Press Releases
CSIA Provides VoIP Security Recommendations to Assist Congress in Revising the Telecommunications Act of 1996
Thursday, 12 May 2005 15:03 ESTAnnounces June Workshop on VoIP Technology, Research, Regulatory and Public Policy Issues
WASHINGTON, May 10 -- Cyber Security Industry Alliance (CSIA), the only public policy and advocacy group dedicated exclusively to cyber security, today released a report that recommends Congress consider cyber security issues facing Voice over Internet Protocol (VoIP) as it looks to revise the Telecommunications Act of 1996. The report explains why increasingly broad adoption of IP-enabled technologies, such as VoIP, calls for heightened focus on protecting the security, integrity and reliability of the Internet. CSIA also announced that it is co-hosting a VoIP security workshop with several leading universities on June 1-2, 2005 in Washington, D.C. to further explore the technology and policy issues surrounding VoIP security.
The Report finds that the same qualities that make VoIP such a valuable new option for mass-market voice communications also can lead to quality of service and performance issues including denial of service attacks, Spam over IP Telephony (SPIT), session eavesdropping and voicemail hijacking. The report concludes that adding an extra layer of security infrastructure can help resolve some of these issues, but not all of them. Since voice communication is a key enabler of critical government services operated by national security and emergency preparedness providers, a VoIP cyber attack could lead to serious consequences, such as loss of public access to critical emergency services like 911.
"While the promise of IP telephony is economical for many organizations, cyber security issues cannot be ignored," said Paul Kurtz, executive director of CSIA. "Because IP telephony depends solely on the Internet for operating, it is subject to all the same vulnerabilities that our corporate networks face. As Congress considers revisiting the Telecommunications Act of 1996, CSIA strongly recommends that the serious implications of VoIP cyber attacks be addressed since they can affect critical government services such as 911 and other emergency first responder services."
As consumers, businesses and government make much more intensive use of the IP platform through voice applications, it is essential to address the resulting impact on national security, emergency preparedness and Internet fraud/criminal activity. This report demonstrates the potential for VoIP to provide another channel for exploiting vulnerabilities in both our critical infrastructure and the IT-based economy. VoIP vulnerabilities also have the potential to act as entry points for attacks on the rest of the network, including non-VoIP applications, systems and infrastructures. Some potential fallout examples include:
* Crippling impacts on the operations of IT dependent critical infrastructures, including the potential knock out of banking, finance, chemical, electric power generation and distribution, oil and gas production and storage, emergency services, public health services, transportation systems, water supplies and more;
* Disablement of IT supporting critical infrastructures in these industries;
* Potential for weakening the national response capability as part of a blended cyber and physical attack;
* Loss of revenue for operation stoppages in call centers, order processing and shipping;
* Theft, erasure, or alteration of business and personal information; and
* Violations of privacy and confidentiality regulations, possibly resulting in civil and/or criminal penalties.
CSIA concludes that cyber security for VoIP is essential for the protection of the entire information technology ecosphere and asks that Congress consider several recommendations for securing VoIP technologies, including supporting research & development aimed at improving the security and reliability of VoIP as well as defining roles and responsibilities for agencies such as the Department of Homeland Security, the Federal Communications Commission and the Department of Defense.
On June 1 and 2, CSIA, the University of North Texas, University of Tulsa and George Mason University are calling together leading scientists, technologists, policy makers and domain experts to address VoIP technology, research, regulatory and public policy issues at its workshop on "Securing Voice Over IP" in Washington, D.C.
Details on the "Securing Voice Over IP" workshop and a copy of CSIA's VoIP report can be found at www.csialliance.org/ .
About the Cyber Security Industry Alliance
CSIA is the only advocacy group dedicated exclusively to enhancing global cyber security through public policy, education, awareness and technology. The organization is led by CEOs from the world's top security providers, who offer the technical expertise, depth and focus to encourage a better understanding of cyber security issues. It is the belief of the CSIA that a comprehensive approach to ensuring the security, integrity and availability of global information systems is fundamental to national and economic stability. To learn more about the CSIA, please visit our Web site at www.csialliance.org/ or call +.