ONA requires the carriers to provide competing service providers with access to basic communications services on an equal basis. Before ONA requirements, there were few telecommunication providers and the systems they used were built on proprietary platforms. ONA involves a shift from the closed telecommunications networks of the past to open telecommunications networks. In the past, telecommunications systems and facilities were under the exclusive control of the carriers. With ONA, the opening of the telephone network to vendors and customers of enhanced services involves significantly broadening access to telecommunications systems and facilities. In addition, varying levels of access are allowed to the telecommunications systems and facilities.
A Network Operations Forum (NOF) report notes that:
While the advent of open systems interfaces has assisted the acceptance and international deployment of networking technology, it has also seen a downside in that it has become easier to intrude on networks designed with such open features. [7].
The communications protocols used between service elements and the majority of the services that were to become Basic Service Elements were already in existence prior to the ONA mandate. Some of the Basic Service Element offerings related to basic transport and signaling capabilities could be performed within the existing network without significant development work. Other Basic Service Element offerings, such as ISDN and OAM& access, require modification of the existing network. Most enhanced service vendor and customer access to network signaling and information systems require additional protections to ensure security and the reliability and integrity of the network.
The National Research Council notes that ONA can increase network vulnerability in two ways:
First, ONA increases greatly the number of users who have access to network software. In any given universe of users, some will be hostile. By giving more users access to network software, ONA will open the network to additional hostile users. Second, as more levels of network software are made visible to users for purposes of affording parity of network access, users will learn more about the inner workings of the network software, and those with hostile intent will learn more about how to misuse the network [4].
The National Institute of Standards and Technology's ``Security in Open Systems'' report [8] notes the following:
Greater network access is changing the telecommunications industry to one where many third party service providers are building products that must work with products from other companies [10], [11], [12]. This new telecommunications environment has been characterized as one with: a large number of features; multi-media, multi-party services; partial knowledge of the feature set by service designers; lower skill and knowledge levels of some service creators; multiple execution environments from different vendors; and distributed intelligence [15].
The FCC's ONA requirement for nondiscriminatory access introduces vulnerabilities into the PSN and these vulnerabilities pose a threat to NS/EP. The remainder of this section will provide a description of potential vulnerabilities introduced by the FCC's ONA requirement.