Standard sets specifications for securing the physical network
The ANSI/TIA-5017 standard, published in 2016, provides means to prevent unauthorized network access.
By Patrick McLaughlin
Published in February 2016, the ANSI/TIA-5017 Telecommunications Physical Network Standard covers the security of telecommunications cables, pathways, spaces, and other elements of the physical infrastructure, according to the Telecommunications Industry Association (TIA). The standard “includes design guidelines, installation practices, administration, and management,” the association continues. “This standard addresses guidelines for new construction as well as renovation of existing buildings. The standard also provides installation guidelines for implementing security cabling systems for premises security systems with an integrated security approach.”
Sections of the standard cover security planning and risk assessment, design and installation guidelines, other guidelines and recommendations, physical network security guidelines, intelligent building systems for security, and administration considerations for security. It recognizes three levels of cabling infrastructure security: SL1 (basic security installation), SL2 (tamper-resistant installation), and SL3 (critical security installation).
The TIA explains that the standard “specifies physical security requirements and guidelines for the telecommunications infrastructure in customer-owned premises. It also provides information that may be used for the design of physical network security system products that may be used for such premises.” As for the standard’s specific purpose, the TIA says it is “to enable the planning and installation of physical network security systems that protect critical telecommunications infrastructure elements from theft, vandalism, intrusions, and unauthorized modifications. Installation of physical network security systems during building construction or renovation is significantly less expensive and less disruptive than after the building is occupied.”
Furthermore, the standard “establishes minimum functional performance of different physical network security elements and also provides additional considerations to enhance the physical security of the telecommunications infrastructure. The diversity of security products and systems currently available, coupled with the continual addition of new systems, means that there may be cases where limitations to desired functionality occur,” the TIA further explained.
In its Standards Informant blog, Siemon provides detail on this standard—as it does with all standard documents developed within TIA’s TR-42 Committee. On the blog, Siemon observes, “TIA-5017 recommends that an AIM (automated infrastructure management) system be considered as an additional means to enhance the security of the cabling infrastructure.” It then lists the following automated administration capabilities, which are called out within TIA-5017.
- Changes to patch cord connectivity can be detected
- Port availability status on network equipment can be monitored in real time
- Critical network circuits can be identified and breaches reported in real time
- Device connections can be detected and reported, and their locations identified
- Integration with security cameras can be supported to record events
- Communication and data exchange with other systems and databases is supported
- Emergency call orientation location can be identified and reported
- AIM components can be secured
Shortly after the TIA-5017 standard was completed, Belden also discussed the specifications in its blog. Belden stated, “The ANSI/TIA-5017 standard was initiated after the U.S. federal government identified a need … It took a team of cabling, security and administration professionals, along with consultants who design security systems, to create it.” Belden pointed out the standard was approximately three years in development.
Belden further notes that TIA-5017 “can also be used to leverage infrastructure to protect other assets (people, property or premises) as a part of your overall security plan … Although many standard documents are prescriptive, ANSI/TIA-5017 is much more descriptive. This allows each facility to develop its own security implementations that will fit current and anticipated security needs while staying within budget.”
When the standard was in development, we interviewed CommScope’s Masood Shariff, who led the TIA’s Network Security Systems Task Group (see “TIA security standard to cover broad ground,” June 2014). At the time, he explained, “There are problems with security at all levels, from hacking to breaking into systems, theft, sabotage and others. The federal government is sensitive to the holes that exist in security systems, and wants to close as many of those holes as possible, for individuals as well as for itself.”
One element of the completed standard is security requirements for cabling installations with what are known as protected distribution systems (PDSs). Shariff explained in 2014, “PDS comes straight out of the military and security experts from government installations.” He cited this example: “If you take two pieces of conduit, normally the connection between them would be transparent. But for that connection to be a PDS, the joint has to be a contrast color—red or black, for example—to make it visibly obvious from a distance if the conduit has been tampered with.”
Putting the standard in some perspective, Shariff used a metaphor, saying a building’s telecommunications infrastructure is like a soldier. “The first job is to protect self,” he noted. “Make sure the soldier is protected and secure, not in trouble of any kind. Secondly, look around the environment and protect it.
“That’s the analogy for the telecom network. It is like a soldier inside the building; it needs to protect itself so it can continue to function. Secondly, protect its environment. Both are critically important.”
Shariff further explained, “The notion of taking that ‘soldier’ or telecom infrastructure, and applying it to the rest of the building and the rest of the campus is a broader notion that people hadn’t explored fully. But people are now starting to realize it’s a pretty good central nervous system in the building to sense, report, alarm any event that might occur.”
Approximately 18 months after the publication of the ANSI/TIA-5017 standard, we will continue to follow the manner in which the specifications are implemented, and continue to report our findings to you. We also encourage you to share with us your experiences specifying or implementing the ANSI/TIA-5017 standard.
Patrick McLaughlin is our chief editor.