|
|
|
|
||
FirstNet and SDNII believe that my post 76134 dated 11/8/2014 answers some of the questions about FirstNet. Also please note that the request for Information (RFI) responses from 122 potential bidders required each company to certify that they have in-house technology, or licenses in accordance with Federal Acquisition Regulations (FAR), to meet the security requirements. If anyone wants more info on the FAR’s in earlier posts I listed the specific paragraphs of the FAR that apply to the FirstNet program. The FAR requirements for government contracts become essential upon contract award so copies of the license agreements must be submitted with the final proposals from the potential prime contractors. Also keep in mind that some potential prime contractors already have signed license agreements with VirnetX including Avaya, Siemens, and Microsoft.
Here is a copy of post 76134
Nationwide Public Safety Broadband Network (NPSBN):
The architecture for FirstNet (NPSBN) is based on the 3rd Generation Partnership Project (3GPP) technical specifications (release 10 and later releases). All companies that submit bids for the FirstNet contract must acknowledge they can meet the specific requirements of the 3GPP Security architecture in TS 33.210. VirnetX has declared its patents essential for TS 33.210 (release 10) and other applicable specifications.
The NPSBN architecture is based on the 3GPP LTE Evolved Packet System (EPS) that is composed of the Evolved Packet Core (EPC) and E-UTRAN (RAN). This is the Internet Protocol (IP) architecture with separation of control plane and user plane traffic. Distinct security protection mechanisms are applied to each type of traffic, consistent with the security threats being addressed by each LTE security component. At the discretion of FirstNet, the NPSBN may be implemented with one or more security domains. For example, the NPSBN Core and RAN might exist in a single security domain, and State opt out RANs might exist in their own distinct security domains. The 3GPP Security Architecture in TS 33.210 provides the following definitions for this Inter and Intra domain security. These definitions are applicable to components that are covered by the 3GPP standards and not to the broader security context that involves system elements outside the NPSBN.
Here are some quotes from the NPSBN specification that will be included in the upcoming request for proposal (RFP) scheduled to be released during 2015:
4.8.3.2 Network Domain Security
The Interoperability Board recommends that FirstNet define the networks, identify the domains of the system, and then apply consistent security policies for interfaces both internal to domains under the control of the NPSBN and also between domains.
“Network Domain Security SHALL be implemented in accordance with 3GPP TS 33.210, which stipulates the use of IPSec to protect IP communication between administrative domains (including all network connections used to interconnect the domains).
The NPSBN SHALL comply with TS 33.310 as the authentication framework for Public Key Infrastructure to authenticate these network interfaces.”
4.8.4 Support for Jurisdictional Security Policies
“It is essential that the NPSBN support layered security policies that permit jurisdictions to implement their unique security policies, provided that doing so does not compromise the overall security of the NPSBN. Inherently, a jurisdictional security implementation, layered on top of the NPSBN will only be interoperable to users authorized by the jurisdictional security authority. While these layered security mechanisms must be supported, doing so must not be to the detriment of interoperability for users that are not part of that security domain. For example, a jurisdiction may require a particular 2-factor authentication scheme in connection with a secure VPN, based on a commercially available technology. The secure VPN will limit access to a network domain to only authorized users. It is important that this VPN does not have a negative impact to users that are not part of that network domain.”
Request for Information (RFI):
On October 28, 2014 FirstNet reported that it received 122 responses to the Request for information (RFI) released in September. This is the final step before release of a request for proposal (RFP). The list of names of the 122 responders was not made public.
FirstNet also received public policy inputs on October 28th that were posted on the web site. These included inputs from interested companies and public safety professionals, plus regional, state, tribal and local jurisdictions, and the vendor community on the development of the nationwide public safety broadband network (NPSBN). This is a list of some of the companies releasing a public statement:
1. Nokia Solutions and Nokia Networks US LLC. 2. Alcatel-Lucent 3. Motorola Solutions, Inc. 4. Brocade Communications. 5. Southern Company and SouthernLinc Wireless. 6. Ericsson, Inc. 7. Lockheed Martin Corporation 8. AT&T Services, Inc.
In my opinion there are some interesting conclusions that can be reached based on the NPSBN specification and the RFI public responses:
1. The secure domain name initiative (SDNI) is required and will be implemented by FirstNet using VirnetX secure domain name technology.
2. The eight companies listed above are obviously among the 122 companies interested in bidding on the contract. It seems likely that at least Alcatel, Nokia, Motorola, Ericsson, and Lockheed are potential prime contractor bidders and there are no doubt many other companies also interested in bidding as a prime contractor.
3. It looks like Nokia might be submitting a proposal as a prime contractor although they were a major technical advisor for FirstNet the past two years and helped write the system technical specification. In its public statement Nokia acknowledged that it has been a technical advisor for the FirstNet technical staff and board members, NTIA staff, and the public safety community. Nokia made contributions ranging from network design options and construction strategies to interpretive guidance relating to the statute creating FirstNet.
4. The minimum technical requirements (3GPP) are so fundamental they are required to be supported no matter what advancements in technology might be proposed by the bidders. In other words, the minimum technical requirements must be addressed by prospective bidders on their proposals without change (completely bypassing the usual procedures for defining “material changes”). Furthermore, any accommodation for advancements in technology, must maintain backward compatibility to support the minimum technical requirements. Also, since the minimum technical requirements are based on 3GPP standards and those standards follow a philosophy of backward compatibility this is really a non-issue.
Best regards to all. |
return to message board, top of board |
Msg # | Subject | Author | Recs | Date Posted |
83210 | Re: FirstNet and SDNI | tjmcbntmkr | 0 | 4/1/2015 9:25:45 PM |
83214 | Re: FirstNet, SDNI and Cognitive Dissonance | embraceyourinnerhillbilly | 2 | 4/2/2015 1:00:32 AM |