In March 2017, the Federal Communications Commission’s (Commission) Communications Security, Reliability and Interoperability Council (CSRIC) recommended that communications service providers implement certain security measures to help prevent exploitation of carrier Signaling System 7 (SS7) network infrastructure. These recommendations were intended to increase awareness of SS7 signaling vulnerabilities, and included risk mitigation strategies for the continued use of SS7. The recommendations also listed measures, such as filtering and authentication of traffic between service provider networks, designed to promote the security of SS7 communications network traffic. Finally, CSRIC examined security practices and made recommendations related to next generation protocols that will interact with SS7 and Session Initiation Protocol (SIP) infrastructures, such as Diameter, which is the protocol that supports the accounting and authorization responsibilities of SS7 in the all-IP network and most 3G and beyond wireless networks.
In August 2017, the Public Safety and Homeland Security Bureau (Bureau) released a Public Notice recommending that communications service providers implement the CSRIC best practices. In order to help assess the effectiveness of these recommendations, the Bureau now seeks public comment and information on the implementation of these recommendations, including any progress, barriers, and lessons learned.
The Bureau seeks public comment, including from communications service providers and other stakeholders, on the implementation and effectiveness of the March 2017 CSRIC recommendations regarding SS7 security risks. The Bureau also seeks comment on any alternatives to the CSRIC recommendations that communications service providers have implemented or plan to implement to help address SS7 security risks. Comments are due May 3, 2018 and reply comments are due June 4, 2018.