Eight Ingredients of Communications Infrastructure: A Systematic and Comprehensive Framework for Enhancing Network Reliability and Security

◆

Eight Ingredients of Communications

Infrastructure: A Systematic and

Comprehensive Framework for Enhancing

Network Reliability and Security

Karl F. Rauscher, Richard E. Krock, and James P. Runyon

re-chartered NRIC to focus on various areas of concern, beginning with network reliability and subsequently on network signaling reliability, Y2K preparedness, packet-switched networks, homeland security, and emergency services. This is shown in Figure 2.

Network reliability, interoperability, and security recommendations in the form of NRIC best practices (BPs) have been developed by communications ex-perts for use within the industry. Prior to NRIC V, best practices were developed from an historic analogy perspective. Analysis of previous network outages by industry experts was used to identify best practices to address these past events (i.e., network outages). Starting with NRIC V, development of BPs has been refined and extended, based on the NRIC charter, by leveraging a systematic and rigorous process that analyzes not only past events, but includes looking at Introduction

The communications infrastructure is now recog-nized as the key infrastructure upon which all other critical infrastructures depend [11]. These other crit-ical infrastructures include: transportation, banking and finance, public health, law enforcement, energy, water, agriculture, government, and others (Figure 1). The reliability and security of the communications infrastructure are vital for the ongoing operation, control, and support for these other infrastructures on which our national security, economy, and our way of life depend.

In the early 1990s, the FCC chartered the Network Reliability and Interoperability Council (NRIC) [5], an industry-based FCC advisory group chartered under the FACA (Federal Advisory Committee Act), to address the reliability and interoperability of the national communications network. Biannually, the FCC has

Bell Labs Technical Journal 11(3), 73–81 (2006) © 2006 Lucent Technologies Inc. Published by Wiley Periodicals, Inc. Published online in Wiley InterScience (www.interscience.wiley.com). • DOI: 10.1002/bltj.20179

possible problems that may not yet have happened based on knowledge of the inherent vulnerabilities [10]. This required developing a systematic way of categorizing the communications infrastructure. The eight ingredient framework shown in Figure 3 has been proved to be thorough and comprehensive in the description of communications infrastructure.

These eight ingredients are the following: 1. Human. Humans operate the network and present

one of the most complex vulnerabilities to ana-lyze. The human ingredient includes intentional and unintentional behaviors, physical and mental limitations, education and training, human-machine interfaces, and personal ethics [2]. 2. Policy. Policies include any agreed or anticipated

behavior between entities, such as companies or governments. They include agreements, standards, policies, and regulations (ASPR) and provide a framework that defines the expected interaction between government and the com-munications industry.

3. Hardware. The electronic and physical compo-nents that compose the network nodes include the hardware frames, electronics circuit packs and cards, metallic and fiber optic transmission cables, and semiconductor chips.

4. Software. Today’s complex communications net-works gain their power and flexibility from the computer code that controls the equipment. This category covers all aspects of creating, main-taining, and protecting that code, including physical storage, development and testing of code, version control, and control of code delivery. 5. Networks. Networks include the various

topo-logical configurations of nodes, synchronization, redundancy, and physical and logical diversity. 6. Payload. The purpose of a communications net-work is to deliver some form of communications, be it voice, data, or multimedia. The payload category includes the information transported across the infrastructure, traffic patterns and statistics, information interception, and informa-tion corrupinforma-tion.

7. Environment. Communications systems are in the physical universe and, as such, operate in various

environments. These environments range from temperature-controlled buildings to installations exposed to harsh conditions such as outside terminals and cell towers that are exposed to inclement weather, trenches where cables are buried, space where satellites orbit, and the ocean where submarine cables reside.

Panel 1. Abbreviations, Acronyms, and Terms ASPR—Agreements, standards, policy, and

regulations

ATIS—Alliance for Telecommunications Industry Solutions

BP—Best practice

CQR—Communications Quality and Reliability

FACA—Federal Advisory Committee Act FCC—Federal Communications Commission IEEE—Institute of Electrical and Electronics

Engineers

NGN—Next-generation network NRIC—Network Reliability and

Interoperability Council

NRSC—Network Reliability Steering Committee

NSTAC—National Security Telecommunica-tions Advisory Committee

Y2K—Year 2000

PUBLIC HEALTH

COMMUNICATIONS INFRASTRUCTURE

FINANCIAL LAW ENFORCEMENT

ENERGY TRANSPORTATION

Other infrastructures

Figure 1.

Other infrastructures dependency on the communications infrastructure.

8. Power. Without electrical power, electronic sys-tems simply don’t work. The power required for communications networks includes the internal power infrastructure, batteries, grounding, ca-bling, fuses, back-up emergency generators and fuel, and commercial power.

This eight ingredient framework has been proven to be very useful by key industry-government-academic fora. First used by the IEEE Technical Committee on Communications Quality and Reliability (CQR) to anticipate the challenges of emerging technologies, it has been used by the FCC Network Reliability and In-teroperability Council (NRIC) toward the development

of vulnerability-based best practices, by the ATIS Network Reliability Steering Committee (NRSC) to identify possible influencing factors driving observed improvements, and by the President’s National Security Telecommunications Advisory Committee (NSTAC) [4] to prepare for next-generation networks. The frame-work has enabled subject matter experts to conduct complete analyses, assessments, and reviews, despite an enormous and very complex scope. The very chal-lenging and critical missions of these and other groups were greatly assisted by the comprehensive attributes of the framework. Further, the framework of eight ingredients has been shown to extend beyond current legacy networks, to be equally effective in under-standing future networks (i.e., next-generation net-works) and other infrastructures (e.g., energy). Vulnerability Analysis Using the Eight Ingredients

Vulnerability analysis is a distinct approach to pro-tect a system from unknown threats. This is in con-trast to the most commonly used “threat-based” approaches, which are based on reacting to previously seen or anticipated new attacks. A vulnerability is a characteristic of the communications infrastructure that renders it, or some portion of it, susceptible to damage or compromise. A threat is an exploitation of one or more vulnerabilities that results in damage to

Policy Power Hardware Networks Human Payload Software Environment Figure 3.

Eight ingredients of communications infrastructure.

2005 1992

NRC II NRIC III NRIC IV NRIC V NRIC VI

Homeland security Packet switching Y2K Interoperability (Telecom Act of ’96) NRIC VII Emergency services Systematic vulnerability assessment Historic analogy NRC I Reliability

NRC—National Reliability Council

NRIC—Network Reliability and Interoperability Council Y2K—Year 2000

Figure 2.

or compromise of the communication network or some portion of it [6–10].

Vulnerability

While the communications industry may be sur-prised by the particular method of a future attack (either by terrorists or nature), it should not be surprised by a threat exploiting vulnerabilities to damage communi-cations services. The people who design, build, and maintain these communication systems and networks know the nuances of their systems and the points at which they are vulnerable. By systematically addressing these vulnerabilities, the communications industry can directly prepare for any number of unknown threats attempting to exploit those vulnerabilities.

Figure 4 illustrates a vulnerability within one of the ingredients. The rectangular box represents one of the ingredients essential to the operation of the com-munications infrastructure. The finite number of vul-nerabilities in each ingredient is illustrated with the circular hole(s) in the box.

The vulnerability-based approach has fundamental distinctions from the traditional threat-based protec-tion methods, and is vital for optimally protecting the reliability and security of the network. For example, prior to the September 11, 2001, event, the airline in-dustry knew of the “cockpit door” access vulnerability, but had not previously seen that vulnerability being exploited as it was that day when the airplane was used as a missile. Similarly, the communications industry must identify and effectively address its vulnerabilities to protect itself from some yet un-envisioned forms of attack or exploitation that would

compromise the reliability and security of the network. For example, cyber security vulnerabilities could be used in an attack on the communications infrastruc-ture and compromise the reliability of the system.

The primary objectives in assessing vulnerabili-ties are:

1. Be complete: do not overlook anything.

2. Master knowledge: understand the nature of each susceptibility fully.

3. Recognize distribution: capture all instances of a vulnerabilities’ presence.

4. Understand dependencies: anticipate the impact and consider coordinated and blended attacks [1]. When completed properly, this analysis will result in the identification of a complete and finite number of vulnerabilities for each of the eight ingredients, and therefore for the system as a whole.

Figure 5 illustrates the eight ingredients of a communications network, each with a finite number of vulnerabilites.

Communications services

Vulnerabilities Figure 4.

Vulnerabilities of the communications networks.

Communications services Environment Hardware Human Network Payload Policy Power Software Figure 5.

Vulnerabilities in the eight ingredients of network reliability and security.

Communications services Threat 1 Vulnerability exploited Threat 2 Vulnerabilities exploited Figure 6.

Threats, vulnerabilities, and damage.

Figure 7.

Multiple threats exploiting one vulnerability.

Threats

As stated earlier, threats are attempts to exploit one or more vulnerabilities that can result in damage to communications services, but threats are not limited to terrorism or other intentional attacks. Natural disasters (e.g., hurricanes) [3, 14] as well as unintentional human errors continue to attack networks in unforeseen ways. Figure 6 provides a schematic illustration of the relationship of vulnerabilities to threats and the resulting damage. It shows how a threat can be constructed by someone wishing to attack the communications network by leveraging one or more vulnerabilities. Damage to communications services takes place when a threat successfully exploits one or more of these vulnerabilities.

Figure 7 illustrates how an infinite number of threats, many not currently known, can attempt to exploit a single vulnerability. Figure 8, which follows, illustrates how threats can exploit one or more vul-nerabilities of each of the eight ingredients resulting in damage to communications services. A blended at-tack occurs when a single threat exploits multiple vulnerabilities.

As an example, Threat 1 is based on exercising a single environmental vulnerability of a system (e.g., unauthorized equipment access). Threat 3 is a blended attack that leverages a combination of network and payload vulnerabilities (e.g., cyber attack). Historically, threat analysis supports decisions involving setting

defense priorities based on the likelihood of a specific threat occurring. Because of the large number of com-binations and permutations of variables, developing an effective security plan based on threats varies in effectiveness—it is very efficient when the likelihood of having a commanding knowledge of the only pos-sible threats is high. On the other hand, it is very in-effective if the knowledge of possible threats is less certain. Depending on the risks and consequences, it may be appropriate. The threat-only based approach has as its fundamental weakness the fact that it is either based on hard to obtain intelligence or on a reactive response to previously seen attacks. It is lim-ited in its effectiveness by leaving its user vulnerable to being surprised by an attacker or by being one step behind the creative attacker.

The next section discusses an alternative approach, which uses pre-emptive vulnerability analysis in addition to basing response modeling on previously seen threats.

Vulnerability Analysis Using the Eight Ingredients As cited earlier, the communications industry utilizes the framework of eight ingredients to pro-vide a structure with which to systematically and rigorously manage the identification of vulnera-bilities within the communications industry. Teams of industry experts brainstorm areas of concern and system failures. The outputs of these sessions are categorized into one of the eight ingredients. These outputs are then analyzed by individuals with expertise within each of the specific ingredients

Communications services Human Power Hardware Network Software Environment Payload Policy Threat-2 Threat-3 Threat-1

.

.

.

to develop a finite but comprehensive list of vulner-abilities [8].

The major benefit of systematically addressing the vulnerabilities of a system is that protection is pro-vided for general classes of problems, independent of knowing what the specific threat may be. While the fundamental vulnerabilities of the communications infrastructure can be enumerated in a controlled manner, the number of threats that can exercise those vulnerabilities are infinite and are constantly chang-ing. As noted well in [13], “One fact dominates all homeland security assessments: terrorists are strategic actors. They choose their targets deliberately based on the weaknesses they observe in our defenses and our preparedness. We must defend ourselves against a wide range of means and methods of attack. Our enemies are working to obtain chemical, biological, radiological, and nuclear weapons for the purpose of wreaking unprecedented damage on America. Terrorism depends on surprise. With it, a terrorist attack has the potential to do massive damage to an unwitting and unprepared target.”

By addressing classes of problems with the identi-fication of best practices, these new threats, regardless of the source, are eliminated. As shown in Figure 9, the implementation of best practices eliminates or dis-ables the vulnerability, thereby rendering ineffective the threats attempting to exercise that vulnerability.

The vulnerability-based approach is not an ex-clusive strategy. This approach is intended to be used in addition to traditional threat-based approaches, and is consistent with the President’s National Strategy for Homeland Security [12, 13]. The primary lesson learned is that threats and their probability of being exercised continue to change and evolve. The industry’s response to these changes should take place in a timely fashion, but such responses are no substitute for proactive, systematic coverage of vulnerabilities within the communications infra-structure as we cannot predict how threats will evolve.

The need to proactively address vulnerabilities rather than just focusing on previously seen attacks is clearly demonstrated in security, a unique area of reliability. While reliability was once only measured in terms of the availability of the network and the ability of information to traverse the network suc-cessfully, the openness of today’s network puts even the reliability of the transmitted information at risk. This has made security of the network an inseparable component of overall reliability.

Security is difficult to measure since network administrators may not even be aware that an attack is under way or has occurred previously. Undetected attacks may steal information or gain access to net-works. Protecting against only previously seen attacks would not help protect against undetected attacks. Analyzing and addressing system vulnerabilities would close holes that undetected attacks may be exploiting.

Conclusion

The systematic identification of the vulnerabili-ties within the communications infrastructure was an historic undertaking and accomplishment. While it is essential to utilize multiple approaches to protect communications infrastructure, the vulnerability analysis approach is fundamentally distinct from the traditional threat-based protection methods. A threat-based approach is based on knowledge of the things or people that threaten the network and what drives them. While engineers do not know what drives a terrorist, they do know the equipment

Network

Software

Threat Communications

services

Figure 9.

that composes the network and what vulnerabilities it may have. Vulnerability analysis utilizes that knowledge to protect against unimagined and un-known attacks. By identifying the finite number of vulnerabilities within a system, we can effectively protect the communications network from threats we have already seen, and from those that we have not yet seen.

The eight ingredients of communications infra-structure have been successfully used over the past several years by various corporations, and national and government advisory groups. These groups were chartered to analyze the performance of the network and provide guidance on improving network relia-bility and performance. Hundreds of best practices have been developed with this method. They now stand as the most authoritative collection of guid-ance for the industry, developed by the industry, in the areas of reliability, interoperability, physical se-curity, cyber sese-curity, and emergency services. These best practices have been recognized both domesti-cally and internationally as a cornerstone in the reliable and secure operation of communications net-works. The development of these best practices has its foundation in the use of the eight ingredients and has affirmed that the eight ingredients provide comprehensive coverage of the nation’s most critical infrastructure.

Acknowledgements

The authors wish to thank all of the dedicated par-ticipants of numerous industry-government fora for dedicated contributions to the advancing the reliability and security of public communications networks. References

[1] Federal Communications Commission, “Report and Order and Further Notice of Proposed Rulemaking, Revision of the Commission’s Rules to Ensure Compatibility With Enhanced 911 Emergency Calling Systems,” FCC 96-264, adopted June 12, 1996, p. 8.

[2] A. Macwan, “Approach for Identification and Analysis of Human Vulnerabilities in Protecting Telecommunications Infrastructure,” Bell Labs Tech. J., 9:2 (2004), 85–89.

[3] B. L. Malone III, “Wireless Search and Rescue: Concepts for Improved Capabilities,” Bell Labs Tech. J., 9:2 (2004), 34–49.

[4] National Security Telecommunications Advisory Committee, “Next Generation Networks Task Force Report,” 2006, <http://www.ncs.gov/ nstac/reports/2006/NSTAC%20Next% 20Generation%20Networks%20Task% 20Force%20Report.pdf>.

[5] Network Reliability and Interoperability Council, <http://www.nric.org>.

[6] Network Reliability and Interoperability Council VI, Homeland Security—Physical Security (Focus Group 1A)—Prevention Report, Issue 1, Dec. 2002, p. 27, <http://www.nric.org/ fg/nricvifg.html>.

[7] Network Reliability and Interoperability Council VI, Homeland Security—Physical Security (Focus Group 1A)—Prevention and Restoration Report, Issue 2, Mar. 2003, pp. 27, 41, <http:// www.nric.org/fg/nricvifg.html>.

[8] Network Reliability and Interoperability Council VI, Homeland Security—Physical Security (Focus Group 1A)—Final Report, Issue 3, Dec. 2003, <http://www.nric.org/fg/nricvifg.html>. [9] Network Reliability and Interoperability Council

VII, Focus Group 3A—Wireless Network Reliability—Final Report, Issue 3, Sept. 2005, <http://www.nric.org/fg/index.html>.

[10] Network Reliability and Interoperability Council VII, Focus Group 3B—Public Data Network Reliability—Final Report, Issue 3, Sept. 2005, <http://www.nric.org/fg/index.html>. [11] K. F. Rauscher, “Protecting Communications

Infrastructure,” Bell Labs Tech. J., 9:2 (2004), 1–4.

[12] United States, Department of Homeland Security, “Strategic Plan,” Feb. 23, 2004, <http://www.dhs.gov/interweb/assetlibrary/ DHS_StratPlan_FINAL_spread.pdf>.

[13] United States, Office of Homeland Security, National Strategy for Homeland Security, July 2002, <http://www.dhs.gov/interweb/ assetlibrary/nat_strat_hls.pdf>.

[14] United States, Office of Homeland Security, National Strategy for Homeland Security, July 2002, pp. vii–viii, <http://www.dhs.gov/ interweb/assetlibrary/nat_strat_hls.pdf>. [15] Wireless Emergency Response Team, Wireless

Emergency Response Team (WERT) Final Report for the September 11, 2001 New York City World Trade Center Terrorist Attack, WERT, Oct. 2001, <http://www.wert-help.org/WERT-Final-Report.pdf>. (Manuscript approved May 2006)

KARL F. RAUSCHER, a Bell Labs Fellow and executive director of the Bell Labs Network Reliability and Security Office in Washington, D.C., has provided leadership for numerous critical government-industry fora, including the IEEE Communications Quality and Reliability (CQR) Council, the Network Reliability Steering Committee (NRSC), the Network Reliability and Interoperability Council (NRIC), and the National Security Telecommunications Advisory Committee (NSTAC). He has been an adviser for network reliability issues on five continents and has served as an expert witness for the U.S. Congress Select Committee on Homeland Security regarding the Power Blackout of 2004. He is also the president of the non-profit Wireless Emergency Response Team (WERT) that conducts search and rescue efforts using advanced wireless technology. He holds a bachelor of science degree in electrical engineering from Penn State University in University Park, Pennsylvania, a master’s degree in electrical engineering from Rutgers University in New Brunswick, New Jersey; and a Master’s degree in biblical studies from the Dallas Theological Seminary in Texas.

RICHARD E. KROCK is a member of technical staff in the Services Technology department at Lucent Worldwide Services in Lisle, Illinois. His responsibilities include the analysis of network outages and the identification and implementation of countermeasures. He has been an active member of the past two Network Reliability and Interpretability Councils and has led various sub-teams related to power. He has provided consulting services on emergency preparedness/disaster recovery both domestically and internationally, and also represents Lucent at the Telecom Information Sharing and Analysis Center, part of the National Coordinating Center for

Telecommunications. Mr. Krock holds a B.S. degree in electrical engineering from Valparaiso University in Indiana and an M.B.A in telecommunications from Illinois Institute of Technology in Chicago. He is also a licensed professional engineer.

JAMES P. RUNYON is a technical manager in the Network Reliability Office at Bell Labs in Naperville, Illinois. He holds a B.S. degree in chemistry from Taylor University in Upland, Indiana, and an M.S. degree in computer science from the University of Wisconsin in Milwaukee. Prior to becoming technical

manager, he was a distinguished member of technical staff in software feature development, systems engineering, and network architecture for

communications systems, and for 10 years he served as an architecture manager for Lucent’s ADSL, cable TV, and fiber-to-the-home broadband platforms. He has been awarded four U.S. patents and has multiple publications in the Bell Labs Technical Journal and other industry forums. In the last few years, Mr. Runyon has been an active participant in a number of FCC-chartered federal advisory committees. As a member of the Network Reliability Steering Committee (NRSC), he has provided leadership in five significant studies on network outages. Mr. Runyon is a member of IEEE, a member and administrator for several Network Reliability and Interoperability Council (NRIC) focus groups, and serves as manager for the NRIC Best Practice Web site. ◆