TIA TR42.1 draft standard contains means and ways to protect critical telecom infrastructure equipment.
July 1, 2013
A new physical network security standard is under development within the TIA TR42.1 formulating committee. The document is still in the early stages of development and for this issue’s column, I wanted to report on the key elements of this draft standard. Physical network security is an important topic for consideration during building construction or renovation.
The purpose of physical network security systems is to protect critical telecommunications infrastructure elements from theft, vandalism, intrusions, and unauthorized modifications. The draft standard is structured in different sections starting by defining the primary objectives of a security plan.
The primary objectives of a security plan should be:
• Identification of potential for negative events and their causes
• Reduction of negative events (e.g. errors, outages, loss of data etc.)
• Recovery from negative events
• Limit impacts of negative events
• Review events to evolve the security plan
The next step involves asking some questions to assess the risk, to define the scope and/or location of vulnerabilities, to identify the threat and to implement countermeasures.
• Why is security required (e.g. regulatory, privacy, continuity)?
• What are you trying to protect (e.g. operations, data, access)?
• Have you defined the scope and/or location of the vulnerabilities?
• Do different parts of the security plan have different threats and protection requirements?
• When are we concerned about the specific threat, when the building is occupied, or unoccupied? Is there a specific action, time, or function that provides additional risk?
• Is the countermeasure effective against both intentional and accidental threats?
If an event occurs,
• who exploited the vulnerability?
• what were the circumstances that triggered the vulnerability?
• when can we be sure countermeasures have been successful?
• where did the defense mechanisms fail?
• why did defense mechanisms not protect the asset?
• how will the event be countered in future?
During the risk assessment process, the designer should highlight aspects where the telecommunications infrastructure is considered an asset that requires protection (e.g. from physical damage, tampering, or unauthorized access), or where the infrastructure plays a role in the solution to protect other assets (e.g. for electronic monitoring and surveillance of assets in an already secure facility) or both.
Cable Routing & Telecommunications Spaces:
The draft standard provides some specific requirements and recommendations on access to telecommunications spaces and on cable routing inside buildings, for example,
• Access to telecommunications spaces shall be restricted to authorized personnel and should be monitored by the security system using a camera, remote alarm or both.
• Telecommunications cabling shall not be routed through spaces accessible by the public or by other tenants of the building unless the cables are in enclosed duct, conduit or other secure pathways.
In the section on Administration, the Physical Network Security Standard recommends that the physical network security management system should:
• be capable of detecting and reporting device connection and identify the associated location. This information can be used to establish whether this is an authorized connection in order to respond appropriately.
• be capable of being integrated with security cameras, where present, to activate during unauthorized events and provide access to recorded content.
• have the capability to report the location of a connected device based on a port and outlet connection.
• use standardized encryption, authentication, and communication methods between endpoints to ensure that the data is not accessible or readable by unauthorized persons.
Video Surveillance and Access Control:
In addition, the Physical Network Security Standard provides specific guidelines and recommendations for:
• Video Surveillance including the planning and placement of cameras, camera types, media types, remote powering, electrical protection and pathways for indoor and outdoor locations.
• Access control systems including card readers, request-to-exit devices (REX), door contacts, electric strike or latch, motion detectors, battery backup, dialer and keypads. Note: Access control systems are typically coordinated with and operate in conjunction with video surveillance systems and other building automation systems.
As you can see the physical security of the telecommunications infrastructure is an important aspect of the design of a premises network. The intent of the document is to provide guidance to designers of security systems to customize and to enhance the physical security functions of the telecommunications infrastructure. CNS
Paul Kish is Director, Systems and Standards at Belden. The information presented is the author’s view and is not official TIA correspondence.