Skip to main content
photo
 
Investigating Alternatives

The workshop concluded with a focus on how the current environment could be changed to increase the public value provided by telecommunications incident response. Participants considered this question from a local and regional perspective. The participants also considered if any of these alternatives warranted further investigation.

Responses fell into three specific categories of activities:
  • Clarifying or Establish Guiding Principles –The participants discussed the principle of “collect once – use many times” as being a mantra that should be followed in incident response. All agreed there are likely multiple information collection activities being conducted across the various sectors. The format and reporting structure may vary based on information’s origin and owner. But the main principles that initiated this investigation (that there may be a better, more cost effective way to share information and the importance of the public/private partnership) continued to be true. The participants stressed the importance of developing guiding principles to help steer continued work in this area.
  •  
  • Conduct Current Practice Research – These activities focus on producing inventories of systems, repositories, data stores, and best practices reviews. In addition to the identification of the information resources currently available, it was noted that the owners of these resources and the rules that govern these resources should also be documented. The importance of the identification of roles and current responsibilities was also noted as a critical step in testing assumptions that there is already a structure in place providing regional coordinated telecommunications incident response.
  •  
  • Invest in Process Improvement – All agreed there were many ways to improve on what was currently being done, while also making the point that future efforts should not ‘tinker with something that isn’t broken’. The activities identified as ripe for process improvements could be considered current practices. Rather than reinvent the telecommunications response, participants suggested analyzing what was currently being done to look for inefficiencies.

Table 2.
Activities by Category
 
Guiding Principles
 
Identify clear expectations (roles and responsibilities) of carriers and government.
 
Improve public awareness of response mechanism.
 
Create an environment to increase and maintain trust among the participants.
 
Clarify a process in which the regional centers and individual state procedures co-exist and are well-understood.
 
Establish the uses to which collected information would be used and retain awareness of confidentiality issues.
 
Ensure interoperable critical infrastructures.
 
Provide training and dissemination of information to trusted partners on infrastructure and local knowledge.
 
Create a forum where local and regional entities can discuss and share issues.
 
Create an information sharing template so information shared and the process for sharing is consistent.
 
Current Practice Research
 
Identify relevant models (NCS, ISAC, NIPP, NYS DPS, NYS CSCIC and the like).
 
Identify interdependencies outside of sector.
 
Clarify potential value of regional approach for multiple events.
 
Investigate various methods for alerts – such as the Web, hand-held devices, etc.
 
Clarify roles of existing repositories & decide whether and how best to create regional center without duplication
 
Identify in all sectors day-to-day activities that add value.
 
Create a common set of credentialing criteria and process.
 
Define a region.
 
Define what information is shared and with whom, and under what conditions.
 
Create a data inventory – not only of the data but also of the rules governing the data and ownership.
 
Process Improvements
 
Establish a protocol for an authoritative source for providing public info.
 
Conduct a vulnerability assessment and address the gaps in existing arrangements.
 
Create mutual aid agreements.
 
Explore possibilities of FOIA and the dissemination of info.
 
Identify the barriers to information access.
 
Formalize informal contacts and create a standard personnel list.
 
Create a governance structure.
 
Create a GIS or contextual layer to the data gathered.
 


Once the list of activities was generated, participants were asked to vote on the initiatives they considered to be of high priority and those they considered to be highly do-able (refer to the appendices for a complete listing). Table 3 lists the top two initiatives selected for each of these categories.

Both private and public sector participants ranked “Create a governance structure” as the highest priority but as one of the least do-able activities. All acknowledged that creating this structure would be difficult because of the challenge of creating these bodies across organizational boundaries and among multiple, potentially competing partners. However, participants also noted that although creating this in a collaborative way would be challenging, it is the only way it could work. It should not be mandated by any regulatory or government entity. Participants noted that all participating groups need to see the value in forming a governance structure in order to gain buy-in and succeed in creating the governance structure.

Table 3.
Investments in Effort
 
High Priority
 
  • Create a governance structure
 
  • Identify clear expectations (roles and responsibilities) of carriers and government
 
High Do-ability
 
  • Clarify roles of existing repositories & decide whether and how best to create regional center without duplication
 
  • Establish a protocol for an authoritative source for providing public info
 

Participants were asked to consider the value likely to be generated by the creation of a governance structure and the identification of clear expectations from the four areas where value could be realized: increases in efficiency, increases in effectiveness, enablement, and intrinsic enrichment—for the 4 key stakeholder groups. Working in two small groups, the participants came to similar conclusions about the potential value of pursuing the top four initiatives, as well as what would need to change for that value to be realized. Table 4 lists what needs to happen for that value to be realized and Table 5 lists the specific value participants identified that each stakeholder group might expect from successful investments in the top four initiatives.

Both discussions highlighted the challenge and complexity these efforts will involve from policy, organizational and technological perspectives. The participants felt the establishment of the governance structure and the clarification of roles and responsibilities would help mitigate many of these challenges.

Table 4.
What must change for the value of a
regional coordinated telecommunications incident response to be realized?
 
 1. Establish a threat or incident threshold that indicates when to activate a regional response
 
 2. Establish an agreement about the need for a regional response
 
 3. Decide a clear focus for what might become the “region” and who needs to participate
 
 4. Solve conflicts with authority by reducing turf arguments and protectionism
 
 5. Not too much other than to bring together existing lists and protocols
 
 6. Nothing- just better organization and bring together the current lists and protocols
 
 7. Better communication and cross-sector sharing of information
 
 8. Meet with stakeholder groups to establish protocols
 
 9. Meet face to face and work through state or federal government legislative chair
 
10. Must be willing to work across jurisdiction lines and must give up need to control
 
11. Open dialogue between agencies to understand what each has to offer
 
12. Structure and document roles in information sharing
 
13. Commitment to voluntarily agreement on a model/structure
 
14. Clarify responsibilities of the state/federal/private participants
 

Table 5.
Value to Stakeholder Groups
 
Citizens at Large
 
Telecom. Providers
 
Government Sector
 
Private
Sector
 
Increases in efficiency
 
  • Better use of taxpayer money
  • Faster response time during a telecommunications incident
  • Provide a single source for the public to get accurate information
 
  • Decrease the burden of reporting
  • Single source for direct information
  • Clarify roles and responsibilities
  • Increased ability to respond to a telecommunications incident
  • Better able to develop cross-sector partnerships.
 
  • Increase transparency and facilitate greater trust
  • Enhance existing partnerships and develop new ones
  • Streamline costs to support the response process
 
  • Better awareness of where to go for information
  • Forum to address critical infrastructure needs
 
Increases in effectiveness
 
  • Higher quality information
 
  • Reduce burdensome reporting requirements
  • Clearly established protocols for incident response
  • Better control of information
  • More effective response to an outage
  • Clarify roles and responsibilities
 
  • Potential to receive better information faster
  • Clarify roles and responsibilities
  • Better management of resources
  • Allow agencies to focus on their own specialties
 
 
Enablement
 
 
  • Build trust with government
  • Higher level of accountability
  • Better information at a lower cost
 
  • Increase trust and partnerships with other sectors
  • Better information at a lower cost
 
  • Higher degree of accountability
 
Intrinsic Enrichment
 
  • Better coordinated regional response to disasters
  • More orderly response to telecommunications incidents
 
  • Able to be more responsive to a telecommunications incident
 
  • Better organized response structure
 
  • Gain confidence from telecommunications providers and government