Sept. 11 proved for some telecommunications companies that their security mechanisms were airtight. Others found that security needed tweaking. Most believe their contingency plans stood up well under the attack.
AT&T Wireless discovered that it needed to alter how its network was configured. Prior to Sept. 11, the wireless carrier relied on a single Verizon switch to connect to land lines around the World Trade Center. “Now, instead of relying on a single switch, we divvy up how the calls are handled, and no one switch is handling the bulk of the calls in one area,” said AT&T Wireless spokesman Ritch Blasi.
The terrorist attack also served to speed up the rollout of the wireless carriers next-generation network, which will support enhanced 911 service, allowing a wireless carrier to better pinpoint the location of a caller between three cell sites.
In the event of a strike on any cell site, AT&T Wireless can quickly deploy mobile Cell sites on Wheels, or COWs, to replace unavailable cell sites or boost capacity in a specific area. The wireless carrier, which expects to have 21,000 permanent cell sites by years end, located a dozen COWs in the southern tip of Manhattan after Sept. 11.
For its brethren in the long-distance land-line business, no major security changes were deemed necessary after the terrorist attack last year. The long-distance carrier, which handles 310 million voice calls and 2,200 trillion bytes of data on a typical business day, prides itself on the security and reliability of its network. Because of that emphasis, the company continually works to enhance security.
AT&T learned after Sept. 11 that its emphasis on disaster recovery really paid off. The firm, which has invested more than $300 million in disaster recovery, found that its response worked as planned.
One of the major elements of its contingency plans is a “fleet of 150 giant tractor-trailers around the country engineered for AT&T and containing every piece of equipment needed to re-establish network connections in the event of any kind of disaster,” said Network Operations Center spokesman David Johnson.
The tractor-trailers can be anywhere in the United States within 24 hours. The other major element of the companys contingency plans is a fully redundant network that provides multiple paths for all traffic to potentially traverse.
Rival Sprint, meanwhile, found that its disaster recovery plans were stretched to their limit after Sept. 11. “We didnt anticipate a disaster of that magnitude. Our facilities survived through those events, but we did not anticipate the amount of potential damage to connecting carriers or the extent of damage to our customers and their ability to get back up,” said David Flessas, vice president of operations for long distance and incident commander for Sprints national disaster preparedness committee in Kansas City, Kan.
“Since that time weve taken that plan and made sure we have an expanded framework in place for disaster recovery,” he said. That expanded framework does not include new security technologies, however. “We havent seen the need to heavily augment our technology,” he said.
: Last-Mile Disruptions”>
Like AT&T, Sprint found that its own facilities were fine, but that last-mile access was disrupted. It has since incorporated last-mile connections into its disaster recovery and business continuity planning.
Genuity Inc. found its security mechanisms needed a boost post-Sept. 11. The Woburn, Mass., company realized its own internal network and its control network, used to manage its commercial network, lacked intrusion detection.
The control network, dubbed the Operations, Administration Maintenance and Provisioning (OAMP) Network, had some level of protection, but not enough. “We had firewalled it off, but we never went as far as measuring the network at access points to see if someones attempting to get in,” said Chris Yetman, vice president of operations architecture, design and support in Woburn, Mass. “Now if someones trying a brute-force attack by going through a dictionary, it will raise an alarm in the operations center while it is going on, allowing us to respond.”
An internal audit committee, which determined the need for the intrusion detection on the OAMP network, also determined that Genuitys contingency plans didnt go far enough. While the plans initially focused on major facilities, such as the Network Operations Center, they were extended after Sept. 11 to include other buildings.
“Weve got written plans and electronically set up redundant systems so we can monitor from other locations. But the big difference now is that we exercise those plans once a quarter to make sure we can still cut over the NOCs and make sure we can monitor from a secondary site. Its a significantly higher level of diligence in terms of disaster recovery,” said Yetman.
Special Report: Rebuilding for Tomorrow