Title: N e t w o r k R e l i a b i l i t y
1Federal Communications Commission Network
Reliability and Interoperability Council VI
HOMELAND SECURITY PHYSCIAL SECURITY Update to
Council
September 13, 2002
KARL F. RAUSCHER Chair Homeland Security
Physical Security Focus Group (1A) Director
Network Reliability, Lucent Technologies Bell
Labs Chair NRIC V Best Practices Subcommittee
Vice Chair ATIS Network Reliability Steering
Committee (NRSC) Founder Wireless Emergency
Response Team (WERT) Representative National
Coordinating Center (NCC) for Telecommunications C
hair-Elect IEEE Technical Committee on
Communications Quality Reliability (CQR)
2Outline
- Mission
- Team Members
- Process
- Progress
- Actions for Council Members
3Focus Group Mission
The Focus Group will assess physical
vulnerabilities in the public telecommunications
networks and the Internet and determine how best
to address those vulnerabilities to prevent
disruptions that would otherwise result from
terrorist activities, natural disasters, or
similar types of occurrences. The Focus Group
will conduct a survey of current practices by
wireless, wireline, satellite, and cable
telecommunications and Internet services
providers, network operators and equipment
suppliers that address Homeland Defense. By
December 31, 2002 the Focus Group will issue a
report identifying areas for attention and
describing best practices, with checklists, that
should be followed to prevent disruptions of
public telecommunications services and the
Internet from terrorist activities, natural
disasters, or similar types of occurrences. The
Focus Group will report on current disaster
recovery mechanisms, techniques, and best
practices and develop any additional best
practices, mechanisms, and techniques that are
necessary, or desirable, to more effectively
restore telecommunications services and Internet
services disruptions arising from terrorist
activities, natural disasters, or similar types
of occurrences. The Focus Group will issue a
report containing best practices recommendations,
and recommended mechanisms and techniques
(including checklists), for disaster recovery and
service restoration. The Focus Group will issue
this report within twelve (12) months of the
first Council meeting. The Focus Group will
coordinate with the Homeland Security Cyber
Security Focus Group (1B) to assure that
vulnerabilities in the public telecommunications
networks and the Internet are assessed, and to
determine how best to address those
vulnerabilities to prevent disruptions that would
otherwise result from terrorist activities,
natural disasters, or similar types of
occurrences. The Focus Group will also
coordinate with other Focus Groups, as
appropriate.
4Focus Group Mission
The Focus Group will assess physical
vulnerabilities in the public telecommunications
networks and the Internet and determine how best
to address those vulnerabilities to prevent
disruptions that would otherwise result from
terrorist activities, natural disasters, or
similar types of occurrences. The Focus Group
will conduct a survey of current practices by
wireless, wireline, satellite, and cable
telecommunications services providers and
Internet service providers that address the
Homeland Defense concerns articulated above. By
December 31, 2002 the Focus Group will issue a
report identifying areas for attention and
describing best practices, with checklists, that
should be followed to prevent disruptions of
public telecommunications services and the
Internet from terrorist activities, natural
disasters, or similar types of occurrences. The
Focus Group will report on current disaster
recovery mechanisms, techniques, and best
practices and develop any additional best
practices, mechanisms, and techniques that are
necessary, or desirable, to more effectively
restore telecommunications services and Internet
services disruptions arising from terrorist
activities, natural disasters, or similar types
of occurrences. The Focus Group will issue a
report containing best practices recommendations,
and recommended mechanisms and techniques
(including checklists), for disaster recovery and
service restoration. The Focus Group will issue
this report within twelve (12) months of the
first Council meeting. The Focus Group will
coordinate with the Homeland Security Cyber
Security Focus Group (1B) to assure that
vulnerabilities in the public telecommunications
networks and the Internet are assessed, and to
determine how best to address those
vulnerabilities to prevent disruptions that would
otherwise result from terrorist activities,
natural disasters, or similar types of
occurrences. The Focus Group will also
coordinate with other Focus Groups, as
appropriate.
- Physical, in complimenting Cyber, must
provide 100 coverage - Vulnerabilities vs Threats
- 3 aspects of Security
- network reliability (disruptions)
- network security
- corporate/enterprise security
- Complete range of causes
5Focus Group Mission
The Focus Group will assess physical
vulnerabilities in the public telecommunications
networks and the Internet and determine how best
to address those vulnerabilities to prevent
disruptions that would otherwise result from
terrorist activities, natural disasters, or
similar types of occurrences. The Focus Group
will conduct a survey of current practices by
wireless, wireline, satellite, and cable
telecommunications and Internet services
providers, network operators and equipment
suppliers that address Homeland Defense. By
December 31, 2002 the Focus Group will issue a
report identifying areas for attention and
describing best practices, with checklists, that
should be followed to prevent disruptions of
public telecommunications services and the
Internet from terrorist activities, natural
disasters, or similar types of occurrences. The
Focus Group will report on current disaster
recovery mechanisms, techniques, and best
practices and develop any additional best
practices, mechanisms, and techniques that are
necessary, or desirable, to more effectively
restore telecommunications services and Internet
services disruptions arising from terrorist
activities, natural disasters, or similar types
of occurrences. The Focus Group will issue a
report containing best practices recommendations,
and recommended mechanisms and techniques
(including checklists), for disaster recovery and
service restoration. The Focus Group will issue
this report within twelve (12) months of the
first Council meeting. The Focus Group will
coordinate with the Homeland Security Cyber
Security Focus Group (1B) to assure that
vulnerabilities in the public telecommunications
networks and the Internet are assessed, and to
determine how best to address those
vulnerabilities to prevent disruptions that would
otherwise result from terrorist activities,
natural disasters, or similar types of
occurrences. The Focus Group will also
coordinate with other Focus Groups, as
appropriate.
Implementation
Effectiveness
- Survey
- will measure industry implementation
- scheduled for 1H03
- coordinated with other Focus Groups
- protect sensitive information
Cost to Implement
Risk to
Not
Implement
Equipment
-
Circuit
Equipment
-
Packet
Service Provider
-
Circuit
Service Provider
-
Packet
6Focus Group Mission
The Focus Group will assess physical
vulnerabilities in the public telecommunications
networks and the Internet and determine how best
to address those vulnerabilities to prevent
disruptions that would otherwise result from
terrorist activities, natural disasters, or
similar types of occurrences. The Focus Group
will conduct a survey of current practices by
wireless, wireline, satellite, and cable
telecommunications services providers and
Internet service providers that address the
Homeland Defense concerns articulated above. By
December 31, 2002 the Focus Group will issue a
report identifying areas for attention and
describing best practices, with checklists, that
should be followed to prevent disruptions of
public telecommunications services and the
Internet from terrorist activities, natural
disasters, or similar types of occurrences. The
Focus Group will report on current disaster
recovery mechanisms, techniques, and best
practices and develop any additional best
practices, mechanisms, and techniques that are
necessary, or desirable, to more effectively
restore telecommunications services and Internet
services disruptions arising from terrorist
activities, natural disasters, or similar types
of occurrences. The Focus Group will issue a
report containing best practices recommendations,
and recommended mechanisms and techniques
(including checklists), for disaster recovery and
service restoration. The Focus Group will issue
this report within twelve (12) months of the
first Council meeting. The Focus Group will
coordinate with the Homeland Security Cyber
Security Focus Group (1B) to assure that
vulnerabilities in the public telecommunications
networks and the Internet are assessed, and to
determine how best to address those
vulnerabilities to prevent disruptions that would
otherwise result from terrorist activities,
natural disasters, or similar types of
occurrences. The Focus Group will also
coordinate with other Focus Groups, as
appropriate.
- 2 Reports
- Prevention Report due on or before December 31,
2002 - Restoration Report due on or before March 22,
2003
7The Focus Group will assess physical
vulnerabilities in the public telecommunications
networks and the Internet and determine how best
to address those vulnerabilities to prevent
disruptions that would otherwise result from
terrorist activities, natural disasters, or
similar types of occurrences. The Focus Group
will conduct a survey of current practices by
wireless, wireline, satellite, and cable
telecommunications services providers and
Internet service providers that address the
Homeland Defense concerns articulated above. By
December 31, 2002 the Focus Group will issue a
report identifying areas for attention and
describing best practices, with checklists, that
should be followed to prevent disruptions of
public telecommunications services and the
Internet from terrorist activities, natural
disasters, or similar types of occurrences. The
Focus Group will report on current disaster
recovery mechanisms, techniques, and best
practices and develop any additional best
practices, mechanisms, and techniques that are
necessary, or desirable, to more effectively
restore telecommunications services and Internet
services disruptions arising from terrorist
activities, natural disasters, or similar types
of occurrences. The Focus Group will issue a
report containing best practices recommendations,
and recommended mechanisms and techniques
(including checklists), for disaster recovery and
service restoration. The Focus Group will issue
this report within twelve (12) months of the
first Council meeting. The Focus Group will
coordinate with the Homeland Security Cyber
Security Focus Group (1B) to assure that
vulnerabilities in the public telecommunications
networks and the Internet are assessed, and to
determine how best to address those
vulnerabilities to prevent disruptions that would
otherwise result from terrorist activities,
natural disasters, or similar types of
occurrences. The Focus Group will also
coordinate with other Focus Groups, as
appropriate.
Focus Group Mission
- Coordination with other Focus Groups
- Also coordinating with other stakeholders
- National Communications System (NCS)
- National Coordinating Center for
Telecommunications (NCC) - Telecom ISAC (Information Sharing and Analysis
Center) - Office of Homeland Security
- National Security Telecommunications Advisory
Committee - ATIS Network Reliability Steering Committee
- others
8Team Membership
Service Providers Network Operators
Service Providers Network Operators
Government Other Entities
Government Other Entities
Larry Clarey
Larry Clarey
Bill Klein
Bill Klein
Steve Michalecki
Steve Michalecki
Jennifer Warren
Jennifer Warren
Whitey Thayer
Whitey Thayer
Bob Holliday
Bob Holliday
David Porte
David Porte
Loye Manning
Loye Manning
George Caldwell
George Caldwell
IBSS
Tom Truesdale
Tom Truesdale
P.J.
Aduskevicz
P.J.
Aduskevicz
New York
Al Woods
Al Woods
Clearinghouse
John Morovich
John Morovich
Rick
Canaday
Rick
Canaday
Perry Fergus
Perry Fergus
Frank Maguire
Frank Maguire
Larry Stark
Larry Stark
Keith Hopkins
Ralph
Whitlark
Keith Hopkins
Ralph
Whitlark
Bob Postovit
Shawn Cochran
Bob Postovit
Shawn Cochran
Hank Kluepfel
Hank Kluepfel
Percy Kimbrough
Michael Clements
Percy Kimbrough
Michael Clements
Schwarz
Molly Schwarz
Molly Schwarz
Consulting
Richard
Trask
Richard
Trask
John Cholewa
John Cholewa
Chao
-
Ming Liu
Chao
-
Ming Liu
Jayne McCullough
Jayne McCullough
Bobbie Reagor
Bobbie Reagor
Wayne Chiles
Wayne Chiles
Fraincois Sandroff
Fraincois Sandroff
Craig
McQuate
Craig
McQuate
Liz Geddes
Liz Geddes
David
Kanupke
David
Kanupke
Ron Bath
Ron Bath
Tim Dowse
Tim Dowse
Michael McAdoo
Michael McAdoo
Craig Swenson
Daniel Jenkins
Craig Swenson
Daniel Jenkins
9Communications Infrastructure
PUBLIC HEALTH
LAW ENFORCEMENT
FINANCIAL
COMMUNICATIONS INFRASTRUCTURE
ENERGY
TRANSPORTATION
Other Infrastructures
10Vulnerabilities Threats - Best Practices
Framework
electromagnetic weapons thermal nuclear
war hijacking of a network
Threats
- Best Practices that
- address Vulnerabilities
- address Threats
- by preventing the exercise of vulnerabilities,
and/or mitigating the impact should a
vulnerability be exercised
Environment accessible identifiable physical
damage Hardware vibration / shock temperature
extremes electromagnetic radiation Policy foreign
national ownership
X-123
X-789
Vulnerabilities
X-222
X-111
X-999
X-555
11Progress
- Process Architecture
- aligned with mission
- protects sensitive information
- Vulnerabilities Framework
- systematic assessment
- integrates information
- enables quick access and focus
- Establish Vulnerability Task Teams
- engage additional expert
- more rigor
- Best Practices
200 Best Practices proposals 100 Best
Practices with initial consensus
12Take Aways for Council Members
- Ongoing Support your experts contributing to
the Focus Group - November Assist these representatives in
obtaining a thorough company review of the draft
Report and Best Practices - December Prepare for forthcoming Best Practices
- consideration needed for evaluating options for
implementation - some companies are already implementing some
draft Best Practices from learnings
13Background Material Acknowledgements Big
Picture of Process Flow Timeline Guiding
Principles
14Acknowledgements
- Team Members
- professional excellence and personal commitment
to mission - Pam Stegora-Axberg, Steering Committee Chair
- recruiting industry experts and ongoing support
- Jeff Goldthorp, NRIC VI Designated Federal
Officer - care and diligence in providing clarifications
- ATIS
- hosting numerous meetings
15Big Picture of Process Flow
NRIC FGs
OVERSIGHT
Stakeholders
Council Charter
Coordination
Steering Committee
C o u n c i l
Assemble Vulnerabilities
Vulnerabilities
FCC
Focus Group 1A
Recommendations
Assemble Threats
Threats
OUTPUTS
INPUTS
P R Reports
assess determine conduct
issue report develop
Existing BPs
Assemble BPs
Industry
Areas for Attention Checklists Best
Practices Mechanisms Techniques
SMEs
Survey
Council
Broader Industry
SUPPORT
16Timeline
1Q02 2Q02 3Q02 4Q02 1Q03 2Q03 3Q03 4Q03
FG Meetings
lt - - - - - - - - - - - - - - - - - - - - - - -
Recommendations - - - - - - - - - - - - - - - - -
- - - - gt
Task Groups Meetings
Focus Group 1A
- Other items
- Promoting BP Awareness
- Encouraging BP Implementation
Prevention Report
Restoration Report
FG Recruiting
lt - - - - - - - - - - - - - - - - - - -
Coordination with other FGs - - - - - - - - - - -
- - - - - - - gt
lt - - - - - - - - - - - - - - - - - -
Coordination with External Fora- - - - - - - - -
- - - - - - - - gt
Steering Committee
1st SC Mtg
FG Recruiting
X
Council
Charter Announced
1st Mtg
2Q02 Mtg
3Q02 Mtg
4Q02 Mtg
2Q03 Mtg
1Q03 Mtg
3Q03 Mtg
4Q03 Mtg
17Guiding Principles
- Work Is Critical and Urgent
- . . . Successful completion of our mission is
vital to national security - 2. High Quality, On-Time Deliverables that Are
Trustworthy and Thorough - . . . Fulfill applicable Charter requirements
and meet the needs of the Nation - 3. Clear Objectives
- . . . For team, and individual participants and
organizations - 4. Leadership Will Pursue Consensus of Team
- . . . Also needs to set pace guide fulfillment
of charter - 5. Follow a Scientific Approach, Not Merely
Collect Subjective Opinions - . . . Be objective and practice a disciplined
methodology - 6. Capture Every Good Idea
- . . . Welcome new and different perspectives for
consideration - Respect for Individuals
- . . . Open and honest interactions