Cybertelecom Federal Internet Law & Policy An Educational Project

Network Reliability

Goverment ActionPapers

• AmaTechTel: Network Security
• FedCirc PADC: Patch Authentication and Dissemination Capability Jan 2003
• FedCirc 05.22.02 Patches: Patch Authentication Dissemination Capability "Patches"

Communications Security, Reliability, and Interoperability Council

• Federal Advisory Committee Act; Communications Security, Reliability and Interoperability Council, Fed Reg 4/5/2007

FCC's Network Reliability and Interoperability Council

Partner with the FCC, the communications industry and public safety to facilitate enhancement of emergency communications networks, security, and best practices across the burgeoning telecommunications industry.

Best Practices

• NRIC Best Practices

CyberSecurity Best Practices

Subcommittee 1.B: Cyber Security

Homeland Defense - Recommendations Published 14-Mar-03
Preventative Best Practices - Recommendations Published 14-Mar-03
Recovery Best Practices - Recommendations Published 14-Mar-03
Best Practice Appendices - Recommendations Published 14-Mar-03
Cybersecurity Published 14-Mar-03
Cybersecurity Published 06-Dec-02
Cybersecurity Published 13-Sep-02

• Internet Security Alliance
  • Best Practices for
    • Executives
    • small and medium businesses
      • The ISAlliance "Common Sense Guide to Cyber Security for Small Businesses"[.pdf 1,663 KB]
    • home computing
    Waking the Castle -- Cyber Security Best Practices (December, 2004)
• North American Electric Reliability Council
  • Reliability Standards :: Critical Infrastruction Protection (Best Practices)
• NANOG Security Curriculum

Tools

• Telecommunications Priority Service
• NCS
  • Government Emergency Telecommunications Service
  • Wireless Priority Service

Issues

• Emergency Communications Plan
  • Notice of Event
    • EAS
    • 911
    • Media - News
    • DHS - US CERT
    • NCS NSTAC
  • Communications After Event
    • Communications contacts at other networks (NANOG)
    • After hour contacts
  • Communications Restoration
    • Provider cooperation agreements
• Backup Business Operations
  • Accounts, Billing, Customer Service, personnel, salaries
• Emergency Communications
  • Priority Communications
  • Redundant lines - multihomed
• Backup Power
  • Redundant supplies
  • Generators
    • Air Filters
  • Fuel Supply during emergency
    • Diesel has limited storage life
  • Batteries
  • System Tests
• Redundancy
  • Alternative hosts
• Security
  • Physical Security for Communications Infrastructure
  • Encryption
• Environmentals
  • Air conditioning or water cooling (water supply)
  • human needs
• Location of infrastructure relative to flood water

Links

USGov

• FCC NRIC
• DHS :: NCSD :: US CERT :: NCS
  • "The NCS monitors the vulnerabilities of the telecommunications industry; and coordinates national security and emergency preparedness (NS/EP) communications for the federal government during non-terrorism related emergencies, terrorist attacks, and recovery and reconstitution operations.”

Government Critical Infrastructure Protection, Security, and Reliability entities

• Australian Computer Emergency Response Team
• Asia Pacific Security Incident Response Coordination (APSIRC)
• Canadian Computer Emergency Response Team (CanCERT)
• CDT's Counter Terrorism Webpage
• CERIAS / Purdue University
• CERT-UU Netherlands
• Computer Crime Research Center
• Computer Operations, Audit, and Security Technology COAST Perdue Uni
• Computer Security Incident Response Team - World Site (CSIRT.WS)
• Computer Security Institute
• Cyber Security Policy and Research Institute
• DFN CERT (German and English)
• DShields.org
• Educause EDUCAUSE/Internet2 Computer and Network Security Task Force
• Forum of Incident Response and Security Teams
• George Mason University Law School Critical Infrastructure Protection Project
  • Infrastructure Mapping Project
• Government of Canada Office of Critical Infrastructure Protection and Emergency Preparedness
• Hacker Emergency Response Team (HERT)
• IOPS
• Internet Security Alliance
• Internet Security Systems
• Internet Traffic Report
• Internet Weather Report (MIDS)
• Matrix ISP Rating
• Internet Health Report (Keynote)
• IT ISAC
• ITAA info on IT ISAC | Press Release | Bd of Directors | Statement | FAQ | (hosted by ITAA)
• The IPv6 Information Page
• Japan Computer Emergency Response Team (JPCERT/CC)
• Johns Hopkins University Information Security Institute
• LLNL Sources for Awareness Information Lawrence Livermore National Laboratory
• National White Collar Crime Center
• SANS Emergency Incident Handler
• SingCERT
• Standards Committee T1 Telecommunications
• Stay Safe Online
• Symantec Security Response
• T1A1 Technical Subcommittee, Performance, Reliability, and Signal Processing.
• University of Oregon Route Views Project David Meyer
• VirusList.com
• Virtual Librarian: Computer and Internet Security Resources
• XIWT Cross Industry Working Team:  "a multi industry coalition defining the architecture and key technical requirements for a powerful sustainable information infrastructure."

Papers

• Andrew Snow, The Failure of Regulatory Threshold and a Carrier Standard in Recognizing Significant Communications Loss, TPRC 2003 PDF
• Inferring Internet Denial-of-Service Activity, CAIDA 2/13/03
• Internet Quarantine: Requirements for Containing Self-Propagating Code, CAIDA 2/14/03
• The Internet Under Crisis Conditions: Learning from September 11, CSTB 11/20/02
• Cert: Home Network Security
• Cherry, Improving Network Reliability - Liability Rules Must Recognize Investor Risk/Reward Strategies, TPRC 9/18/02
• Salus, Disruptions and Emergencies on the Internet, TPRC 9/18/02
• John Quarterman, Monoculture Considered Dangerous, FirstMonday (February 2002)
• CIO Cyberthreat Response & Reporting Guidelines, CIO 2/13/02
• Snow, A., Carver, C. Carrier-Industry, FCC and User Perspectives of a Long Duration Outage: Challenges In Characterizing Impact, Standards Committee T1 Telecommunications . Contribution Number T1A1.2/99-026. (1999).
• Snow, A., A Survivability Metric for Telecommunications: Insights and Shortcomings, Proceedings of the Information Survivability Workshop - ISW'98 , 135-138. (1998).
• T1A1.2 Working Group on Network Survivability Performance A Technical Report on Network Survivability. Standards Committee T1 Telecommunications , Report No. 24A. (1997).
• CERT Security and the Internet 1997
• T1A1.2 Working Group on Network Survivability Performance. A Technical Report on Enhanced Analysis of FCC-Reportable Service Outage Data, Standards Committee T1 Telecommunications. Report No. 42. (1995).
• National Security Agency Security Recommendation Guides

Audio / Visual

• Howard Berkowitz, Avoiding Single Point of Failure in Triple Play, NANOG real video

Statistics

• Reliability of nonresidential Internet access service. Is reliability more important than price. How reliable is your organizations Internet service. Vermont Telecommunications Plan, Sept 2004 p. 4-34

Baltimore Train Tunnel Fire

• Fire's effects ripple onto the Net, CNET 7/19/0
• Train Wreck Derails WorldCom Service, Newsbytes 7/19/01
• Tunnel Burns, Internet Melts, The Industry Standard ( Jul 20, 2001 )
• Keynote, Baltimore Train Fire Memo (July 19, 2001) [Word]
• "On July 18, 2001, a 60-car freight train derailed in a Baltimore tunnel, causing a fire that interrupted Internet and data services between Washington and New York. The tunnel housed fiber-optic cables that served seven of the biggest U.S. Internet service providers. The fire burned and severed fiber-optic cables, causing backbone slowdowns for at least three major Internet service providers. There were sporadic reports from across the Northeast corridor about service disruptions and delays. For example, users in Baltimore did not suffer disrupted service, while users in Washington D.C. did suffer disruptions. In addition, there were selected impacts far outside the disaster zone. For example, the U.S. embassy in Lusaka, Zambia, experienced problems with e-mail. Two of the service providers had service restored within 2 days. Despite the outages caused by the fire, the Internet continued to operate.Efforts to recover Internet service were handled by the affected Internet service providers. City officials also worked with telecommunications and networking companies to reroute cables. Other federal and local government efforts to resolve the disruption consisted of responding to the immediate physical issues of extinguishing the fire, maintaining safety in the surrounding area, and rerouting traffic." - GAO 06-672 Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO Report, p. 24 (June 2006)

News

• Yesterday's Internet Outage? Gunfire Related - Yee haw, let's shoot us up some fiber..., DSLreports 8/23/2007
• Power Outage Hits SF Co-location Center, Web sites, eWeek 7/27/2007
• Explosion Cuts Manhattan Internet Service, eweek 7/22/2007
• Powerful earthquake disrupts Japan communications, CW 7/18/2007
• Finns find Internet's fatal flaw, Inquirer 11/15/2005
• Key Exchange Protocol Flaw Haunts Cisco, Juniper, eweek 11/15/2005
• Cogent network seized by fiber cuts, Network World 11/18/2005
• Level 3 Communications Disruption Slows Internet, Americas Network 10/24/2005
• Comcast Reports Three Outages In A Week, InternetWeek 4/15/2005
• Comcast Internet service faces glitches, Globe and Mail 4/15/2005
• Net outage strikes Comcast, CNET 4/8/2005
• Hurricane Ivan Disconnects Cayman Islands for Two Days, InternetPerils 9/24/2004
• Akamai: Impact of Internet Attack Minimal, eWeek 6/17/2004
• Attack Knocks Major Web Sites, Wash Post 6/17/2004
• Network Reliability and Interoperability Council VII Meeting Cancelled., FCC 6/17/2004
• Outage seen at Hotmail, CNET 5/7/2004
• Level 3 problem leads to Net slowdown, CNET 2/24/2004
• Blackout Results in Widespread Network Outages, Renesys 8/20/03
• Verizon Works To Restore Phone, Internet Service, NBC4 8/20/03
• AOL-MSN outage leaves questions, CNET 9/5/03
• Firms Raced to Fix Internet Hardware Flaw, Wash Post 7/23/03
• Risk of net attack rises, BBC 7/21/03
• CA-2003-17 Exploit Available for the Cisco IOS Interface Blocked Vulnerabilities, CERT 7/21/03
• Twin flaws' double trouble, CNET 7/18/03
• Updated CERT/CC Statistics, CERT 7/18/03
• Clarke: U.S. Cybersecurity Efforts Lacking, CRN 7/16/03
• Dissertation Could Be Security Threat, Wash Post 7/8/03
• U.S. cracks down on e-tailers it sees as lax on security, IHT 7/2/03
• Government Warns of Mass Hacker Attacks, Mercury 7/2/03
• Bill Requires Hacked-Account Alert, ABC 6/27/03
• OPM speeds hiring for cybersecurity, FCW 6/24/03
• Terrorist Site Sinks Poindexter, Internet News 8/4/03
• Bracing For An Internet Disaster, ZDNet 7/19/02
• Cut cable slows Internet traffic, CNET 4/3/02
• Disaster recovery planning, NWFusion 10/26/01
• Disaster recovery research page, NWFusion 10/26/01
• Alert System Sought For Net, Wash Post 10/25/01
• Microsoft blames security community for breaches, USAToday 10/18/01
• Group would bolster communications after disasters, USAtoday 10/1/01
• FBI Lists 20 Net Security Holes, Register 10/4/01
• When Trusted Web Sites Go Bad: Another Web Weapon, Newsfactor 10/1/01
• Beware the Binary Beezlebub, Register 10/1/01
• In the event of nuclear attack, your data is safe, Register 10/1/01
• MSN users sing bye-bye buddy, CNET 7/6/01
• 'Time bomb' found in Microsoft's Visual Studio.Net Beta 2, CW 7/6/01
• MSN Messenger Suffers Fourth Day of Outages, Newsfactor 7/6/01
• China-U.S. Cable Cut Again, Infoworld 3/12/01
• Flaw Uncovered in TCP, InternetNews 3/12/01
• GAO says IRS was vulnerable to hackers, NWFusion 3/16/01
• ATM network outage at AT&T, NWFusion 2/21/01
• Beware Those Insidious Vcards, Wired 2/23/01
• McAfee Issues Controversial Bug Advisory, LATimes 2/2/01
• Internet group plans security-information exchange, CNET 2/2/01
• BIND holes mean big trouble on the Net, Register 01/29/01
• Fix For DNS Software Hole Released, Infoworld 01/29/01
• DNS software hole allows Web attacks, NWFusion 01/29/01
• Disaster Of The Day: Internet Security, Forbes 01/31/01
• Full cause of massive Internet redirection still unclear Jan 24 computerworld
• New version of Melissa virus said spreading Jan 22 nandotimes
• Assessing The MS Cyber-Attack ZDNet , 1/26/01
• Forget Hackers; Beware Of Idiots Freep, 1/26/01
• Update: Denial-of-service attack cripples Microsoft for second day NWFusion, 1/26/01
• CNN Web Sites Go Down For Almost An Hour Excite, 1/26/01
• Microsoft Crashes: The Fallout Wired, 1/26/01
• Experts: Net Companies Begging For Attack C|NET, 1/26/01
• Feds Warn Of New Year' Eve Hacker Attacks Dec 29 newsbytes
• Beware the Computer Zombies Dec 29 wired
• Report: U.S. fears Web 'zombies' Dec 29 usatoday
• Christmas computer virus resurfaces Dec 20 usatoday
• Feds Warn of Holiday Hacking Dec 18 usatoday
• FBI Hacker Sleuths Hint At Disaster Dec 18 theregister
• U.S. Could Face 'Pearl Harbor' In Cyberspace Dec 12 excite
• Schwab Admits Has 'Small' Web Security Hole Dec 12 excite
• Boost To Government Computer Security Urged Dec 12 techserver
• Bug Hunter Finds Security Flaws in Schwab Site Dec 6 internetnews
• Unhappy New Year Due To Hacker Attacks, Warns FBI Dec 4 newsbytes
• Shockwave virus upgraded to high risk Dec 4 nwfusion
• NIPC: Assessment 00-059 "W32 Navidad@M Worm" Nov 29, 2000 nipc
• Verizon Network Plagued With Outages Nov 24, 2000 internetnews
• Broken Undersea Cable Cripples Net Nov 24, 2000 NewsFactor
• Denial of Service Attacks Planned For Christmas - ISS Nov 17, 2000 newsbytes
• Love virus variant plagues email systems Oct 20, 2000 cnet
• NSI calls server failure a "major incident" Aug 25, 2000 cnet
• 'Net disaster plan proposed NWFustion Aug 9

Internet Open To Organized Attack July 27, 2000 lasvegassun
• Bells blame hardware for Web outages July 21, 2000 zdnet
• WorldCom outage ripples across Net July 14, 2000 cnet
• EarthLink problems disrupt service MSNBC 2/24
• C&W readies service guarantees for internet access InfoWorld 01/06/00
• AT&T WorldNet Service Suffers 8-Hour Outage Techweb 12/2
• WorldNet Battles Nationwide Outage InternetNews 12/2
• Outage hits Amazon sites The Register 11/22
• Toys "R" Us site suffers outage C|NET 11/8/99
• Latest DSL Outage Highlights Woes Encountered by Subscribers  LA Times 11/2/99
• Technology Spotlight: The Financial Impact of Site Outages Industry Standard 10/21/99

"Though sites will spend $40 billion this year on preventative technology, outages continue. Hurricane Floyd flooded system-recovery expert Comdisco of Rosemont, Ill., with a record 26 emergency requests for assistance recovering downed systems. The firm estimates only one-third of Net companies are prepared for such an emergency. . . "
• Outage strikes AOL home page area C|NET 10/05