In this section, the conclusions are summarized into two categories: findings and primary concerns. The findings in Section 6.1 represent a summary of the perceived threats to NS/EP telecommunications and the trends associated with these threats. The listing of primary concerns in Section 6.2 focuses on specific categories of network elements that electronic intruders are targeting. In addition, specific NS/EP telecommunication systems that are vulnerable to the threats posed by electronic intruders are listed.
6.1 Findings
Several significant findings can be drawn from the open source material used to prepare this report. These are listed below:
* Electronic intruder activities directed against the PSN and related systems are significant
* Law enforcement actions have driven many electronic intruders from the computer underground further underground
* Members of the computer underground are increasingly motivated by personal financial gain
* The skill sets exhibited by electronic intruders are becoming more sophisticated and potentially more dangerous to NS/EP telecommunications
* Telecommunications industry employees, especially disgruntled employees and coerced employees, pose a potentially serious threat to the integrity of the PSN
* Industrial spies and foreign intelligence services are allegedly using electronic intrusion techniques to gather telecommunications and systems information from U.S. companies and Government agencies
* Data networks, which are growing in size and use, are allegedly attacked by electronic intruders at an increasing rate
* Electronic intruders have compromised elements of the signaling network
* Electronic intruders have begun to explore new telecommunication technologies and network architectures seeking potential vulnerabilities.
6.2 Primary Concerns
Overall, the threat to NS/EP telecommunications from electronic intruders is significant and growing. The types of services that generate the highest levels of concern based on electronic intruder activities are as follows:
* Access codes and other sensitive data stored by NS/EP services on vulnerable network elements
* E-911 and other emergency response services
* Systems that support DoD command, control, communications, and computers (C4) functions
* Wireless services supporting government systems
* Functions being performed through access to the public data networks
* Unprotected voice and data traffic that are susceptible to electronic monitoring
* Call detail records and other service-related information that are stored on vulnerable network elements
* New telecommunications technologies that provided greater user control but have not undergone adequate security testing (e.g., SONET, ATM, CDPD, PCS).