A council of the largest telephone carriers and ISPs, charged by the federal government with preventing disruptions to the nations telecommunications system, is preparing a checklist of procedures to protect networks from terrorism and natural disasters.
The Network Reliability and Interoperability Council, which the Federal Communications Commission rechartered this year to tackle the challenges of homeland security, has been assessing vulnerabilities and surveying practices for several months.
Its report, due in early December, will highlight the best practices among 450 identified procedures for securing a networks physical facilities and cyberspace, according to Bill Hancock, chief security officer of Exodus, a division of Cable & Wireless plc., in Dallas.
“Were going to generate hundreds of new best practices,” said Hancock, who chairs a group within NRIC that focuses on cyber-security. “The teeth of enforcement will come down in the implementation [within companies].”
The practices, taken from procedures in place at individual operators facilities, will include recommendations on diversifying routes, concentration points and aggregation points, according to Jeff Goldthorp, chief of the FCCs Network Technology Division and designated federal officer to the NRIC, in Washington. “What youre trying to do is have the cream rise to the top,” he said.
Numerous “best-practices lists citing overlapping network security recommendations are already in circulation, and many industry experts say that future lists must begin with how to implement recommendations. In other words, the first best practice is to put the practices in place.
“The area that could use the most work in best practices is adoption,” said Julia Allen, senior member of the technical staff at Carnegie Mellon Universitys Software Engineering Institute, in Pittsburgh. “We know what to do; we have to figure out what will cause people to do it.”
Telecom operators share a strong interest in promoting improved practices within their ranks. If they cannot improve the reliability of the system themselves, they realize the government will step in and mandate improvements. The National Communications System, authorized by the Department of Defense, continuously monitors telecom operations and coordinates with the industry when there is an outage.
Currently, there is a “voluntary practice by telecommunications companies … to report outages that may affect national security,” said Bernie Farrell, manager of the National Coordinating Center for Telecommunications, a unit of NCS, in Arlington, Va. “This information is provided to telecommunications industry representatives at the NCC, as well as other federal agencies.”
Carriers also submit information voluntarily to the FCC, but commission officials are considering the possibility of new rules that would enable regulators to keep a closer eye on the networks.
“Weve been in the middle of evaluating the whole posture of the commission with regard to network reliability,” the FCCs Goldthorp said. “When things [like WorldCom Inc.s UUNet outage earlier this month] happen, it certainly reminds us of the issue and causes us to think about it more urgently.”
Still, network operators project optimism about the robustness of the Internet. While it may be true that financial pressures mean some networks are not maintained as rigorously as they were in the past, there is more redundancy built into the Internet today, Exodus Hancock said.
In addition, many maintenance procedures are automated now, so the network relies on fewer personnel conducting manual maintenance, he said.