CSIA Provides VoIP Security Recommendations to Assist Congress in Revising the Telecommunications Act of 1996

Cyber Security Industry Alliance (CSIA), the only public policy and advocacy group dedicated exclusively to cyber security, today released a report that recommends Congress consider cyber security issues facing Voice over Internet Protocol (VoIP) as it looks to revise the Telecommunications Act of 1996. The report explains why
increasingly broad adoption of IP-enabled technologies, such as VoIP, calls for heightened focus on protecting the security, integrity and reliability of the Internet. CSIA also announced that it is co-hosting a VoIP security
workshop with several leading universities on June 1-2, 2005 in Washington, D.C. to further explore the technology and policy issues surrounding VoIP security.

The Report finds that the same qualities that make VoIP such a valuable new option for mass-market voice communications also can lead to quality of service and performance issues including denial of service attacks, Spam over IP Telephony (SPIT), session eavesdropping and voicemail hijacking. The report concludes that adding an extra layer of security infrastructure can help resolve some of these issues, but not all of them. Since voice
communication is a key enabler of critical government services operated by national security and emergency preparedness providers, a VoIP cyber attack could lead to serious consequences, such as loss of public access to critical emergency services like 911.

"While the promise of IP telephony is economical for many organizations, cyber security issues cannot be ignored," said Paul Kurtz, executive director of CSIA. "Because IP telephony depends solely on the Internet for operating, it is subject to all the same vulnerabilities that our corporate networks face. As Congress considers revisiting the Telecommunications Act of 1996, CSIA strongly recommends that the serious implications of VoIP cyber attacks be addressed since they can affect critical government services such as 911 and other emergency first responder services."

As consumers, businesses and government make much more intensive use of the IP platform through voice applications, it is essential to address the resulting impact on national security, emergency preparedness and Internet fraud/criminal activity. This report demonstrates the potential for VoIP to provide another channel for exploiting vulnerabilities in both our critical infrastructure and the IT-based economy. VoIP vulnerabilities also have the potential to act as entry points for attacks on the rest of the network, including non-VoIP applications, systems and infrastructures. Some potential fallout examples include:

* Crippling impacts on the operations of IT dependent critical infrastructures, including the potential knock out of banking, finance, chemical, electric power generation and distribution, oil and gas production and storage, emergency ervices, public health services, transportation systems, water supplies and more;

* Disablement of IT supporting critical infrastructures in these industries;

* Potential for weakening the national response capability as part of a blended cyber and physical attack;

* Loss of revenue for operation stoppages in call centers, order processing and shipping;

* Theft, erasure, or alteration of business and personal information; and

* Violations of privacy and confidentiality regulations, possibly resulting in civil and/or criminal penalties.

CSIA concludes that cyber security for VoIP is essential for the protection of the entire information technology ecosphere and asks that Congress consider several recommendations for securing VoIP technologies, including supporting research & development aimed at improving the security and reliability of VoIP as well as defining roles and responsibilities for agencies such as the Department of Homeland Security, the Federal Communications Commission and the Department of Defense.

On June 1 and 2, CSIA, the University of North Texas, University of Tulsa and George Mason University are calling together leading scientists, technologists, policy makers and domain experts to address VoIP technology,
research, regulatory and public policy issues at its workshop on "Securing Voice Over IP" in Washington, D.C.

Details on the "Securing Voice Over IP" workshop and a copy of CSIA's VoIP report can be found at www.csialliance.org.

About the Cyber Security Industry Alliance

CSIA is the only advocacy group dedicated exclusively to enhancing global cyber security through public policy, education, awareness and technology. The organization is led by CEOs from the world's top security providers, who offer the technical expertise, depth and focus to encourage a better understanding of cyber security issues. It is the belief of the CSIA that a comprehensive approach to ensuring the security, integrity and availability of global information systems is fundamental to national and economic stability. To learn more about the CSIA, please visit our Web site at www.csialliance.org or call +1-703-894-2742.

Author:  

Email:    

Topic:    

Content:

Related Voip Articles

• CallWave Launches ISP Reseller Program for Its VoIP Software Application
  11 May 2005



• Quintum Tenors VoIP Switch Achieves iBasis DirectVoIP(TM) Certification
  10 May 2005



• Afripa Telecom, a Unit of Atlantique Group to Deploy VocalTec's Essentra Equipment To Build Pan African VoIP
  9 May 2005



• AT&T Helps Anthony & Sylvan Pools Take The Plunge Into VoIP
  9 May 2005



• Qwest Statement on the FCC's Pending VoIP 911 Decision
  8 May 2005



• Media Advisory - CRTC Lock-Up - VoIP Decision
  8 May 2005



• Vonexus to Host D.C. Seminar on VoIP in the Enterprise
  7 May 2005



• 3Com Unveils New Managed Service Strategy for VoIP, Security and Infrastructure Solutions
  6 May 2005



• VoIP, Inc. Expands International Service Provider Roster
  5 May 2005



• Software Based, Automated VoIP Routing Platform Has Contracts With More Than 120 International Carriers
  5 May 2005