INDUSTRY AND GOVT. EYE ROLE OF FINANCES IN NETWORK SECURITY

“In a post-Sept. 11 environment, when we start looking at threats to national security, we have to broaden rather than narrow what the possible threats are,” said Lisa Crawford-Bruch, federal telecom contracting consultant and former head of AT&T’s FTS 2000 program. That makes financial viability of any provider of critical infrastructure, including telecom carriers, important, she said. Financial strength of network providers relates to issues such as network maintenance and monitoring, staffing levels to manage network, and whether company has “sufficient assets in terms of actual network facilities to support the traffic that you are responsible for carrying,” Bruch said. Other industry observers said they expected carriers’ financial straits to be looked at in less of standalone way when it came to network security issues. Several said performance guarantees in federal govt. and other contracts mean that issue would take care of itself because agencies could exit agreement if certain measures weren’t taken.

But in some cases telecom carriers themselves have drawn attention to link between their financial security and continuation of network services. Before WorldCom’s filing for Chapter 11 bankruptcy protection last month, CEO John Sidgmore told reporters he had received requests for information from govt. agencies to make sure company -- and particularly its UUNet Internet backbone unit -- would stay in service. While he stressed that its Internet infrastructure would stay up and running, he said govt. officials, including those involved in homeland security, had voiced concerns over cybersecurity.

Greater awareness of Administration’s concerns about financial health of businesses that underpin communications and information networks came in March at annual executive meeting of NSTAC, one industry source said. In addition to potential threats such as terrorist attacks, at that time Clarke “stated as a separate but very important concern the financial health of the businesses that are the critical infrastructure of the IT network,” source said. NSTAC and National Communications System have been looking at potential strategic risks, including restoration priorities, source said. “A business failure is no different than other failures identified in the restoration priority scheme,” source said. As to extent that NSTAC will be asked to look at that as separate issue, “I don’t know what the Administration may have in mind,” source said. “It’s not like these are things that haven’t been talked about.” Another issue that came up at that meeting was difficulty some companies faced in current tight capital markets in spending money on network maintenance, another industry source said. Council on Competitiveness echoed that theme in its newsletter last month, saying federal officials had said network providers had “been slow to implement protections due to cost-cutting efforts and fear that publicizing vulnerability could shake consumer confidence.”

At meeting of NSTAC’s Industry Executive Subcommittee (IES) last month, WorldCom’s financial situation came up, as well as general financial position of industry, another industry source said. “It is something of an ongoing concern and consideration and an ongoing dialog with the national security community,” he said. The IES working group, which includes 30 executives of major telecom carriers, information system providers and other IT companies that advise President on such issues, next meets Aug. 18, first since WorldCom filed for bankruptcy, and may provide sense of extent to which NSTAC will look at financial viability issues related to security, source said.

“It’s an emerging issue -- agencies are just beginning to look at this issue,” said federal telecom contract consultant Warren Suss. Primary concern of govt. agencies is “near-term network performance,” he said: “Anything that gives any indication of performance problems will certainly flag some more dramatic actions. Without performance problems, it’s a little too early to tell.”

Consultant Paul Goulding, former acting General Services Administration (GSA) administrator, said that while there was some relationship between network security and financial health of carriers: “I don’t think it’s that strong a relationship… I think it’s still 2 separate matters.” Goulding said that in some cases carriers had backed away from pursuing govt. contracts because they viewed profit margins as too slim.

One practical consideration that would prevent govt. agencies from quickly switching from carrier that was viewed as financially troubled is “extraordinary amount of time and effort that it takes to go through a major transition from one vendor to another,” Suss said. Carriers such as AT&T may view that as opportunity, he said. AT&T was one of original holders of FTS 2000 long distance contract, but GSA awarded follow-on FTS 2001 contract to Sprint and WorldCom. AT&T still has ability to offer agencies services on that contract through cross-over program under which the GSA allows qualifying local Metropolitan Area Acquisition contract vendors to provide services to agencies on FTS contract and FTS vendors to provide local telecom services. AT&T also has relatively new president of govt. solutions, Sprint veteran Chris Rooney, Suss said: “They are going to go after this business with both barrels loaded.”

“The cold reality is that WorldCom, for several services, is only one of 2 or 3 choices that the government has,” Precursor Group analyst Scott Cleland said. While AT&T and Sprint are financially stronger now, same competitive problems that have affected WorldCom also are at work on those 2 carriers, he said. “WorldCom’s fraud just took them down faster,” he said. “The government in doing multiyear contracts is going to have a real dilemma in 2 or 3 years,” Cleland said. “There may not be anybody that’s financially viable. This industry’s profits are being drained rapidly.” While he said he didn’t expect govt. to bail out WorldCom, he said it needed company badly. He cited contracts with federal agencies that support U.S. air traffic control system and important defense and intelligence needs. “The government can’t cut off its nose,” he said. “The things that WorldCom does are critically important to essential services and national security.”

Several experts said one outcome of increased financial uncertainty besetting telecom industry could be that systems integrators take on even greater role in govt. contracts as agencies put more attention on having multiple providers. Technological solutions that would enable agencies to have integrated view of entirety of govt.’s network across service providers were likely to be of particular interest, Bruch said. Such system would allow govt. to manage its communications assets “at the highest levels,” particularly in crises when agencies reroute traffic among various sensitive locations, she said. “That could be an emerging role of what a systems integrator would do,” she said.

While new financial pressures carriers face are just one of numerous security issues, they may be one of factors that in long term encourages agencies to “reconsider their network architectures and to put themselves in a place where they are less vulnerable to an unanticipated problem,” Suss said. “This kind of risk was not on the map a few months ago.” That situation will influence “the balance of power between the carriers and the system integrators,” he said. In past, system integrators often have been seen as additional overhead on communications contract, he said. “This will give more weight to the integrator argument,” as agencies look for ways to evaluate their communications and IT infrastructure across different providers, he said.