Customer Service and Booking Hotline: +44 (0) 845 672 0175

Search

NGN Telecoms Information Assurance

With the deployment of NGN telecoms networks and services, and increased access to alternative providers, additional risks must be managed to ensure telecoms networks remain secure without unnecessary cost to operators or their customers. UK government and the telecoms industry is collaborating to provide this NGN assurance...


The 21CN programme within BT group is causing a massive change in the infrastructure of their telecommunications network. Other UK operators are implementing similar renewal programs, broadly following the 3GPP (for mobile operators) and ETSI TISPAN (for fixed-line operator) architectures. These architectures remove circuit switching from the core of the network, separate services from transport, and unify transport for all services onto a single network infrastructure, typically based around Dense Wave Division Multiplexing (DWDM), MultiProtocol Label Switching (MPLS), Carrier Ethernet, IP, and SIP and H.248(for VoIP). More information on these architectures can be found in the related articles Convergence of Mobile and Fixed Telco Architectures, Next Generation Networks, and The TISPAN NGN Architecture.

Established operators, stakeholders in government, and key customers have become convinced that minimum security standards must be enforced to ensure that when operators used shared facilities, or otherwise interconnect their networks, they cannot damage the operations of other operators, or cause excessive expenditure by operators to protect against such damage. At the request of Ofcom and the UK Department for Business, Enterprise and Regulatory Reform (BERR), the Network Interoperability Consultative Committee (NICC) in the UK has been developing a minimum assurance standard for operators using shared facilities. Many decisions concerning the standard are still open for review, however certain aspects are unlikely to change before ratification scheduled for later in 2008:

  • The minimum standard will be based upon the ISO27002 controls for security management
  • It will apply only to shared facilities and interconnect between operators, and not within operator networks or across interfaces with customers, therefore it cannot be seen as a complete solution to telecoms security
  • The standard will apply a "light-touch" approach, with enforcement through contractual agreements as far as possible, rather than for example including the full accreditation process and auditing schemes of ISO27001
  • The combination of minimum controls to protect the operator on the other side of an interconnect, and sensible controls by the receiving operator, should achieve the required security at minimum cost

Related initiatives are underway to provide higher levels of telecoms service assurance, sponsored by UK government, and with the co-operation of the telecoms industry.

  • Standard Level Assurance will provide security in NGN networks roughly equivalent to that of the traditional PSTN, in terms of confidentiality, integrity and availability. An assurance scheme similar to that used for other quality management systems such as ISO9001 and ISO27001 will likely be operated to certify networks and services to this standard.
  • Enhanced Level Assurance will provide services suitable for RESTRICTED information, with the assurance process based on existing UK Government schemes operated by the Communications Electronic Security Group (CESG)
  • Higher Level Assurance will provide services suitable for CONFIDENTIAL and above classifications of information, with the assurance process based upon existing UK Government schemes operated by the Communications Electronic Security Group (CESG)

Bookmark this article

Share this article using the following sites:

Courses by category...

Glossary Search

Newsletter Sign-up

Our RSS Feeds...