CRIM 3460 Introduction to Critical Infrastructure Protection Fall 2016 Chapter 5 – Communications School of Criminology and Justice Studies University of Massachusetts Lowell The 3 major, interconnected telecommunication network infrastructure components are: Landlines Wireless Extra-terrestrial networks (communication satellites). The 1996 Telecommunications Act: Re-regulated the vertically integrated system Created the “carrier hotel” which are the major hubs containing switching equipment, servers, storage and services critical to the operation of the CIKR system Carrier hotels: The regulatory reshaping produced network hubs (carrier hotels and large metropolitan exchanges),with high degree and betweeness centrality. Carrier hotels and their interconnection are the most critical assets in this sector. Criticality: The critical nodes of the communications sector are: o Carrier hotels o IEC POPS and gateways o Land-earth-stations (LES) Unusual sector threats: Beside cyber exploits, High Power Microwave (HPM)* and jamming threats pose sector-specific threat-asset pairs. Risk-informed strategy: The optimal risk-informed strategy invests heavily in hubs (carrier hotels and exchanges) and betweeners (highly critical transmission cables). *Can be constructed from ordinary electronic parts purchased from a Radio Shack store, etc. Figure 5-3. Architecture of today’s communications sector Figure 5-4. Top carrier hotels in the U.S. Human threat-asset pairs are: Cyber exploits against users and servers Physical attacks against carrier hotels Physical attacks against land-earth stations HPM attacks against electronic equipment Physical attacks against POPS Physical attacks against communication satellites Natural threats include: Weather damage to buildings & equipment Power outages at carrier hotels Equipment component failures Figure 5-5. Fault tree of major threats Figure 5-6. Exceedence probability of telecommunication system outages in the 1990s. Figure 5-7. The top 30 communication routes in the USA, circa 2001. Ref. Simulation of cascades by author in the top 30 communication routes in the USA. The author analyzed the top 30 routes from previous slide. Vulnerability was set to 5% and then 20%. In both cases, the exceedence probability is long-tailed, but the risk profile shows this is a high-risk system. It was determined that below 12.3% risk is low and above is high. At higher vulnerabilities, the network transitions to a complex catastrophe risk profile. Chicago is shown to be the hub and the maximum betweener. The critical point lowers to 4.1% if Chicago is targeted for disruption. Another simulation shows that the link between Atlanta and Washington DC and Baltimore was found to be most critical. 17 routes and 4 nodes are critical. Removal of any separates the network into non-communicating islands. The author analyzed the top 30 routes from previous slide. Vulnerability was set to 5% and then 20%. In both cases, the exceedence probability is long-tailed, but the risk profile shows this is a high-risk system. It was determined that below 12.3% risk is low and above is high. At higher vulnerabilities, the network transitions to a complex catastrophe risk profile. Chicago is shown to be the hub and the maximum betweener. The critical point lowers to 4.1% if Chicago is targeted for disruption. Another simulation shows that the link between Atlanta and Washington DC and Baltimore was found to be most critical. 17 routes and 4 nodes are critical. Removal of any separates the network into non-communicating islands. Self-organization in the form of preferential attachment has resulted in the accumulation of communication sector assets in a handful of carrier hotels, metropolitan area exchanges, and highbetweeness cables. The optimal risk-informed strategy invests heavily in these hubs and betweeners. The threat includes highly asymmetrical HPM weapons, as well as cyber and physical attacks. Sherman Antitrust Act (1890) - First Federal statute to limit cartels and monopolies Clayton Antitrust Act (1914) Further restricted price discrimination, if it creates a monopoly (or exclusive dealing agreements) Tying a non-monopoly product to a monopoly product) Mergers/acquisitions that reduce market competition The First AT&T Alexander Graham Bell forms company (1877) Loses control to J. P. Morgan (1907) Merged with (handsets) Western Electric with (carrier) Bell Telephone (1909) Consolidated independents into a vertically integrated monopoly (1911) DOJ sues under Sherman Antitrust Act (1913) Kingsbury Commitment splits company into Western Electric and AT&T (1913) The Second AT&T (1934 Telecom Act) By 1924, AT&T purchased 223 of the 234 independent telephone companies Management claimed the advantages of a “natural monopoly”, which were: interoperability, efficiency, universal access and high reliability/resilience AT&T was operated as a vertically integrated natural monopoly from 1934 to 1996 The Third AT&T - Baby Bells and Divestiture Competitive Local Exchange Carriers (CLECs or LECs) InterExchange Carriers (IECs) was broken up into Baby Bells (CLECs and an IEC) (1974-1984) Regional Baby Bells unprotected as natural monopolies Baby Bells consolidated into Qwest, Verizon and AT&T 1996 Telecom Act Divestiture: CLECs and LECs share everything (peering) Creates a “communications commons” Peering leads to “telecom hotels” The Next AT&T - AT&T Wireless and T-Mobile ATT applied to buy T-Mobile, thus removing a competitor Grounds for merger: Interoperability, efficiency and universal access Net Neutrality Debate Net neutrality means ‘freedom of speech’ on the Internet Otherwise, AT&T could once again monopolize communications What is Net Neutrality? A principle that advocates no restrictions, by ISPs, or governances on access to the internet. It would prevent restrictions on content, sites, platforms and equipment used. What are challenges to Net Neutrality? Comcast attempts to block or limit use of its bandwidth (2008) Google blocks bandwidth to rural users (2009) Metro PCS accused of blocking Skype users (2011) What is an infrastructure monopoly? When a single company owns all/nearly all of the market for a product or service (typically > 70%) Occurs when the barrier to entry is high Well-known infrastructure monopolies Rockefeller's Standard Oil Carnegie's steel empire Vanderbilt railroad empire OPEC Cable TV Does it matter? If so, why? What sectors would tend to be a monopoly? Are monopolies more or less secure? More or less resilient? Would a monopoly look at security differently? Redundancy has little value to consumers when they only need one water supply, telephone line, gas pipeline, electric line, etc. Betweness emergence produces a long tail Telecom hotels Multitenant sites (security risk?) Highly critical telecom locations Major locations 57-60 Hudson Street, NYC (Europe, Mideast and Africa) 1 Wilshire Boulevard, Los Angeles (Asia and Japan) Seattle (Canada and Alaska) Miami (South America) Housed in carrier hotels CLECs Application services providers Local telephone providers Wireless providers Long distance providers Data Storage DSL providers Resellers ISPs Competitive Exclusion ≈ Self-organized Criticality (SOC) Monopoly shapes a system’s architecture (network topology) Network topology is the arrangement of the links, nodes, etc. of a computer network depicted physically or logically. Bak’s (sandpile) punctuated reality Interoperability equates to optimization of technology and resources (monocultures) o Monoculture is an agricultural practice of growing a single crop. The term is often borrowed and in computer science it describes computers running identical software. o In agriculture it can lead to the quicker spread of pests and diseases. Similarities in communications? Efficiency equates to reduced redundancy and surge capacity (Could this be resiliency? How?) Telecom hotels is an application in the real world Competitive exclusion appears to increase SOC Another explanation of SOC is that complex behavior can develop suddenly in certain multi-body systems whose dynamics vary abruptly Possible ways of reducing SOC (fragility and lack of resilience?): Regulation, standards and codes Redundancy (i.e. spares and storage) Surge capacity (i.e. unused capacity and storage) Backup capability (i.e. power generators and water) The above have cost implications and ROI should be considered
© Copyright 2026 Paperzz