past, most network failures resulted from design flaws, software failures, or human action.) Technologies such as Synchronous Optical Network (SONET) rings and dynamically controlled routing, coupled with the diversity of carriers, result in a high level of public telephone network reliability and robustness.  These resilient features mitigate the potential for any single point network failure resulting in a widespread outage of PSTN service.  This notion is illustrated by carriers’ continuing success in providing reliable service, even during natural disasters and power failures.  The February 2001 Washington State earthquake demonstrated PSTN robustness, in that relatively few PSTN disruptions were experienced.

 

Widespread Internet Outage