Critical telecommunication infrastructure protection project

1          Introduction

Brazil has just started a two-year program focused on Telecom Critical Infrastructure Protection. Its objectives are: i) to identify the critical points of Brazil's telecom infrastructure; ii) to propose recommendations intended to prevent security incidents and to guarantee service and business continuity if they happen; iii) to elaborate strategies and policies to protect Brazil's telecom infrastructure; iv) to analyze interdependence among different infrastructures. This program is developed by Anatel, Brazilian telecom regulator and by CPqD, a private R&D telecom center, and is sponsored by Fundo para o Desenvolvimento Tecnológico das Telecomunicações (Funttel).

2          Development

Critical infrastructure protection on a nationwide level has consequences that can impact a nation socially, politically or economically. This broad scope, that involves the society, government and industry, requires a new approach to understand the related risks and to develop a suitable program to protect what is critical to a country.

The Brazilian CTIP project (see Figure 1) is based upon four main points: contextualization, a protection strategy, a set of methodologies and software tools to support them.

Figure 1 – CTIP project phases.

3        Methodologies

The critical telecommunications infrastructure protection model is implemented by a set of four methodologies already developed (see Figure 2).

Figure 2 – Set of methodologies used in CTIP project.

Although each methodology is responsible for a specific part of the model, they are interdependent, since the output of one could be the input of other. The set of methodologies for CTIP is composed by:

• Methodology for Critical Infrastructure Identification (MI2C) – responsible for defining the critical portion of the infrastructure, based on social, political and economical aspects;

• Methodology for Identifying and Analyzing Threats (MIdA2) – responsible for mapping threats related to each portion of the critical infrastructure identified by MI2C;

• Methodology for Ideal Scenario Creation (M(CI)2C) – responsible for creating the ideal scenario for critical infrastructure protection, based on the results of both MI2C and  MIdA2;

• Methodology for Diagnosing Critical Infrastructure (MeDI2C) – responsible for diagnosing a portion of a determined critical infrastructure, revealing the actual situation and developing recommendations and an action plan.

The approach adopted includes the evaluation of a variety of aspects related to social, economic and political factors to create a particular national context. The first goal of the project is to map the critical telecommunication infrastructure needed by the XV Pan American Games (Pan2007) and Parapan American Games (Parapan2007), to be held in Rio de Janeiro from July 13th to 29th and August 12th to 19th. Subsequent effort will be directed toward the national infrastructure.

Preliminary results achieved so far are the telecom services involved, the aspects to be evaluated for each service, the criticality levels and weighting factor assigned for each aspect, analysis of the criticality levels and prioritization of the most important ("critical") telecom services. Subsequent phases will encompass identification of threats and vulnerabilities, the creation of ideal CITP scenarios and the gap analysis between ideal and actual scenarios with the purpose of elaborate strategies and policies.

4          Conclusions

Critical Infrastructure Protection (CIP) is a difficult task not only due to the complexity of the systems, networks, and assets that provide essential services in our daily life but also to the high interdependence among those infrastructures.

By virtue of economic and technological globalization, some infrastructures, as is the case of telecom, are of global nature in the sense that a problem occurring within one country may affect other countries as well. For this reason, the cooperation and information interchange between American countries could result in a greater payoff in terms of results and experiences.

Regina Maria De Felice Souza
Head Technical Advisory Unit
Agência Nacional de Telecomunicações
reginas@anatel.gov.br