Good function and technical security in urban networks - PTS-ER-2010:2
20/01/2010
In 2009, the Swedish Post and Telecom Agency (PTS) carried out scheduled supervision of urban networks' compliance with provisions concerning good function and technical security. This supervision encompassed ten urban networks; the results and conclusions presented in this report are based on a questionnaire and subsequent follow-up interviews. The provisions concerning good function and technical security apply to all parties providing electronic communications networks or related services and have the aim of establishing a basic level of security for electronic communications. In this context, 'security' mainly refers to sustainability, accessibility, availability and operational reliability.
PTS has issued general advice explaining these provisions and serving as recommendations for how security may be dealt with. In this case, security work means preventing interruptions, interference and disruptions by carrying out risk analyses and risk management, planning for the management of interruptions, interference and disruptions, and following these events up when they occur.
The aim of supervisory work is to raise the level of preventative work, preparedness as well as one's capacity to manage interruptions, interference and disruptions. This is achieved by increasing awareness about the provisions, monitoring compliance with them and also disseminating knowledge about how security work can be managed. The anticipated effect of supervisory work is the continuing development of security work carried out by providers of networks and services, and that this work is ongoing, systematic, forward-looking and long-term.
The results show that all urban networks encompassed by this supervision carry out activities related to security. Security issues relating to physical infrastructure are relatively well managed. For example, this has been demonstrated by efforts to safeguard redundancy in terms of the power supply and in important links and functions. As a rule, interruptions, interference and disruptions are monitored around the clock all year round, which is crucial as there is a dependence on electronic communications services being available 24/7. On the other hand, preventative security work involving (for instance) risk analyses, risk management and planning for interruptions, interference and disruptions is not as well-developed.
It is common to view security work as activities linked to technical infrastructure. PTS considers that a broader perspective is needed for security work, and that it should encompass all parts of an operation. This includes technical infrastructure as well as soft factors, such as staff, professional skills, routines and processes. Soft factors are easily forgotten in this context, despite their key contribution to the good function and technical security of services and networks. This report highlights a number of various soft factors that, in the view of PTS, deserve a greater focus in connection with security work:
- In several cases, dependence on individuals should be reduced
- Documentation needs improvement to better ensure quality, uniformity and continuity
- Preparedness needs to be improved and formalised in order to better ensure rapid fault rectification
- Responsibility for functions and security should be defined in complex models for urban networks
The supervisory work indicates a number of general areas needing improvement that should be addressed by providers of networks and services. It is important that market stakeholders continue to increase their preventative work and raise their level of preparedness and capacity to deal with interruptions, interference and disruptions.
Consequently, PTS will continue its supervisory work and carry out supervisory follow-ups in order to ensure that security work progresses in the right direction. This work will consist of supervisory measures that are both scheduled and dictated by events. PTS will also continue its work relating to initiatives with the aim of distributing information and raising awareness.