Presentation on theme: "What Makes It Work? A Panel Discussion on Next Generation 9-1-1"— Presentation transcript:
1 What Makes It Work? A Panel Discussion on Next Generation 9-1-1 Version 1.0 (June, 2014)
2 Panel Members Bob Currier, ENP – Intrado, Moderator Jenna Green - SprintBob Gojanovich, ENP – TeleCommunication SystemsApril Heinze, ENP – Eaton County (MI) Central DispatchPat Lustig, ENP – State of Oregon OEMMarc Berryman, ENP – Mission Critical PartnersNate Wilcox - Emergicom
3 Agenda Originating Service Providers NG9-1-1 Core Systems PSAP Equipment and SoftwareDatabases and Call RoutingSecurityQ & A
4 4/13/2017Network LandscapeTalk through the call flow and interaction between the functional elementsHighlight the critical nature of “provisioning” in each area of responsibilityStress IMPORTANCE of GIS dataOne of the KEY lessons learned in early deployments
5 Subscriber Impact Any number of device types Myriad of access options 4/13/2017Subscriber ImpactAny number of device typesMyriad of access optionsSubscriber demographics9-1-1 Access EXPECTATIONS!
6 Communication Service Provider 4/13/2017Communication Service ProviderMay be more than oneTransport of “call”Data ManagementLocationSubscriber InformationInter-Connect with ESINet(s)Communications Service Provider (CSP)An entity that provides the services and signaling to support communication services for one or moreendpoints. These services might include any combination of voice, video and/or datacommunications between users, or services provided by the CSP to an end user. The CSP may or maybe the provider of the access or transport network.
7 CSP Responsibilities Provisioning & Data Management 4/13/2017CSP ResponsibilitiesProvisioning & Data ManagementLIS – Location Information ServerCIDB - Call Information DatabasePIDF-LO - Presence Information Data Format – Location Objects
8 9-1-1 Service Provider 9-1-1 SSP 4/13/20179-1-1 Service Provider SSPDeliver calls to PSAPSelective RoutingConnectivity to ESInet
9 Understanding the System of Systems NG9-1-1 Core Functions
11 NENA 2008 Breakout Session Template CIDBNext Generation 9-1-1LISGISOriginatingNetworksGIS Data ManagementLVFGISGISVoIPCellularPSTNEnterpriseDiscrepanciesSIFESInetBCFAccess ControlECRFBCF AdminPRFLegacy Network GatewayBCFNG9-1-1PSAPESRPLegacy SRGatewayLegacyPSAPGatewayLegacyPSAPsSystem LoggingLegacySelectiveRouterLegacy E9-1-1NetworksThis diagram is simplified for illustrative purposes.
12 ECRF, ESRP, LVF, GIS, Policy Mgmt, Process Mgmt How NG9-1-1 OperatesBuild Me First!County A and 17 PSAPsWireline COsCore NG9-1-1 SystemECRF, ESRP, LVF, GIS, Policy Mgmt, Process MgmtWireless MSCsCounty B and 5 PSAPsVoIPFuture MultimediaCounty C and X PSAPsInitial Deployment: Transitional LNGsLater: Direct IP interfacesCould be any combination of state, regional or county PSAPs
13 PSAP Deployment Options PSAP equipment is IP or NG9-1-1 capable before core NG9-1-1 is installedPSAP equipment or software upgraded when core NG9-1-1 is installedMultiple PSAPs deploy a hosted (shared) call handling systemPSAPs use LPGs to interface to core NG9-1-1 system, operating temporarily as `legacy PSAPs’Any combination of the above
14 End-to-End IP - Timeframes Improved services are timeframe interdependent between carriers, other originating providers and NG9-1-1Carriers IP interfaceCarriers Multimedia ESPublic SafetyInternet ProvidersImplement IMSImplement MMESTransition to NG9-1-1IP based Multimedia ?Soon after wide NG9-1-1 availabilityNow
15 Public Safety’s Goal RELIABILITY SECURITY ROBUSTNESS MAINTAINABILITY ACCURACYSCALABILITYReliability—Continue to operate under severe adverse conditions and component failuresSecurity—Keep outside influences from adversely affecting operations and while managing information accessRobustness—Meet long-term needs, work under real-world conditions while supporting growing and evolving featuresMaintainability—Accommodate maintenance, troubleshooting and repairs efficiently and with minimal impact to operationsAccuracy—Ensure timely, high quality, and traceable movement of data throughout the systemScalability—Enable system infrastructure and features to expand to serve broader public-safety needsIP Security:No Network (even legacy 9-1-1) is 100% secure.Attack by Flooding networks with large volumes of calls (software/modems make this easy)Flooding creates a “denial of service” type attack.In legacy PSAP’s this only impacts a single PSAPIP circuits make it easier to connect multiple PSAP’s together, improving redundancy and service capabilities to carriers (VSP’s and legacy carriers), HOWEVER:IP networks are vulnerable to attack from people in very remote places.Virus’s, Worms, Trojans are all maliciously spread by “bad people”There are people worldwide intent on “breaking into” IP based networks “for sport”.Digital Security:Packets can be “sniffed” – “listened to” .Then again, legacy analog service has been easy to listen to as wellDigital Security concerns with VoIP and I3 solution: Inbite packets can be sent by accident or on purpose and will clog or overload the network. Once network is clogged, no calls can come into a VoIP PSAP. This can be done from anywhere in the world and can be anonymous. This is called a "denial of service" attack and is common. VoIP systems will be vulnerable to virus, worms, and other cyber attacks. This issue must be addressed and solved before I3 solution is implemented.Technology issues that may impact the PSAPPower outagesNo Power – No Phone!But there are “work arounds”Cordless phones don’t work at home alreadyVoIP can reroute calls to cellphones automaticallyUPS can provide power, but cost $$No Power – No ComputerIf using VoIP Softphones on a PC/Laptop, same issue as a regular phonePoor network or broadband (DSL/Cable Modem) to the homeAdequate bandwidth must be availableData networks must be “tuned” to provide Quality of ServiceLow bandwidth or poor network may impact the sound quality of the 911 callNo toll quality guaranteeWill this impact PSAP’s ability to provide service to the community?
16 Policy Examples Outage Call Flow Call Overload Maintenance Type of Call, CallerOthers…..
17 Operational Coordination-Cooperation among agencies System AdministrationMethods and ProceduresSecurityTrainingIn NG9-1-1 environment there will be a need for more interactions among agencies. This requires tearing down any territorial fences and developing coalitions that can support each other in the migration to NG9-1-1.With new equipment at the PSAP the role of the System Administrator will expand to manage and administer the equipment. New kinds of equipment means new skills will be needed in the PSAP. Some of these skills may best be provided by contracting out, or focused training.Existing methods and procedures will have to be up graded as it is likely that the transition to NG9-1-1 will impact all disciplines at the PSAP, Authority, etc.Security will be a significant issue in dealing with new network elements, connectivity, software, protocols, etc. PSAPs will probably rely on state and regional Authorities to manage the main firewalls that protect them, although there should be another layer of protection at the PSAP.The Introduction of N9-1-1 will likely impact all personnel at the PSAP. Each discipline must be evaluated to determine the impact and how best to get people up to speed.
18 Education, Messaging We are evolving to improve future 9-1-1 Better service in long term?Meet Citizen’s Expectations
19 NENA 2008 Breakout Session Template Understand the SystemNext Generation 9-1-1GISOriginatingNetworksGIS Data ManagementLVFSIFGISGISVoIPCellularPSTNEnterpriseESInetGISBCFLISECRFPRFBCFE9-1-1Gatewayi3PSAPESRPSRGatewayLegacyPSAPGatewayLegacyPSAPsLegacy E9-1-1NetworksLegacySelectiveRouterThis figure is simplified for illustrative purposes
20 NENA 2008 Breakout Session Template Where are the Databases?GIS23OriginatingNetworksGIS Data ManagementLVFSIFGISGISVoIPCellularPSTNEnterpriseESInet1GIS5BCF4LISECRFPolicy RoutingFunction (PRF)567PolicyStoreBCFNG9-1-1PSAPESRP
21 Basic NG9-1-1 Call Flow ESInet ECRF LIS BCF BCF ESRP Voice Text Video dial 9-1-1BCFBCFVoiceTextVideoESRP
22 Location Information Server LISLocation Information ServerLocation always provided by the LISLocation can be civic address or geographic coordinateLocation by value or by referenceLocations for wireline may use existing ALIExceeds today's Location needsLIS
23 LIS validates against the LVF The locations in the LIS are validated against the provisioned GIS data in the Location Validation Function – the LVFLVF – The Location Validation FunctionLVF
24 Location Validation Function LVFLocation Validation FunctionThe Location Validation Function (LVF) validates the Location stored in the Location Information Server (LIS)LVF uses Local Authority GIS data for location validationGives Local Authority total control of their dataLVFLocation QueryLocation ResponseLIS
25 Border Control Function BCFBorder Control FunctionSecurity subsystem at edge of ESInetAll Calls and Data go through the BCFConnects to the Internet (which is why it is needed)Recommend at every point of ingress and egressBCF
26 Border Control Function BCFBorder Control FunctionFirewall functionsMedia AnchoringSignaling protocolProtocol TranslationInterworkingCodec negotiationSupport for emergency call transferAccess ManagementAdmission ControlBCF
27 NG9-1-1 Call flow 1) LIS location sent to ECRF: 354 W 34th St, Houston, TX2) ECRF finds address point of:354 W 34th St, Houston, TX3) ECRF determines Location is within the Houston PSAPECRF4) ECRF sends Houston PSAP URI to the ESRPpsap.houston.tx.usLocation + PSAP URILocation + Service URNLocation + Service Identifierdial 9-1-1PIDF-LO + URN: urn:service:sosPIDF-LO + PSAP URIESRPVoiceTextVideo
28 Emergency Call Routing Function ECRFEmergency Call Routing FunctionSame Authority GIS Data as used in the Location Validation Function (LVF)GIS data uses call location to Route “calls” to correct PSAPYou send it location (in civic or geo form) and it gives you back a URI of the PSAP to forward the call to
29 Emergency Services Routing Proxy ESRPEmergency Services Routing ProxyGets a location, queries ECRFUses URI from ECRF to send call to the correct PSAPApplies a “Policy Routing Function” – Policy Based RoutingPolicy can Override PSAP URI provided by ECRF
30 Policy Routing Function ECRFPSAP BLocation + PSAP URNPRFLocation + Service IdentifierPIDF-LO + PSAP URNdial 9-1-1PIDF-LO +URI: urn:service:sosPSAP AESRPVoiceTextVideo
31 Policy Examples Outage Call Flow Call Overload Maintenance Type of Call, CallerOthers…..
32 Security for an i3 NG9-1-1 ESInet Security Credentials allows InteroperabilityLIS uses ESRP and PSAP credentials for location dereferenceECRF / LVF accepts client credentials for routing / validationPSAP operator certificate-based on authorization and accessSecure Communication and PrivacyEncryption of Data for Secure Storage and TransportProtection from External and Internal ThreatsProvides a security framework to protect NG9-1-1 systems
33 Security Objectives (i.e. PSAP/CPE, Network, Providers, Database, etc) Develop a comprehensive Security Framework for NENADevelop the minimum appropriate Security Standards for each component or area of the system(i.e. PSAP/CPE, Network, Providers, Database, etc) Work Cooperatively with other Committees and workgroups and outside agencies as necessaryExisting systemsConsider the use of existing information and standards when available and appropriate.(i.e. DHS, NIST, ANSI, NLETS, etc.)While the security WG probably will provide standards for PSAP security, the overall NG9-1-1 security is defined in the i3 Stage 2/3 standards. It says:Every agency and every agent (employee of agency) must have their own identity and credentials.New security credentialing agency for PSAPsSecurity is “role based”. What you can do depends on your roleYou Authenticate (provide credentials) to the network once (“single sign on”) in a particular roleAuthorization is specific to a service or data item, and is specified per role (read/write/create/delete/execute)Every transaction on the network is securedEndpoints are authenticatedTransactions are integrity protectedTransactions are encryptedThe network is NOT treated as a “walled garden”. It is assumed to be open. Everything is checked.Everything is loggedThere is a standardized logging service, which can be provided in the network and/or in a PSAPStandardized logging eventsStandardized log retrieval