Security Implications of the Integrated Telecommunications Infrastructure

Technical Bulletin (2003-002)

Sharing facilities between government departments invariably raises issues of security and performance guarantee challenges, especially as networks are intended to carry traffic that includes sensitive information. Such security concerns cover both the information transferred, as well as the equipment used to transport it. This document addresses additional concerns that result from permitting authorized personnel from more than one department to access shared telecommunications rooms.

In order to safeguard the integrity and security of a standards-based telecommunications system to meet government-mandated requirements, departments must implement baseline security controls and any additional security measures identified through a Threat and Risk Assessment (TRA) process.

Access to telecommunications spaces and pathways (Telecommunications Rooms, Main Terminal/Equipment Room, Equipment Rooms) shall be controlled, authorised and monitored in a manner appropriate to the sensitivity of the information transmitted over the infrastructure that can be accessed from these spaces. There is a need for implementing commensurate security measures in order to protect the wiring at the same level as the information passing through the wiring infrastructure. The results of the TRA would determine the level of protection and specific security measures required in specific situations.

Telecommunications spaces and pathways shall be treated as restricted zones, access to which is controlled and limited to the authorised and properly security-cleared personnel only. Using appropriate methods, such as installation of electronic access controls, mechanical combination locksets or deadbolts, shall control access. A list of persons authorised to access these spaces shall be maintained. For security audit purposes an access control log should be maintained.

When assessing the need for security measures in the telecommunications rooms, a holistic and pragmatic approach must be followed taking into account the sensitivity of the information being transported. For example, telecommunications rooms equipped with an alarm system and constructed within an Operations Zone may not require as robust physical security as those without an alarm system and constructed in (or adjacent to) a zone accessible by the public.

Departments must consider what, if any, additional security measures must be applied to telecommunications rooms that are accessible by authorized representatives from more than one department. Once again, a holistic and pragmatic approach must be followed taking into account the sensitivity of the information being transported. Because it is costly and time consuming to re-arrange physical barriers in response to changes in tenancy of a space, other measures must be considered to ensure that proper balance is maintained between the potential threats and the safeguards.

In addition to physical security, departments must take into account operational considerations as well as encryption to meet their overall security goal. Operational considerations include security clearances of authorized persons permitted unescorted access to the telecommunications rooms. In rare cases, it may be considered appropriate to have a representative from both departments present before either is allowed to enter a shared telecommunications room. For networks carrying traffic having a sensitivity of up to and including Protected B, it is not anticipated that any additional physical security measures will be required within shared telecommunications rooms. It may be appropriate for each department sharing the main terminal / equipment room to install its equipment in its own equipment cabinet.

In a multi-department government building, a security committee (custodian and occupants) will determine the security requirements for the shared telecommunications spaces. In determining the security requirements, standard sensitivity classifications should be used (e.g. Protected A, Protected B etc.). The Custodian Department shall monitor conformance with the established and agreed-upon access control measures and take appropriate action to resolve jurisdictional or other issues that may arise.

In exceptional circumstances (for example, information sensitivity above Protected B level), the results of the TRA may justify that portions of the telecommunications infrastructure be separated and protected to a higher level. This isolation would typically follow the "onion-skin" approach where equipment associated with a network carrying highly-sensitive traffic (above Protected B) may be installed in a secure cabinet located within the shared telecommunications room.

If such additional physical security measures are required, the Custodian Department must agree to any modifications to the integrated telecommunications infrastructure, before these changes are implemented.

Additional security guidance is provided by several security standards: