• Attendees
• Minutes and Actions
• Ofcom NGN Consultation
• Minimum Security Standard
• Policing of NGN Signalling Messages
• Constitution
• AOB
• Actions

Note: The September meeting was held via audio conference

Steve Best (BT Wholesale)

Steve Drain (BT Retail)

Ann Francis (Colt)

Andy May (CW)

Gareth Davies (Ofcom)

Martin Whewell (Openreach)

Neil McArthur (Talk Talk)

Mohamed Hammady (Sky)

Andrew Wileman (Virgin Media),

Rod Smith (NGNuk)

Peter Ryde (NGNuk)

Apologies - Alison Mitchell (BT Retail), Andy Rawnsley ( Gamma Telecom), Robyn Durie ( T-Mobile), Mark Dalziel (OTA) and Huw Saunders (KCOM)

To top

The July minutes were agreed via email and published on the NGNuk web site during August. An update on the actions is appended at the end of this document

To top

The Ofcom Consultation entitled "Next Generation Networks : Responding to recent developments to protect consumers, promote effective competition and secure efficient investment" which was published on 31^st July, closes for responses on 24^th September. As the NGNuk Executive precedes this closure, Gareth Davies gave only a very brief verbal update but committed to  a substantive discussion at the November Executive meeting.

To top

NICC Standard (ND1643)

The NICC standard published in Q3 2008 was revised following comments the OTA had received during its initial meetings with all LLUOs in January. The final document has now been published on the NICC web site. This version includes the appropriate BSI clearance to replicate the controls copied from ISO 27001. NGNuk had obtained a licence from BSI for this at no charge. The NGNuk website will also be updated to provide access to the standard.

It is likely that a further iteration of ND1643 will be initiated prior to the new year to reflect additional comments from CPs implementing the standard, to better facilitate the inspection scheme and also to allow the standard to be used to certify suppliers.

Code of Practice

Signed

The revised Code of Practice agreed with industry, that commits LLUOs and CPs to implement and maintain the Minimum Standard, has been signed by 10 CPs. These are; BT Group, Colt, C&W, Gamma, Kingston, Orange, O2, Talk Talk, Sky and  Virgin Media

Key Unsigned CPs

Global Crossing intends to comply with the higher 2.2.4 security standard necessitated by their government contracts. They have confirmed they are undertaking a gap analysis against the Minimum Standard, which they aim to complete by December 09.

T-Mobile and Vodafone have both stated that any commitment to adopt the NICC Minimum Standard is dependent upon the results of a gap analysis.

T-Mobile have raised a query regarding their interpretation of the standard. T-Mobile met with NICC on 23^rd September to review this interpretation.

Extending adoption of the Standard

Smaller CPs

FCS has approached NGNuk/OTA seeking to better understand the implications of the Standard for smaller CPs. A meeting with various FCS members is to be held during October.

Inclusion within Interconnect Contracts

Following the initial discussion at the July NGNuk Executive regarding the inclusion of the standard within interconnect contracts, follow on discussions were held on 21^st September attended by Colt, Orange, Sky and Talk Talk. The following summary was provided to the Executive:

1. The object of the meeting was to discuss whether the existing signatories can create a level of imperative for the wider industry to adopt the minimum standard,  by making compliance to ND1643 a condition of interconnection within the UK
2. Those members participating on the call, stated that they were supportive of proactive inclusion within interconnect contracts
3. It was agreed that inclusion of ND1643 in contracts is a relatively simple change to contracts only needing the requirement for an interconnect partner to commit to complying with the standard, to obtain and maintain certification and a timescale against these actions
4. The following suggestion with respect to dates for compliance to ND1643 within interconnect contracts,  was agreed as being sensible and pragmatic starting point:
•  All contracts for new NGN interconnects, that are within scope,  with a signatory to the CoP signed from 01.01.2010 should include a contractual commitment covering compliance and certification to ND1643
• That the prospective interconnect partner should  be certified to ND1643 by the end 2011 or within 18 months of the interconnect going live, whichever is the longer
• That  any existing interconnect that is within scope and already covered under contract, should comply within 12 months after this date (b above)
5. Further work on whether  the  inclusion of ND1643 within interconnect contracts, by larger CPs, might be deemed anti competitive is required. Peter Ryde will write to a number of members to seek the advice of their in house legal teams on this issue, with further work suspended until the matter is clarified

As the standard was initiated by BERR/Ofcom , and in view of their subsequent pressure on CPs to comply, it was felt that a positive public statement from Ofcom regarding the publication of the standard  and its adoption, would be highly beneficial in terms of industry awareness.

Ofcom were also asked to clarify whether anticipated regulatory changes within Europe might allow them to reconsider their position on a General Condition Forcing all CPs to comply with ND1643, where applicable.

Action 1 - 24/09/09 - NGNuk to write to Ofcom to seek clarification on what Ofcom are willing to state publicly regarding the adoption of ND1643 by industry and also seeking confirmation of their position on adopting a General Condition

Public Sector

OTA/NGNuk has been in dialogue with the Cabinet Office regarding the PSN (Public Sector Network) and the associated procurement activities with a view to how this can be leveraged to extend adoption of the NICC Minimum Security Standard.

The Cabinet Office has stated that the minimum services for direct connection to the PSN will require 2.2.4 levels of security, in accordance with the CESG developed standard,  and the NICC minimum security standard for CPs providing services operating over these. This would mean that smaller CPs selling to local councils, schools, charities etc would need to comply with the NICC standard over the next few years. The current status of the PSN documentation does not however substantiate this view. NGNuk has therefore applied to join  the appropriate PSN work stream.

Implementation Plans

Of the 10 CPs who have signed, feedback has been received from all 10.This shows compliance dates varying from end 2009 through to mid 2011.

Certification

NGNuk has approached the UK Accreditation Service for advice. The initial thoughts were to incorporate the requirements of the NICC Minimum Security Standard (ND1643) within the accreditation of organisations offering ISO 27001 and 27011 certification, however this is not feasible since ND1643 does not mandate ISO27001.

An inspection scheme is therefore being pursued, although this will not be available until the first half of 2010 due to resource constraints within UKAS. The one off set up cost of accreditation via UKAS is approximately £10,000 (plus VAT), which Ofcom has agreed to fund, although NGNuk is still awaiting a formal quotation for the work from UKAS.

A joint NGNuk/NICC workshop was held on 23^rd September with potential certification bodies. The objectives of the meeting were to:

1. Provide Certification bodies with background to ND1643 and its relationship to the CESG 2.2.4 standard
2. Provide details of:
• the status of the NICC Minimum Security Standard ( ND1643)
• the CPs committed to adopting the standard and timeframes for compliance
• the plans for wider adoption across industry
3. Provide an overview  of the Standard and clarify any queries
4. Outline the NGNuk/NICC discussions and approach to Certification discussed with UKAS
5. Seek proactive feedback from certification bodies on;
• Immediate concerns or observations
• Inspection vs. ISO 27001 certification and how to avoid duplication of effort
• How to ensure the scheme works for all sizes of Communications Provider
• areas of uncertainty requiring clarification ( e.g. development of sampling rules) or where changes might make inspection easier/cheaper

This  meeting was well attended and valuable feedback was provided by both the Certification bodies and CPs . This will help inform NGNuk discussions with UKAS and are likely to also result in  changes to the standard itself.

A subsequent discussion amongst the CPs agreed present at the work shop reviewed whether CPs should seek to develop a more efficient engagement of suppliers. It was agreed that NGNuk would write to CPs regarding the standard in a form that could be forwarded to Suppliers and that NGNuk should also seek feedback on whether Suppliers would find an industry seminar of value in communicating these changes. It was recognised that Suppliers faced multiple contacts from CPs both initially, in terms of raising awareness,  but also subsequently in terms of contract changes and audit. It was agreed that amending the NICC standard to allow suppliers to obtain certification would be of great value. This suggestion will be considered by NICC as part of their planned review of the standard.

 

To top

Orange suggested that NGNuk consider whether a policy or CoP is required by industry, covering the legitimate uses of the inspection of NGN signalling messages and whether NGNuk should  initiate the development of such a policy.

A work shop was held on 1^st July to consider this in more detail. This work shop covered two areas; the policing of signalling between "trusted" networks and secondly where "un-trusted" networks were involved.

Trusted

NICC have published to documents which cover how CPs should establish the IP interconnect. These are ND1612 ( Generic IP Connectivity for PSTN/ISDN Services between NGSs) and ND 1628 ( Securing Data Flows with IPSEC for NGN Interconnects ).

The work shop recommended that CPs need to commit to implementing the agreed set of NICC controls plus any associated interpretation and to ensuring that any appropriate policies and procedures are developed, implemented and maintained which enables a CP to operate to these controls. Given its standing, status and history formalising such a commitment would appear to add no additional benefit to existing custom and practice already established across the telecoms industry within the UK. It was therefore agreed that NGNuk should take no further action in this area unless it subsequently becomes apparent that there is an issue with inappropriate policing and manipulation of signalling traffic over IP interconnects. 

Un-trusted

Within the C7 signalling protocol, network controls allow for  the management of traffic (such as such unusually high levels of traffic or call attempts). With the move to SIP interconnection, it opens up the opportunity for new threats such as "spoof" addressing and "malformed" addresses which might disrupt a CP's network. Currently CPs have their own view of what constitutes a trusted or un-trusted source (www. traffic is deemed un-trusted ) . Even with a "trusted" source, a CP remains reliant on the policies, procedures and controls of its interconnect partner. Furthermore, NGNs have intelligent end points, which in themselves can generate millions of calls or call attempts. CPs therefore, need to consider the impact of unscrupulous 3^rd parties on their own or their interconnect partner's network

The work shop agreed that there is a need for CPs to collectively develop and agree a common understanding of the circumstances where action should be taken by interconnect partners with respect to incidents arising from the actions of unscrupulous 3^rd parties. The group felt that via NICC , NGNuk needs to encourage the development of this understanding of how un-trusted networks should be managed , incidents responded to and the responsibilities of CPs defined. Subsequent discussions with NICC has identified they have already initiated a work stream to address part of this problem.

The NICC work study ( No 210) seeks to define the how sessions that are set-up between controlled and uncontrolled sources are allowed to provide maximum connectivity, but  issues such as CLI, location privacy and voice quality monitoring are appropriately handled. BT/CW/KCom and Solus are supporting this work study, however feedback from NICC is that little progress has been made to date.

The NGNuk requirement appears broader than the NICC work study,  in that it seeks a  common understanding/policy across CPs of the circumstances where action should be taken  by the respective interconnect partners, what can and cannot be reasonably expected of each other and also whether any elements that need to be backed off either contractually or via fair use policies with  End Users

It was agreed that:

1.  Peter Ryde should document and agree within NGNuk, any  requirements that are in addition to the existing NICC work study
2. Send the agreed statement to NICC and set up a joint NGNuk/NICC call to agree any changes to the NICC scope
3. Provided all the NGNuk requirements can be accommodated NGNuk will support the NICC work study. If agreement cannot be reached on NICC extending the remit, then NGNuk will consider how the operational policy issues are addressed and represent at the November NGNuk Exec

Assuming both NICC and NGNuk agree on extending the scope of the work study, then existing supporters of the work study are requested to re-invigorate their support. However,  additional members were requested to actively support this item.

Action 2- 24/09/2009 - Peter Ryde to document and agree within NGNuk, any  requirements that are in addition to the existing NICC work study on un-trusted sources, to  send this agreed statement to NICC and then to jointly review with NICC.

To top

At the July Exec it was agreed that Peter Ryde should review the NGNuk constitution to ensure it better reflects how NGNuk are currently operating in practice and also to bring it up to date in terms of members and personnel.

The constitution was circulated and comments received and incorporated.

The key changes cover the following areas:

1. Changing the terms of reference to better reflect NGNuk as a review forum which aims to identify NGN related commercial issues and collectively agree how these need to dealt with, rather than its role being to have a formal programme defining a technical interconnect structure and associated commercial framework
2. Updating the list of Executive  Members and reflecting that BT plc has 3 representatives on the Executive
3. Giving the Executive the ability to revise membership fees , within the  original funding limits, without reference to Ofcom based on the budgets Rod Smith compiles for your approval
4. Easing the conditions associated with establishing, joining and managing work groups
5. Allowing NGNuk to be dissolved when the Executive determines its activities are no longer required.

The amended constitution was discussed and agreed unanimously, with no amendments. This will be published on the NGNuk website.

 

Action 3 - 24/09/09 - Peter Ryde to publish the new constitution on the NGNuk website and also circulate the revised copy to all members.

To top

Budget Update

Rod Smith provided an update on the budget and cash position

Membership

A membership request had been received from Babcock Networks to join NGNuk as a Participating Member. Whilst welcoming this approach, on reviewing their scope of company activity Babcock appeared not to comply with the terms of membership.  Peter Ryde was asked to confirm the position with Babcock. Babcock has responded that it is their intention to deploy and operate a number of  wireless NGN Open Access networks and integrated NGNs in the UK offering Wireless, ADSL 2+, and VDSL services. In view of this statement, they qualify as a Participating Member and their request to join NGNuk was accepted by the Executive.

NGNuk Secretariat Update

David Halliday will be attending future Consult 21 meetings on NGNuk's behalf,  rather  than Peter Ryde

The next scheduled meeting was 10.00 to 13.00 on 26^th November at Riverside House.

Peter Ryde

NGNuk Office

07771 555 048

020 7783 4688

To top

Action 5 - 29/01/2009 - Establish a joint session with NICC regarding the Usage of Non-numeric Identifiers with the aim of delivering feedback for debate at the March NGNuk executive.  This work shop was held with NICC. Those NGNuk representatives present found that whilst accepting the validity of the debate it was unlikely, based on past evidence , that NGNuk would gain much active support from members to progress this beyond the feedback provided at the workshop. Peter Ryde committed to reviewing with NICC whether there where any specific issues where commercial feedback was preventing NICC developing its internal paper.	Peter Ryde Ongoing
Action 5 - 21/05/2009  - Represent the problem statement for "Fair access to new services " at the January 2010 for the Exec to consider whether the situation remained unchanged.	Peter Ryde Ongoing
Action 1 -23/07/2009 - Work  with CP nominees to consider how NGNuk members might seek to proactively widen adoption of the NICC Minimum Security Standard across industry. Initial meeting held on 21st September for feedback to the September Executive.	Peter Ryde Ongoing
Action 2 -23/07/2009 - Initiate a discussion with the Tele- Houses regarding their ability and willingness to support CPs adopting the minimum standard. This will be addressed as part of NGNuk's wider communication with Suppliers	Peter Ryde Closed
Action 3 - 23/7/2009 - Gain a clearer understanding of the scope of NICC activity regarding the policing of signalling activity and how NGNuk might better support this. See Minutes	Peter Ryde Closed
Action 4 - 23/7/2009 - Work  with NGNuk members, to identify whether any gaps exist between the scope anticipated by NGNuk and the work planned by NICC. Should a gap exist to propose the appropriate remedial action for consideration by the Exec. See Minutes	Peter Ryde Closed
Action 5 - 23/7/2009 - Work with NGNuk members to understand whether CP adoption of the NICC activity needs to be enshrined within a CoP or incorporated within interconnect contracts. Custom and practice across industry is to adopt NICC recommendations where they exist. Introducing an additional CoP in this area adds little additional value and is not recommended to the Executive. This was accepted by the Executive	Peter Ryde Closed
Action 6 - 23/7/2009 - Work with NGNuk members to review in greater detail a policy or CoP is required by industry covering the legitimate uses of the inspection of NGN media and content by other CPs. Awaiting discussion with GSMA	Peter Ryde Ongoing
Action 7 - 23/7/2009 - Contact the GSMA to identify what work they might be undertaking regarding policing of signalling and media over NGN interconnects. The appropriate contact has been identified at GSMA however no date for a meeting has yet been agreed.	Peter Ryde Ongoing
Action 8  - 23/07/2009  - Represent the problem statement for "Use of 3rd Party Elements within a Session " at the March 2010 for the Exec to consider whether the situation remains unchanged	Peter Ryde Ongoing
Action 9 - 23/7/2009 - Work with NGNuk members to consider whether there is scope for constructive NGNuk activity in the areas of Quality of Service Principles , Presence and Location , Security and Authentication and Numbering and Addressing The Secretariat intent is to include these as an additional item when some other work shop is scheduled with the appropriate attendees, No suitable work shop has been identified.	Peter Ryde Ongoing
Action 10 -23/07/2009 - Clarify  the scope of activities of Babcock Networks and whether these meet the criteria for membership, then to decline or represent as appropriate. See Minutes	Peter Ryde Closed
Action 11 -23/07/2009 - Review and revise the existing constitution and circulate the draft to members for comment. See Minutes	Peter Ryde Closed
New Actions
Action 1 - 24/09/09 - NGNuk to write to Ofcom to seek clarification on what Ofcom are willing to state publicly regarding the adoption of ND1643 by industry and also to seeking confirmation of the Ofcom  position on adopting a General Condition	Secretariat
Action 2- 24/09/2009 - Document  and agree within NGNuk, any  requirements that are in addition to the existing NICC work study on un-trusted sources, to  send this agreed statement to NICC and then to jointly review with NICC.	Peter Ryde
Action 3 - 24/09/09 - Publish the new constitution on the NGNuk website and also circulate the revised copy to all members.	Peter Ryde

To top