Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 80
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness 7 Customer Demand Most efforts to predict future user telecommunications needs are too optimistic about near-term growth in requirements and too conservative about long-term growth. One source of variance between expectations and reality is that forecasters are unable to take into account the effects of technology on user behavior and thus simply extrapolate current trends. User needs, as articulated by users and served by vendors, are a consequence of what technology allows and what can be made affordable. Therefore, until the possibilities of a new technology are evident, users and forecasters have a difficult time in seeing how the new technology will be applied. Using this principle (that articulated user needs are a consequence of what the technology allows and can be made affordable), the committee based its projections of user needs on its assumptions about the environment in the year 2000. After examining the environment, this chapter discusses user needs in general, presenting specific user profiles and assessing national security emergency preparedness (NSEP) implications. BASIC TECHNOLOGICAL ASSUMPTIONS ABOUT THE ENVIRONMENT IN THE YEAR 2000 The committee made the following basic technological assumptions about the telecommunications environment in the year 2000:
OCR for page 81
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness Terminal equipment will handle voice, data, and images with equal ease. Most telephones will tie into digital devices. Most computers will be connected into networks. Integrated voice, data, and image (such as facsimile) work stations capable of handling all three transmissions will be widespread. Some (as yet unquantified) number of residences in the United States will have remotely addressable, intelligent computing devices—many in telephones or television sets. Huge databases of primarily alphanumeric content will be everywhere. Image databases (of photographs, catalogs, libraries, and so forth) will be propagating rapidly. A combination of high-capacity transmission with terminal equipment of low cost and high compression will allow full-motion, interactive video transmission in many areas. Long-haul fiber transmission will be pervasive. The public network will be a multivendor, multidevice, multi-application interconnection of networks. As discussed earlier, the “intelligent network” and “open architecture” concepts will spur the delivery of customized services to government and commercial users. To provide these services, future networks will store pertinent information associated with a wide variety of calls—for example, call priority—in remote, centralized databases. Thus, a call’s unique line circuit and address information will no longer be stored in the central-office switch. In the event that database access is cut off, call information will be unobtainable, and circuits dedicated to emergency use would thus be unavailable. To remedy this defect, future network architectures will have to incorporate a feature which, after database failure, defaults line circuits to general-purpose use. USER NEEDS Integrated voice, data, and image applications will be in use by the majority of residential, small and large business, and institutional subscribers. The U.S. information infrastructure in the year 2000 will include most of the following characteristics.
OCR for page 82
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness Residences Most residences will have several competing suppliers for what will then be considered upscale basic communications services: Telephone Television Mail and facsimile (electronic and physical delivery of text, voice mail) Catalog services (shopping, reservation, brokerage). The trend to substitute communications for travel and related activities (one example, home shopping) will continue, albeit at a relatively slow rate. Electronic mail (E-mail) of all forms (voice mail, text mail, and facsimile) will make substantial inroads in penetrating the residential market. Small Business Users Small businesses will have the same needs as the upscale residence plus a few others, as follows: Telephone Television (for example, in-store promotion) Mail (electronic and voice) Facsimile (manual and automatic) Catalog services (ordering, reservations, brokerage) Electronic authorization and money transfer. While not suffering the same immediate degree of paralysis from a network failure that would be felt by a large business, the small company will be affected by network failures in many ways. And, because small businesses depend on communications with larger companies for many of their vital services (credit checking, banking, reservations, and soforth), a widespread network failure would quickly move from causing mere disruption to inflicting serious economic harm. Large Business Users Medium and large businesses will employ integrated information systems to connect the various stages of their operational processes together. The typical company will be electronically linked to the order-entry and logistics systems of its business customers and to its suppliers. In manufacturing businesses, networked systems that
OCR for page 83
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness handle incoming orders will be tied to material requirements planning (MRP) systems and to those that schedule the delivery of raw materials. In turn, manufacturing scheduling systems will be connected with the MRP systems and with the systems needed to plan the delivery of finished products. Similar integration will take place in large service organizations of all kinds (such as banking, finance, brokerage, and insurance). Sophisticated users will use very high capacity applications that combine full-motion interactive video with today’s more conventional technologies. Advanced users will use interactive video for computer-aided design (CAD), medical diagnostics, image analysis, parts manuals, artwork, documentation, and other high-bandwidth applications. These applications will depend crucially on effective communications and will be disabled if their supporting communications system fails. The typical large organization will utilize many overlapping, interconnected networks supplied by a variety of sources including local area networks (LANs), very small aperture terminal (VSAT) networks, and private and public wide area networks (WANs). Nearly all businesses will use intelligent terminals interconnected by LANs for routine business functions. These LANs, in turn, will be connected through WANs. The public switched networks will be of enormous importance to businesses of all sizes, since not only will they represent the universal interconnecting vehicle but also the many private networks will share facilities and capacity with public networks. As companies link the various stages of their business processes together, they will increase their dependence on the proper functioning of the supporting networks. For example, the failure of an order-entry network or a logistics system will disable the business functions associated with taking orders from customers, receiving materials from suppliers, and delivering products to customers. In this environment, the economic damage caused by network failures of even a few hours will be great. Government Users To a great extent, government at all levels can be considered from a communications perspective to be affected in the same way as large businesses. State and local government communications systems will be collections of connected public and private networks.
OCR for page 84
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness The functioning of all municipal public services, such as police, fire, and 911 emergency calling, will depend crucially on telecommunications. Routine government functions, such as utilities billing, driver’s licenses, and motor vehicle registration, now depend on communications and will continue to do so in the coming years. Many government services, such as social security and tax administration, depend on access to data stored in large, centralized databases. Such dependencies are increasing as terminals and database systems become more popular and pervasive. Network failures will prevent access and hence prevent the delivery of the service. Many local governments will have their own dedicated emergency communications systems, some utilizing cellular radio. However, these systems will be tied into the public switched networks for citizen access and call routing. The federal government, while having special requirements for military communications, has needs that parallel those of a collection of giant corporations. The government uses public networks to communicate with the outside world. It employs a collection of private networks for communications among government employees within a particular department or agency or between such agencies. These private networks, in turn, depend on public networks for most of their transmission and switching facilities. The same technological advances that are propelling the commercial sector toward integration of business functions will allow elements of the federal government to make sophisticated use of voice, data, and image transmission to streamline operations (Reudnik, 1988). Federal government communications needs can be separated into two general categories: national security and civil functions. National Security Users National security functions can be thought of largely as the needs of the president, the U.S. Department of Defense (DoD), Department of State, and national intelligence agencies. The fundamental forms of communications required by the national security community are not expected to change in ways that would drive significant public switched network changes. The national security community will continue to use a combination of private networks and services from the public switched networks.
OCR for page 85
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness Secure voice will dominate telephone service needs with a growing demand for specialized services (also in a secure mode), such as voice mail, call forwarding, and preset and ad-hoc conference calls. Satisfaction of the demand for these specialized services by the public switched networks would require communications security features not currently planned. It seems more likely that the voice needs of the national security component of government will be met by government provided (leased or owned) customer-premises equipment (CPE) interconnected by transmission derived from the public networks, together with significant off-net calling capability. Data traffic needs will range from relatively low speed data circuits to very high speed circuits. Networking very large numbers of remote terminals will become commonplace. Needs will vary to such a degree that both private line networks and packet-switched networks will be employed. Communications and computer security needs will receive growing attention; government users will rely on encryption of government terminal and computer facilities rather than public network security. One can expect that voice and data traffic will be integrated through government-provided CPE and the interconnecting transmissign obtained from the public networks. Greater reliance on networking will make restoral much more difficult for worst-case national security emergency preparedness situations. There will be a continuing need for worldwide narrative message capabilities of a formal nature and a growing demand for narrative messages of an informal nature (E-mail). Both forms of narrative traffic will require cryptographic protection, although the level of protection provided for the informal traffic may be less than that required for formal traffic. Although fundamental communications needs will be essentially unchanged over the timeframe under consideration, there are some major drivers that will influence the national security community’s decision to use the public networks, to acquire its own system, or to use some combination thereof. The critical nature of national security communications needs will cause the customer to demand a very high degree of customer control of those assets used to provide part or all of the service. Thus, transmission provided on a variable basis to interconnect government CPE must allow the government maximum flexibility to reconfigure its network on a minute-by-minute basis. Greater emphasis will be placed on information security—both communications and computer security. Increasing use of databases and automation in the public networks will generate concern about
OCR for page 86
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness unauthorized penetration or manipulation. Hence, the national security community can be expected to avoid the use of service features of the public networks that depend on databases with inadequate computer security safeguards. Cost of service will continue as a major, but not an overriding, determinant in national security community decisions about use of public network services. Reliability, survivability, and flexibility will continue to be major performance criteria (Wallace, 1988). The multivendor supplier telecommunications environment will require national security managers to exert greater efforts to assure that the services being acquired from the public networks meet these criteria. It is no longer possible to rely on the single service provider as was the case in the past. Civil Users The needs of the civil sector of government for communications for the period under consideration have been defined rather precisely in the Federal Telecommunications System (FTS) 2000 specifications. Numerous dedicated data networks (initially outside of FTS 2000) will be gradually integrated into the FTS 2000 packet-switched component. FTS 2000 possesses certain NSEP capabilities, but these are limited to capabilities to handle major localized disasters. FTS 2000 is neither designed nor intended to cope with a nuclear attack scenario. As discussed earlier, software problems are expected to lead to additional network vulnerabilities. Steps should therefore be taken to minimize the damage caused by software disruptions. The combination of the “openness” of future network services to external personnel along with the sophistication of the new generation of “software invaders,” can lead to threats not contemplated by conventional analyses of network vulnerability. In particular, planners of new network architectural strategies should consider this issue. A large-scale failure of the public networks would paralyze the federal government. A few examples of critical functions delivered via government networks will illustrate this point: The U.S. Customs Service serves agents at points of entry into the country, and the many agencies that deliver vital social services, such as Social Security, Medicare, and Aid to Families with Dependent Children, cannot operate without support from voluminous remote databases. Thus, failures of vital public network nodes could bring many civil
OCR for page 87
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness governmental functions to a standstill. It is not necessary to enumerate the many individual crises that would result to be convinced that such a failure would truly be a national disaster. NATIONAL SECURITY EMERGENCY PREPAREDNESS IMPLICATIONS Customer demand is driving network services toward customized services, customer-directed network software (which requires open access), and information-intensive applications of the public networks. As the services that society relies on become more open and information-oriented, network vulnerability increases. The consequences of accidental damage, while significant, are perhaps less worrisome than the exposure of an information society to nonrandom threats. Those who would intentionally inflict damage on the public networks have more opportunity to do so as networks evolve in the manner described in this report. The nation’s increasing economic, social, and political dependence on the information infrastructure means that both the opportunities to inflict damage and the payoff for doing so are growing exponentially. The NSEP implications of these trends are obvious. Customer control, while highly desirable in many ways, greatly complicates NSEP management by surrendering control over large parts of the public networks to those whose actions are not easily controllable by agencies charged with NSEP responsibility. Whereas organizations such as exchange carriers can be brought into the NSEP planning process and are directly, on a daily basis, accountable to federal, state, and local authorities for the manner in which they conduct their business affairs, individual users are outside the NSEP process. Even user groups cannot coerce individual users to join their organizational efforts. If it is not feasible to bring the universe of customers into the NSEP planning process, then consideration must be given to taking steps that insulate the public networks from certain potentially serious harmful acts that customers can engage in via open access to network software. RECOMMENDATION Based on the foregoing discussion and analysis the committee makes the following recommendation.
OCR for page 88
Growing Vulnerability of the Public Switched Networks: Implications for the National Security Emergency Preparedness Recommendation: Establish Software Security Measures Since the public networks are increasingly driven by software, the National Communications System should consider how to protect the public network from penetration by hostile users, especially with regard to harmful manipulation of any software embedded within the public networks that is open to customer access for purposes of network management and control. Perhaps the most disturbing of the growing network vulnerabilities described in this report is that of increasingly open outside access to network databases. The desire to open access to the public networks must be counterbalanced by a recognition that the integrity of the public networks must be protected. The National Security Telecommunications Advisory Committee (NSTAC) has already addressed two network software issues: automated information processing (AIP) and industry information security (IIS). With the advent of Open Network Architecture, the work done by the NSTAC must be built on, to meet the challenges posed by the emerging public network environment. REFERENCES Reudnik, D. 1988. Views on telecommunications technology. Presentation to the Committee on Review of Switching, Synchronization and Network Control in National Security Telecommunications, Washington, D.C., March 16. Wallace, L. 1988. Perspective on testing, restoration, and network management. Presentation to the Committee on Review of Switching, Synchronization and Network Control in National Security Telecommunications, Washington, D.C., March 16.
Representative terms from entire chapter: