1 / 27

Homeland Security Physical Security Focus Group Update

This update provides an assessment of physical vulnerabilities in public telecommunications networks and the Internet, and recommendations to prevent disruptions from terrorist activities and natural disasters.

toddwhite
Download Presentation

Homeland Security Physical Security Focus Group Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federal Communications Commission Network Reliability and Interoperability Council VI HOMELAND SECURITY PHYSICAL SECURITY (Focus Group 1A) Update to Council December 5, 2003 KARL F. RAUSCHER Chair Homeland Security Physical Security Focus Group (1A) DirectorNetwork Reliability, Lucent Technologies Bell Labs Chair NRIC V Best Practices Subcommittee Vice Chair ATIS Network Reliability Steering Committee (NRSC) Founder & President Wireless Emergency Response Team (WERT) Representative National Coordinating Center (NCC) for Telecommunications Chair-Elect IEEE Technical Committee on Communications Quality & Reliability (CQR)

  2. Outline • Mission • Summary of Accomplishments • Best Practices (~ 200 Prevention; ~ 100 Restoration) • Areas for Attention (31) • Recommendations (12) • Blended Attacks Discussions with Focus Group 1B • 2 New Recommendations • Suggestions for NRIC VII • Actions for Council Members

  3. Focus Group Mission The Focus Group will assess physical vulnerabilities in the public telecommunications networks and the Internet and determine how best to address those vulnerabilities to prevent disruptions that would otherwise result from terrorist activities, natural disasters, or similar types of occurrences. The Focus Group will conduct a survey of current practices by wireless, wireline, satellite, and cable telecommunications and Internet services providers, network operators and equipment suppliers that address Homeland Defense. By December 31, 2002 the Focus Group will issue a report identifying areas for attention and describing best practices, with checklists, that should be followed to prevent disruptions of public telecommunications services and the Internet from terrorist activities, natural disasters, or similar types of occurrences. The Focus Group will report on current disaster recovery mechanisms, techniques, and best practices and develop any additional best practices, mechanisms, and techniques that are necessary, or desirable, to more effectively restore telecommunications services and Internet services from disruptions arising from terrorist activities, natural disasters, or similar types of occurrences. The Focus Group will issue a report containing best practices recommendations, and recommended mechanisms and techniques (including checklists), for disaster recovery and service restoration. The Focus Group will issue this report within twelve (12) months of the first Council meeting. The Focus Group will coordinate with the Homeland Security Cyber Security Focus Group (1B)to assure that vulnerabilities in the public telecommunications networks and the Internet are assessed, and to determine how best to address those vulnerabilities to prevent disruptions that would otherwise result from terrorist activities, natural disasters, or similar types of occurrences. The Focus Group will also coordinate with other Focus Groups, as appropriate.

  4. Big Picture of Process Flow NRIC FGs OVERSIGHT Stakeholders Council Charter Coordination Steering Committee C o u n c i l Assemble Vulnerabilities Vulnerabilities FCC & Focus Group 1A Recommendations Assemble Threats Threats OUTPUTS INPUTS P & R Reports assess determine conduct issue report develop Assemble BPs Existing BPs Industry Areas for Attention Checklists Best Practices Mechanisms Techniques SMEs$ Survey Council Broader Industry SUPPORT

  5. Power Software Payload Human Environment Hardware Networks Policy Systematic Assessment of Communications Infrastructure Vulnerabilities PUBLIC HEALTH LAW ENFORCEMENT FINANCIAL COMMUNICATIONS INFRASTRUCTURE PREVENTION ENERGY TRANSPORTATION Other Infrastructures

  6. Integrated Framework forVulnerabilities – Threats – Best Practices electromagnetic weapons thermal nuclear war hijacking of a network Threats • Best Practices that • address Vulnerabilities • address Threats • by preventing the exercise of vulnerabilities, and/or mitigating the impact should a vulnerability be exercised Environment accessible identifiable physical damage Hardware vibration / shock temperature extremes electromagnetic radiation Policy foreign national ownership X-123 X-789 PREVENTION Vulnerabilities X-222 X-111 X-999 X-555

  7. NCS Systematic Assessment of Communications Infrastructure Vulnerabilities RESTORATION

  8. Development of Best Practices ~ 200 Applicable to Prevention ~ 100 Applicable to Restoration

  9. Across Network Types All Elements Planning & Design Throughout Organization Functions & Levels Repair & Decommission Provisioning & Installation Operation & Administration Throughout Lifecycle Best Practices in My Company User-Friendly Access with Keywords

  10. Power Software Payload Human Environment Hardware Networks Policy 31 Areas for Attention 3 1 2 4 COMMUNICATIONS INFRASTRUCTURE 10 4 5 2

  11. Power Software Payload Human Environment Hardware Networks Policy Areas for Attention COMMUNICATIONS INFRASTRUCTURE • Internal Power Infrastructure Is Often Overlooked • Rules Permitting Access to Internal Power Systems Increase Risk • Priorities for Good Power Systems Management Compete with Environmental Concerns • Power System Competencies Need to Be Maintained • Need for Periodic Re-Assessment • Any Environment Can Be Destroyed • Unique Circumstances Require Special Consideration • Overall Security Plan • Research Needed for Methodologies to Protect Air within Critical Facilities R+

  12. Power Software Payload Human Environment Hardware Networks Policy Areas for Attention COMMUNICATIONS INFRASTRUCTURE 1. Physical Security of Software 2. Control of Software Development • Nuclear Attack • Hardness to Radiation • Solar Flares and Coronal Mass Ejection • Control of Hardware Development 1. Physical Aspects of Securing Network Payload 1. Network Redundancy and Diversity 2. Existing NRIC Best Practices Effectively Address Network Vulnerabilities

  13. Power Software Payload Human Environment Hardware Networks Policy Areas for Attention COMMUNICATIONS INFRASTRUCTURE • Complex Interactions • Commitment of Senior Management to Corporate Security • Voluntary National Background Checks for Access to Critical Sites R+ R+ • 1. Inadvertent Negative Impact of Government Regulations • FCC Effects on Vulnerabilities and Best Practices • Federal Review for Infrastructure-Related Mergers & Acquisitions • Mutual Trust is Vital to Industry-Government Information Sharing • Single Focal Point Needed for Disaster Coordination • Awareness of Emergency Preparedness Priority Services • Implications of Evolving Technologies on Emergency Restoration • Protecting the Character of NRIC Best Practices • Protecting Critical Infrastructure Information • Future Processes for CII Protection R+ R+ R+ R+ R+ R->

  14. 12 Recommendations • Industry Recommendation of Physical Security Prevention Best Practices • Industry Recommendation of Physical Security Restoration Best Practices • Research Needed for Methodologies to Protect Air within Critical Facilities • Voluntary National Background Checks for Access to Critical Sites • Federal Review for Infrastructure-Related Mergers & Acquisitions • Continue NCC and Telecom-ISAC Coordination Capabilities • NCC as Single Focal Point Needed for Industry Disaster Coordination • Awareness of Emergency Preparedness Priority Services • Review Implications of Evolving Technologies on Emergency Restoration • Commitment of Senior Management to Corporate Security • Industry Recommendation of Physical Security Additional Best Practices • Protecting Critical Infrastructure Information R-> R->

  15. Blended Attacks CYBER PHYSICAL • Scope • Physical dependencies on Cyber • Cyber dependencies on Physical • Communications infrastructure dependencies on other critical infrastructures * • Systematic Vulnerability-based Approach • Outlining P/C, C/P and CI dependencies * • Identifying vulnerabilities associated with dependencies • Develop Best Practices to address above • Evaluate coverage * Communications Infrastructure Dependencies on other Infrastructure are deferred to future NRIC consideration

  16. New Recommendation Additional Homeland Security Best Practices RECOMMENDATION NRIC VI-1A-11 The Council recommends that the additional NRIC VI Physical Security Best Practices be implemented, as appropriate, by Service Providers, Network Operators and Equipment Suppliers, in order to promote the reliability, robustness, adequate capacity, security and sustainability of the public communications infrastructure throughout the United States during events or periods of exceptional stress and to more effectively restore from disruptions of public communications services and Internet services due to terrorist activities, natural disasters, or similar types of occurrences. (8 new Best Practices)

  17. New Recommendation Protecting Critical Infrastructure Information BACKGROUND • Government entities - at all levels - are systematically gathering information about critical infrastructures within their jurisdictions • Security requires strict protection of critical information by means of very controlled access and distribution • The number of lists of critical communications infrastructure facilities can be nearly impossible to protect

  18. New Recommendation Protecting Critical Infrastructure Information RECOMMENDATION NRIC VI-1A-12 As a general practice, government entities should not aggregate sensitive information critical to the communications infrastructure. Exceptions should be limited to information needed to address specific concerns in support of federal Homeland or National Security objectives. Federal, state or local government requests for industry information should be handled in accordance with, and given the protections provided by, the Homeland Security Act of 2002, Section 214.

  19. Insights for FCC & Industry for NRIC VII • Enhance systematic framework of vulnerabilities • Ongoing maintenance of Best Practices • Consider communications infrastructure dependencies on other infrastructures • Industry survey

  20. “Take Aways” for Council Members • Consider and Support 2 Proposed Recommendations • Continue internal review and implementation of Best Practices, as appropriate • Reference Homeland Security Physical Security Final Report (Issue 3, December 2003) • Recognize your representatives

  21. Additional Information

  22. Ed Bickel Donovan Dillon Bill Klein Steve McOwen Chris Miller Art Reilly Delgie Jones Craig McQuate Steve Michalecki Steve Michalecki Jim Runyon Rick Krock Ted Lach Anil Macwan Rick Kemper P.J. P.J. Aduskevicz Aduskevicz Craig Swenson Rick Rick Canaday Canaday Federal Reserve System Ken Buckley Frank Maguire Frank Maguire Hank Kluepfel Jennifer Meredith David F. Phillips Loye Manning George Caldwell I.B.S.S. Capt. J. Kathy Burton Perry Fergus Larry Stark Schwarz Cathy Purvis Molly Schwarz Ralph Whitlark Consulting Shawn Cochran John Morovich Mike Kennedy Michael Clements Keith Hopkins Bob Postovit Jayne McCullough Thomas Priore, Jr. Jayne McCullough Richard Biby David Porte John Cholewa Virgil Long Ted Abrams Percy Kimbrough Scott Jones Everett Dennison Chao-Ming Liu Tom Soroka, Jr Steven Warwick Wayne Chiles Dick Craft Liz Geddes Roger Kochman Fred Tompkins Daniel Jenkins Focus Group 1A - Team Membership Karl Rauscher - Chair Government & Other Entities Government & Other Entities Equipment & Software Suppliers Service Providers & Network Operators Service Providers & Network Operators Ralph Whitlark Shawn Cochran John L. Clarke III

  23. Power Software Payload Human Environment Hardware Networks Policy Salute to the Task Group Leaders Anil Macwan, Lucent Technologies & Ralph Whitlark, BellSouth Michael Kennedy, Nortel Networks Craig McQuate, Genuity COMMUNICATIONS INFRASTRUCTURE Craig Swenson, MCI & Molly Schwarz, Schwarz Consulting Chao-Ming Liu, Telcordia Technologies & Ted Lach, Lucent Bell Labs Larry Stark, NCS Perry Fergus, NCS (BAH) Rick Canaday, AT&T

  24. Acknowledgements • Team Members • organizational and individual commitments • professional excellence and personal commitment to the mission • teamwork • Pam Stegora-Axberg, Steering Committee Chair • expanding industry participation • improving the NRIC outreach program • Jeff Goldthorp, NRIC VI Designated Federal Officer • care and diligence, supporting outreach program • ATIS • hosting numerous meetings at their Washington, D.C. facilities

  25. Definitions Vulnerability A characteristic of any aspect of the communications infrastructure that renders it, or some portion of it, susceptible to damage or compromise. Threat Anything with the potential to damage or compromise the communications infrastructure or some portion of it

  26. Seven Principles in Developing Best Practices • “People Implement Best Practices" • Do not endorse commercial or specific "pay for" documents, products or services • Address classes of problems • Already implemented • Developed by industry consensus • Best Practices are verified by a broader set of industry members • Sufficient rigor and deliberation NRIC Best Practices bring the industry’s best minds & experience together to provide guidance that could not be achieved by companies on their own

  27. Guiding Principles • Work Is Critical and Urgent . . . Successful completion of our mission is vital to national security 2. High Quality, On-Time Deliverables that Are Trustworthy and Thorough . . . Fulfill applicable Charter requirements and meet the needs of the Nation 3. Clear Objectives . . . For team, and individual participants and organizations 4. Leadership Will Pursue Consensus of Team . . . Also needs to set pace & guide fulfillment of charter 5. Follow a Scientific Approach, Not Merely Collect Subjective Opinions . . . Be objective and practice a disciplined methodology 6. Capture Every Good Idea . . . Welcome new and different perspectives for consideration • Respect for Individuals . . . Open and honest interactions

More Related