Top Former Government Security officials weigh in on NPAC selection
The Chertoff Group has released a paper analyzing the security requirements in the RFP for the selection of the next Local Number Portability Administrator.
Amongst the group’s findings:
- If NPACs were compromised, telephone calls and text messages might not be completed, many search warrants and subpoenas might not be served correctly, and our system for prioritizing communications in a national emergency might not function.
- We find the bid terms insufficient in both scope and specificity when compared with widely accepted national and international standards.
- In addition to the potential for disruption, the penetration of the Local Number Portability Enhanced Analytical Platform (“LEAP”) – an online portal used by law enforcement- by an agent of a foreign intelligence service or a crime syndicate would reveal the targets of law enforcement and counterintelligence investigations. That would be a counterintelligence bonanza for adversaries of the nation and a security disaster for the United States.
- The security of the U.S. telecommunications system is the responsibility of the Executive Branch, in coordination with independent agencies such as the FCC. We recommend that the risk mitigation strategy associated with this contract be set forth in written requirements that are either created for vetted by the components of the U.S. Government with experience and responsibility for cybersecurity.
- Finally, the FCC’s decision on how to proceed to incorporate better security requirements will have a substantial impact on the level of security in actually achieves. The defects cited in this report cannot be remedied simply by post-award contract negotiation.