From The Sip Trunking Experts

TMCNet:  Addressing Threats to Your Infrastructure [Rural Telecommunications]

[December 17, 2012]

Addressing Threats to Your Infrastructure [Rural Telecommunications]

(Rural Telecommunications Via Acquire Media NewsEdge) An estimated 80% to 90% of the United States telecom infrastructure is privately owned a d deemed one of our nations ritical infrastructures. That's b en the case for some time: Pr sident Clinton's EHecutive Order 13 10 stated that telecom was one~of several services "so vital that their incapacity or destruction would have debilistaing impact on the defense or economic security of the United States." Yet it seems it has taken until the last few years for critical infrastructure security to become a pressing concern to legislators.

Given that the telecommunications industry provides direct communication service to consumers, industry and government, leaving its security solely to the discretion of the private sector creates tremendous unrest for politicians and government agencies entrusted with protecting national safety.

The threat to these vital systems is generally viewed as twofold: physical threats to tangible property, and threats to the information or communication components that control them (cyber security). Much like the infrastructure it is to protect, the scope of cybersecurity is constantly evolving. Different government entities are tasked with evaluating cyber vulnerabilities. For telecommunications, that entity is the Department of Homeland Security (DHS).

Physical Thneabe For private-sector téleos, hardening business operations against physical threats, including natural disasters, is commonplace. Building contingency and disaster recovery plans to address reasonable risks underscores the commitment to providing this type of protection. For the most part, security is done without government mandates, largely because it's in the business' best interest financially.

Siren Telephone Co. (Siren, Wis.) Outside Plant Manager Kent Basset confirmed that much of the physical network fortification is self-enforced, underscored by the company's customercentric commitment to restoring service when it's compromised.

While self-initiated efforts address physical network safety, the government has stipulated protection measures for consumers. Today these measures have the added advantage of helping to secure critical infrastructure.

Todd Irish, manager at LaHarpe Telephone (LaHarpe, 111.), pointed to national service mandates that require téleos to report to the FCC any incident that affects a large percentage of customers. From Irish's viewpoint, "They [the mandates] aren't really a burden because they don't happen that often." When incidents are reported, the data is stored in the Network Outage Reporting System. The FCC grants only the DHS direct access to this outage reporting database. It is the DHS that determines if reported threats warrant alerting state and local authorities.

The communications process between service providers and the DHS can include significant delays between the detection of a cyber attack, when the DHS determines the attack's invasiveness, and when providers are notified of corrective measures.

Then there's legislation like the 1994 Communications Assistance for Law Enforcement Act (CALE A). It states that upon presentation of a valid subpoena, common carriers, facilitiesbased broadband Internet access providers and VoIP service providers must have built-in surveillance capabilities to provide federal agencies access to monitor all telephone, broadband Internet and VoIP traffic in real-time.

Unlike some service mandates, CALEA affects the finances of rural téleos. Chuck Deisbeck, chief executive officer for Breda Telephone Corp. (Breda, Iowa), stated that to conform to the initial CALEA, "We have equipment we've had to pay for so they can have remote access to our switching and data networks." With many rural téleos already financially stretched, using the funding precedent established by the likes of CALEA is unlikely to be a viable option if legislators deem new cybersecurity- related equipment is needed.

The Cyber Thneebe Given our nation's reliance on software, today's politicians seem more focused on cyber risks than critical infrastructure hardware.

The White House has described cybersecurity as "one of the most serious economic and national security challenges we face as a nation." Senate Majority Leader Harry Reid is one of many that concur. "Failing to act on cybersecurity legislation not only puts our national security at risk, it also recklessly endangers members of our armed forces and missions around the world," Reid stated.

How susceptible is critical infrastructure to a cyber breach The answers depend on how you look at it. One of the most recent counts was provided in a July 2012 Bipartisan Policy Center report, which stated "that from October 201 1 through February 2012, over 50,000 cyber attacks on private and government networks were reported to DHS, including 86 attacks on critical infrastructure networks." The report also noted that "these represent only a small fraction of cyber attacks carried out in the United States." What is particularly worrisome is the exposure the nation faces because of the role of the Internet.

For example, James Lewis, technology program director at the Center for Strategic and International Studies in Washington, stated in an interview, "If you interview power companies and say, 'Is your control system connected to the Internet ' they'll say, Of course not.' It turns out in almost every case a control system is connected to the Internet, and it's vulnerable to being hacked." That's not a surprise to Joel Brenner, former senior counsel to the National Security Agency and counter intelligence coordinator of 17 federal agencies when he served under the director of national intelligence. In an interview he stated about the Internet, "We have taken what is fundamentally a porous and insecure system designed originally as a research tool and connected to it all of our financial infrastructure, and much of our operational and manufacturing infrastructure." Not to be overlooked are emerging developments that are producing new technologies. A report by the Global Information Society Project stated, "Digitization and related technology are making all content - whether voice, test, audio or video - indistinguishable binary code ... that are transport medium indifferent." The report continued, "More importantly, in the long run new developments in technology - in particular ultrawide band and software-defined radio together with mesh networks - have the potential to make the entire existing infrastructure and regulatory regime obsolete." CALEA proves Global's point. In recent months, law enforcement has spoken before Congress requesting modification to CALEA. It seems in some cases gaining intercept access hasn't been as simple or as quick as presenting a subpoena. Law enforcement also is asking that the scope of CALEA be expanded to keep pace with today's widely used technology - technology that didn't exist when CALEA was originally created.

Advocates for telecommunications providers understand the nature of these technological changes and are encouraging government to avoid imposing rigid, cybersecurity-related regulatory requirements that could require industry to focus on obsolete security requirements.

Financial Realiby\ A study by Bloomberg in association with Ponemon Institute released in January 2012 is one of the first to put a price tag on cybersecurity. The report stated, "Companies including utilities, banks and phone carriers would have to spend almost nine times more on cybersecurity to prevent a digital Pearl Harbor." In a Bloomberg press release, Lawrence Ponemon, chairman of the Ponemon Institute, commented, "The consequences of a successful attack against critical infrastructure makes these cost increases look like chump change." Deisbeck has thought about the financial side of cybersecurity. "National law is one thing, [but] how do you help a company our size spend 20[K] to 30K Since the FCC has made changes to [the Universal Service Fund], there should be dollars in that fund to pay for the expense," he suggested. He sees the Defense budget as a viable source for funding modifications too. Another alternative is to address the issue higher upstream, at a Tier 1 level, where companies have intrusion detection.

Irish agreed that affordability is key. "They [the government] need to provide funding for something we can't afford or recover investment," he stated.

Summary Attacks are a reality across the nation, not just in metropolitan areas. How realistic is it to believe a cyber attack will be initiated from rural America or on rural America Many rural téleos probably share the view of general manager for Brooke Telecom Co-op Inwood, Ontario), Jim Janssens. The company serves around 1,500 customers. "We feel it [cybersecurity] is not the first and foremost problem; it's how we'd recover in a timely manner for our customers," Janssens said.

Others relate to Deisbeck's view, "We already do a good job of protecting our network, but what they have in mind might be different. We're both protecting something, but on a different level." Addressing Threats to Your Infrasctructure Broadband Internet access providers and VoIP service providers nlisD have build-in surveillance capabilities bo pnovidf federal agencies access.

National law is one thing (but) hooj do you a company our size spend(20K) to 30k - Chuck Deisbekc, ,CEO Breda Telephone Corp.

Anna Henry is a freelance writer. She can be reached at Headlineink @comcast. net.

(c) 2012 National Telephone Cooperative

[ Back To SIP Trunking Home's Homepage ]

Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner

Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.