Call to standardise physical security of comms infrastructure

While there is increasing visibility around cybersecurity — protecting critical communications networks from digital attacks — there should also be emphasis on the security of the physical infrastructure.

That’s according to a new white paper from TCCA’s Legal and Regulatory Working Group (LRWG), which aims to focus the attention of critical communications providers to the importance of the issue — with the goal of catalysing the creation of a global standard for the physical security of infrastructure supporting critical communications.

This is important, according to the LRWG, because most of the current critical communication networks using technologies as TETRA, Tetrapol and P25 are owned and operated by the state, and their physical security is assured by the state to the extent deemed necessary. However, the emerging use of commercial mobile operator (MNO) networks to support broadband critical communications, particularly as radio access networks, is changing the operating model.

The physical security of these network elements is of paramount importance, but the LRWG says it is debatable whether the measures that MNOs are currently adopting in this regard are sufficiently robust and fit for purpose.

“There is no universally agreed definition of what ‘good’ looks like with respect to physical security of infrastructure for critical communications,” said Nina Myren, LRWG Chair and TCCA board member representing DSB Norway. “Different countries may have different ambitions and needs, depending on the evolving threat picture and resources, including finances, available. We hope this white paper will stimulate discussions that will ultimately lead to an agreed regulatory baseline that all nations must agree to meet.”

The white paper looks at the measures in place in several countries around the world in the context of their approach to broadband critical communications. In order to create greater cohesion, the paper identifies two potential approaches: impose security obligations through legislation/regulation; or rely on provisions in the contract between the critical communications operator and the MNO/infrastructure provider. The LRWG’s assessment is that while each approach has advantages and disadvantages, a combination of the two would serve the interests of the critical communication services best.

Though new legal/regulatory obligations on physical security may increase the costs and burden of compliances for MNOs/infrastructure providers, the LRWG claims it would have a salutary effect due to the improved security and resilience of the network, which is being increasingly sought by consumers, particularly business customers.

The white paper ‘Legal and Regulatory aspects relating to the physical security of telecommunications infrastructure used for critical communication services’ can be read on the TCCA website.

Image credit: iStock.com/Chris Gordon