Telecommunications – FCC Physical Network Security Standards
FCC Telecommunications Security Standards require Full Cyber, Physical, Power and Environmental Protection Measures. The following are quotes from the latest FCC Standards:
FCC Physical Network Security Standards specifically require access controls for all local and remote telecommunications sites. A specific category for Physical Network Asset Management was created as PR.AC 1-5. “Physical access to assets is managed and protected. Physical access controls are in place and effective per established guidelines. Physical access to the core network assets are managed, including any unmanned sites.” – Cybersecurity Risk Management and Best Practices, March 2015.
Wireline and wireless companies were required to implement battery power backup and monitoring under the 911 standards of 2009 as revised in 2013 under FCC 13-158. Providers of Voice over IP (VoIP) service must also provide a minimum of 8 hours of backup throughout their networks and must offer to provide 8 hours minimum backup power to each customer for their local equipment. This obligation includes the continuous monitoring and testing of battery backup systems within the company’s network and the provision of monitoring and testing to be carried out by the subscriber for their own backup power. This change was enacted with FCC 15-98 and codified in FCC Code as newly enacted § 12.5 Backup Power Obligations. The effective dates for the backup power for VoIP systems are February 16, 2016 for larger providers and August 11, 2016 for providers servicing less than 100,000 retail subscriber lines.
FCC Physical Network Security Standards specifically require the remote monitoring of the physical environment of local and remote sites within a telecommunication provider’s network. “The physical environment is monitored to detect potential cybersecurity events.” This statement takes on new meaning with the requirement to deploy backup power systems throughout a provider’s network. Batteries, generators and other backup power components have long been favorite targets of physical vandalism and are also easily hacked by flaws in remote management protocols. – Cybersecurity Risk Management and Best Practices, March 2015