VoIP Security Workshop Eyes Technology, Policy

Telecom Policy Report, May 30, 2005

Public-advocacy group the Cyber Security Industry Alliance (CSIA) and three universities are sponsoring a two-day workshop this Wednesday and Thursday (June 1 and 2) on voice over Internet Protocol (VoIP) security issues for government officials who are technology buyers and policy makers as well as enterprise users.

The CSIA, which believes the U.S. Congress should consider cyber security issues within VoIP services as it revises the Telecommunications Act of 1996, says the security VoIP workshop will be held at the Hotel Monaco DC on 700 F Street NW in Washington, D.C. Co-sponsored by the University of North Texas, the University of Tulsa and George Mason University, the session is expected to include scientists, researchers, technologists, policy makers and domain experts addressing the issues.

CISA, which held its first VoIP security workshop in Dallas in December 2004 that discussed defending VoIP networks and technical solutions, says this second session on "harmonizing" technology and policy has invited speakers from BellSouth, Verizon, the Federal Communications Commission's Network Technology Division and the Department of Homeland Security 's National Communications System office.

Although advocacy and education appear to be the primary goals of CISA, the universities and the workshop, members want to influence the government and corporate agendas on VoIP security research and development, requirements and deployment (particularly the needs of government services) as well as policy and legal matters (including an assist to Congress on revising the '96 Telecom Act.

"While the promise of IP telephony is economical for many organizations, cyber security issues cannot be ignored," says Paul Kurtz, CSIA's executive director. "Because IP telephony depends solely on the Internet for operating, it is subject to all the same vulnerabilities that our corporate networks face."

CISA says broad adoption of IP-enabled technologies like VoIP calling in mass markets could lead to performance/quality of service challenges such as denial of service attacks, spam-over-IP telephony, call-session eavesdropping and voicemail hijacking. It sees potential fallout surrounding criminal/theft activities, a weakening of the national response capability as part of a blended cyber/ physical attacks, and violations of privacy and confidentiality regulations.

The concern for business enterprises, according to the CISA report and multiple security professionals, clearly includes revenue losses due to crippling attacks that can disable or knock out supporting critical network and IT infrastructures for banking, finance, chemical, electric power generation/distribution, oil/gas production/storage, transportation systems and water supplies.

CSIA provided a report to Congress strongly recommending that the "serious implications of VoIP cyber attacks be addressed since they can affect critical government services such as 911 and other emergency first responder services." Kurtz also submitted testimony to this effect last April at the House Committee on Homeland Security's Subcommittee on Economic Security, Infrastructure Protection, and Cyber Security; and again in May to the Senate Committee on Commerce, Science and Transportation.

[Copyright 2005 Access Intelligence, LLC. All rights reserved.]