For Immediate Release
ATIS 1200 G Street, NW Suite 500 Washington, DC 20005	Contact: Trish St. Michel Phone: 202-434-8851 E-mail: tstmichel@atis.org www.atis.org

ATIS CIO Council Releases Results of Circuit Diversity Research Initiative

Major Telecom Providers, Federal Reserve System Examined Network Diversity

March 15, 2006, Washington – The final report of the National Diversity Assurance Initiative (NDAI) was issued today, culminating a year-long industry analysis by the telecommunications and financial services sectors of assuring diversity of existing National Security/Emergency Preparedness (NS/EP) communications circuits in a multi-carrier environment.

Establishing multiple, physically diverse circuit routes from a critical facility is promoted as a best practice by public and private sector organizations for ensuring resiliency of point-to-point telecommunication links. The Initiative was established to respond to concerns raised by the financial industry, along with government agencies, that telecommunication carriers could not easily perform periodic due diligence to assure that diversely engineered circuits remain physically separate over time.

Led by the ATIS CIO Council, the ND AI was implemented to evaluate recommendations called for by a series of post-September 11, 2001, studies that pointed to potential financial services vulnerabilities.

“The ATIS Board formed its CIO Council as a proactive industry interface with government and cross-industry interests on identified security matters,” said Susan M. Miller, president and CEO of ATIS. “Security of communications and information networks is one of our top organizational priorities, so it was a natural fit for ATIS to coordinate efforts between its member companies and the Federal Reserve Board to help oversee the diversity assurance initiative.”

“The ATIS CIO Council provided the right venue for industry companies to collaborate on circuit diversity, which we all agree is an important national security concern,” said Francis Dramis, chief information, eCommerce and security officer for BellSouth and chair of the ATIS CIO Council.

The NDAI participants include representatives from the Federal Reserve, AT&T, BellSouth, Qwest, Sprint, Verizon and ATIS, as well as representatives from the former AT&T and MCI, before their subsequent mergers with SBC and Verizon. ATIS provided a neutral forum for the group to work under a Non-Disclosure Agreement to share highly sensitive information.

“A resilient telecommunications infrastructure is critical for delivering financial services,” said Stephen R. Malphrus, staff director of management for the Federal Reserve Board. “Following the terrorist attacks of September 11, it became even more evident that diversity of critical communications circuits is necessary for national security and the continued operation of the nation’s financial services industry.”

Circuit diversity was assessed for a subset of the Federal Reserve Bank’s NS/EP circuit pairs. This assessment included the development of conceptual and street-level maps, showing the physical route of the circuit pairs . The team drew several conclusions:

1. End-to-end multi-carrier circuit diversity assurance currently cannot be conducted in a scalable manner. The cost and level of manual effort required demonstrated that an ongoing program for end-to-end multi-carrier circuit diversity assurance cannot currently be widely offered.
2. Manual assessment and periodic manual assurance are required to ensure that circuits are diverse and remain diverse over time.
3. Due to the high level of effort and cost involved in performing manual end-to-end circuit diversity assurance in today’s multi-carrier environment, the cost and effort of conducting periodic due diligence is justified only for organizations with life safety missions and critical business needs.
4. The team concluded that an automated system providing the capability to track circuits across multiple carriers would streamline the process for determining end-to-end diversity assessment and assurance. The telecommunications carriers believe that the marketplace to support the specialized requirements of NS/EP functions on a wide-scale basis is insufficient to recover costs from only the users of the service.

The report includes a series of recommendations:

Other industries with critical missions and circuits should evaluate their current risks in regards to telecommunications continuity and take the necessary steps to mitigate those risks. The lessons learned from the Initiative provide information and terminology that could be used by organizations supporting critical NS/EP services to better understand the telecommunications infrastructure supporting their business needs in a multi-carrier environment.

A follow-up effort should be undertaken to determine more accurately the requirements for providing an automated end-to-end diversity assurance solution in a multi-carrier environment. Without a real-time capability to identify, aggregate, and analyze circuit information, diversity concerns cannot be adequately addressed.

As a first step, the NDAI team recommends a small-scale effort be undertaken to define the scope of the objectives and requirements for providing an end-to-end diversity assurance solution in a multi-carrier environment. The results of the scoping effort could assist in quantifying the project scale and costs required to consider implementation of a diversity solution that could be used across different sectors.

Due to the cost structures for these projects, the telecommunications carriers believe that funding for the scoping effort and the implementation of an automated solution would need to come from the Federal government or some other external source prior to project implementation.

“The problem is complex,” Dramis said. “However, the findings of this Initiative will provide a sound base for subsequent efforts in addressing circuit diversity assurance.”

"The NDAI report confirmed our suspicions that diversity assurance is not for the meek,” Malphrus added. “It is expensive and requires commitment by the customer to work closely with carriers in performing due diligence. Until the problem is solved, circuit route diversity should not be promoted as a general customer best practice."

Full text of the report can be found at www.atis.org/ndai.

 About the ATIS CIO Council

In 2003 ATIS established a CIO Council to provide a neutral industry forum for the Chief Information Officers (CIO) of AT&T, BellSouth, MCI, Sprint, Qwest, SBC and Verizon to develop positions as a proactive industry interface with government and cross-industry interests on identified security matters.

About ATIS

ATIS is a technical planning and standards development organization that is committed to rapidly developing and promoting technical and operations standards for the communications and related information technologies industry worldwide using a pragmatic, flexible and open approach. Participants from more than 350 communications companies are active in ATIS’ 23 industry committees and Incubator Solutions Program. www.atis.org

###