Critical Infrastructure Research paper

Ch5.pdf

Home >Government homework help >Critical Infrastructure Research paper

5 CommuniCations

The communication sector embraces all forms of electronic communications—communication satellite networks, land- line telephone communications, radio, television, geographical positioning system (GPS) navigation, LORAN,1 and wireless cellular and noncellular communication networks involving voice, data, and Internet. However, this chapter does not dis- cuss broadcast communications such as radio, television, GPS, and LORAN. Rather, it focuses on the primary means of two-way personal communications via telephones and the Internet.

This chapter describes how the communication sector is structured, how it works, its resiliency, and potential threat– asset pairs:

• Three interconnected networks: The three major tele- communication network infrastructure components are landlines, wireless, and extraterrestrial networks (com- munication satellites). These three provide a level of resilience through redundancy, but each one is vulner- able to physical, cyber, and high-powered microwave (HPM) attacks.

• Multiple regulations: Communication networks are primarily owned and operated by the private sector. These owners exert influence on the sector through the President’s National Security Telecom Advisory Committee (NSTAC), which is a direct link to the executive branch of the U.S. government. On the other hand, there is no clear-cut unity of government’s role

and responsibilities in the communication sector: it is regulated by at least three agencies—the Federal Communications Commission’s (FCC) National Reliability and Interoperability Council (NRIC), the Department of Commerce’s National Telecommuni- cations and Information Administration (NTIA), and the Department of Homeland Security’s (DHS) Office of Cybersecurity and Communications (CS&C).

• The Telecommunications Act of 1996: Communications has undergone radical restructuring since the enactment of the 1996 Telecommunications Act that deregulated the sector. The primary result of this legislation has been the rise of the carrier hotel—the highly concen- trated colocation of telecommunications and Internet equipment in one place. Colocation is a form of self- organization that restructured the infrastructure.

• Carrier hotels: Like the power and energy sectors, the communication sector is shaped by its transition from vertical monopoly to deregulated competitive oli- gopoly.2 This regulatory reshaping produced network hubs (carrier hotels and large metropolitan exchanges), with high degree and betweenness centrality. Carrier hotels and their interconnection are the most critical assets in this sector.

• Triple redundancy: The three overlapping systems— landlines, cellular, and extraterrestrial—may be vulner- able to cascading cyber exploits because they are connected through a system of gateways. Thus, a failure

1LORAN is a network of land-based radio navigation beacons used by ships and aircraft to determine speed and position. 2A small group of controlling firms is considered an oligopoly.

Lewis, T. G., & Lewis, T. G. (2014). Critical infrastructure protection in homeland security : Defending a networked nation. ProQuest Ebook Central <a onclick=window.open('http://ebookcentral.proquest.com','_blank') href='http://ebookcentral.proquest.com' target='_blank' style='cursor: pointer;'>http://ebookcentral.proquest.com</a> Created from apus on 2020-12-10 18:53:44.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

94 COMMUNICATIONS

in one may lead to unexpected consequences in another. In general, redundancy may be a disadvantage in these highly connected networks.

• Top 30 routes: Critical nodes are clustered around major metropolitan areas linked by the top 30 landline routes connecting Chicago, Atlanta, Dallas–Fort Worth, San Francisco, New York, Washington–Baltimore, Los Angeles, Seattle, Denver, Sacramento, Philadelphia, Miami, Houston, Kansas City, Boston, Orlando, Portland, and San Diego. These 18 nodes and 30 links—plus connections to Asia, Canada, Europe, and South America—form a self-organized network with spectral radius of 4.73.

• Risk and resilience: The fundamental resilience equation for the network containing the top 30 routes and carrier hotels is as follows: log(q) = 0.18 − 0.31γρ, which places it in the high-risk category at its critical vulnerability, and γ

0 = 12.3%, with a fractal dimension

of q = 1.0. If the hub at Chicago is protected, network resiliency increases to q = 1.13 at the critical point and decreases system outage risk by 40%.

• Criticality: More generally, the critical nodes of the communication sector are a) carrier hotels, b) interex- change carrier (IEC) points of presence (POPS) and gateways, and c) land earth stations (LESs) that link communication satellites to terrestrial communication networks. LESs are particularly critical because there are so few of them. The critical links are high- bandwidth (OC-12 and OC-768) cables that link major carrier hotels together.

• Unusual sector threats: Besides cyber exploits, HPM and jamming threats pose unique sector-specific threat– asset pairs. Cyber–carrier hotel and cyber–exchange threat–asset pairs are asymmetric because of their low cost and capacity for virulent spreading. HPM–carrier hotel and jamming-cellular threat–asset pairs are also low cost and asymmetric but often overlooked as viable threats.

• Risk-informed strategy: The optimal risk-informed strategy invests heavily in hubs (carrier hotels and exchanges) and betweeners (highly critical transmis- sion cables). Optimal risk reduction and resiliency may be achieved by investing in the hardening or redun- dancy of hubs and betweener links.

5.1 Early yEars

The modern age of communications is rapidly transitioning from analog (information is encoded in a continuous signal) to digital (information is encoded as a stream of digits— zeros and ones). As a consequence, we think of analog as an old technology and digital as a new technology. But digital

communications is far older than analog. The telegraph machine (1837–1873) was the first digital communication system because it coded information as a series of digits just as modern digital systems do. Western Union started the first transcontinental telegraph network in 1861 and introduced the hugely successful stock ticker in 1866. Because of its reach, Western Union and the railroads were responsible for establishing time zones across vast nations like the United States. Digital telegraphy was such a huge success that Western Union became the first communication monopoly by 1866.

Telegraphy had one major drawback—it required a trained operator to translate the digital data into words and the reverse, words into digital code. This limited its useful- ness as a consumer product. What people really wanted was a talking telegraph machine. (Western Union was forced out of the voice communication business in 1879 when it lost a patent lawsuit with Bell Telephone Company.)

Sound is analog. Sound waves travel through the air as a continuous wave form. Thus, it seems only logical that a talking telegraph should encode sound (voice) as an analog signal—a continuous wave form. If only the energy of sound could be converted into electrical energy, transmitted as an electrical analog signal, and then converted back into analog sound at the other end, the telegraph could talk. Thus, was born the idea of a telephone.

Alexander Graham Bell (1847–1922) demonstrated the first operating telephone in 1876. Bell combined his knowledge of speech therapy with contemporary theories of electricity to create the first voice telephony device to win a U.S. patent. Bell was a contemporary of James Clerk Maxwell—the great Scottish scientist who formulated the rules governing electromagnetic fields. Both men were born in Scotland and educated in England. While Maxwell was a mathematical theoretician, Bell was a practical thinker. He liked to make things. His family moved to Boston in 1870 where he set up his speech and elocution school for training teachers of the deaf. He later became a professor of speech and vocal physiology at Boston University, specializing in teaching deaf-mutes to talk.

Another contemporary, Michael Faraday (1791–1867), demonstrated the principle of electromagnetic induction— the basis of converting electrical signals into audio by vibrating a membrane and the reverse. So Bell combined these technologies into one: speech waves vibrate a mem- brane surrounded by an electric field, which induces a current in a wire. The wire transmits the oscillating signal to a far point where the process is reversed—oscillating current induces vibration in a membrane to create sound waves. Bell correctly reasoned that human speech could induce electrical oscillations in a wire and then be converted back into sound waves, if properly amplified along the way.

In January 1878, Bell demonstrated his invention to Queen Victoria while on his honeymoon in England. He

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

EARLY YEARS 95

promptly got an order to install a private line between Osborne House, on the Isle of Wight, and Buckingham Palace. By the end of 1878, there were 5600 telephones in the United States. By 1882, there were 109,000, and by his death in 1922, there were 14 million telephones in the United States. Bell’s patents expired in 1894, but by 1897, he had moved on to the study of aeronautics.

Bell, his father-in-law Gardiner Hubbard, and Thomas Sanders formed Bell Telephone Company in 1877. They established their first telephone exchange in New Haven, CT (21 telephones and 8 lines), and began expanding it out- ward—initially to Chicago and eventually to San Francisco by 1915. Growth was rapid because Bell Telephone licensed its patents to others, thus attracting investments in local exchanges and “telephone companies.” Soon, Bell Telephone Company became American Bell Telephone Company—an indication of becoming a national enterprise.

Licensing revenue allowed American Bell to buy controlling interest in Western Electric in 1882. Western Electric put American Bell into the equipment manufac- turing business. Licensing and equipment manufacturing soon led to network system building. American Telephone and Telegraph Company (AT&T) was incorporated as a subsidiary of American Bell Company in 1885 for the sole purpose of building long-distance networks. In 1899, AT&T reorganized as an Internet protocol (IP) holding company that would cycle through several iterations of the competitive exclusion principle between 1913 and the present.

From 1898 to 1924, the communication industry was engaged in a “communication war” because of competition and rapid technological change in the industry. For example, the automated exchange and self-dial telephone invented by funeral undertaker Almon Strowger made Bell’s equipment obsolete. The Strowger switch eliminated the human switch- board operator. Strowger suspected a human operator of sending funeral business elsewhere.

Competition from upstarts fragmented the industry. By 1903, there were 2 million telephones from independent companies versus 1,278,000 from Bell. In addition, Bell Telephone had developed a reputation for high prices and poor service. AT&T fell on hard times as the Bell System faltered and bankers began to take over. J. P. Morgan gained control of the company and installed Theodore Vail as president in 1907. The rescue of the Bell System also marked the beginning of its downfall as an unregulated company— Morgan’s monopolistic consolidation of the independents soon led to the regulation of AT&T by Congress.

Under Vail’s leadership and Morgan’s backing, AT&T became a vertically integrated monopoly by 1911. The Department of Justice (DOJ) sued AT&T in 1913, claiming that it had violated the Sherman Antitrust Act of 1890. The lawsuit resulted in restricting but not stopping AT&T. The 1913 Kingsbury Commitment—an agreement between AT&T and DOJ—kept AT&T from buying independents

without DOJ permission, required AT&T to interoperate with independents, and forced AT&T to divest itself of Western Electric. But by 1924, AT&T owned 223 of the 234 independents!

Vail and Morgan believed in monopolies:

For much of its history, AT&T and its Bell System func- tioned as a legally sanctioned, regulated monopoly. The fundamental principle, formulated by AT&T president Theodore Vail in 1907, was that the telephone by the nature of its technology would operate most efficiently as a monopoly providing universal service. Vail wrote in that year’s AT&T Annual Report that government regulation, “provided it is independent, intelligent, considerate, thor- ough and just,” was an appropriate and acceptable substitute for the competitive marketplace.

The United States government accepted this principle, initially in a 1913 agreement known as the Kingsbury Commitment. As part of this agreement, AT&T agreed to connect non-competing independent telephone companies to its network and divest its controlling interest in Western Union telegraph. At several later points, as political philos- ophy evolved, federal administrations investigated the tele- phone monopoly in light of general antitrust law and alleged company abuses. One notable result was an anti-trust suit filed in 1949, which led in 1956 to a consent decree signed by AT&T and Department of Justice, and filed in court, whereby AT&T agreed to restrict its activities to the regu- lated business of the national telephone system and government work.3

Remnants of the early communication wars remain today. Local telephone companies—called local exchange carriers (LECs)—operated in restricted regions called local access and transport areas (LATAs) until 1996. Prior to reregulation of the industry in 1996, it was illegal for LECs to cross LATAs without permission from the FCC. This hampered adoption of new technology, because LECs were monop- olies within their LATAs and there was only one long-distance company—AT&T.

But vertically integrated monopolies have advantages, too. Components worked across the country, service quality was high, and access was universally available. The universal access policy guaranteed telephone service to anyone at a low cost, because installation and maintenance costs were amortized across all users. Operating as a regulated monopoly, AT&T was able to serve 99% of the population regardless of where people lived. Rural as well as densely settled metro- politan areas received telephone service under the 1934 law. Universal service also brought a high level of standardization of handsets, switching equipment, and transmission lines. It was a period of relatively secure and resilient service.

AT&T was declared a natural monopoly from 1934 to 1996. But the company did not stand still for 32 years.

3https://www.corp.att.com/history/

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

96 COMMUNICATIONS

Rather, it went through a long period of divestiture. This long and winding road began with the Communications Act of 1934. Congress asserted its control over broadcast and telecommunication companies and established the FCC as regulator of airwaves and all things having to do with com- munications. It declared the electromagnetic spectrum public—not private—property. For example, all communi- cation companies—including radio, TV, and phone com- panies—must obtain licenses from the FCC for broadcasting and to operate wired and wireless networks.4

In 1974, the DOJ began taking a long series of steps leading to divestiture and reregulation of the natural monopoly set up by the 1934 law. A long-drawn-out lawsuit from 1974 to 1984 led to the breakup of AT&T in 1984. In a profound decision, the 22 wholly owned Bell operating companies were separated from AT&T. The resulting seven regional baby Bells became competitive local exchange carriers (CLECs) and no longer operated as protected monopolies.

The baby Bells were Nynex in New York and New England; Bell Atlantic, BellSouth, and Ameritech in the Midwest; and Southwestern Bell, U.S. West, and Pacific Telesis in California and Nevada. Between 1984 and 1996, the competitive exclusion principle once again reigned as these companies went through acquisitions and mergers leading to only a handful of CLECs. As a result, the sector consolidated even further to a few carriers such as AT&T, Verizon, Sprint, and T-Mobile.

The next major step in divestiture came in 1996 with the Telecommunications Act of 1996. This law replaced the 1934 law and introduced major changes to the infrastructure and its reliability. Its impact is still rippling through the industry today.

The 1996 law reregulates the industry by forcing carriers to rent their networks to anyone wanting to start and run a telephone company. The idea is to open up long-distance transmission to local telephone companies and conversely to open up access to the “last mile” to long-distance companies. But it still limits ownership of cable TV, television, and radio stations to specific percentages in each region, and it sets pricing on some services.

IECs (the long-distance carriers) are now required to interoperate and share assets. AT&T can use the lines of Level 3, and Level 3 can use the lines of AT&T. This is called peering in the industry. Peering is also responsible for the creation of carrier hotels—multitenant facilities containing storage and switching equipment from competing telephone and Internet companies—which has accelerated self-orga- nized criticality in the communication infrastructure. By colocating computers, switches, and storage, communica- tion companies can operate faster and cheaper, in addition to linking together their networks.

The 1996 legislation attempted to set prices at the local level as well as the long-distance level. But the CLECs won a court order that forced the FCC out of the local market. As a consequence, states can regulate prices—not the FCC. Today, the CLECs can establish peering charges except where competitors cannot agree. In case of disagreement, states have the right to set pricing. So, today the FCC sets the wholesale price of long-distance service, but the peering fee charged by the local carrier is allowed to float within the limits of state regulation. In practice, this means that both wholesale and retail prices are controlled.

Peering produced volatility in the industry not unlike the volatility of wheeling in the electric power sector. If carrier A rents an hour on carrier B’s network and then sells an hour to carrier B on its network, the net difference should be zero. But when MCI WorldCom reported peering charges as capital expenditures instead of expenses and peering income as revenue, its CEO Bernie Ebbers was accused of falsifying the company’s accounting. He was found guilty of fraud and sentenced to 25 years in jail in 2005.

Today, the old Bell System companies are called CLECs, and the long-distance companies—including the Bell Long Lines system—are called IECs. These players are linked together through a network of carrier hotels and transmis- sion backbones. A hub-and-spoke architecture is emerging as preferential attachment increases self-organization. Additionally, we have a system that is shaped by years of cycling from regulated monopoly to deregulated oligopolies. Peering and competitive exclusion tend to concentrate assets—an emergent process that is also driving global com- munications toward self-organized criticality.

5.2 rEgulatory struCturE

The first critical infrastructure legislation in U.S. history was prompted by the 1962 Cuban missile crisis, resulting in the creation of the National Communications System (NCS). Negotiations between President Kennedy and Premier Khrushchev were endangered because of telephone system “call completion” problems. It wasn’t possible for the two leaders to simply pick up the telephone and place a call to anywhere in the world like it is today. In fact, Khrushchev was forced to use Radio Moscow to communicate, indi- rectly, with Kennedy, and Kennedy used a variety of means to circumvent the Kremlin bureaucracy:

During this time, ineffective communications were ham- pering the efforts of the leaders to reach a compromise. Without the ability to share critical information with each other using fax, e-mail, or secure telephones such as we have today, Premier Khrushchev and President Kennedy negoti- ated through letters. Generally, Washington and Moscow cabled these letters via their embassies. As the crisis

4One notable exception is that Wi-Fi networks operating under 1 watt are permitted without a license.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

REGULATORY STRUCTURE 97

continued, hours passed between the time one world leader wrote a letter and the other received it. Tensions heightened. On October 27 and 28, when communications became urgent, Premier Khrushchev bypassed the standard communication channels and broadcast his letters over Radio Moscow.5

The so-called hotline established after the crisis was initially a teletype set up in August 1963. Kennedy also established the NCS by executive order (EO):

Following the crisis, President Kennedy, acting on a National Security Council recommendation, signed a Presidential memorandum establishing the NCS. The new system’s objective was “to provide necessary communications for the Federal Government under all conditions ranging from a normal situation to national emergencies and international crises, including nuclear attack”. At its inception on August 21, 1963, the NCS was a planning forum composed of six Federal agencies.5

In 1978, Presidential EO 12046 consolidated two other communication agencies into the NTIA under the Department of Commerce. The NTIA combined the White House Office of Telecommunications Policy (OTP) with Commerce’s Office of Communications. The principal role of the NTIA has been to sell spectrum to telephone, radio, and TV companies. But its involvement in communications has sometimes extended beyond marketing of airwaves. For example, in 1998–1999, the NTIA played a major role in commercialization of the Internet.

A third big step in governmental oversight was taken in 1982 when President Reagan issued EO 12382. This order established another watchdog organization that reported directly to the President—NSTAC. NSTAC members are senior management (CEOs and Senior Vice Presidents) of telecom companies. Their job is to advise the President on matters of communication security.

PDD-63 (1998) designated the U.S. Department of Commerce as the lead agency and the NTIA as the sector liaison official for the information and communication sec- tor. The NCS was responsible for making sure the communi- cation sector worked, the NTIA regulated the airwaves, and the NSTAC advised the President.

During the 1990s, the FCC became concerned with the Y2K problem (turnover of the millennium calendar that threatened to render computers and communication equip- ment inoperable). This prompted the FCC to temporarily create the NRIC in 1993. It was dismantled after the Y2K threat subsided, but then the FCC rechartered NRIC in 2002, on the heels of 9/11. A series of reports issued by the NRIC in 2002 remain an authoritative source of recommendations on how to secure the communication infrastructure. At this point, there were no less than 4 agencies overseeing

communications: the FCC/NRIC, Commerce/NTIA, DHS/ NCS, and NSTAC.

The NCS became part of the DHS in 2003. It was tucked under the Critical Infrastructure Protection Division. One of its objectives was to partner with the major communication owners and operators. For example, in 2003, these were AT&T, Cisco Systems, Computer Sciences Corporation, COMSAT Corporation, EDS, ITT Industries, National Communications Alliance, Nortel Networks, Science Applications International Corporation, Sprint, United States Communications Association, Verizon, and MCI WorldCom. Contrast this list with the members of the NRIC: AT&T, Microsoft, Nokia, Nortel, Qwest, MCI WorldCom, Motorola, Alcatel, Sprint, Verizon, Lockheed Martin, Boeing, AOL–Time Warner, EarthLink, Level 3, Bellsouth, DHS, NCS, Hughes, Intelsat, Communication Workers of America, Comcast, Cox Communications, Cingular, and Cable & Wireless.

President Obama consolidated these sprawling agencies (by EO 13618) in July 2013 (see Fig. 5.1). At this time, the DHS oversees the National Protection and Programs Directorate (NPPD), which oversees the CS&C, which oversees the Government Emergency Telecommunications Service (GETS), Telecommunications Service Priority (TSP), Wireless Priority Service (DHS-WPS), and Shared Resources High Frequency Radio Program (SHARES) offices. This structure is likely to evolve further as threats evolve.

Emergency responders obtain authority and access to cellular networks through the CS&C.6 The GETS, TSP, and DHS-WPS offices issue priority pins to federal, state, local, and tribal governments to be used during an emergency or

5www.dhs.gov

6Standard Operating Procedure 303 (SOP 303) describes a shutdown and restoration process for use by commercial and private wireless networks in the event of a national crisis.

Congress

FCC

NRIC NTIA

Commerce

President NSTAC

DHS

NPPD

CS&C

OEC

GETS TSP WPS SHARES

FigurE 5.1 The structure of U.S. governmental agencies involved in the regulation of the communication sector.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

98 COMMUNICATIONS

crisis situation when the various networks are congested and the probability of completing a normal call is reduced. When used, these pins remove congestion and give first responders the highest priority.

5.3 thE arChitECturE oF thE CommuniCation sECtor

The Telecommunications Act of 1996 reshaped the commu- nication sector by changing it from a vertical monopoly to reregulated competitive oligopoly (see Fig. 5.2). Long- distance landline carrier service (IECs) is a price-regulated utility much like electric power, gas, and oil. However, unlike other sectors, there was a temporary surplus of capacity because of heavy investment in transmission lines during the dot-com bubble of 1995–2000. By 2012, however, this surplus was beginning to diminish, potentially creating a tragedy of the commons in the future.

The 1996 law created competitive local exchanges, required network peering, and placed caps on wholesale and retail pricing. Most profoundly, the previously proprietary transmission and distribution lines were cast into an industrial commons open to all competitors. The vertically integrated AT&T monopoly has been replaced by an oligopoly—many companies sharing the same switching and transmission commons that all telephony and Internet services depend on. Verizon, AT&T, T-Mobile, Vonage, and others depend on the same infrastructure. But, there is little incentive to maintain this shared resource. Is this industrial commons sustainable, or will rapid expansion impact its resilience?7

5.3.1 Physical infrastructure

Against this background lies a huge infrastructure under- going massive technological change. How does it work, and how do we derive security policies from these mechanisms?

First, we must understand the basic terminology and architecture of the communication infrastructure.

Plain old telephone service (POTS) was capable of trans- mitting 64 Kbps of digital data over copper wires. A POTS call requires 8 Kbps of control, so computer users get 56 Kbps of data when they dial up a POTS line and use a modem to connect their computer to the Internet. This stan- dard has become the basic unit of bandwidth in the telephone network, designated digital service zero (DS0).

Circuits are combined to create more capacity. For example, a DS1, also known as a T1 line, is 24 DS0 lines working as one and yields 1.536 Mbps of data and 8 Kbps of control. Therefore, a T1 line transmits 1.544 Mbps of data and control information. Similarly, a T3 (also known as a DS3) line is 28 T1 circuits plus control bits, yielding 44.736 Mbps overall.

Capacity goes up by combining circuits or changing tech- nology. An optical fiber cable (OC) transmits more information than a copper cable. Optical transmission lines are designated as OC-1 (51 Mbps), OC-3 (155 Mbps), OC-12 (622 Mbps), etc. up to OC-768 (gigabits/s). An ordinary cable TV coaxial cable can transmit from 3 to 10 Mbps. The very-high-bandwidth connections provided by OC-12 and OC-768 cables are of paramount importance to security and resilience of this sector, because of their capacity to haul a lot of information. Betweenness of these transmission lines will be one focus of risk analysis.

Wireless transmission is governed by yet another tech- nology—radio. Various bands (frequency ranges or colors in the electromagnetic spectrum) have been set aside for cel- lular, satellite, and local area networks. For example, radios that connect earth-orbiting satellites to ground stations operate at speeds comparable to POTS. The so-called 3G, 4G, and Long-Term Evolution (LTE) cellular wireless net- works operate at megabit speeds. Wi-Fi networks that link together personal computers over short ranges are currently operating in the range of 100 Mbps and are likely to exceed megabits in the future. Other technologies can operate at much higher speeds or over longer distances. Each tech- nology has its advantages and disadvantages, which is why they coexist in the marketplace.

Copper and optical landlines are the backbone of the communication commons. They carry voice, data, Internet email, audio, video, and any other digital information that can be converted into short bursts called packets, tagged with source and destination addresses, and routed through the infrastructure shown in Figure 5.3. Landlines are the fabric that holds it all together. They cross borders, tunnel beneath roads, oceans, railways, and buildings. Packet switching optimizes the use of transmission lines by sharing multiple “conversations” over one line.

Various transmission and switching technologies hold the communication sector together. Figure 5.3 is a simplification of the overall network architecture. It leaves out details such

Consumers Consumers

Carrier

Carrier (Switching & Billing)

Regulators Regulators

Vertical monopoly Oligopoly

Distribution Distribution

Transmission Transmission

Switching Billing

FigurE 5.2 The Telecommunications Act of 1996 deregulated the communication sector and is reshaping it into an oligopoly of competitive companies on a global scale.

7Government sets wholesale and retail prices, so what is the incentive to maintain and improve the long-distance transmission backbone?

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

THE ARCHITECTURE OF THE COMMUNICATION SECTOR 99

as microwave relay stations, laser links, and so forth. But it is sufficiently detailed for us to come to some conclusions about criticality and fragility. Generally, the sector is shaped by preferential attachment resulting from the 1996 Telecommunications Act.

The major functional purpose of the IECs is to provide long-distance connectivity and to connect the CLECs together into one national network. This is done by providing POPS, network access points (NAPS) for Internet users, and gateways for integrating satellite and cellular networks into the backbone, as shown in Figure 5.3. POPS, NAPS, gateways, and switching equipment typically reside in car- rier hotels, because of the peering requirement and cost efficiencies.

CLECs provide local loop service. They connect to the backbone through POPS that switch calls to their central offices. In turn, central offices funnel calls to end offices, which in turn channel the call to consumers through a neigh- borhood switch known as a headend. Headends handle approximately 1000 users at a time. CLEC networks are shaped like a hierarchical tree, while the IEC networks are arbitrary graphs—not necessarily a tree or grid. Note the redundancy in the local loop due to multiple tandem switches. The switching fabric at the CLEC level is relatively

resilient, and failures are localized to a few thousand customers.

5.3.2 Wireless networks

Wireless transmission encompasses three major technol- ogies: communication satellites, cellular, and Wi-Fi or Worldwide Interoperability for Microwave Access (WiMax). Wi-Fi is formally the IEEE 802.11 standard, and WiMax is the IEEE 806.16 standard currently deployed as 4G by some carriers. Satellites have global coverage but are relatively low speed and expensive. Cellular towers are relatively low cost but lack complete coverage. Wi-Fi is inexpensive, fast, and compatible with computers and the Internet but has a range of less than 100 m. No single technology serves all purposes. Instead, these technologies are integrated into the larger IEC backbone as shown in Figure 5.3.

5.3.3 Extraterrestrial Communication

There are over 3500 communication satellites in use today. While the public is mostly unaware of their presence in the national communication infrastructure, they play a critical role in voice and data communications, broadcast television

Local exchange carrier Interexchange carrier Wireless

Satellite gateway

Cellular gateway

Cell tower

Satellite

Ground station

LEC local loop

LEC end of�ces

LEC central of�ces

Tandem switch

Trunk

Tree-structured

POP

IEC POPS

Headend

Graph-structured

Backbone

FigurE 5.3 The architecture of the communication sector includes landlines, satellites, wireless, and access points.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

100 COMMUNICATIONS

transmission, military surveillance and imaging, intelligence gathering, early warning systems, maritime and aeronautic navigation with GPS, weather forecasting, inspection of agricultural lands, rescue and disaster relief, oceanographic and natural resource observations, etc.

In 2004, satellite operators earned revenues of $2.3 bil- lion—$1.4 billion for moving data and $900 million for providing voice services. This is small compared to the entire communication industry and is growing slowly com- pared to undersea cable. For example, over 7000 miles of undersea cable was laid in 2005, linking 11 Middle Eastern nations to the Internet. However, satellite communication remains very important to first responders and emergency management organizations because it provides wireless access from almost any place on earth.8

The idea of communication satellites circling the earth originated with science fiction writer Arthur C. Clarke in 1945. Clarke was way ahead of his time. His article described how a rocket circling the earth at 22,300 miles above the equator would hover above the same land area, because it would circle the earth at the same speed as the earth rotates. The rocket is parked in a geosynchronous orbit. He recom- mended three geosynchronous rockets be stationed above the earth at 120° apart so together they would cover all of the earth’s surface. Clarke invented the geosynchronous earth orbit (GEO) satellite, which was actually constructed and put into orbit 20 years later.

Today, there are three kinds of communication satellites: low earth orbit (LEO), medium earth orbit (MEO), and geo- stationary earth orbit (GEO). GEO is the oldest, followed by MEO and LEO networks. Each has its advantages and disad- vantages in terms of latency (time delay due to the time it takes a radio signal to make a roundtrip from earth to satellite and back), bandwidth (the transmission speed), coverage (how much of the earth’s surface is served by one satellite), power (how much power it takes to send and receive the radio signal, and hence the size and weight of the handsets), and cost (how many satellites, how heavy, and how pow- erful). In simple terms, the further away a satellite is, the more surface it covers, but also the more power and larger size required to send and receive messages.

GEO satellites circle the earth at 22,300 miles, which exactly matches the rotational speed of the earth while simultaneously giving the satellite enough centripetal force to offset gravity. Hence, they hover over the same location all the time, which also gives them large coverage. There are about 200 GEOs, which is the maximum amount possible, because they have to be separated by two degrees of arc to keep from interfering with one another. What happens when someone wants to launch another GEO satellite?

Reservations in space are made by the International Communications Union (ITU), which regulates GEO spectrum.

In 1967, the United Nations Outer Space Treaty declared the geosynchronous orbit as a “common heritage of mankind.” ITU determined that slots in this orbit were up for grabs on a first come first serve basis. A space rush ensued, and today, the GEO is full. In addition to limited slots, GEO satellites introduce a delay that complicates the transmission of Internet packets.

Inmarsat was the first and most successful GEO network system in the world. Started in 1979, its network consists of 5 satellites (4 older backups) linked to the global telecom- munication network through 34 LESs, all run from a net- work operation center in London, United Kingdom. Satellite coverage is 95% of the surface of the globe (north and south poles have no coverage). Inmarsat currently provides 432 Kbps—comparable to digital subscriber line (DSL) and digital cable services used by consumers with broadband access to the Internet.

Inmarsat service has been used to monitor radiation leak- age in power plants and oil refinery monitoring in the energy sector. Asset tracking is a major application of satellite com- munications because of global coverage: GPS container tracking by shippers, equipment tracking by large farms, train and car tracking by railway operators, and vessel tracking of fleets at sea.

Satellites provide an alternate and redundant communica- tion network. Because they work from outer space, they are available when landlines and cell phones are not. Hence, they are especially important to emergency workers. For example, emergency satellite communication services (via Stratos Inc.—a satellite service reseller) were employed after the 9/11 terrorist attacks on the Twin Towers:

On Sept. 13, a Federal law enforcement agency contacted Stratos from the scene at Ground Zero in New York City, looking for a communications solution that didn’t require land-based facilities. Stratos sent a shipment of Iridium phones to New York City, which arrived there hours after receiving the initial equipment request. After consulting with Federal officers at a command station a few blocks from the World Trade Center rubble in lower Manhattan, the Stratos team installed two Iridium fixed-site terminals on a nearby roof and another in a mobile command station. The equipment was used for emergency back up communica- tions to help facilitate the agency’s relief and damage con- tainment efforts.9

5.3.4 lEss

LESs handle bulk traffic between satellites and the terrestrial network. They are key assets in the IEC backbone because they handle large volumes of international phone calls, emails, and TV broadcasts. One of the oldest and largest LESs in the world is located at the southern tip of the British

8Satellite communication does not reach the north and south poles. 9http://www.stratosglobal.com/

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

THE ARCHITECTURE OF THE COMMUNICATION SECTOR 101

Isles—Goonhilly Station. It has 60 dishes spread across 140 acres in Cornwall. It transmits to every corner of the globe via space and through undersea fiber-optic cable:

On 11 July 1962 this site transmitted the first live television signal across the Atlantic from Europe to the USA, via TELSTAR. This Satellite Earth Station was designed and built by the British Post Office Engineering Department. Goonhilly-Downs covers 140 acres and is located at the westernmost end of the Cornwall coast in England. It was selected because of the topography of the land. The first satellite dish to be built on the site, Goonhilly-1, also known as Arthur, was an 85 feet in diameter parabolic design weigh- ing 1118 tons. It set a world standard for the open parabolic design of the dish.10

Large LESs exist in the United States, too. For example, the Staten Island Teleport, owned by Teleport Communications Group (TCG), handles much of the broadcast telecommu- nication streaming in and out of media capital Manhattan. The 100 acre business park includes a 400 mile regional fiber-optic network and an operation center linked to a satellite transmission facility.

5.3.5 Cellular networks

The cellular telephone wireless network also feeds into the IEC backbone as shown in Figure 5.3. Cellular telephones have become a pervasive commodity—expected to reach 7 billion handsets sometime before 2020. Its dependence on terrestrial landlines cannot be ignored, however. Without landlines connecting cellular towers to the architecture shown in Figure 5.3, cell phones are worthless. In addition, cellular service is far less than 100%, because the range of a cell phone is approximately 3 miles.

Cell phones operate on only one standard in Europe (GSM), which means networks interoperate across country borders. But in the United States, cellular networks have grown up somewhat like how the landline LECs grew up in the 1890s—as sprawling competitors. The result is an overly complicated and confusing cellular network infrastructure. In order to fully understand this important infrastructure, we have to delve into the arcane world of cellular access methods and technology generations—a topic beyond the scope of this book.

The cellular network derives its name from the fact that it is actually a honeycomb of regions called cells—each cell acting like its own self-contained radio broadcast network. These cells communicate with a tower located in the middle of the region. The tower links each handset to a wired net- work that interfaces with a gateway to the IEC backbone through a POP. Cells divide a city into small areas about 10 miles in diameter and automatically transfer communication

links from one cell to another as the handset moves. Major highways and freeways are densely populated with towers to track consumers as they move through different cells.

Towers and their associated switching gear are called base stations. Each base station is connected to the Mobile Telephone Switching Office (MTSO), which ties into the wired phone system through a gateway (see Fig. 5.3). A base station tracks every handset as it moves in and out of cells. When the handset leaves one cell and enters another, the signal is handed off to the next tower. Switching is fast enough that users do not notice the gap as cell phones roam from one base station to the next without interruption.

A cell phone needs three numbers to operate within its cell, cross over into another cell, and interoperate with the wired landline network. Each phone has a system identification number (SID), a unique 5-digit number assigned by the FCC to each carrier; an electronic serial number (ESN), a unique 32-bit number programmed into the phone when manufactured; and a mobile identification number (MIN), a 10-digit number derived from your phone’s dial-up number. The SID validates that your phone is legal and works with the correct network; the ESN validates that you have registered with a carrier such as Verizon; and an MIN uniquely identifies the consumer.

Here is (roughly) how a cell phone works. When the handset is turned on, it is assigned one of the 42 control channels to send its SID to the base station with the strongest signal. The MTSO switch monitors signal strength and as you move from one cell to another. Communication is handed off to the cell with the strongest signal. If the handset SID does not match the SID of the base station, then the handset must be “roaming”—which means the caller is outside of his or her home base station cell. The MTSO that is handling the call uses the SID, ESN, and MIN to track the handset and pass its signal on to a gateway into the IEC backbone and then to another MTSO. The receiving MTSO locates the destination handset and makes the connection. The switching equipment in each MTSO must be sophisti- cated enough to perform handoffs at both ends—without the consumer realizing what is happening.

5.3.6 generations

The technological shifts that rapidly advance cell phone tech- nology are known as generations—1G for the first generation, 2G for the second generation, and 4G for the latest generation of wireless phones. Similar to the rapid pace of personal com- puters in the 1980s and 1990s, early cellular technology will eventually reach a level where consumers no longer care about the technology. When this happens, the notion of a cell phone generation will be ignored. However, the first three genera- tions deserve mention here for historical reasons.

1G cellular networks ran on analog signals and are often called Advanced Mobile Phone System (AMPS). 2G phones 10https://en.wikipedia.org/wiki/Goonhilly_Satellite_Earth_Station#History

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

102 COMMUNICATIONS

converted sound into digital signals containing speech and data. So 2G cell phones introduced the first generation of digital telephony. An interim generation called 2.5G ran on an all-digital network but was capable of only supporting email, web browsing, and low-resolution photos. The ITU defined 3G networks as wireless digital networks supporting transmissions from 144 Kbps to 2 Mbps—roughly equivalent to wire line DSL. 4G and beyond combined bandwidth enhancements and features like movies on demand with apps, games, and eBook services.

Along the way to digital convergence, several other interim generations were deployed. For example, Cellular Digital Packet Data (CDPD) is digital data transmitted over AMPS networks. A few police departments may still use CDPD, because it is inexpensive and covers large and sparsely settled areas of the country. However, AMPS with CDPD is not very secure.

5.3.7 Wi-Fi technology

Wi-Fi is the commercial name for a series of standards set by the IEEE: 802.11x committee. Wi-Fi devices are small radios operating below 1 W of power so they can operate on an unlicensed band. 802.11x is a series of technologies that progressed from 50 Mbps to over 150 Mbps. Wi-Fi’s first encryption algorithm, Wired Equivalent Privacy (WEP) was easy to break, so the Wi-Fi Protected Access (WPA, WPA2) algorithms created in 2003 and 2004 quickly eclipsed the original standard. Only computers, cell phones, and tablets set up using the 2006 Wireless Protected Setup (WPS) stan- dard are guaranteed to be secure.

Its cousin, IEEE 802.16x or WiMax, is sometimes called Wi-Fi on steroids. It is similar to both cellular and Wi-Fi tech- nologies and incorporates a more sophisticated congestion control protocol allowing it to work more like a cellular broad- cast. WiMax networks can operate much faster than Wi-Fi (30–40 Mbps) and over longer distances (40–50 miles). WiMax can be bought in a cell phone form factor for use in emergency operations such as recovery after Hurricane Katrina in 2005.

Wi-Fi has a very short range (100 m) but relatively high-speed and low-power requirements. In 1985, the FCC allowed Wi-Fi broadcasts without a license, which means access points can be installed anywhere, by anyone. Additionally, the technology was simple enough to be pro- duced at low cost. This propelled Wi-Fi to mainstream use, not only in offices but also in restaurants, libraries, shopping malls, and other public places. Almost all computer, tablet, and cell phone devices contain Wi-Fi chips.

5.4 risk analysis

The redundancy provided by the three major telecommunica- tion network infrastructure components—landlines, cellular, and extraterrestrial networks (communication satellites)—adds

resilience to the sector because service can be switched from one to the other during an emergency. Landline and cellular service can be backed up by satellite communication services, for example, and Wi-Fi can sometimes complete the last mile connection when landlines fail.

The optical fiber infrastructure is relatively robust due to redundant paths, but much of the long-distance wiring still depends on the old AT&T Long Lines or its silhouettes. These pathways were designed to be efficient and not neces- sarily redundant. Moreover, the 1996 Telecommunications Act has driven Internet and telephony topology to a state of self-organized criticality, today. Peering—and self- organizing preferential attachment—has produced highly concentrated carrier hotels at strategic locations around the country (see Fig. 5.4).

Generally, threat–asset pairs in the system of Figure 5.4 are the following (in order of criticality):

1. Terrorism–telecom hotels, power–telecom hotels, and cyber–telecom hotels

2. Terrorism–satellite LESs, power–satellite LESs, and cyber–satellite LESs

3. Weather–IEC POPS, terrorism–IEC POPS, power– IEC POPS, and cyber–IEC POPS

4. Terrorism–cellular gateway POPS, power–cellular gateway POPS, and cyber–cellular gateway POPS

5. Power–CLEC central offices

6. Terrorism–satellites, towers, cables, and fiber

Human-caused hazards are likely to be from:

• Cyber attack on all telecom components—terrestrial and extraterrestrial

• Physical attack on carrier hotel—destruction of con- centrated assets

• Physical attack on LES—damage to a critical link

• HPM attack on telecom components

• Physical attack on IEC POPS and gateways

• Physical or HPM attack on satellite “bird”

Natural causes of hazards are likely to be from:

• Weather

• Power outages

• Component failure

Figure 5.5 is a general fault tree risk model of the sector. Assuming individual threat and vulnerability probabilities are both 50%, the entire sector is 92.5% likely to fail due to one or more threat–asset pair hazards. Indeed, telephony outages prior to the 1996 legislation were long-tailed haz- ards with a risk profile as shown in Figure 5.6. Kuhn studied

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

RISK ANALYSIS 103

outages for 2 years from April 1992 to March 1994 and showed that the pre-deregulation era telephone system was 99.99% reliable [1]. The top three hazards responsible for the most downtime (%) were:

1. Overloaded circuits (44%)

2. Human error (28%)

3. Acts of nature—weather (18%)

The top three sources of failures by cause (%) were:

1. Human error (49%)

2. Hardware failure (19%)

3. Software failure (14%)

Figure 5.6 presents Kuhn’s data in the form of exceedence probability and risk profile versus consequence measured in millions of customer-minutes—the length of time communi- cation outages left consumers without service. True exceedence is calculated as described in Appendix B. Short outages are much more likely than long service drops. This is shown in both exceedence probability and risk profile. Risk starts out high and steadily declines versus customer- minutes. Fractal dimension is 1.5, placing these normal acci- dents solidly in the low-risk category.

The risk profile of Figure 5.6 is unusual because it starts relatively high and steadily declines. Most risk is small—at

the low end of the consequence axis—and high-risk outages are very rare. The fact that the risk profile approaches zero as consequence increases without bound confirms the low-risk hypothesis. Prior to the 1996 Telecommunications Act, the POTS was comparatively resilient. Kuhn attributes this mainly to loose coupling of the network. The communica- tion network contained little of what Perrow called cata- strophic potential and Bak called self-organization. But that all ended with the emergence of carrier hotels.

5.4.1 importance of Carrier hotels

For economic reasons as well as the Telecommunications Act of 1996, CLECs and IECs, communication companies, ISPs, and businesses were motivated to colocate equipment and services in the same building. This saves money, because infrastructure costs can be amortized over a large number of tenants. They are attractive to carriers because they provide:

• High-speed connections (fiber, satellite, microwave)

• Roof access for antennas

• Physical security ⚬ Key card access ⚬ Video surveillance ⚬ Biometric scanners

• Power and backup generators

FigurE 5.4 Major carrier hotels within the United States form the backbone of telephony and Internet service.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

104 COMMUNICATIONS

• VESDA air sampling (imminent fire detection)

• Fire suppression—suppressors and sprinklers

• Redundant HVAC

• Seismic strength

Because these functions are expensive and bothersome for businesses to supply on their own, many carrier hotels also contain key assets outsourced by their clients. Cloud computers, databases, and so on are often colocated in a car- rier hotel. Carrier hotels also provide wireless gateways, storage and hosting servers for businesses, and application service providers (companies that run your applications

for you). If a carrier hotel is vulnerable, then the businesses that colocate in them are vulnerable as well.

The largest carrier hotels in the United States—60 Hudson Street in New York and 1 Wilshire Boulevard in Los Angeles—became carrier hotels in large part because they happened to sit on top of a big optical fiber intersection. Like gigantic Internet onramps, these carrier hotels provide rapid access to far points of the globe. One building, Number 1 Wilshire Boulevard, is home to nearly 100 telecommunica- tion carriers alone and is sometimes described as a direct jack to Asia and Japan. The large building at 60 Hudson Street in Manhattan houses switching equipment that con- nects the United States to Europe, Middle East, and Africa.

Communication

Human

Natural

Cyber

Hotel

LES

HPM

POPS

Satellite

Weather

Power

Component

FigurE 5.5 Human-caused hazard fault tree risk model for the communication sector lists the most likely threats.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

RISK ANALYSIS 105

Similarly, the Weston Building in Seattle connects Canada and Alaska to the lower 48, and the carrier hotel in Miami links the United States to South America.

Richard Clarke—the first cybersecurity head at the DHS—recognized the importance of carrier hotels, early on:

I’m told … that although Transatlantic Fiber lands at about 10 different places in Massachusetts, Rhode Island, Long Island and New Jersey that, after having landed, it all goes to one of two facilities—60 Hudson Street or 111 Eighth Avenue in Lower Manhattan. If that’s true, that would seem to be a problem. … I suspect this statement … is true, that if you blew up 60 Hudson Street and 111 Eighth Avenue, we could not communicate via fiber optic with Europe.11

Carrier hotel criticality was one of the immediate concerns expressed by President Bush on the heels of 9/11. NSTAC’s report to the President avoided an alarmist call to action, but it identified carrier hotels as critical components of the communication sector:

Although no analyses performed to date have shown that the entire communications architecture would be adversely affected through the loss of a single telecom facility, according to JPO-STC, loss of specific communications nodes can cause disruption to national missions under certain circumstances. As a result of these analyses, the JPO-STC not only has shown the dependencies of Department of Defense (DoD) missions on communica- tions, but also reports that there are further and more far-reaching implications to other national infrastructure sectors. [2]

5.4.2 network analysis

Carrier hotels are the most important assets because most of the communication infrastructure depends on them—wired as well as wireless. For example, the IEC POPS and gate- ways—for both satellite and cellular—are typically colo- cated in a carrier hotel. They tie the entire sector together and handle most of the traffic. This is why a risk-informed strategy focuses on high-capacity transmission links and highly concentrated carrier hotels.

Consider the busiest routes in the top-level communica- tion infrastructure in the United States as shown in Figure 5.7. This network connects the major carrier hotels in the United States. Chicago is the hub of this network and also the node with the largest betweenness value. Its degree is 9 and its 207 paths give it the highest betweenness rating. Betweenness and degree combine to yield a normalized weight of 4.0— making it the central node of this network. In rank order according to normalized betweenness and degree (normal- ized centrality), the critical nodes are:

Chicago (4.0)

Atlanta (3.19)

Washington–Baltimore (2.69)

Dallas–Ft. Worth (2.47)

New York (2.44)

The links (routes) with the highest betweenness (normalized centrality) are:

Atlanta–Washington–Baltimore (1.60)

Seattle–Chicago (1.53)

Chicago–New York (1.51)

100% Telephone service outages 1992–1994

E xc

ee de

nc e,

r is

k %

90%

80%

70%

60%

50%

40%

30%

20%

10%

0% 500 1000 1500 2000 2500 3000 3500 4000 4500

Risk pro�le

Consequences: Outage minutes (#M)

FigurE 5.6 Telephone outages reported by Kuhn indicate the U.S. communication infrastructure in the mid-1990s was low risk.

11Richard Clarke, March 11, 2002.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

106 COMMUNICATIONS

Atlanta–Miami (1.51)

Atlanta–Chicago (1.49)

5.4.2.1 Node Analysis Cascade collapses might be caused by the spread of a com- puter virus or by backed up congestion due to a carrier hotel failure. Alternatively, a failure in one node may propagate to adjacent nodes with similar results. Simulated random attacks on hubs and targeted attacks on the hub (Chicago) were tallied to obtain the fractal dimensions and fundamental risk and resilience equations for each. The spectral radius of this network is 4.73, therefore:

Random attacks

Targeted attack

: log . . ; . %

: lo

q( )= − =0 18 0 31 12 30γρ γ gg . . ; . %q( )= − =0 06 0 31 4 10γρ γ

Targeted attacks on the hub are three times more effective than random attacks in causing cascade failures. But, if the hub at Chicago is protected (hardened), risk drops and resilience increases. Random attacks on the network— with a protected hub—yield the following resiliency equation:

Hardened hub : log . . ; %q( )= − =0 17 0 20 180γρ γ

This result is 50% better than random attacks and four times better than targeted attacks on the hub. By hardening the hub, the entire network is hardened. At the critical point γ

0 = 12.3%, the fractal dimensions change:

Random attacks

Hardene

: log . . . . ; .q q( )= − ( )( ) =0 18 0 31 0 123 4 73 1 000 dd hub : log . . . . ; .q q( )= − ( )( ) =0 17 0 20 0 123 4 73 1 130

The difference in fractal dimensions—1.00 versus 1.13— may not seem like much, but exceedence probability of 50% (9 of 18 domestic nodes) impacted by a cascade failure drops by 40% when protecting the hub:

EP random

EP hardened

( ) = =

50 2 0

50 1 2

1 00

1 13

. %

Similarly, risk is reduced by 40%, assuming consequence is the same across all nodes. Protecting only the hub shortens the long-tailed exceedence probability distribution and reduces risk of cascade failure for all nodes—not just the hub. The entire network is made more resilient by hardening only one of the 18 domestic nodes. The return on investment is greatest when protecting hubs.

Asia

San Francisco

Sacramento

Los Angeles

San Diego

21 20

Dalias-FW

Houston

17 16

Chicago

Boston

3 New York

Europe

12 11

Orlando

8 Miami

South America

Atlanta

Philadelphia

Wash-Baltimore

14 13

Kansas city

10 Denver

25Portland 24

Canada

Seattle

FigurE 5.7 Top 30 routes and carrier hotel network for the United States circa 2003 have a degree and betweenness node centered in Chicago.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

RISK ANALYSIS 107

5.4.3 Flow analysis

Betweenness analysis suggests that the links from Atlanta to Washington DC–Baltimore are the most critical connec- tions. Flow analysis with random attacks yields a flow fractal dimension of 0.72—high risk—and a reference output of 1145 units. Removal of the link between Atlanta and Washington DC–Baltimore yields a flow fractal dimension of 0.65—an even higher flow risk—but with a reference output of 1165 units. In other words, flow risk increases, but so does the output from the network. This is due to Braess’s paradox. The improvement in output from a diminished network assumes the remaining links have enough capacity to redirect the flow of information to remaining links.

This example illustrates the paradox of redundancy. Deletion of the Atlanta to Washington DC–Baltimore route reduces redundancy of telecom routes, but it increases the flow capacity of the remaining nodes and links. It also diminishes the risk of cascades. By removing the link, spectral radius drops from 4.73 to 4.55, and fractal dimension of random attacks with probability of γ

0 = 12% rises from

1.009 to 1.025. That is, self-organization decreases and cascade resilience increases. The exceedence probability distribution tail is slightly shorter (1.025) without the link that with it (1.009).

5.4.4 robustness

Link robustness is 43% (40% by approximation formula), which means that 43% of the links can be removed before the network is separated into islands. Since there are 30 links, 13 can be damaged or dropped without separation. Therefore, 17 links are critical. Obviously, all links connecting nodes with a single link are critical. There are five domestic nodes that qualify. The Atlanta to Washington DC–Baltimore link is not one of the critical links. What other links must not be removed?

Similarly, node robustness is 77% (79% by approxima- tion formula), which means removal of any one of 14 nodes (0.77(18)) will not separate the network. Alternatively, four nodes are critical because removal of any one of them will disconnect the network. The follow- ing blocking nodes are critical to network separation: Seattle, Atlanta, Los Angeles, and New York. Removal of these four nodes separates this CIKR network into six components: Boston, Portland, Miami, Orlando, San Diego, and everything else.

5.4.5 hPm attacks

One unusual and important threat to communications merits further analysis, here. HPM guns are low-cost energy weapons that cause havoc when unleashed on computer,

telecommunication, radar, and other electronic devices. A burst of energy from an HPM gun “fries” the circuits of most electronic machines. While carrier hotels are well protected against physical attack, they may be susceptible to cyber and HPM attacks.

HPM waves are created by discharging extremely short bursts of microwaves at high energy levels—typically giga- watts of energy fired in nanosecond bursts. These waves are short, that is, from a few meters to a few centimeters in length or from 100 MHz to 10s of GHz in the frequency domain. This is the electronic equivalent of a sharp knife, cutting through walls and shielding to get to electronic circuits. These attacks would damage machines but go unnoticed by humans.

One way to think of HPM is to make an analogy with a high-heeled shoe. If the area of the heel is 1 in2 and the person wearing the shoe weighs 100 lb, the heel presses against the floor with a force of 100 lb/in2. Now, if the area of the heel is reduced to one-half of a square inch, the 100 lb pressure is spread across one-half as much area, so the down- ward pressure is 200 lb/in2. If we continue to reduce the size of the heel, say, to one-tenth of a square inch, the force against the floor is now 1000 lb/in2! If we apply the same weight to a smaller and smaller area, the force goes up and up. A person that weighs 100 lb can apply a million pounds per square inch by simply wearing extremely pointed high heels. This is the idea behind HPM—energy is discharged over a very brief time interval, producing a large force, for a brief moment. But the force does not have to last very long to render damage.

HPM devices are made from a variety of components— all of which can be purchased from almost any electronics store. In addition, there are a variety of methods for storing and discharging “work” in extremely short bursts, ranging from magnetic to electronic linear accelerometers.

HPM weapons are ideal for asymmetric attacks on com- puter and electronic equipment, because they are:

• Silent and easy to conceal

• Easily transported by truck, van, or even briefcase

• Difficult to locate and destroy

• Effective against nearly any unshielded electronic device

⚬ Penetrate many materials. ⚬ Damage may not be apparent. ⚬ Not necessarily harmful to people.

HPM attacks are asymmetric—they can do a lot of damage but cost very little to build and deploy. They are portable, and most people cannot identify them. Weapons like HPM can penetrate the best physical defenses of most carrier hotels and do more physical damage than cyber exploits.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

108 COMMUNICATIONS

5.5 CEllular nEtWork thrEats

As cellular telephones become more and more like miniature computers and the cellular network becomes more and more like a wireless Internet connection, the threats become more and more like cybersecurity and Internet threats. This is the dark side of convergence—the use of IP in all communication sectors including TV, radio, and cellular telephony. Threats that work against IP net- works spread to all converged networks including factory control networks, banks, and transportation. Disruption of an automobile from a cell phone has been demonstrated and is a real threat to drivers.

The major threats to cellular networks fall into three cate- gories: cyber, HPM-like, and physical. The top contenders are:

1. Cyber threats

Denial of service (DoS)—flooding the airwaves with messages

Disruption of control—taking over a control system

Cloning—intercepting the phone’s SID and MIN

2. HPM-like threats

Radio-frequency (RF) jamming—blocking out the signal

Damaging electronic equipment

3. Physical threats Destruction of base stations—bombing, and power

outages.

Gateways and POPS—bombing of carrier hotels, and power outages.

5.5.1 Cyber threats

Security experts call cyber assaults exploits. One of the most common exploits is known as DoS, because it renders the network useless by overloading the channel with mean- ingless messages. A DoS attack is like sending millions of automobiles onto a freeway to prevent ambulances and police cars from using the roadway. DoS in cellular net- works works the same way—by overwhelming the network with calls, thus rendering the network useless during an emergency.

DoS attacks are not theoretical—they actually happen all the time. And because cell phones are integrated with com- puter networks, a DoS attack can spill over into other parts of the communication infrastructure, and vice versa. For example, Spain’s Telefónica cellular network was attacked by “SMS bombing”—a short message system DoS attack— in June 2000. Flooding of the Spanish cellular network was actually a side effect of an email virus—called Timofonica— that spread through computer networks, infected address books, and then dialed cell phone numbers at random. Timofonica contaminated copies of Microsoft Outlook using

a macro that randomly generated and dialed the phone numbers:

Timofonica was marketed as a cell phone virus when in actual fact it was simply a clever variant of the good old email virus. Victims received an email with an exploitative attachment. When the attachment was executed an email was sent to every entry in the victim’s address book and an SMS message was sent to random cell phones on the Telefonica network in Spain. The SMS message did not erase any criti- cal information from the phone or cause any damage to the phone’s operating system. It didn’t spread from phone to phone. It was merely a variant of the spam we receive every day in our email inbox. [3]

Cloning—stealing phone identities and using them on unregistered handsets—is a far more insidious cyber attack. Analog cell phone identities are snatched out of the air, as crooks use small electronic radio scanners to intercept cell phone transmissions. Later, they use the encoded information to “clone” a second phone, billing their calls to the account of the phone that was scanned. This exploit has diminished as analog phones give way to digital handsets. But it is still a viable threat to police and emergency personnel that still use analog communications.

Many more cyber exploits exist in the wild—even weap- onized viruses like Stuxnet—which will be explored in greater detail in the following chapters. In general, these exploits are getting more sophisticated as authorities and black hats engage in an arms race.

5.5.2 hPm-like threats

HPM-like RF jamming is the process of blocking wireless transmission by sending out an interfering signal that can- cels the true signal. These illegal devices can be easily pur- chased for less than $1000 from companies around the world: Special Electronic Security Products, U.K. Ltd. of Manchester, England; Intelligence Support Group Ltd. based in China Lake, Calif.; and an Israeli company called NetLine, manufacturer of the C-Guard, are only a few examples. A portable C-Guard sells for about $900. Another company offers the $890 M2 Jammer, which comes in a briefcase and can block phones within a radius of 50 ft. Hubgiant of Taipei, Taiwan, sells its WAC1000 personal jammer, which has an operating radius of up to 30 ft, for $169. And Uptron of Lucknow, India, offers a full range of jammers with cov- erage ranging from 20 ft to over 1 mile.

Manufacturers of jammers claim they are selling their devices to give anti-cell phone advocates a little peace and quiet from the ring of cell phones—especially in public places. “Cell phone jammers are readily available on the Internet. Many can be battery-powered and fit in a pocket or briefcase for people who would like to enjoy a meal, movie or church service in peace” [4].

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

ExERCISES 109

5.5.3 Physical threats

Physical threats are the least sophisticated and yet bombs are by far the most preferred weapon of terrorists. Gateways and POPS are typically concentrated in carrier hotels, so these become obvious bombing targets. But other physical threats—even more asymmetric—may be employed. For example, chemical attacks against major carrier hotels are not out of the question. Similar threats confront large and unprotected LESs, such as those located at Staten Island, NY, and Niles Canyon, CA.

5.6 analysis

Redundant tandem switches and ring structures in local loops as well as some IEC loops provide a degree of security due to redundancy. In addition, the abundance of long line fiber across the country suggests that there is sufficient redundancy in the backbone. But the top 30 routes were shown to be vulnerable to disruption of network continuity simply because they carry such a large proportion of all traffic. Accordingly, we have argued for protecting the most active metropolitan hubs, because assets are concentrated there and this is where traffic levels are the highest. They are high value targets.

Asymmetric energy weapons such as HPM guns and RF jammers already exist and are proliferating. It would be a mistake to discount the threat of attack on communication and computer infrastructure from these weapons, simply because we know little about them. They already exist and are relatively inexpensive to acquire, hard to trace, and potentially very damaging.

A risk-informed strategy focuses resources on protecting carrier hotels, critical gateways, and links. It also must address asymmetric threats such as those posed by cyber and HPM attacks:

Communication Sector Strategy: Self-organization in the form of preferential attachment has resulted in the accumulation of communication sector assets in a hand- ful of carrier hotels, metropolitan area exchanges, and high-betweenness cables. The optimal risk-informed strategy invests heavily in these hubs and betweeners. In addition, the threat includes highly asymmetric HPM weapons as well as cyber exploits and physical attacks.

5.7 ExErCisEs

1. The most critical nodes in the communication sector are: a. Headends b. Critical fiber routes c. Network transport elements

d. Carrier hotels/multitenant facilities e. Data centers

2. Which one of the following is an emergency telecom service? a. NSTAC b. GETS c. RSVP d. Communication sector-specific agency e. NRIA.

3. Cellular and other wireless networks depend on which of the following for call completion? a. Wired landlines b. Wi-Fi access points c. Towers with a range of 100 miles d. Carrier hotels e. Satellite ground stations

4. Which of the following was responsible for deregulation (some say reregulation) of the communication sector? a. The breakup of AT&T in 1984 b. The Telecommunications Act of 1935 c. The Telecommunications Act of 1996 d. The Tragedy of the Commons of 2003 e. The creation of the NCS in 1963

5. Which of the following is legally responsible for the cybersecurity of the communication industry? a. NTIA b. NSTAC c. NCS d. NCC e. None of the above

6. Which of the following is the most critical component of communications from a network resiliency point of view? a. Headends b. Local loop service c. IEC POPS network d. CLEC network e. Wi-Fi access points

7. Communication satellites orbiting the earth were first envisioned by: a. Hedy Lamarr b. Alexander Graham Bell c. Theodore Vail d. President John F. Kennedy e. Arthur C. Clarke

8. There are currently three kinds of satellites in operation today: which of the following describes these kinds of satellites? a. Wi-Fi, 802.11 b. LES, Goonhilly, and Staten Island Teleport c. LEO, MEO, and GEO d. Inmarsat, Marisat, and Westar e. Telstar, Intelsat, and Satcom

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

110 COMMUNICATIONS

9. The International Communications Union declared orbits in space as: a. The common heritage of mankind b. The final frontier c. The property of the United Nations d. The property of Inmarsat e. There can be no more than GEO satellites

10. The largest LES in the world is: a. Goonhilly Station b. Staten Island Teleport c. NASA–Houston d. NASA–Cape Kennedy e. Arthur, named after Arthur C. Clarke

11. One of the earliest telephone installations was: a. Osborne House b. Niagara Falls c. Whitehouse d. Pentagon e. Seattle-to-Chicago

12. One of the earliest attempts to regulate AT&T was: a. The Telecommunications Act of 1934 b. The Telecommunications Act of 1996 c. The Kingsbury Commitment d. The Baby Bells e. The 1984 Accord

13. The electromagnetic spectrum used by cellular and Wi-Fi networks is: a. Public property b. Private property c. Intellectual property

d. Personal property e. None of the above

14. The 1996 Telecommunications Act requires: a. Peering b. Wheeling c. Carrier hotels d. Digital data e. WiMax

15. Which one of the following is considered a little known or understood threat to the communication sector? a. Floods b. Earthquakes c. Regulation d. HPM e. Tragedy of the commons

rEFErEnCEs

[1] Kuhn, R. Sources of Failure in the Public Switched Telephone Network, IEEE Computer, 30, 4, April 1997, pp. 31–36.

[2] The President’s National Security Telecommunications Advisory Committee. Vulnerabilities Task Force Report Concentration of Assets: Telecom Hotels, February 12, 2003, pp. 3.

[3] McDonough, C. Identifying the Risk Involved in Allowing Wireless, Portable Devices into Your Company, SANS Institute, 2003, pp. 6.

[4] Wylie, M. Cell Phone Jammers, Illegal in U.S., Can Create Silent Zones, 2000. Available at http://www.newhouse.com/ archive/story1a092200.html. Accessed June 27, 2014.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed