The convergence of voice, video, and data occurring on communications networks today and the IP-enabling of communications and computing equipment designed to connect to these networks is creating a host of new opportunities and challenges for todays government enterprises and agencies. As the speed of VoIP implementation increases, new challenges are before them in terms of determining how to implement the technology properly, including how to simultaneously provide for optimal performance and essential security measures.
Securing the Line
Not surprisingly, security is usually the primary concern that government managers voice when it comes to the deployment of VoIP and IP telephony solutions. Indeed, the opportunities that VoIP introduces to a government enterprise come at a price, in terms of added complexity in securing voice and data communications.
Indeed, there are a number of potential familiar threats to be aware of, including eavesdropping and malicious replay, as well as a number of new threats, such as toll fraud, service theft, voice spam (SPIT), and identity theft.
Other security issues revolve around the use of certain types of VoIP hardware and software products. Softphone use, for example, can pose a major security risk. New technologies, such as WiFi telephony, WiMAX, and IMS, create another area of security concerns. Presently, WiFi telephony implementations generally do not provide strong encryption and authentication and, as such, they are much more accessible to potential attackers. While wireline networks require a physical access to the wires, wireless technology allows remote attackers to tap into VoIP networks without any physical access to the network.
Securitys Impact on Quality of Service
Latency in the transmission of packet data from one end of the network to the other, while hardly noticeable with e-mail or file downloads, can introduce unacceptable quality issues with voice communication and, in some cases, render effective communication impossible. If video communication is required on the same network, this will add additional QoS requirements. Other QoS impairments can result from packet loss, jitter, and echo.
The implementation of various security measures can, itself, cause a marked deterioration in QoS. Data security is based on the deployment of a number of security devices and applications to protect and observe networks, such as firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Private Networks (VPN), authentication services, anti-virus software, and gateways. Since VoIP is highly sensitive to delay, packet loss, and jitter, many of these data security measures are inadequate and must be specialized for VoIP. For example, current firewall/NAT devices can delay or block call setups, encryption engines can introduce additional jitter, and inline IDS/IPS devices can add delay to inspected packets.
Another issue that requires careful review is interoperability between the various components and devices that comprise a government VoIP implementation. In fact, for government operations, interoperability considerations not only involve the ability to interoperate with equipment on the commercial side, but on the government side of the network as well. This generally involves compliance with the specifications related to the security protocols that all Type 1-Top Secret communications products must meet.
The extent to which a government manager should familiarize himself with industry developments depends on the types of solution he is implementing as well as the level of interoperability promised by the vendors selling him their equipment. Whatever type of deployment is being planned, its essential to ensure that data and voice equipment are interoperable with each other, as well as with any legacy equipment an agency may be keeping in the mix.
Providing 911 Emergency Services (E911)
Yet another area that requires careful review is the requirement to be able to provide E911 service on the communications system. Because of the inherent differences in the architecture of VoIP technology compared to circuit-switched systems, the type of emergency services currently being offered via VoIP is not the same as traditional 911 service. This currently is an issue that has instigated FCC action that requires VoIP service providers to conform to new regulations governing the provision of emergency services.
Ensuring Priority Services
Finally, a critical issue for some government applications is the ability to have vital priority services including those that are critical to national security carry over from the traditional, circuit-switched world.
For example, the National Communications System division in the Department of Homeland Security (NCS/DHS) is responsible for tapping into the vast commercial telecom infrastructure in the event of a manmade or natural emergency. By leveraging industrial and commercial resources, the NCS is responsible for protecting the telecom infrastructure, as well as managing the interdependencies among the 13 critical national infrastructures, such as transportation, energy, and water.
One such vital service that NCS/DHS has responsibility for is GETS (Government Emergency Telecom Service). GETS is an emergency service built on top of the commercial wireline infrastructure, which can be invoked when certain people such as first responders and other critical government employees enter a special code on a phones keypad for priority call completions. In certain emergencies, such as earthquakes, hurricanes, or terror attacks, the phone network can come to a standstill. With GETS, even in situations where a network is overloaded by as much as 800 percent, calls can still get through. IT
Marc Robins is Chief Evangelism Officer of Robins Consulting Group, which offers an array of services to the IP telephony industry. He has been involved in the telecommunications industry as a reporter and analyst, trade show producer and publisher, and marketing executive and consultant for more than 24 years. For more information, call RCG at 718-548-7245 or e-mail [email protected].