Letter to Canadian Security Telecommunications Advisory Committee (CSTAC) Industry Members

To the industry members of the Canadian Security Telecommunications Advisory Committee (CSTAC):

Canadians, industry and other critical infrastructure sectors increasingly depend on telecommunications services to conduct economic and social activities, as well as access basic services. This dependency is amplified in the event of emergencies or large-scale disruptions, such as those caused by the COVID-19 pandemic, natural disasters, or cyber incidents. The security and reliability of telecommunications infrastructure is therefore critical.

On July 11, 2022, I met with the chief executives of several telecommunications service providers and directed them to develop an agreement within 60 days to enable emergency roaming and mutual assistance during emergencies, as well as a communications protocol.

My expectation has been clear that this agreement will only be a first step in the context of broader work on network reliability. [Today], I announced a Telecommunications Reliability Agenda to advance this important work more broadly. As part of this, I look to CSTAC to play an important role in this work on account of its collaborative structure and expertise. As such, I am charging you with developing a set of recommendations to improve the reliability of Canada's telecommunications network. These should take into account the goals of this agenda as well as the considerations in the appendix.

It is my expectation that CSTAC will produce a report containing these recommendations in 6 months from the date of establishing the agreement on emergency roaming, mutual assistance and communications protocol (i.e. September 9, 2022). This report will also be shared with the CRTC to inform their upcoming consultations.

Thank you in advance for your cooperation in this important matter.

Sincerely,

The Honourable François-Philippe Champagne, P.C., M.P.

Enclosure(s)

Appendix – Considerations for Network Reliability

Architecture and Design

  • Physical protections for facilities and supporting systems (site hardening, HVAC, power) against all-hazards
  • Identification of telecommunication services interdependencies
  • Improve geographic diversity of critical sites (e.g. points of interconnection)
  • Physical path diversity for wireline networks
  • Logical route diversity between networks
  • Logical protections for network infrastructure (e.g. routing, DNS etc.)

Operational and Support

  • Network management and oversight (e.g., administration, orchestration, OSS/BSS)
  • Security functions (e.g., zoning, containerization, authentication, authorization, auditing)
  • Network and service monitoring (e.g., performance, QoS/QoE, metrics)
  • Maintain operational procedures and practices
  • Configuration and change management
  • Maintenance and updates (e.g. application of vendor patches, security updates)
  • Supply chain planning and management
  • Testing and verification (e.g., simulations, sandboxing, pen testing)

Planning and Governance

  • Defining organizational roles, responsibilities, procedures and controls for business continuity, and to promote resilience of telecommunications infrastructure
  • Training and certification of personnel
  • Reviewing and exercising plans regularly
  • Sharing information with other TSPs (e.g., lessons learned, findings, incident reporting)

Response and Recovery

  • Diversity in disaster recovery sites
  • Diversity in 3rd party service providers
  • Availability of temporary or deployable infrastructure (e.g., COWS, spare equipment)
  • Maintaining agreements on emergency roaming, mutual assistance and communications protocol with the public and government

Industry collaboration

  • Sharing information with other TSPs (e.g., lessons learned, findings, incident reporting)
  • Conducting joint exercises with other TSPs and other CI sectors
  • Identification of common interdependencies among TSPs (e.g. fibre paths and points of interconnection) and other service providers (cloud services, energy, transportation)
  • Identification of resiliency issues due to coverage gaps for wireline/wireless networks