The workshop concluded with a focus on how the current environment could be changed to increase the public value provided by telecommunications incident response. Participants considered this question from a local and regional perspective. The participants also considered if any of these alternatives warranted further investigation.

Responses fell into three specific categories of activities:

• Clarifying or Establish Guiding Principles –The participants discussed the principle of “collect once – use many times” as being a mantra that should be followed in incident response. All agreed there are likely multiple information collection activities being conducted across the various sectors. The format and reporting structure may vary based on information’s origin and owner. But the main principles that initiated this investigation (that there may be a better, more cost effective way to share information and the importance of the public/private partnership) continued to be true. The participants stressed the importance of developing guiding principles to help steer continued work in this area.
•  
• Conduct Current Practice Research – These activities focus on producing inventories of systems, repositories, data stores, and best practices reviews. In addition to the identification of the information resources currently available, it was noted that the owners of these resources and the rules that govern these resources should also be documented. The importance of the identification of roles and current responsibilities was also noted as a critical step in testing assumptions that there is already a structure in place providing regional coordinated telecommunications incident response.
•  
• Invest in Process Improvement – All agreed there were many ways to improve on what was currently being done, while also making the point that future efforts should not ‘tinker with something that isn’t broken’. The activities identified as ripe for process improvements could be considered current practices. Rather than reinvent the telecommunications response, participants suggested analyzing what was currently being done to look for inefficiencies.

Table 2. Activities by Category
Guiding Principles
Identify clear expectations (roles and responsibilities) of carriers and government.
Improve public awareness of response mechanism.
Create an environment to increase and maintain trust among the participants.
Clarify a process in which the regional centers and individual state procedures co-exist and are well-understood.
Establish the uses to which collected information would be used and retain awareness of confidentiality issues.
Ensure interoperable critical infrastructures.
Provide training and dissemination of information to trusted partners on infrastructure and local knowledge.
Create a forum where local and regional entities can discuss and share issues.
Create an information sharing template so information shared and the process for sharing is consistent.
Current Practice Research
Identify relevant models (NCS, ISAC, NIPP, NYS DPS, NYS CSCIC and the like).
Identify interdependencies outside of sector.
Clarify potential value of regional approach for multiple events.
Investigate various methods for alerts – such as the Web, hand-held devices, etc.
Clarify roles of existing repositories & decide whether and how best to create regional center without duplication
Identify in all sectors day-to-day activities that add value.
Create a common set of credentialing criteria and process.
Define a region.
Define what information is shared and with whom, and under what conditions.
Create a data inventory – not only of the data but also of the rules governing the data and ownership.
Process Improvements
Establish a protocol for an authoritative source for providing public info.
Conduct a vulnerability assessment and address the gaps in existing arrangements.
Create mutual aid agreements.
Explore possibilities of FOIA and the dissemination of info.
Identify the barriers to information access.
Formalize informal contacts and create a standard personnel list.
Create a governance structure.
Create a GIS or contextual layer to the data gathered.

Once the list of activities was generated, participants were asked to vote on the initiatives they considered to be of high priority and those they considered to be highly do-able (refer to the appendices for a complete listing). Table 3 lists the top two initiatives selected for each of these categories.

Both private and public sector participants ranked “Create a governance structure” as the highest priority but as one of the least do-able activities. All acknowledged that creating this structure would be difficult because of the challenge of creating these bodies across organizational boundaries and among multiple, potentially competing partners. However, participants also noted that although creating this in a collaborative way would be challenging, it is the only way it could work. It should not be mandated by any regulatory or government entity. Participants noted that all participating groups need to see the value in forming a governance structure in order to gain buy-in and succeed in creating the governance structure.

Table 3. Investments in Effort
High Priority
Create a governance structure
Identify clear expectations (roles and responsibilities) of carriers and government
High Do-ability
Clarify roles of existing repositories & decide whether and how best to create regional center without duplication
Establish a protocol for an authoritative source for providing public info

Participants were asked to consider the value likely to be generated by the creation of a governance structure and the identification of clear expectations from the four areas where value could be realized: increases in efficiency, increases in effectiveness, enablement, and intrinsic enrichment—for the 4 key stakeholder groups. Working in two small groups, the participants came to similar conclusions about the potential value of pursuing the top four initiatives, as well as what would need to change for that value to be realized. Table 4 lists what needs to happen for that value to be realized and Table 5 lists the specific value participants identified that each stakeholder group might expect from successful investments in the top four initiatives.

Both discussions highlighted the challenge and complexity these efforts will involve from policy, organizational and technological perspectives. The participants felt the establishment of the governance structure and the clarification of roles and responsibilities would help mitigate many of these challenges.

Table 4. What must change for the value of a regional coordinated telecommunications incident response to be realized?
1. Establish a threat or incident threshold that indicates when to activate a regional response
2. Establish an agreement about the need for a regional response
3. Decide a clear focus for what might become the “region” and who needs to participate
4. Solve conflicts with authority by reducing turf arguments and protectionism
5. Not too much other than to bring together existing lists and protocols
6. Nothing- just better organization and bring together the current lists and protocols
7. Better communication and cross-sector sharing of information
8. Meet with stakeholder groups to establish protocols
9. Meet face to face and work through state or federal government legislative chair
10. Must be willing to work across jurisdiction lines and must give up need to control
11. Open dialogue between agencies to understand what each has to offer
12. Structure and document roles in information sharing
13. Commitment to voluntarily agreement on a model/structure
14. Clarify responsibilities of the state/federal/private participants

Table 5. Value to Stakeholder Groups
	Citizens at Large	Telecom. Providers	Government Sector	Private Sector
Increases in efficiency	Better use of taxpayer money Faster response time during a telecommunications incident Provide a single source for the public to get accurate information	Decrease the burden of reporting Single source for direct information Clarify roles and responsibilities Increased ability to respond to a telecommunications incident Better able to develop cross-sector partnerships.	Increase transparency and facilitate greater trust Enhance existing partnerships and develop new ones Streamline costs to support the response process	Better awareness of where to go for information Forum to address critical infrastructure needs
Increases in effectiveness	Higher quality information	Reduce burdensome reporting requirements Clearly established protocols for incident response Better control of information More effective response to an outage Clarify roles and responsibilities	Potential to receive better information faster Clarify roles and responsibilities Better management of resources Allow agencies to focus on their own specialties
Enablement		Build trust with government Higher level of accountability Better information at a lower cost	Increase trust and partnerships with other sectors Better information at a lower cost	Higher degree of accountability
Intrinsic Enrichment	Better coordinated regional response to disasters More orderly response to telecommunications incidents	Able to be more responsive to a telecommunications incident	Better organized response structure	Gain confidence from telecommunications providers and government

Table 6 summarizes the key conclusions generated from the workshop. Overall, participants agreed that regional coordination of telecommunications incident response should continue to be explored. One participant noted, “it’s intuitive that it’s a good idea to do this. Sharing information will help us respond better.” However, participants recognized the importance of a detailed and thorough exploration of the idea. Clarity of purpose and value were considered paramount. In the words of one participant, “Continue to clarify what you’re trying to accomplish because if there’s a good, compelling reason, there should be lots of support.” These conclusions represent a starting point for this effort. Regardless of the specifics of the approach chosen, participants called for full representation of stakeholders in the process and clarification of roles and responsibilities, both in terms of leading and participating in the exploration itself and in the strategies for regional coordination considered as part of the exploration. Participants agreed the greatest challenge to any multi-organizational collaboration is in the creation of a governance structure. The exploration would therefore need to provide insights on strategies and best practices in this area. Another key element identified by participants is the documentation of current as well as ideal communication and information sharing channels and encouraged workshop organizers to prepare a report of the workshop both as a record of the discussion and as a tool to seek support and funding for the continued exploration. Finally, participants encouraged the key stakeholders to continue to move this process forward through the creation of a report of the workshop and through the use of the report and companion pieces to secure support and funding for the required exploratory study.

Table 6. Key Conclusions
Current Environment
All agreed NCP and NCS are models for disaster management in the event of a national incident.
Of shared concern is when an incident is localized to either a specific geographic area or jurisdictions beneath the federal radar.
In the event of a regional or localized telecommunications incident, the NCS may not mobilize their members or mobilize only for information purposes; therefore, information may not be disseminated to the many different local entities that cross the organizational sectors.
Real time cross-organizational information sharing is even more important in the smaller, localized events where only one critical infrastructure is involved.
Value to the Public
The potential value created through enhanced coordination capability that resonated with the participants is continuity of government and real-time data to support informed decision making across each of the four stakeholder groups.
In the event of a regional, multi-state or multi-jurisdictional response, the participants emphasized the need to receive detailed information quickly so appropriate government officials are kept informed and can reassure and advise the public in a time of crisis.
Both government and private sector organizations need to invest in public trust and demonstrate capability to function in a crisis.
Information Sharing in Context
A telecommunications incident response can be severely hindered if the response team lacks granularity of data and contextual knowledge of the region.
Regional knowledge is imperative for decisions concerning resource distribution, response time estimates, and supplying special equipment in response to an incident.
Participants stressed the importance of having knowledgeable workers as near to the ground as possible.
Creating a clearinghouse for information is a potential strategy for improving the granularity of the data and the speed with which it could be delivered.
Knowing what information is important within the context of an incident is equally important to sharing.
Do not duplicate or tinker with something that is not broken
Do not duplicate existing services at the state or regional level.
Improve on what is currently being done while being sure not to tinker with something that isn’t broken.
Explore all possibilities and test all assumptions.