Information on enhancing communications resilience and how we work with telecommunication service providers to manage the risk of disruption to public networks.
Enhancing the resilience of communications
Five guiding principles for enhancing the resilience of communications
1. Look beyond the technical solutions at processes and organisations
When considering resilient telecommunications considerable emphasis tends to be placed on the technical solutions (such as mobile phones). However, the processes used in communicating (such as agreed protocols that make conference calls work smoothly) and the way in which responders organise themselves to respond to emergencies should command equal attention and recognition that none of these 3 components should be considered in isolation. There is no silver bullet to enhancing the resilience of communications.
2. Identify and review the critical communication activities that underpin your response arrangements
In order to focus the selection of technical solutions on the need to communicate it can be helpful to identify the critical communication activities that underpin response arrangements to emergencies. An ‘activity’ is essentially ‘what you do’ (for example, it could involve a designated person establishing contact with another designated person and exchanging particular information). Critical activities are those that are essential to the effectiveness of response arrangements. For these activities, the focus can be maintained on the need to communicate by assessing the basic ‘technology free’ communication requirements (such as sending or receiving specific information rather than just phoning someone). For further advice see Towards Achieving Resilient Telecommunications: Interim Guidance.
3. Ensure diversity of your technical solutions
For critical activities, the technological means to carry out the communication can then be considered with the objective of increasing overall telecommunications diversity. However, it can be difficult to assess how truly diverse technical solutions are because of the inherent dependency of one technical solution on another. For example, public mobile (cellular) networks are dependent to varying degrees on core communications networks (that deliver land-line telephone services) - failure or degradation of core networks can affect mobile services. Further information on our telecommunications networks can be found in An introduction to the structure of UK telecommunications sector.
4. Adopt layered fall-back arrangements
No technical solution is going to be available all the time. Availability is a consequence of the reliability of the system (associated with faults, and their repair) and the ability to cope with congestion (resulting from excessive demand). Adopting a layered fall-back approach to selecting technical solutions helps mitigate unavailability. For further advice see Ensuring resilient telecommunications: a survey of some technical solutions.
5. Plan for appropriate interoperability
The National Policing Improvement Agency (NPIA) hosts an interoperability programme that is aimed at increasing public and personnel safety through improved multi-agency communication and co-ordination.
Enhancing the resilience of everyday telecommunications
An important step in enhancing resilience is to help ensure that responders avail themselves of the best possible value from commercial telecommunication services. Steps have already been taken to raise awareness through newsletters, workshops and interim guidance. One of the messages to come back from our engagement with stakeholders was that there is a need for clear and concise advice to assist particularly smaller organisations appreciate the range of technologies available, their strengths and weaknesses, and the steps that might be taken locally (often at little cost) to enhance resilience.
The Centre for the Protection of National Infrastructure (CPNI) has produced guidance on enhancing the resilience of telecommunications networks and services.
Relevant courses at the Emergency Planning College have been reviewed and extensively revised to support telecommunications sub-groups that have been established to enhance the resilience of telecommunications in each Local Resilience Forum (LRF) area.
The Electronic Communications Resilience and Response Group (EC-RRG) promotes the availability of electronic communications infrastructures in the UK and provides an industry emergency response capability through ownership and maintenance of the National Emergency Plan for Telecommunications.
In view of the importance of communications in responding to emergencies Telecommunications Sub-Groups are to be established, as appropriate, within the existing resilience infrastructures. Each sub-group will be responsible for considering all aspects of communications, including the technical means, and how resilience might be enhanced within their area.
Enhancing the resilience of terrestrial (fixed line) telecommunications
Terrestrial telecommunications networks are sometimes referred to as fixed line or land line infrastructures because much of the physical infrastructure consists of copper (regular wire and co-axial cable) and optical fibres. These networks are used to deliver regular services such as voice telephony and ISDN. The physical network used to deliver these services can be considered to consist of core networks and access networks.
Core networks, which are sometimes referred to as ‘backbones’, are high bandwidth transmission systems connecting together geographically dispersed locations (also variously referred to as ‘nodes’ or ‘points of presence’) which, for voice services, are commonly called ‘telephone exchanges’.
Access networks, often referred to as the ‘local loop’ or ‘last mile’, provide connection between the exchange on the provider’s network and the customer’s premises.
Some resilience issues
Core networks generally offer a high level of resilience, however, the ‘last mile’ connection to the customer is invariably the weakest connectivity link. Strategies to enhance the resilience of the ‘last mile’ connection include gaining assurance from your provider that the geographic cable routes and points of presence are physically separate and that arrangements provide diversity of connection in the event of service degradation or failure.
Unless assurance is gained that telecommunications services are delivered to your premises over more than one distinct geographic route you should assume that the connection takes a single path from the point of presence on the provider’s network to your premises. Outside the customer’s premises, connections are vulnerable to hazards such as road works disturbing cables in ducts or, in rural areas, extreme weather washing out buried cables or bringing down overhead lines. The consequences of these hazards can be mitigated by having more than one physical connection to your service provider’s exchange. This arrangement of diverse routing can be further enhanced by the provision of duplicate connectivity from different points of presence on your provider’s network to different parts of your premises – a scheme that is sometimes referred to as ‘dual parenting’.
Obtaining telecommunications services from more than a single supplier may not enhance resilience. Largely as a consequence of the structure and maturity of the telecommunications industry in the UK, it can be very difficult to gain assurance that two telecommunications links, provided by different suppliers obtained for the purpose of providing resilience, do provide resilience through diverse geographic routing and logical connection. Networks are increasingly becoming virtual with services being delivered over shared infrastructures.
Does your corporate telephone exchange have stand-by power? While exchanges on the provider’s network generally have robust stand-by electrical supplies – typically being able to work for at least 5 days from diesel generators – arrangements for a PBX or PABX (Private Automatic Branch eXchange) are the customer’s responsibility.
Wireless handsets connected to fixed lines are dependent on grid-distributed electricity. Predominantly in the domestic environment, very basic telephone equipment wired into the access network is typically powered by the network. In the event of a failure of the local electricity supply the equipment will continue to function as exchanges have robust back-up power arrangements. Handsets that are connected by wireless to a base station (commonly using DECT technology) that is in-turn wired to a ‘wall socket’ are not powered by the network. In both the domestic and corporate environment DECT technology is increasingly being used to provide wireless access for digital portable telephones.
Equipment connected to ADSL broadband that is delivered over a regular telephone line will require back-up power supply arrangements in order to work if local power fails. While the broadband and any telephony services that share the line are resilient in the event of a local power failure, additional ‘customer side’ equipment such as a ‘hub’ (containing a modem and router) and computers will require back-up power arrangements to ensure resilience. In the short-term this could be provided by an uninterruptible power supply or batteries.
With ISDN services the service provider does not provide supporting power. In order to ensure resilience in the event of local power failure, ‘customer-side’ back-up power arrangements need to be provided for any line termination or interface equipment (usually located where the lines enter the customer’s premises) and for subsequent equipment connected to the service (such as modems).
Enhancing the resilience of ‘fixed’ telecommunications
Review your requirements for resilient telecommunications and interact with your provider.
Consider arrangements to redirect calls at your provider’s exchange. Equipment can be installed in your provider’s exchange to redirect incoming calls to alternate locations in the event that these cannot be forwarded to your premises or, in situations where you are unable to accept them. The type of events that preclude completion of an incoming call include failure of the connection between your provider’s exchange and your premises or failure of the private exchange.
Redirecting incoming calls at your provider’s exchange enables business continuity when your premises:
- becomes uninhabitable - possibly as a consequence of a major fire or flooding
- inaccessible - as a consequence of a police cordon or, when staff are unavailable to answer the calls – possibly resulting from transport difficulties
The equipment installed in your provider’s exchange is usually programmed in advance to provide call re-direction of DDI (Direct Dial Inward) calls – those starting with 01 and 02 - to alternate locations. These arrangements are then activated with a single call, such pre-planned response arrangements can be customised on the fly for unforeseen circumstances.
Ensure that your private exchange has resilient electrical power. Unless your private exchange is provided with a back-up power supply, failure of electricity at your premises will result in failure of telephony equipment connected to the ‘customer-side’. Usually, an uninterruptible power supply is installed to provide uninterrupted service in the event of short term loss of power – usually under an hour. For greater resilience, this can be augmented with diesel generation. Facsimile and other equipment may also need to be connected to the back-up supply.
Test back-up power supply arrangements. Untested back-up power supply arrangements invariably fail on demand – batteries and generation equipment either fail to take full load or do not function for the designed time. Confidence in back-up arrangements should be sought through routine stress-testing carried out under realistic load conditions and for a time that tests site specific arrangements. Only under these conditions do problems such as blocked air and fuel filters and contaminated fuel become apparent. For well maintained back-up generation systems practical experience indicates that the likelihood that they fail on demand lies between one in 70 and one in 200. With this evidence it seems worth considering having an additional layer of ‘fast fix’ arrangements in place, such as a call-off rental contract.
Do not rely on the Government Telephone Preference Scheme (GTPS) as the cornerstone for providing resilient telecommunications. The current fixed-line privileged access scheme has been used very rarely, largely as a consequence of the draconian consequences of invocation. The core telecommunications networks in the UK are to be renewed. In view of the gradual refresh of the old networks, over which the existing scheme works, we are not encouraging further take-up of GTPS. The new scheme will be called the Fixed Telecommunications Privileged Access Scheme, or FTPAS. FTPAS will be made available as the new networks are rolled-out.
Enhancing the resilience of cellular mobile telecommunications
Public cellular mobile telephony has played an important role in responding to recent emergencies. However, both society and the responder community has embraced the convenience of mobile telecommunications often without pausing to appreciate the inherent resilience issues.
Some resilience issues
Geographic coverage is a widely appreciated limitation of public cellular mobile telephony. Selection of a service provider is frequently made on geographical coverage relevant to customer needs. Selection can be informed using interactive maps available on service providers’ websites. Additionally, Ofcom (the independent regulator and competition authority for the UK communications industries) publishes coverage maps for 3G networks. In use, handsets provide immediate and visual indication of signal strength. Network coverage is closely mapped to population density - in rural areas coverage can be non-existent or very patchy where a dominant supplier may not exist.
Having multiple SIMs available for a handset might cause problems. Many organisation’s business continuity plans seek to mitigate shortfalls with coverage and congestion by issuing responders with SIMs obtained from several different UK network operators. Handsets can be locked to a particular service provider preventing SIMs from other operators from working in the handset.
SIMs issued by international operators have their own drawbacks. International SIMs can allow roaming onto available UK networks, thereby taking advantage of available coverage and network capacity. However, UK network operators only allocate limited capacity for roaming users and permission for a handset to roam is sought by the handset from the operator issuing the SIM. This may require access to international telephone circuits. Following the bombs in London on 7 July 2005 one technique used by network operators to manage the huge increase of inward calls to the UK was to request constraints to be applied on international circuits. In addition, out-bound calls from the handset to UK numbers will have to be prefixed with the UK international access code and in-bound calls to the handset will have to be prefixed with the international code applicable to the SIM. Both activities could result in confusion, particularly in times of stress.
The capacity of public mobile telecommunications networks is finite and they are not sized for an abnormally high level of demand. Networks can become overwhelmed when presented with a high concentration of calls such as those that occur immediately after a major incident and capacity constraints are often an issue at other times such as at one minute past midnight on New Year’s morning. Here, the difficulty in ‘getting through’ is often incorrectly attributed to the called party already receiving a call.
Mobile networks are highly dependent on the availability of grid distributed electricity. In the event of local power failure, network infrastructure is designed to revert to back-up batteries. After around an hour on battery supply services become increasingly degraded.
While ‘Pay as you Go’ services may appear attractive, telephone numbers can be reallocated if the handset has not been used for a period of time. While this may not present any difficulty for outgoing calls if contact lists are not regularly maintained the handset may be inaccessible to incoming calls.
When a major incident has been declared, access to a cellular mobile network can be enhanced through installing a special SIM card. The scheme which manages the distribution of these special SIMs to the responder community’s entitled users is called Mobile Telecommunications Privileged Access Scheme, or MTPAS. Privileged access may not work with SIMs issued by overseas service providers that require international access code (00 44) from the UK for outgoing calls to UK numbers. However, international SIMs compatible with the UK national numbering system do respond to MTPAS activation.
Keep calls as short as possible. In the event of an emergency, capacity on mobile networks is greatly enhanced by keeping calls as short as is possible - particularly in the hours immediately following the event. For example, following the bombs in London on 7 July 2005 at 08:50, by 10:00 voice traffic on both fixed and mobile networks and SMS traffic on mobile networks had started to increase rapidly, reaching a peak at around 11:00. Typically fixed telecommunications service providers were offering 10 times as many calls as normal to mobile network operators. The picture was very different on the fixed infrastructure, typically the number of attempted calls increased by 75% compared to the previous week. On mobile networks, the pattern of use changed - the average call duration rose by a factor of four from 2.5 to 10 minutes. The number of SMS sessions typically increased by a factor of three and at peak demand, the delivery delay was typically between 90 – 150 minutes. By 14:00 fixed line traffic had reduced to 20% above a typical day, tailing off by mid-evening. On mobile networks traffic was back to normal by the early evening.
Emergency mobile roaming
When a mobile phone is used to make a call to the emergency service numbers (999 and 112) and the provider’s network is unavailable, the call will roam onto alternative network that has the best signal in the area. This facility will be of particularly benefit in rural areas announced by Ofcom the communications regulator on 15 October, 2009).
Commercially available satellite communications assist in enhancing the resilience of telecommunications through diversification and can be made available to responders through a centrally-negotiated catalogue.
Business continuity plans for responding to an outbreak of swine flu in 2009 prompted the need for employees to work away from their normal work place. For many, this could have resulted in home working. Concern was expressed that this shift in working pattern by a significant number of people could stress the internet.
While this document is focused on pandemic flu the text is largely independent of the event that precipitates remote working. The Annex provides a check-list for both employers and individuals considering using the internet for business continuity arrangements in the event of a significant shift in traffic from private onto public networks.
Five case studies - enhancing telecommunications resilience
Five case studies that provide insight as to how resilience can be enhanced, are available for download.
The Electronic Communications - Resilience and Response Group (EC-RRG)
The UK EC-RRG (The Electronic Communications Resilience and Response Group) takes the lead in developing and maintaining links within the communications sector and with Government on matters related to resilience through:
providing a forum for exchanging resilience planning and response information within the communications sector and with Government
providing a response through NEAT (the National Emergency Alert for Telecommunications) to rapidly develop a situational picture of the state of the sector in an emergency
undertaking work programmes to inform communications sector response arrangements to emergencies
fostering a closer working relationship and understanding of communications within resilience community
owning and maintaining the National Emergency Plan for the communications sector
The Group believes that the response to major incidents that involve telecommunications benefits from a coordinated response based on a shared understanding of the impact.
The Group is chaired by an industry representative and hosted by Department for Digital, Culture, Media and Sport (DCMS), the Lead Government Department for the telecommunications and broadcast sectors.
The industry Chair and Deputy Chair change on an annual basis. The Group convenes quarterly in Plenary sessions at which all Members are invited to participate. A Strategy Board meets ahead of the plenary session to review the agenda.
Membership of the group
communications providers that own or operate key aspects of the telecommunications infrastructure in the UK, including Category 2 responders as defined by the Civil Contingencies Act (2004)
Data Centre owners and operators
Airwave Solutions Ltd, which provides the secure and resilient mobile telecommunications system for the emergency services
- Ofcom, the independent communications Regulator
- Cabinet Office, Civil Contingencies Secretariat
- Centre for the Protection of National Infrastructure
- National Cyber Security Centre
- Ministry for Housing, Communities and Local Government (MHCLG) Resilience and Emergencies Division (RED)
- Department for Digital, Culture, Media and Sport (DCMS)
- Ministry of Defence, represented by 11 Signal Brigade
- Devolved Administrations (Scottish Government, Welsh Assembly Government, and Northern Ireland Assembly)
Other organisations such as the Department for Business, Energy and Industrial Strategy (BEIS) are invited to contribute when specific topics are on the agenda.
Participation in the group
Industry members are expected to be responsible for, or be involved in, the management of emergency or business continuity planning arrangements for their respective organisations.
In addition to voice communications, members are encouraged to share information using ResilienceDirect®, the online private ‘network’ which enables resilience partners to collaborate and work together across geographical and organisational boundaries to develop joint situational awareness during the planning, response and recovery phases of an event or emergency.
Working groups have been established to focus on specific telecommunications resilience enhancing objectives. These include or have included:
planning for fuel related emergencies
Power Resilience Working Group – Identifying and sharing best practice across members/input to governmental work on power resilience
NEAT (National Emergency Alert For Telecommunications) Working Group – Delivering tests and process improvements
Exercise Planning Working Group – Delivering the sector-wide annual exercise programme
Communications Working Group - Promoting and publicising the work of EC-RRG
ResilienceDirect Working Group - Coordinating the Group’s use of RD as an effective tool for information sharing and collaboration
NEAT – National Emergency Alert for Telecommunications
NEAT is a protocol for sharing information among Members of the Group for unexpected incidents. NEAT is triggered by any member of the Group in the event of circumstances where there is a potential risk to telecommunications networks and where the impact is felt by two or more service providers, where there is a risk to National Infrastructure, or where a Situation Report (SitRep) is required by Government or a Strategic Coordinating Group (or Resilience Partnership in Scotland).
The process provides a conduit for regulated information sharing between all members, enabling the widest possible picture of impacts to be assessed and understood.
Members of the Group produce SitReps which DCMS may then use to produce a picture of the sector as a whole (with specific information anonymised). The report provides a shared understanding of the situation and an overall summary of impact, scale and mitigation being applied. A shared understanding has been found to be particularly valuable at the outset of a response to an incident when the situation is often at its most ambiguous.
MHCLG provides the interface between Central Government and the Local Responder community through Local Resilience Fora (LRFs), providing the conduit for the two-way flow of information.
MHCLG also provides the route for an LRF to request activation of NEAT where local circumstances preclude the resolution of a serious telecommunications issue through normal commercial arrangements.
Similar arrangements are in place with the Devolved Administrations of the Scottish Government, Welsh Assembly Government, and Northern Ireland Assembly.
NEAT situational reports have been vital to informing the centrally coordinated response to severe weather and flooding over recent winters. The NEAT protocol is integrated into Government-led exercises.
TIDIE – Telecommunications Industry Daily Information Exchange
TIDIE is a daily reporting protocol that may be initiated for specific events of national importance. This process was developed to provide additional assurance during the London Olympics (2012). It has been subsequently adopted for further significant events, including the NATO summit in Wales (2014) the Commonwealth Games (also 2014) and the Royal Wedding (2018).
The NEAT and the TIDIE processes are reviewed regularly and, in the case of NEAT subjected to regular planned and unannounced tests.
Telecommunications service providers: responsibilities under the Civil Contingencies Act (2004)
Telecommunications are a vital part of the United Kingdom’s critical infrastructure. The Civil Contingencies Secretariat (CCS) within Cabinet Office works closely with the Department for Culture, Media and Sport, the government department with lead responsibility for telecommunications, and the Department for Business, Innovation and Skills who have lead responsibility for telecommunications resilience. CCS is particularly focused on enhancing the resilience of communications to of the community of Category 1 and 2 responders (as defined by the Civil Contingencies Act (2004)). Category 2 responders include a number of telecommunications network providers. The Electronic Communications – Resilience and Response Group (EC-RRG) is central to the government’s activities.
Category 2 telecommunications network providers
The Civil Contingencies Act (2004), at Schedule 1, Part 3, identifies Category 2 responders to include “a person who provides a public electronic communications network which makes telephone services available (whether for spoken communication or the transmission of data)”. Where reference to provision of a ‘network’ is interpreted in accordance with section 32(4)(a) and (b) of the Communications Act 2003 (c.21) and ‘public electronic communications network’ has the meaning given by sections 32(1) and 151(1) of that Act.
As such, responders that fall within this definition include, amongst others: British Sky Broadcasting Group (BSkyB); BT; EE, Hutchison 3G UK (3); KCom; Telefónica (O2) and Virgin Media UK.
Resilience considerations for remote working
Email and web browsing is not very demanding on bandwidth, however running a transaction platform has very much more demanding data requirements. Engage with your ISP (Internet Service Provider) to ensure that your connection meets your requirements. Websites such as SamKnows can provide information about what connection speeds may be possible at a remote location.
Is contention on your local connection too high?
Generally, internet connections are contended, or shared, before they reach the ISP’s (Internet Service Provider’s) connection into the internet. In a domestic ISP contract, the bandwidth (frequently referred to as ‘speed’) is the highest likely to be available (further information on broadband speed is available from the communications regulator, Ofcom). In practice, the bandwidth is likely to be significantly lower. The increased contention will have the effect of throttling local speed.
Does your ISP place a cap on the amount of information that can be downloaded?
Some internet access contracts frequently contain a cap on the amount of information that can be downloaded over a billing period. When the limit is reached the service is either severely throttled or, in the extreme, cut off. Increased use as a consequence of work-related activities may cause the cap to be reached rendering the connection useless.
Does your ISP enforce a traffic management policy?
Some internet access contracts contain a clause that limits bandwidth (usually during the evening). This can have a considerable effect on the user experience for bandwidth intensive uses such a streaming video.
Have alternative means of accessing the internet been considered?
Access to the internet can be achieved by a wide range of means:
- fixed line (ADSL (Asynchronous Digital Subscriber Line), cable and fibre to the home/premises)
- wireless (3G and WiFi)
- satellite (eg Inmarsat BGAN service and VSat)
The bandwidth that is realised is highly dependent on geographical location and local contention.
If you are uploading and consuming information a symmetrical service should be considered.
ADSL connections are inherently asymmetric: the bandwidth allocated to uploading information towards the ISP is very much lower than that allocated to downloading information. This provides a satisfactory experience for web browsing. However, if you are involved with uploading large quantities of information the experience could be unsatisfactory.
If response time produces an unsatisfactory experience consider time-shifting work patterns.
Those downloading large files frequently report that the best speeds are achieved in the early hours of the morning. Logging on periodically to refresh e-mails etc and then logging off to work off line for a period is another way to reduce the loading and improve the working experience.
Access to corporate resources
Are corporate resources scaled for a large proportion of staff gaining remote access?
Corporate resources, such as remote access servers (RAS), may not have sufficient capacity for the number of concurrent connections that are required for remote access. RAS are normally scaled for a percentage, not all of the workforce. This is typically 25% but can vary from as low as 10% to as high as 50% (Centre for the Protection of National Infrastructure).
At one extreme, incorrect scaling will prevent additional users from gaining access, at the other extreme corporate systems may become overwhelmed and deny access to all users. Organisations planning to make wide use of remote working are recommended to take action to increase the capacity of their RAS and if possible to carry out tests to understand how they respond to a high number of concurrent connections.
Are corporate users trained in using remote access?
If they are not, they will probably need to resort to support services. If these are delivered through a call centre, response may be constrained as a consequence of operatives not being able to get into work. Ensure that key users are familiar with remote access through regular use.
Do remote users have everything that they need to work remotely from their normal place of work?
Does the remote connection enable access to all the necessary file storage locations (information could potentially be held on inaccessible servers), corporate contact directories, employee’s calendars etc?
Are policies in place to manage expectations that will arise from prolonged home working?
Are corporate users familiar with remote collaborative working practices? If they are not, remote working could become hugely ineffective.
Are remote access policies and procedures in place?
For example there could be potential health and safety implications (inappropriate posture and lighting conditions) resulting from long-term remote access. Regular telephone conferences with team members might be appropriate to help reduce isolation by those that do not routinely work out of the supportive office environment.
Are information resources sized for changes to access patterns?
If your enterprise is providing web-based information ensure that the equipment and access has sufficient capacity for the anticipated demand.
Are employees familiar with security policies?
These may include not being overheard by family members and arrangements for disposal of print outs.