What Makes It Work? A Panel Discussion on Next Generation 9-1-1 Version 1.0 (June, 2014)
Panel Members Bob Currier, ENP – Intrado, Moderator Jenna Green - Sprint Bob Gojanovich, ENP – TeleCommunication Systems April Heinze, ENP – Eaton County (MI) Central Dispatch Pat Lustig, ENP – State of Oregon OEM Marc Berryman, ENP – Mission Critical Partners Nate Wilcox - Emergicom
Agenda Originating Service Providers NG9-1-1 Core Systems PSAP Equipment and Software Databases and Call Routing Security Q & A
4/13/2017 Network Landscape Talk through the call flow and interaction between the functional elements Highlight the critical nature of “provisioning” in each area of responsibility Stress IMPORTANCE of GIS data One of the KEY lessons learned in early deployments
Subscriber Impact Any number of device types Myriad of access options 4/13/2017 Subscriber Impact Any number of device types Myriad of access options Subscriber demographics 9-1-1 Access EXPECTATIONS!
Communication Service Provider 4/13/2017 Communication Service Provider May be more than one Transport of “call” Data Management Location Subscriber Information Inter-Connect with ESINet(s) Communications Service Provider (CSP) An entity that provides the services and signaling to support communication services for one or more endpoints. These services might include any combination of voice, video and/or data communications between users, or services provided by the CSP to an end user. The CSP may or may be the provider of the access or transport network.
CSP Responsibilities Provisioning & Data Management 4/13/2017 CSP Responsibilities Provisioning & Data Management LIS – Location Information Server CIDB - Call Information Database PIDF-LO - Presence Information Data Format – Location Objects
9-1-1 Service Provider 9-1-1 SSP 4/13/2017 9-1-1 Service Provider 9-1-1 SSP Deliver calls to PSAP Selective Routing Connectivity to ESInet
Understanding the System of Systems NG9-1-1 Core Functions
NG9-1-1 Ecosystem NG9-1-1 Core Services ESInet
NENA 2008 Breakout Session Template CIDB Next Generation 9-1-1 LIS GIS Originating Networks GIS Data Management LVF GIS GIS VoIP Cellular PSTN Enterprise Discrepancies SIF ESInet BCF Access Control ECRF BCF Admin PRF Legacy Network Gateway BCF NG9-1-1 PSAP ESRP Legacy SR Gateway Legacy PSAP Gateway Legacy PSAPs System Logging Legacy Selective Router Legacy E9-1-1 Networks This diagram is simplified for illustrative purposes.
ECRF, ESRP, LVF, GIS, Policy Mgmt, Process Mgmt How NG9-1-1 Operates Build Me First! County A and 17 PSAPs Wireline COs Core NG9-1-1 System ECRF, ESRP, LVF, GIS, Policy Mgmt, Process Mgmt Wireless MSCs County B and 5 PSAPs VoIP Future Multimedia County C and X PSAPs Initial Deployment: Transitional LNGs Later: Direct IP interfaces Could be any combination of state, regional or county PSAPs
PSAP Deployment Options PSAP equipment is IP or NG9-1-1 capable before core NG9-1-1 is installed PSAP equipment or software upgraded when core NG9-1-1 is installed Multiple PSAPs deploy a hosted (shared) call handling system PSAPs use LPGs to interface to core NG9-1-1 system, operating temporarily as `legacy PSAPs’ Any combination of the above
End-to-End IP - Timeframes Improved services are timeframe interdependent between carriers, other originating providers and NG9-1-1 Carriers IP interface Carriers Multimedia ES Public Safety Internet Providers Implement IMS Implement MMES Transition to NG9-1-1 IP based Multimedia ? Soon after wide NG9-1-1 availability Now 2014 2015 2016 2017 2018 2019 2020
Public Safety’s Goal RELIABILITY SECURITY ROBUSTNESS MAINTAINABILITY ACCURACY SCALABILITY Reliability—Continue to operate under severe adverse conditions and component failures Security—Keep outside influences from adversely affecting operations and while managing information access Robustness—Meet long-term needs, work under real-world conditions while supporting growing and evolving features Maintainability—Accommodate maintenance, troubleshooting and repairs efficiently and with minimal impact to operations Accuracy—Ensure timely, high quality, and traceable movement of data throughout the system Scalability—Enable system infrastructure and features to expand to serve broader public-safety needs IP Security: No Network (even legacy 9-1-1) is 100% secure. Attack by Flooding 9-1-1 networks with large volumes of calls (software/modems make this easy) Flooding creates a “denial of service” type attack. In legacy PSAP’s this only impacts a single PSAP IP circuits make it easier to connect multiple PSAP’s together, improving redundancy and service capabilities to carriers (VSP’s and legacy carriers), HOWEVER: IP networks are vulnerable to attack from people in very remote places. Virus’s, Worms, Trojans are all maliciously spread by “bad people” There are people worldwide intent on “breaking into” IP based networks “for sport”. Digital Security: Packets can be “sniffed” – “listened to” . Then again, legacy analog service has been easy to listen to as well Digital Security concerns with VoIP and I3 solution: Inbite packets can be sent by accident or on purpose and will clog or overload the network. Once network is clogged, no 9-1-1 calls can come into a VoIP PSAP. This can be done from anywhere in the world and can be anonymous. This is called a "denial of service" attack and is common. VoIP 9-1-1 systems will be vulnerable to virus, worms, and other cyber attacks. This issue must be addressed and solved before I3 solution is implemented. Technology issues that may impact the PSAP Power outages No Power – No Phone! But there are “work arounds” Cordless phones don’t work at home already VoIP can reroute calls to cellphones automatically UPS can provide power, but cost $$ No Power – No Computer If using VoIP Softphones on a PC/Laptop, same issue as a regular phone Poor network or broadband (DSL/Cable Modem) to the home Adequate bandwidth must be available Data networks must be “tuned” to provide Quality of Service Low bandwidth or poor network may impact the sound quality of the 911 call No toll quality guarantee Will this impact PSAP’s ability to provide service to the community?
Policy Examples Outage Call Flow Call Overload Maintenance Type of Call, Caller Others…..
Operational Coordination-Cooperation among agencies System Administration Methods and Procedures Security Training In NG9-1-1 environment there will be a need for more interactions among agencies. This requires tearing down any territorial fences and developing coalitions that can support each other in the migration to NG9-1-1. With new equipment at the PSAP the role of the System Administrator will expand to manage and administer the equipment. New kinds of equipment means new skills will be needed in the PSAP. Some of these skills may best be provided by contracting out, or focused training. Existing methods and procedures will have to be up graded as it is likely that the transition to NG9-1-1 will impact all disciplines at the PSAP, 9-1-1 Authority, etc. Security will be a significant issue in dealing with new network elements, connectivity, software, protocols, etc. PSAPs will probably rely on state and regional 9-1-1 Authorities to manage the main firewalls that protect them, although there should be another layer of protection at the PSAP. The Introduction of N9-1-1 will likely impact all personnel at the PSAP. Each discipline must be evaluated to determine the impact and how best to get people up to speed.
Education, Messaging We are evolving to improve future 9-1-1 Better 9-1-1 service in long term? Meet Citizen’s Expectations
NENA 2008 Breakout Session Template Understand the System Next Generation 9-1-1 GIS Originating Networks GIS Data Management LVF SIF GIS GIS VoIP Cellular PSTN Enterprise ESInet GIS BCF LIS ECRF PRF BCF E9-1-1 Gateway i3 PSAP ESRP SR Gateway Legacy PSAP Gateway Legacy PSAPs Legacy E9-1-1 Networks Legacy Selective Router This figure is simplified for illustrative purposes
NENA 2008 Breakout Session Template Where are the Databases? GIS 2 3 Originating Networks GIS Data Management LVF SIF GIS GIS VoIP Cellular PSTN Enterprise ESInet 1 GIS 5 BCF 4 LIS ECRF Policy Routing Function (PRF) 5 6 7 Policy Store BCF NG9-1-1 PSAP ESRP
Basic NG9-1-1 Call Flow ESInet ECRF LIS BCF BCF ESRP Voice Text Video dial 9-1-1 BCF BCF Voice Text Video ESRP
Location Information Server LIS Location Information Server Location always provided by the LIS Location can be civic address or geographic coordinate Location by value or by reference Locations for wireline may use existing ALI Exceeds today's Location needs LIS
LIS validates against the LVF The locations in the LIS are validated against the provisioned GIS data in the Location Validation Function – the LVF LVF – The Location Validation Function LVF
Location Validation Function LVF Location Validation Function The Location Validation Function (LVF) validates the Location stored in the Location Information Server (LIS) LVF uses Local 9-1-1 Authority GIS data for location validation Gives Local 9-1-1 Authority total control of their data LVF Location Query Location Response LIS
Border Control Function BCF Border Control Function Security subsystem at edge of ESInet All Calls and Data go through the BCF Connects to the Internet (which is why it is needed) Recommend at every point of ingress and egress BCF
Border Control Function BCF Border Control Function Firewall functions Media Anchoring Signaling protocol Protocol Translation Interworking Codec negotiation Support for emergency call transfer Access Management Admission Control BCF
NG9-1-1 Call flow 1) LIS location sent to ECRF: 354 W 34th St, Houston, TX 2) ECRF finds address point of: 354 W 34th St, Houston, TX 3) ECRF determines Location is within the Houston PSAP ECRF 4) ECRF sends Houston PSAP URI to the ESRP psap.houston.tx.us Location + PSAP URI Location + Service URN Location + Service Identifier dial 9-1-1 PIDF-LO + URN: urn:service:sos PIDF-LO + PSAP URI sos@psap.houston.tx.us ESRP Voice Text Video
Emergency Call Routing Function ECRF Emergency Call Routing Function Same 9-1-1 Authority GIS Data as used in the Location Validation Function (LVF) GIS data uses call location to Route “calls” to correct PSAP You send it location (in civic or geo form) and it gives you back a URI of the PSAP to forward the call to
Emergency Services Routing Proxy ESRP Emergency Services Routing Proxy Gets a location, queries ECRF Uses URI from ECRF to send call to the correct PSAP Applies a “Policy Routing Function” – Policy Based Routing Policy can Override PSAP URI provided by ECRF
Policy Routing Function ECRF PSAP B Location + PSAP URN PRF Location + Service Identifier PIDF-LO + PSAP URN sos@psap.harris_so.tx.us dial 9-1-1 PIDF-LO + URI: urn:service:sos PSAP A ESRP Voice Text Video
Policy Examples Outage Call Flow Call Overload Maintenance Type of Call, Caller Others…..
Security for an i3 NG9-1-1 ESInet Security Credentials allows Interoperability LIS uses ESRP and PSAP credentials for location dereference ECRF / LVF accepts client credentials for routing / validation PSAP operator certificate-based on authorization and access Secure Communication and Privacy Encryption of Data for Secure Storage and Transport Protection from External and Internal Threats Provides a security framework to protect NG9-1-1 systems
Security Objectives (i.e. PSAP/CPE, Network, Providers, Database, etc) Develop a comprehensive Security Framework for NENA Develop the minimum appropriate Security Standards for each component or area of the 9-1-1 system (i.e. PSAP/CPE, Network, Providers, Database, etc) Work Cooperatively with other Committees and workgroups and outside agencies as necessary Existing systems Consider the use of existing information and standards when available and appropriate. (i.e. DHS, NIST, ANSI, NLETS, etc.) While the security WG probably will provide standards for PSAP security, the overall NG9-1-1 security is defined in the i3 Stage 2/3 standards. It says: Every agency and every agent (employee of agency) must have their own identity and credentials. New security credentialing agency for PSAPs Security is “role based”. What you can do depends on your role You Authenticate (provide credentials) to the network once (“single sign on”) in a particular role Authorization is specific to a service or data item, and is specified per role (read/write/create/delete/execute) Every transaction on the network is secured Endpoints are authenticated Transactions are integrity protected Transactions are encrypted The network is NOT treated as a “walled garden”. It is assumed to be open. Everything is checked. Everything is logged There is a standardized logging service, which can be provided in the network and/or in a PSAP Standardized logging events Standardized log retrieval