Thursday, October 29, 2015

:: FCC and CU Boulder Public Safety Cybersecurity Summit

FCC and University of Colorado, Boulder Interdisciplinary Telecommunications Program to co-sponsor summit exploring cybersecurity issues for communications and public safety sectors

On December 7, 2015, the Federal Communications Commission and the Regents of the University of Colorado, a body corporate, contracting on behalf of the CU Boulder Interdisciplinary Telecommunications Program will co-host a summit to explore cybersecurity issues facing the telecommunications sector and the public safety community.  The summit will seek to promote ways to develop, implement and measure best practices, enhance c-suite and agency senior level awareness, and evolve policy planning related to cybersecurity recommendations for the telecommunications sector, public safety sector, research and development, and workforce planning/talent management.  This day-long public forum would allow exchange of ideas, as well as allow extended interaction with critical industry, academic and government personnel involved in securing our commercial networks, evolving the next generation of public safety networks, and planning for the future of these critical communications assets. 

WHAT:            FCC-CU Boulder ITP Public Safety Cybersecurity Summit

The event will feature industry, public safety, academic and government thought leaders in the field of cybersecurity in a series of moderated panels, considering technical, practical, and policy issues related to the cybersecurity threats facing our commercial and public safety networks.
A summit agenda, providing additional details about the event will be released at a later date.     
WHEN:            Monday, December 7, 2015, 9:00 AM, DLC Bechtel Collaboratory, College of Engineering and Applied Science, University of Colorado, Boulder, Colorado

WHO:              Security researchers, policymakers, industry leaders, cybersecurity organizations, investors, public safety organizations, state, local and Tribal government officials, academic institutions and others interested in understanding the current and evolving cybersecurity landscape in these sectors.  Space is limited for this event.  Please e-mail cybersummit@fcc.gov with “Registration” in the subject line and provide your name, organization affiliation and contact information.

Released:  10/27/2015.  FCC AND CU BOULDER TO HOLD PUBLIC SAFETY CYBERSECURITY SUMMIT. (DA No.  15-1224).  PSHSB . Contact:  Erika Olsen at (202) 418-2868, email: Erika.Olsen@fcc.govor ITP Corporate Outreach:Terese Manley at (303) 492-3824, email: Terese.Manley@colorado.edu. News Media Contact: Rochelle Cohen at (202) 418-1162, email: Rochelle.Cohen@fcc.govhttps://apps.fcc.gov/edocs_public/attachmatch/DA-15-1224A1.docx
https://apps.fcc.gov/edocs_public/attachmatch/DA-15-1224A1.pdf



Wednesday, October 28, 2015

:: NIST Seeks Comments on New Project Aimed at Protecting Privacy Online

The National Cybersecurity Center of Excellence (NCCoE), in partnership with the National Strategy for Trusted Identities in Cyberspace National Program Office, is seeking comments on a new project focused on protecting privacy and security when reusing credentials at multiple online service providers.
Many organizations now allow online customers to use third-party credentials to create and manage accounts and services. For example, your social media account login can be used to access your fitness tracker account. In effect, the social media company is vouching for you with the tracker company.
Allowing third-party credentials saves businesses time and resources in managing identities. For users, the benefit comes from not having yet another username and password to manage and remember.
As these arrangements become more common, a growing number of organizations are laboring to manage—and integrate—each third-party relationship. So now a new service, called brokered identity management, has emerged. Organizations can engage identity brokers to manage multiple third-party credentialing options on their behalf.
The benefits to organizations and individuals are significant, but there is also a concern that these connections meant to improve security can create opportunities for increased tracking of users.
This new collaborative project will examine how commercially available privacy-enhancing technologies can be integrated into identity broker solutions. The NCCoE is seeking comments on a draft document that describes a potential “building block”—one of a series of solutions that address cybersecurity concerns for multiple industry sectors. The document, Privacy-Enhanced Identity Brokers, describes the technical challenges of adding privacy-enhancing technologies to existing products or services, and the technical controls needed to address the privacy risks inherent in them.
Feedback from businesses and the public will inform the project and solution development. This will ultimately result in an 1800-series NIST Cybersecurity Practice Guide that will demonstrate the example solution and provide all the information necessary to replicate the reference design.
The NCCoE addresses businesses' most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies. The center collaborates with industry, academic and government experts to build modular, open, end-to-end reference designs that are broadly applicable and repeatable.
The document can be viewed on the NCCoE website. Comments should be submitted to via a web form or to petid-nccoe@nist.gov by Dec. 18, 2015.

:: Committee Leaders Request Audit of FCC's Enforcement Bureau

WASHINGTON, DC – Leaders of the House Energy and Commerce Committee and its Subcommittee on Communications and Technology today asked the Government Accountability Office – the nation’s nonpartisan watchdog – to complete a review of the management of the Federal Communications Commission’s Enforcement Bureau. Full Committee Chairman Fred Upton (R-MI), along with subcommittee Chairman Greg Walden (R-OR) and Vice Chairman Bob Latta (R-OH), are seeking the report in conjunction with the subcommittee’s ongoing oversight of the commission.
The leaders wrote:
This committee’s concern with the openness, transparency, and fairness of the Federal Communications Commission’s (FCC) process is well established and has led to multiple and varied inquiries into the management of the agency under multiple chairmen. These inquires include, among other things, the monitoring of the FCC’s backlog reduction efforts, the FCC’s success in meeting bureau and office performance metrics, and more recently the Chairman’s proposal to reduce the Enforcement Bureau’s geographic footprint by closing more than half of the Bureau’s field offices.
The information submitted by the FCC in response to these inquiries has validated our concerns with FCC management and process. One area of particular and ongoing concern is the management of the FCC’s largest subdivision – the Enforcement Bureau. …


http://energycommerce.house.gov/press-release/committee-leaders-request-audit-fcc-enforcement-bureau

:: NIST to Support Cybersecurity Jobs “Heat Map” to Highlight Employer Needs and Worker Skills

"WASHINGTON, DC – As part of the U.S. Department of Commerce’s “Skills for Business” initiative, the National Institute of Standards and Technology (NIST) is funding the development of a visualization tool that will show the demand for and availability of critical cybersecurity jobs across the nation. The project, funded through NIST’s National Initiative for Cybersecurity Education (NICE), will provide data to help employers, job seekers, policy makers, training providers, and guidance counselors in order to meet today’s increasing demand for cybersecurity workers. 

"In partnership with job market analytics and research firm Burning Glass Technologies, CompTIA, a non-profit trade association for IT professionals and organizations, has received a three-year grant to conduct extensive research and create a “heat map” that visualizes the need for, and supply of, cybersecurity workers across the country. Heat maps are a popular data visualization tool that, in this case, will use varying shades of color to show relative differences in the geographic concentration of supply and demand. CompTIA has been awarded $249,000 in first-year funding. "


:: Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies

"In this final rule, the Librarian of Congress adopts exemptions to the provision of the Digital Millennium Copyright Act (“DMCA”) that prohibits circumvention of technological measures that control access to copyrighted works, codified in section 1201(a)(1) of title 17 of the United States Code. As required under the statute, the Register of Copyrights, following a public proceeding, submitted a Recommendation concerning proposed exemptions to the Librarian of Congress. After careful consideration, the Librarian adopts final regulations based upon the Register's Recommendation.Fed Reg Notice.

Thursday, October 22, 2015

:: NTIA Twenty-Fifth Quarterly Status Report to Congress Regarding BTOP


October 16, 2015
Pursuant to Section 6001(d)(4) of the American Recovery and Reinvestment Act of 2009 (ARRA or Recovery Act) (Public Law No. 111-5), the NTIA provides this Quarterly Report on the status of the Broadband Technology Opportunities Program. This Report focuses on the Program’s activities from January 1 to March 31, 2015.

:: House Commerce Hearing: Common Carrier Regulation of the Internet: Investment Impacts

http://energycommerce.house.gov/hearing/common-carrier-regulation-internet-investment-impacts Tuesday, October 27, 2015 - 10:00am
Background Documents and Information: 
Hearing Notice
To read a related press release, click here.
Witnesses: 

Frank V. Louthan
  • Managing Director- Equity Research
  • Raymond James Financial
Michael Mandel
  • Chief Economic Strategist
  • Progressive Policy Institute
Robert Shapiro
  • Co-Founder and Chairman
  • Sonecon LLC
Nicholas Economides
  • Professor of Economics
  • New York University Stern School of Business
 

Friday, October 09, 2015

:: Email. The modern working world cannot exist without it, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new projects. hand on keyboard Credit: ©Fotolia.com NIST is publishing a draft document for comment that provides guidelines to enhance trust in email. And the National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators to provide products and expertise to demonstrate a secure, standards-based email system using commercially available software and other tools. In the early, halcyon days of the Internet, researchers were more interested in sharing information rather than securing it. Now, decades later, securing the world’s most widely used medium for business communication is a full-time job for researchers and IT specialists around the globe. “The two main threats to current email services are phishing and leaking confidential information,” explains computer scientist Scott Rose. In phishing, hackers use forged emails to trick email users to unknowingly provide valuable data such as bank account numbers. In other scams, addressees are lured into clicking on a link that downloads malicious code, which can home in on an organization’s most valuable data like a heat-seeking missile or steal personal information. Hackers can also intercept email messages to learn an organization’s proprietary information, or tamper with the information in the message before it is delivered to the recipient. In the draft Trustworthy Email (NIST Special Publication (SP) 800-177), authors provide an overview of existing technologies and best practices, and they offer deployment guidance to meet federal government security requirements. Emerging protocols to make email security and privacy easier for end users also are described. While there are two basic threats to email, there are multiple ways to exploit both, Rose says. Trustworthy Email suggests solutions to address all common exploits. To reduce the risk of spoofing, for example, the authors suggest that organizations use techniques to authenticate domain names used to send emails, and that employees or members digitally sign email. For confidential email, organizations can encrypt email between sender and receiver or secure the transmission between email servers. Trustworthy Email is written for enterprise email administrators, information security specialists and network managers. The document applies to federal IT systems, but can be used in other organizations. The publication is designed to complement NIST’s earlier document, Guidelines on Electronic Mail Security, NIST SP 800-45 version 2. The authors seek input on the draft document. The deadline for comments on Trustworthy Email, SP 800-177, is November 30, 2015. Please send any questions or comments to sp800-177@nist.gov. At the same time, the NCCoE is seeking collaborators to provide products and technical expertise during a project that will demonstrate a secure email system. The NCCoE’s Domain Name System (DNS) Based Secured Email project will lead to a publicly available NIST Cybersecurity Practice Guide. The guide will explain how to employ and build a platform to meet federal and industry security and privacy requirements using commercially available tools and components. More information is available in a recent white paper. If you are interested in participating, details are provided in Federal Register Notice Document 2015-25304. Letters of interest will be accepted on a first-come, first-served basis. Those selected to participate will enter into a Cooperative Research and Development Agreement with NIST. The NCCoE is a partnership of NIST, the State of Maryland and Maryland's Montgomery County. The center is dedicated to furthering rapid adoption of practical, standards-based cybersecurity solutions for businesses and public organizations using commercially available and open-source technologies.

Email. The modern working world cannot exist without it, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new projects.
NIST is publishing a draft document for comment that provides guidelines to enhance trust in email. And the National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators to provide products and expertise to demonstrate a secure, standards-based email system using commercially available software and other tools. In the early, halcyon days of the Internet, researchers were more interested in sharing information rather than securing it. Now, decades later, securing the world’s most widely used medium for business communication is a full-time job for researchers and IT specialists around the globe. “The two main threats to current email services are phishing and leaking confidential information,” explains computer scientist Scott Rose. In phishing, hackers use forged emails to trick email users to unknowingly provide valuable data such as bank account numbers. In other scams, addressees are lured into clicking on a link that downloads malicious code, which can home in on an organization’s most valuable data like a heat-seeking missile or steal personal information. Hackers can also intercept email messages to learn an organization’s proprietary information, or tamper with the information in the message before it is delivered to the recipient. In the draft Trustworthy Email (NIST Special Publication (SP) 800-177), authors provide an overview of existing technologies and best practices, and they offer deployment guidance to meet federal government security requirements. Emerging protocols to make email security and privacy easier for end users also are described. While there are two basic threats to email, there are multiple ways to exploit both, Rose says. Trustworthy Email suggests solutions to address all common exploits. To reduce the risk of spoofing, for example, the authors suggest that organizations use techniques to authenticate domain names used to send emails, and that employees or members digitally sign email. For confidential email, organizations can encrypt email between sender and receiver or secure the transmission between email servers. Trustworthy Email is written for enterprise email administrators, information security specialists and network managers. The document applies to federal IT systems, but can be used in other organizations. The publication is designed to complement NIST’s earlier document, Guidelines on Electronic Mail Security, NIST SP 800-45 version 2. The authors seek input on the draft document. The deadline for comments on Trustworthy Email, SP 800-177, is November 30, 2015. Please send any questions or comments to sp800-177@nist.gov. At the same time, the NCCoE is seeking collaborators to provide products and technical expertise during a project that will demonstrate a secure email system. The NCCoE’s Domain Name System (DNS) Based Secured Email project will lead to a publicly available NIST Cybersecurity Practice Guide. The guide will explain how to employ and build a platform to meet federal and industry security and privacy requirements using commercially available tools and components. More information is available in a recent white paper. If you are interested in participating, details are provided in Federal Register Notice Document 2015-25304. Letters of interest will be accepted on a first-come, first-served basis. Those selected to participate will enter into a Cooperative Research and Development Agreement with NIST. The NCCoE is a partnership of NIST, the State of Maryland and Maryland's Montgomery County. The center is dedicated to furthering rapid adoption of practical, standards-based cybersecurity solutions for businesses and public organizations using commercially available and open-source technologies.

Thursday, October 08, 2015

: NTIA California Community Broadband Forum Nov. 17

The National Telecommunications and Information Administration (NTIA), as part of its BroadbandUSA initiative will hold a one-day regional broadband Workshop, “California Broadband Workshop,” to help communities expand their broadband capacity and increase utilization of broadband. The Workshop will put forward best practices and lessons learned from network infrastructure build-outs and digital inclusion programs from California and surrounding states, including projects funded by NTIA's Broadband Technology Opportunities Program (BTOP) and State Broadband Initiative (SBI) grant programs. It also will include access to regional policymakers, federal funders and industry providers. The California Broadband Workshop will also explore the impact of municipal networks on local and regional economic development and discuss effective business and public-private partnership models, as well as lessonslearned in the implementation of networks, adoption and use of broadband. Federal Register

: BITAG Publishes Report: Differentiated Treatment of Internet Traffic

Denver, CO (October 8, 2015):  Today, the Broadband Internet Technical Advisory Group (“BITAG”) announced the publication of its technical report on the subject of Differentiated Treatment of Internet Traffic. The executive summary of the report can be found further below – including the full set of observations and recommendations – and the report itself can be found at:http://www.bitag.org/documents/BITAG_-_Differentiated_Treatment_of_Internet_Traffic.pdf.
Differentiated treatment of Internet Access Service traffic has been a subject of debate and regulatory scrutiny. In February 2015, the Federal Communications Commission (FCC) adopted Open Internet rules that address paid prioritization as well as other topics. This report touches on a broad range of questions associated with differentiation, but is not intended to address or analyze the economic, legal, regulatory, or public policy issues that the differentiated treatment of Internet access service traffic may raise, focusing instead on the technical issues.
The data transmitted across the networks that make up the Internet is formatted as packets, which contain information payloads encapsulated within one or more headers. These headers provide the information needed to deliver the packets to their destinations. As these packets travel across networks, they contend with other packets for network resources. The simplest way to handle this contention would be on a first come, first served basis (also known as First In First Out, or FIFO). In practice, however, network operators make many exceptions to FIFO, using the packet header information to classify packets into flows and treating those flows differently, for example rearranging the order or the timing with which packets are sent, or sending them along different network paths. This is done for various reasons, including meeting service level agreement (SLA) guarantees and selecting paths for traffic from different applications, among other things. Differentiated treatment of traffic can also contribute both to the efficiency of a network and to the predictability of the manner in which network resources are shared. The ability to treat traffic differentially has been built into Internet protocols from the beginning but has not been deployed end-to-end due to a number of issues.
Observations. From the analysis made in the report and the combined experience of its members when it comes to the differentiated treatment of Internet traffic, the BITAG Technical Working Group makes the following observations (See Executive Summary below or full report for the complete explanation of each):
·      TCP causes recurring momentary congestion.
·      A nominal level of packet discard is normal.
·      The absence of differentiation does not imply comparable behavior among applications.
·      Differentiated treatment can produce a net improvement in Quality of Experience (QoE).
·      Access technologies differ in their capabilities and characteristics.
·      Security of traffic has at times been downgraded to facilitate differentiation techniques.
Recommendations. The BITAG Technical Working Group also has the following recommendations (See Executive Summary below or full report for the complete explanation of each):
·      Network operators should disclose information on differential treatment of traffic.
·      Network operators and ASPs should be encouraged to implement efficient and adaptive network resource management practices.
·      Quality of Service metrics should be interpreted in the context of Quality of Experience.
·      Network operators should not downgrade, interfere with, or block user-selected security in order to apply differentiated treatment.
Ken Ko, Senior Staff Scientist at ADTRAN, and Fred Baker, a Fellow at Cisco, served as the lead editors of the report. Douglas Sicker, Executive Director of BITAG, Chair of BITAG’s Technical Working Group, Department Head of Engineering and Public Policy and a professor of Computer Science at Carnegie Mellon University, chaired the review itself.

About BITAG. BITAG is a non-profit, multi-stakeholder organization focused on bringing together engineers and technologists in a Technical Working Group (TWG) to develop consensus on broadband network management practices and other related technical issues that can affect users’ Internet experience, including the impact to and from applications, content and devices that utilize the Internet.
This is BITAG’s eighth report.  BITAG’s previous reports have focused on: Internet interconnection; VoIP impairment, failure, and restrictions; Real-time network management of Internet congestion; Port blocking; SNMP DDoS attack mitigation; Large scale network address translation; and IPv6 whitelisting. Copies of these technical reports can be found on the BITAG website at www.bitag.org.
Questions or Comments? BITAG welcomes any questions, comments or suggestions.  Please contact our Executive Director, Douglas Sicker, at dsicker@bitag.org or our Deputy Director, Kaleb Sieh, at ksieh@bitag.org.



– ATTACHMENT –
Executive Summary of BITAG Report on Differentiated Treatment of Internet Traffic

The Internet is composed of interconnected networks, each having its own architecture and technical characteristics. The data transmitted across these networks is formatted as packets containing information payloads encapsulated within one or more headers, which in turn provide the information needed by networks to deliver the packets to their destinations. As these packets travel across networks, they contend with other packets for network resources. Contention can occur at any point where two or more packets can compete for a resource at the same time. The simplest way to handle such requests would be on a first come, first served basis (also known as First In First Out, or FIFO). In practice, however, network operators make many exceptions to FIFO, using the packet header information to classify packets into flows and treating those flows differently, for example rearranging the order or the timing with which packets are sent, or sending them along different network paths.
Differentiated treatment of Internet Access Service traffic has been a subject of debate and regulatory scrutiny. In February 2015, the Federal Communications Commission (FCC) adopted Open Internet rules that address paid prioritization as well as other topics [1]. This report touches on a broad range of questions associated with differentiation, but is not intended to address or analyze the economic, legal, regulatory, or public policy issues that the differentiated treatment of Internet access service traffic may raise, focusing instead on the technical issues.
The ability to treat traffic differentially has been built into Internet protocols from the beginning. The specifications for both IPv4 and IPv6 have included fields to support traffic differentiation since their inception (initially IPv4’s Type of Service or ToS field) to indicate to routers the quality of service desired, in terms of queuing precedence and routing parameters around delay, rate, and reliability. This was changed to more generic service descriptions with the definition of the Differentiated Services Field, and implemented in IPv4 and IPv6. Notably, traffic differentiation in this sense has not been implemented in multi-provider environments, although it is extensively used within specific networks. End to end deployment would require the harmonization and cooperation of a large number, if not all, of the relevant network operators. 
In its broadest sense, traffic differentiation includes any technique that classifies and applies potentially different treatment to two or more traffic flows contending for resources on a network (a flow being a group of packets that share a common set of properties). Differentiated treatment of network traffic is a two-part process: (1) traffic is classified into traffic streams, and (2) a prescribed set of actions is applied to each stream. This treatment may determine the order in which routers and switches send packets from different flows across the link, the rate of transmission of a given flow, or even whether certain packets are sent at all.
While the techniques used for traffic differentiation overlap with those used to manage congestion, differentiation has a broader purpose that includes meeting service level agreement (SLA) guarantees and selecting paths for traffic from different applications, among other things. Differentiated treatment of traffic can also contribute both to the efficiency of a network and to the predictability of the manner in which network resources are shared.
Differentiation can be complex, and a common vocabulary is key. This report uses the terms “differentiated treatment” or “differentiation,” as opposed to “prioritization” when referring to the full range of treatments that may be applied to traffic flows. The technical definition of “prioritization” is narrow and generally applies only to certain scheduling, dropping, and marking techniques. This report uses “differentiation” in a much broader sense, including most of the ways in which packets may be treated differently from each other while en route to their respective destinations across one or more networks. The scope of differentiation in this report encompasses the classic techniques of scheduling, shaping and queue management by which packets are processed at a network node, and also includes the techniques by which traffic flows are segregated or forwarded onto different physical or logical network paths where they may encounter greater or lesser propagation delays or contention for resources.
This report addresses differentiation applied to traffic on Internet access services, as well as the impacts to Internet access services when differentiation is applied to other traffic carried over the same network. Traffic for mass-market Internet access services is often carried over a common infrastructure with traffic associated with other IP services, as well as the network management traffic used to control devices and report status from them. Since differential treatment of other network traffic has the potential to affect the performance of Internet access services, it is considered here.
The subjective experience perceived by the user of a networked application is known as Quality of Experience, or QoE, and the factors that contribute to QoE vary significantly from one application to the next. In contrast, Quality of Service, or QoS, describes the performance of a network service using objective metrics such as throughput, delay, delay variation, and loss. The relationship between QoS and QoE is highly dependent on the type of application, but variations in QoS have been mapped to corresponding variations in QoE for a number of applications. It is possible to use knowledge about the relationships between network performance parameters and their effects on QoE to attempt to optimize the performance of network flows for their intended applications. Differentiation is often also used to address impairments to QoS.
Broadband networks use different network architectures and access technologies. Several of these network architectures have developed to take advantage of existing access infrastructure that was originally deployed for other services – for example, telephone service over twisted copper pairs or video over coaxial cable. Other networks were developed to meet specific needs, such as for mobility or for access in remote rural areas. In many cases, differences in network design can be traced to the different characteristics of the access technology used. Access technologies can require different approaches to differentiation of traffic.
Observations. From the analysis made in this report and the combined experience of its members when it comes to the differentiated treatment of Internet traffic, the BITAG Technical Working Group makes the following observations:
·       TCP causes recurring momentary congestion
When TCP transfers a large file, such as video content or a large web page, it practically guarantees that it will create recurring momentary congestion at some point in its network path. This effect exists by design, and it cannot necessarily be eliminated by increasing capacity.  Given the same traffic load, however, the severity of the momentary congestion should decrease with increased capacity.
·       A nominal level of packet discard is normal
Packet discard occurs by design in the Internet. Protocols such as TCP use packet discard as a means of detecting congestion, responding by reducing the amount of data outstanding and with it self-induced congestion on the transmission path. Rather than being an impairment, packet discard serves as an important signaling mechanism that keeps congestion in check.
·       The absence of differentiation does not imply comparable behavior among applications
In the absence of differentiation, the underlying protocols used on the Internet do not necessarily give each application comparable bandwidth. For example:
-  TCP tends to share available capacity (although not necessarily equally) between competing connections. However, some applications use many connections at once while other applications only use one connection.
-  Some applications using RTP/UDP or other transport protocols balance transmission rate against experienced loss and latency, reducing the capacity available to competing applications.
·       Differentiated treatment can produce a net improvement in Quality of Experience (QoE)
When differentiated treatment is applied with an awareness of the requirements for different types of traffic, it becomes possible to create a benefit without an offsetting loss. For example, some differentiation techniques improve the performance or quality of experience (QoE) for particular applications or classes of applications without negatively impacting the QoE for other applications or classes of applications. The use and development of these techniques has value.
·       Access technologies differ in their capabilities and characteristics
Specific architectures and access technologies have unique characteristics which are addressed using different techniques for differentiated treatment.
·       Security of traffic has at times been downgraded to facilitate differentiation techniques
Encrypted traffic is on the rise and it has implications for current differentiation techniques. In response to this increase, some satellite and in-flight network operators have deployed differentiation mechanisms that downgrade security properties of some connections to accomplish differentiation. The resulting risks to the security and privacy of end users can be significant, and differentiation via observable information such as ports and traffic heuristics is more compatible with security.
Recommendations. The BITAG Technical Working Group also has the following recommendations:
·       Network operators should disclose information on differential treatment of traffic.
In previous reports, BITAG has recommended transparency with respect to a number of aspects of network management.  BITAG continues to recommend transparency when it comes to the practices used to implement the differential treatment of Internet traffic.
Specifically with respect to consumer-facing services such as mass-market Internet access, network operators should disclose the use of traffic differentiation practices that impact an end user’s Internet access service. The disclosure should be readily accessible to the public (e.g. via a webpage) and describe the practice with its impact to end users and expected benefits in terms meaningful to end users. The disclosure should include any differentiation amongst Internet traffic and should disclose the extent and manner in which other services offered over the same end user access facilities (for example video services) may affect the performance of the Internet access service.
·       Network operators and ASPs should be encouraged to implement efficient and adaptive network resource management practices
In a previous report BITAG recommended that ASPs and CDNs implement efficient and adaptive network resource management practices; we reiterate that recommendation here, extending it to network operators. Examples of such practices might target the minimization of latency and variation in latency induced in network equipment, ensuring sufficient bandwidth for expected traffic loads, and the use of queue management techniques to manage resource contention issues.
·       Quality of Service metrics should be interpreted in the context of Quality of Experience
Common Quality of Service metrics, often included in commercial service level agreements, include capacity, delay, delay variation, and loss rate, among other things. From the viewpoint of the end user application, these metrics trade off against each other and must be considered in the context of Quality of Experience. For example, since TCP Congestion Control and adaptive codecs depend on loss to infer network behavior, actively trying to reduce loss to zero leads to unintended consequences. On the other hand, non-negligible loss rates often directly reduce the user's Quality of Experience. Hence, such metrics should be interpreted in the context of improving user experience.
·       Network operators should not downgrade, interfere with, or block user-selected security in order to apply differentiated treatment.
Network operators should refrain from preventing users from applying over-the-top encryption or other security mechanisms without user knowledge and consent. Networks should not interfere with, modify, or drop security parameters requested by an endpoint to apply differentiated treatment. Given the potential for possible exposure of sensitive, confidential, and proprietary information, prior notice should be given to end users of traffic differentiation features that affect security properties transmitted by endpoints.


Thursday, October 01, 2015

:: NTIA BroadbandUSA: Guide to Federal Funding of Broadband Projects

BroadbandUSA: Guide to Federal Funding of Broadband Projects

September 28, 2015
NTIA’s BroadbandUSA initiative presents this guide to key federal programs that offer funding for broadband-related projects.  NTIA intends this guide to answer questions from communities on how to access federal funding to support broadband planning, public access, digital literacy, adoption, and deployment.