Protecting BellSouth:

1
Protecting BellSouth Implementing Security
Governance
2
BellSouth
Wireless
Wireline
Advertising Publishing
Broadband

• Over 21M Access Lines
• 25M Cingular Wireless Customers
• Ranked 80 on Fortune 500
• 64,100 Employees

3
BellSouth Background
20 of the Nations Critical Telecom
Infrastructure 56 Military bases 950
Hospitals Over 100,000 911 dispatches per day
Unique and special responsibility to our
stakeholders and our country.
4
History of Response

• Since 1992 weve responded to
• 16 Hurricanes
• 4 ice storms
• 5 floods
• Florida wildfires
• Countless tornadoes

21
We had a good foundation but recognized that
malicious attacks present a new set of challenges.
5
Natural Disaster vs Malicious Attacks

• Natural Disasters
• We know where it will hit
• There is planning time
• We have evacuation time
• We can set-up emergency
• centers

• Malicious Attacks
• Little to no warning
• Targeted for disruption and
• destruction
• Secondary attacks are typical

6
BellSouth Business Continuity and Security
Governance
BellSouth Security Council
Business Continuity and Security Council
Corporate Security Tracking and Prevention
Emergency Response
Business Continuity and Disaster Recovery
Capabilities Policies
Drills and Emergencies
National Critical Infrastructure Protection
7
Our Challenge

Updated Governance Structure
Organization And Operational Frameworks
Drills And Natural Events
Solidified Working Components of Security Council
Industry Best Practices
Existing Response Capability
8
Emergency Response
Business Continuity and Security Council
National Coordinating Center
Security Team
Network Emergency Operations Center
Public Relations Crisis Team
Human Resources Crisis Team
Information Technology Crisis Team
Corp Real Estate Services Crisis Team
Business Continuity Crisis Team
Network Crisis Team

• Charter
• Provide overall security event command and
  control, crisis management, and communication
  management following any emergency event

9
Emergency Response
Incident Occurs
Security Team
Security Council
Senior Staff
General Officer Body
Notifies
Extends to
Informs

• Drive Business Continuity Activities

• Convene in 5 mins
• Establish Command and Control
• Share information
• Assess impact
• Develop response
• Activate Crisis Teams
• Employee Media Communications
• Security Council update within 30 mins
• Reconvene regularly until situation is resolved

• Convene in 5 mins
• Share information
• Activate Extended Security Council
• Executive Continuity and Relocation
• Provide Security Team Guidance
• Manage Officer Communications

• External Executive Communications
• Executive Continuity and Relocation

10
Communication Tools

Response

• Communications Bridges
• Incident checkpoint briefings
• Communications Hotlines
• Ongoing status and information exchange
• BellSouth Employee Im Okay Line
• Internal check to account for each employee
• BellSouth Info-NOW
• Ongoing status information to BellSouth
  employees

XXX
1-XXX-BLS-Info-NOW (XXX-XXXX)
XXX-XXXX
XXX
1-XXX-BLS-Im-OK
GETS Increases probability of completing a
wireline emergency call Wireless Priority
Telephone Increases probability of completing
a wireless emergency call Satellite Phones
Communications via satellite technology
11
Recovery

Recovery

• Charter
• Oversee all aspects of the recovery of BellSouth
  assets (Physical, Network, Logical, Human) as
  well as disaster recovery and business
  continuity.
• Has been exercised through
• Enhanced 43 Business Continuity Plans
• 16 Business Continuity Drills
• Executive Continuity Plans 3 Drills conducted
• Planning for potential CWA work action

12

HAZMAT Capability
Recovery
Ability to support critical infrastructure and
associated tasks with internal NBC team
13
Prevention

• Charter
• Manage and monitor activities necessary to
  prioritize and operationalize opportunities to
  prevent security incidents.
• Update policies and procedures
• Drive priority projects to resolution
• We instituted
• Patch Management
• Enhanced Security Policy Procedures
• Enhanced Background Checks
• Centralized User Provisioning

14
BellSouths Challenge Critical, Complex IT
Environment
gt65,000 desktops
gt13,000 Servers
gt20,000 laptops

gt1000 Systems
gt100,000 Change requests per month
gt50M transactions per day

• Centrally and locally managed
• Spread across nine states

15
Cyber Specific Policies

• Extended Corporate Security Standards to include
  Patch Management and virus protection
  requirements
• Implemented policy to require all devices to use
  AntiVirus software
• Enhanced employee Code of Ethics to include
  responsibility for protection of information
  resources
• Developed policy to require standard procurement
  of information resources

16
Improved Patch Management
Inventory devices Inventory and upgrade software
levels Force application of security patches
17
Cyber Fit Campaign
18

National Participation and Support
Response
Recovery
Prevention
National Infrastructure Advisory Council
19
Questions
?
?
?
?
?
?
?
?
?