2008–2009 NSTAC Issue Review NSTAC: Enhancing National Security and Emergency Preparedness through Communications The President’s National Security Telecommunications Advisory Committee Issue Review A Comprehensive Review of Issues Addressed Through May 2009 The President’s National Security Telecommunications Advisory Committee 2008-2009 NSTAC Issue Review u TABLE OF CONTENTS Table of Contents Executive Summary . i Active Issues Global Infrastructure Resiliency . 3 Core Network Physical Security . 7 Cybersecurity Collaboration . 13 Identity Management . 19 Commercial Satellite Communications Security . 25 The NSTAC Response to the Sixty-Day Cyber Study Group . 29 Standing Issues Legislation and Regulation . 35 Research and Development . 47 Previously Addressed Issues Automated Information Processing . 55 Commercial Network Survivability . 57 Commercial Satellite Security . 59 Common Channel Signaling . 63 Electromagnetic Pulse . 65 Emergency Communications and Interoperability . 67 Energy . 71 Enhanced Call Completion . 77 Financial Services . 81 Funding of NSTAC Initiatives . 83 Globalization . 85 Industry/Government Information Sharing and Response . 87 Industry Information Security . 91 Influenza Pandemic . 93 Information Assurance . 95 Information Sharing/Critical Infrastructure Protection . 99 Intelligent Networks . 103 International Diplomatic Telecommunications . 105 International National Security and Emergency Preparedness Telecommunications . 107 Last-Mile Bandwidth Availability . 109 National Coordinating Center . 113 National Information Infrastructure . 119 National Research Council Report . 123 TABLE OF CONTENTS t 2008-2009 NSTAC Issue Review The President’s National Security Telecommunications Advisory Committee National Telecommunications Management Structure . 125 Network Convergence . 127 Network Security . 139 Obtaining Critical Telecommunications Facility Protection During a Civil Disturbance . 151 Physical Security of the Telecommunications Network . 153 Response to September 11, 2001, Terrorist Attacks . 157 Termination of Cellular Networks During Emergency Situations . 159 Telecommunications Industry Mobilization . 161 Telecommunications Service Priority . 163 Telecommunications Service Priority Carrier Liability . 165 Telecommunications Systems Survivability . 167 Underground Storage Tanks . 169 Wireless Security . 171 Wireless Services (Including Priority Services) . 175 Appendix A – NSTAC Implementing and Governing Documentation Charter of the President’s National Security Telecommunications Advisory Committee . A-3 Bylaws of the President’s National Security Telecommunications Advisory Committee . A-5 Executive Order 12382—President’s National Security Telecommunications Advisory Committee . A-9 Appendix B – NSTAC Membership The President’s National Security Telecommunications Advisory Committee Membership (as of July 8, 2009) . B-3 Appendix C – 2008-2009 NSTAC Executive Report to the President Executive Report on the 2009 Meeting of the President’s National Security Telecommunications Advisory Committee – May 21, 2009 . C-3 Attachment 1: Report Recommendations to the President from the 2009 Meeting of the President’s National Security Telecommunications Advisory Committee – May 21, 2009 . C-11 Attachment 2: Attendance of Members at the 2009 Meeting of the President’s National Security Telecommunications Advisory Committee . C-18 Appendix D – Acronyms Acronym List . D-3 Executive Summary The President’s National Security Telecommunications Advisory Committee 2008-2009 NSTAC Issue Review u EXECUTIVE SUMMARY Executive Summary document includes E.O. 12382, as well as additional NSTAC implementing and governing documents. Appendix B provides a listing of current NSTAC Purpose members as of May 21, 2009. This edition of the President’s National Security Telecommunications Advisory Committee (NSTAC) Issue Review Since its inception, the NSTAC has advised five provides a comprehensive report on issues U.S. presidents on issues pertaining to the reliability addressed by the NSTAC from its first meeting and security of communications technologies and in December 1982 to its most recent meeting on their impact on the Nation’s ability to protect its critical May 21, 2009. For each topic the NSTAC addressed, infrastructures. These issues are vital to America’s the Issue Review provides the following information security and economic interests. Today, members of when applicable: names of the investigating groups, the communications and information technology length of time required for the investigation, industries, as well as the Federal Government, issue background, a synopsis of actions and recognize NSTAC as a model for industry/Government recommendations, measures resulting from NSTAC collaboration. NSTAC accomplishments include many recommendations, reports issued, and members of substantive recommendations to the President leading the current/active investigating groups. to enhancements to the Nation’s NS/EP communications capabilities and critical infrastructure Since the completion of the NSTAC 2008-2009 cycle at policies, and increased safeguards to the Nation’s the 2009 meeting, the Office of the Manager, National communications infrastructure. Communications System (OMNCS) has worked with the NSTAC, the Department of Homeland Security, and the During the past 27 years, the NSTAC has worked Executive Office of the President to forward NSTAC cooperatively with the National Communications recommendations to the President and to Federal System (NCS)—an interagency consortium of Federal Government departments and agencies for comment departments and agencies that serves as the focal and consideration. As each of these recommendations point for NS/EP communications planning for any moves forward, the Issue Review will annually update the crisis or disaster. The OMNCS provides staff support status of each recommendation to provide updated and technical assistance to the committee. By virtue information to industry, Government, and the public on of its mandate to address NS/EP communications issues vital to national security and emergency issues, the NSTAC’s partnership with the NCS is preparedness (NS/EP) communications. unique in two ways: (1) it facilitates industry involvement with both the defense and civil agencies Background comprising the NCS; and (2) it regularly sustains On September 13, 1982, President Ronald Reagan interaction between industry and the NCS member issued Executive Order (E.O.) 12382, establishing departments and agencies through the National NSTAC. The committee—a presidentially-appointed Coordinating Center (NCC); the Communications advisory body composed of up to 30 senior Information Sharing and Analysis Center (ISAC); the executive-level representatives from communications; Network Security Information Exchange (NSIE) hardware, software and security services; banking; process; and most recently, through the and aerospace companies—provides the President Communications Sector Coordinating Council, which with a unique source of NS/EP communications works in coordination with the Government policy expertise. Several factors influenced the Coordinating Council on implementation of establishment of the NSTAC, including the divestiture infrastructure protection activities under the National of AT&T, increased Government reliance on Infrastructure Protection Plan. NSTAC’s perspective commercial communications, and the potential and its experiences with a wide range of Federal impact of new technologies on communications departments and agencies make the committee a key supporting NS/EP requirements. Appendix A of this strategic resource for the President and his national i ExECuTIvE SummARy t 2008-2009 NSTAC Issue Review The President’s National Security Telecommunications Advisory Committee security and homeland security teams in their efforts ff The Identity Issues Task Force was established after to protect our Nation’s critical infrastructures in the November 2008 Principals’ Conference Call today’s dynamic and evolving environment. to explore the role of the Federal Government in Identity Management (IdM) and how the Membership on the committee’s primary working Government could best serve as a catalyst for broad body—the Industry Executive Subcommittee (IES)— implementation of public-private IdM programs. consists of one representative from each company, appointed by his or her NSTAC principal. The IES ff The Satellite Task Force reviewed and updated the holds regular meetings to consider issues, analyses, 2004 Satellite Task Force Report with an emphasis on and/or recommendations for presentation to the the protection of ground infrastructure and NSTAC principals (and, in turn, to the President), and mitigation of cyber threats. The updated report, assists in the formation of task forces and working expected in late 2009, will present the NSTAC’s groups as directed by the committee to address first-ever look at the commercial satellite industry’s specific issues requiring in-depth analyses. concerns regarding cybersecurity. From May 2008 to May 2009, the NSTAC operated the ff The 60-Day Cyber Review Ad Hoc Group completed following subordinate task forces and working groups: and submitted the NSTAC Response to the Sixty-Day Cyber Study Group to the Obama Administration in ff The Global Infrastructure Resiliency Task Force (GIRTF) early 2009. In the response, the NSTAC provided continued to develop operational recommendations recommendations to ensure that Federal to improve