In f ras t r uct ure S y s t e m s
STANDARDS
Welcome, Henry Franc By Henry Franc
riting my very first standards column for Connections+ has been a little daunting. It’s both an honour and challenge to fill the illustrious shoes of my predecessor, friend and mentor Paul Kish, who previously penned this column as the director of systems and standards at Belden. His insight and passion in regard to the ICT industry – and the standards that support it – have inspired me and many others to get involved. And will, I’m sure, for years to come. Paul took a multifaceted approach to standards, from products and media to applications and their use in our connected world. I cannot hope to bring the same level of expertise or experience that he has to you, so instead I will put my own flavor into this column Paul’s background was very much rooted in his experience as a technology director in the manufacturing industry; my experience is based on the user perspective. I’ve served as a contractor, user, integrator and consultant – and now as a solutions specialist. Based on my knowledge, I will focus less on the “push” of technology and more on the “pull” of the business requirements utilizing that technology. I welcome your feedback, and hope you find my opinions and viewpoint valuable. As part of my first column, I want to discuss a new standard recently approved for publishing by the TIA TR42.1 engineering sub-committee. The ANSI/TIA-5017 Telecommunications Physical Network Security Standard was sent to ANSI for publishing, and should be available shortly. More than three years in the making,with more than 30 participating organizations, I feel that this document will provide much-needed guidance regarding physical security from an infrastructure standpoint. The standard, which was initiated through a need that was identified by the U.S. federal government, has evolved into a diverse, multipurpose document. Not only can it provide guidance on protecting the telecommunications infrastructure, but it can also be used to leverage infrastructure to protect other assets (people, property or premises) as a part of an overall security plan. The document delves into areas such as risk assessment, design, installation, leveraging intelligent building systems (IBSs) and administration.
W
Henry Franc is a solutions specialist at Belden and an active standards development participant. The information presented is the author’s view, not official standards organization correspondence.
8
Connections+
Mar/Apr 2016
Whereas many standard documents tend to be very prescriptive, ANSI/TIA-5017 is much more descriptive in nature from my perspective. Today’s connected world, or the Internet of Things (IoT), is diverse in its capabilities requirements and use. As such, security needs are equally diverse. Further, the threats faced by any particular asset are changing as technology and society evolve. For that reason, the first section of ANSI/TIA5017 is about performing a risk assessment and creating a security plan relevant to your specific situation. The security plan is, or should be, a living process and approach to deal with risk management. You must: • Identify the potential for negative events and their causes • Reduce (and ideally eliminate) negative events • Limit the impacts of these events • Provide recovery from the events • Review the events and subsequent activities (whether or not there are impacts) to evolve the security plan The document also uses a number of security levels (SL1 through SL3) to describe the requirements of a particular installation: •SL1: Basic Security • SL2: Tamper Resistant • SL3: Critical Security From there, the document provides a solid framework and foundation for the thought processes, procedures and actions that will help the user develop a specific security plan for either the telecommunications infrastructure itself or as part of the overall security plan for the facility – or both. Unfortunately, we’re not living in a perfect world, nor do I think we have a dystopian future because, as imperfect as we are, we strive for better. I encourage those involved with secure facilities or security in general to obtain a copy of the standard and review it. I believe you will find the guidance valuable. I look forward to many more discussions with you as industry members and readers. Perhaps in my next column we can talk about the importance of your participation in the standards development process. It’s through celebrating our collective expertise, experience and innovation that we reach the healthy consensus necessary to develop meaningful standards in continued support of our industry. C+ www.connectionsplus.ca