Outage Reporting in the US

Similar documents
How To Protect The Internet From Natural Disasters

Business Continuity & Disaster Recovery

Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel

National Communications System. December 6, 2007

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

ESF 02 - Communications Annex, 2015

LOCAL RADIO STATION MODEL VULNERABILITY ASSESSMENT CHECKLIST. Developed by the Toolkit Working Group for the Media Security and Reliability Council

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Ofcom guidance on security requirements in sections 105A to D of the Communications Act 2003

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

Office of Emergency Communications Next Generation Network Priority Services

Delving Into FCC's 'Damn Important' Cybersecurity Report

Continuity of operations for critical infrastructure. Disclosure of critical information to the government.

Ongoing Help Desk Management Plan

CISM Certified Information Security Manager

Overview of Homeland Security Funding 1999 to Present National Incident Management System Mandates and Training Requirements

Information Security: A Perspective for Higher Education

Information Security Policy

Empowering the Enterprise Through Unified Communications & Managed Services Solutions

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Bridging the HIPAA/HITECH Compliance Gap

The PNC Financial Services Group, Inc. Business Continuity Program

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

MASSIVE NETWORKS Online Backup Compliance Guidelines Sarbanes-Oxley (SOX) SOX Requirements... 2

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

CRR Supplemental Resource Guide. Volume 5. Incident Management. Version 1.1

PBSi Business Continuity Planning

BEFORE THE FEDERAL COMMUNICATIONS COMMISSION Washington, D.C COMMENTS OF VONAGE HOLDINGS CORPORATION

Information Technology: This Year s Hot Issue - Cloud Computing

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Federal Communications Commission

Security Policy for External Customers

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

PCI DSS COMPLIANCE DATA

BUSINESS CONTINUITY PLAN

PCI Compliance for Cloud Applications

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

SCHEDULE D. SERVICE LEVEL AGREEMENT MERCHANT CARD PROCESSING SERVICES STATE OF NORTH CAROLINA AND SUNTRUST MERCHANT SERVICES Contract Number

State of West Virginia Office of Technology Policy: Information Security Audit Program Issued by the CTO

OEMC Four Core Missions

University of Sunderland Business Assurance Information Security Policy

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP

Information Security Program CHARTER

MSRC Best Practices. Communications Infrastructure Security, Access & Restoration Working Group

Cyberprivacy and Cybersecurity for Health Data

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Business Continuity Policy. Version 1.0

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

PERSONALLY IDENTIFIABLE INFORMATION (Pin BREACH NOTIFICATION CONTROLS

White Paper. Is VoIP Without E9-1-1 Worth the Risk? Challenges, Approaches, and Recommendations for VoIP Service Providers

Mitigating and managing cyber risk: ten issues to consider

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Infrastructure Protection Gateway

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY,

Continuity of Business

Updating Ofcom s guidance on network security

ipatch System Manager - HIPAA Compliance

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

SECURITY. Risk & Compliance Services

v. 03/03/2015 Page ii

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

schedule 2f additional terms for internet services

EBA final draft Regulatory Technical Standards

Information Technology Solutions

What are you trying to secure against Cyber Attack?

Moving to the Cloud? DIY VS. MANAGED HOSTING

Transcription:

Outage Reporting in the US Richard Krock September, 2010

Outage Reporting in the US Formal Processes Other Processes Best Practices Proposed Requirements ARECI guidance on information sharing 2 R. Krock September 2010

FCC Outage Reporting Criteria Outages requiring reporting Reporting requirements Timeliness Follow-up information Outage Reporting tool NORS DIRS 3 R. Krock September 2010

Outages requiring reporting Outages of 30 minutes or more that affect: Wireline, Wireless, Cable telephony Wireless Mobile Switching Center (MSC) IEC 90,000 Real time or 30,000 Historical Blocked Calls Transport SS7 Airport E911 Other Special Facilities (Military, nuclear, etc.) Satellite 4 R. Krock September 2010

Impact Thresholds Previously, reporting was required when 30,000 users were out of service for 30 minutes or more Now the threshold is 900,000 User minutes = 30,000 users for 30 minutes = 15,000 users for 60 minutes = 1000 users for 900 minutes Etc. = 1 user for 625 days DS3 user minutes 1350 DS3s minutes (Outage duration) x # of DS3 circuits that were affected DS3-Simplex Greater than 5 Days 5 R. Krock September 2010

FCC Reporting Requirements Electronic notification is required within 120 minutes of discovery An Initial Report, containing all pertinent information available related to the outage, is required within 72 hours Notifications (and perhaps initial reports) may be withdrawn if it is determined that the outage did not meet the reporting criteria A Final Report, containing all pertinent information related to the outage, including anything new or changed since initial report reported, is required within 30 days Web based NORS (Network Outage Reporting System) is the mandated method of reporting. Fines can be levied for non-compliance DHS receives copies of all filed events 6 R. Krock September 2010

Final Report Information The Final Report must include (among other things): Root cause Contributing factors Steps taken to prevent reoccurrence Best Practices that might have prevented the outage or reduced its effect Best Practices used to diminish the effect of the Outage Analysis of Best Practices Outage information is not made publically available The Network Reliability Steering Committee (NRSC) provides companies with the opportunity to voluntarily share FCC reported outage data with a trusted 3 rd party for analysis to identify opportunities for reliability improvements. 7 R. Krock September 2010

Industry Led Outage Reporting Initiative (ILORI) Proposed by industry in 2004 Voluntary outage reporting Industry developed web site for outage reporting Report types: Initial Final Monthly positive reporting confirming all outages had been reported FCC official site appears to be modeled after ILORI 8 R. Krock September 2010

9 R. Krock September 2010 This information is voluntarily submitted to the Federal Government in expectation of protection from disclosure as provided by the provisions of the Critical Infrastructure Information Act of 2002

10 R. Krock September 2010 This information is voluntarily submitted to the Federal Government in expectation of protection from disclosure as provided by the provisions of the Critical Infrastructure Information Act of 2002

Disaster Reporting Disaster Information Reporting System (DIRS) Activated for specific areas Suspends need to comply with normal reporting in the affected area Provider required to submit new or updated DIRS reports at least every 24 hours for the affected area Measures progress of restoration efforts Voluntary industry/fcc process Template based online system DIRS-Lite is email based less formal Data is shared with government agencies 11 R. Krock September 2010

Sharing outage information through the National Coordinating Center (NCC) Information sharing during times of crisis Not a legal requirement Sharing of outage information with NCC and other NCC members, which includes competitors Occurs in a trusted environment Facilitates Mutual Aid between operators Allows NCC to help providers navigate government agencies Που δεν ακούει τσου φίλους του, ευκαριστάει τσ' οχτρούς του." Μοναχός σου χόρευε, κι' όσο θέλεις πήδα. 12 R. Krock September 2010

Existing Best Practices US 7-7-0407 Network Operators and Service Providers should establish processes for NOC-to-NOC (Network Operations Center) peer communications for critical network activities (e.g., scheduled maintenance, upgrades and outages). 7-7-0583 Network Operators, Service Providers and Equipment Suppliers should adopt an industry uniform method of reporting and tracking significant service outages (e.g., TL-9000 standard outage template). 7-7-5129 Network Operators and Service Providers who are required by the government to file outage reports for major network outages should ensure that such reports do not unnecessarily contain information that discloses specific network vulnerabilities, in order to prevent such information from being unnecessarily available in public access. http://www.bell-labs.com/usa/nricbestpractices/ 13 R. Krock September 2010

Existing Best Practices Europe EU06-0407 Network Operators and Service Providers should establish processes for NOC-to-NOC (Network Operations Centre) peer communications for critical network activities (e.g., scheduled maintenance, upgrades and outages). http://www.bell-labs.com/europe/bestpractices/ 14 R. Krock September 2010

Best Practices Network Reliability Steering Committee (NRSC) Proposals Service providers and network operators should consider providing approved operations personnel with near real time visibility to all current service or network impacting events. [network, human, disaster recovery] Network operators, service providers and equipment suppliers should gather data as available during and following outage restoration to allow for robust post-mortem analysis in order to support effective corrective or preventative actions. [ disaster recovery, network operations] Network operators, service providers, and equipment suppliers should develop job aids and training on how to access systems required for outage reporting and how to use the appropriate systems to report outages. [network operations, training] Network operators and service providers should document the manual calculations required to meet regulatory outage reporting requirements and make them available to personnel responsible for outage reporting. [network operations, training] 15 R. Krock September 2010

Proposed new outage reporting requirements National Broadband Plan Recommendation 16.6: The FCC should expand its outage reporting requirements to broadband service providers. Recommendation 16.7: The FCC should create a voluntary cybersecurity certification program. Recommendation 16.8: The FCC and the Department of Homeland Security (DHS) should create a cybersecurity information reporting system (CIRS) 16 R. Krock September 2010

ARECI guidance on Information Sharing Recommendation 4 Member States and the Private Sector should establish formal means for sharing information that can improve the protection and rapid restoration of infrastructure critical to the reliability of communications within and throughout Europe. Required Commitments To sustain the viability of this Recommendation, Member States and the Private Sector must be committed to defined courses. Specifically, (a) Private Sector enterprises that own critical communications infrastructure must jointly establish a trusted environment for sharing information to improve the protection and rapid restoration of that infrastructure. (b) Private Sector service providers, network operators and equipment suppliers must be willing to share threat and outage information within a trusted environment within the industry for the common good. (c) Government authorities must be willing to share threat and other sensitive information with providers of critical communications infrastructure, and safeguard information related to critical infrastructure provided by industry. 17 R. Krock September 2010

www.alcatel-lucent.com www.alcatel-lucent.com 18 R. Krock September 2010

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information