NBN Assessment Report

Secure Cyber Space http://www.securecyberspace.org

The National Broadband Network (NBN)

A Security Perspective

The National Broadband Network (NBN) of Australia is the single largest

network in terms of area of coverage and associated costs federally funded

for the sake growing a nation’s infrastructure in the Information and

Telecommunication sectors. The NBN plans to connect entire mainland

Australia to the Internet by providing 93%FTTH and remaining 7%

through next-gen wireless and satellite coverage. The NBN was initiated in

2009 at a projected federal expense estimated at A$ 43 Billion and was

expected to reach maturity by 2017.


A Federally funded investment

In April 2009, the Australian Government announced the establishment of NBN Co

with an investment of A$ 43 Billion over a 8-year period to build and operate a

wholesale-only open access National Broadband Network. The NBN represents the

first ubiquitous broadband network of its type deployed in an OECD country (other

than limited Geos like Singapore). It is based on a principle of ubiquitous access to

high bandwidth. The aims of the NBN were:

1. Connect 93% of Australian homes, schools and businesses with broadband speeds of

up to 100 megabits per second (100 Mbps) on a fibre channel.

2. Connect all other premises within Australia with next-gen wireless coverage and

satellite coverage that will deliver 12 megabits per second (12 Mbps).

3. Restructure the infrastructure market from being vertically integrated into becoming

a horizontal competitor and provide opportunities to new entrants.

Ubiquitous access to basic services has been a long-standing policy principle but

ubiquitous access to the highest level of service will now be effectively guaranteed.

Its capacity will significantly exceed current demand and it is premised on a 30-year

business model.


The NBN Co becomes the sole owner and wholesaler of bandwidth. This move is

likely to attract emerging players in the ISP domain by opening up the layer-3

connectivity. Retail service competitive advantages based on scale and network

ownership may become a thing of the past.

Layer 2 network access will be provided to retail service providers with uniform

pricing across fibre, fixed wifi and satellite access technologies throughout Australia.

To prevent other potential providers from undercutting NBN Co in metropolitan

areas, new fibre networks are required to be open access and charge similar prices;

these rules are known as the “anti-cherry picking” provisions that were passed into

law with other NBN legislation.

Once-in-a-gen

technology swap

The NBN is a once-in-a-

generation attempt to

swap out the legacy

(copper wires) network

with a fibre-to-the-home

(FTTH). While this is

expected to result in

higher cost per

subscriber, the long term

benefits and additional

market demands are

expected to outweigh the

immediate costs.

Telstra’s vertical

integration

The NBN is also an

attempt to eliminate

the apparent conflict of

interest for Telstra

which currently

operates both as a

wholesaler and a

retailer of bandwidth

and Internet services

within Australia. The

NBN is expected to

replace Telstra as a sole

wholesaler-only

operator and shift the

market to move into a

more horizontal

competition.

Disruptive brand

entrants

NBN’s restructure is

expected to provide

opportunities for new

entrants ‘infrastructure

light’ into the telecom

sector in the immediate

term. Disruptive brand

players such as

nationalised banks

(CBA, Westpac, NAB)

and retailers

(Woolworths, Coles)

could use the NBN to

enter the

communications

services market.


Technology & Access

Premises within the FTTH footprint are connected using Ethernet over a gigabit passive optical network (GPON) giving a peak speed of 1 Gbps.

One of the advantages of a GPON network is the distribution hub

requires no electronics - NBN Co. CEO Mike Quigley

The FTTP network architecture chosen

by NBN Co comprises a number of

replicating modules which is

combined to make up the FTTP

network. A fibre distribution area

includes up to 200 premises linked up

to a fibre distribution hub. A fibre

serving area module comprises 16

fibre distribution areas, which services

up to 3,200 premises.

Communication and networking

technology has been growing steadily

in the recent years. World over,

Telecom Service Providers are

strengthening their networks to cope

with the change. Economies of scale

seem to be the natural incentive. As a

consequence, the capacity or

bandwidth available per service per

user is also increasing.

A fibre-optic cable, known as the "drop fibre", goes from the

premises to the street ending at the top of a power pole or in an

underground pit. The "drop fibre" cable joins a "local network"

which links a number of premises to a splitter in the fibre

distribution hub. A "distribution fibre" cable connects the splitter

in the distribution hub to a fibre access node, which is linked up to a

Point of Interconnect (PoI).


Network Resilience & Flexibility

Devices that deliver such services are

becoming more and more powerful,

further fuelling the growth in capacity

or bandwidth availability. Obviously,

user expectations are also on the rise.

With the result, world over “carriers”

are morphing themselves

appropriately, to be able to carry time-

sensitive high volume data.

As reaction times for failures are

reaching milliseconds in time-sensitive

high volume data services, network

resilience is becoming the key to

design. The two key handles available

to ensure resilience are topology and

recovery technology. The topology for

resilience is a natural ring formed

during the laying of fibre itself. While

topology is terrain dependent, the

recovery technologies increasingly

being realized in hardware, firmware,

and software are providing the much-

needed flexibility.

Comparing Speed Vs. Distance

Source: NBN Co. Corporate Plan, Published Dec 2010


Fixed Wireless & Satellite Coverage

NBN Co plans to deploy a 4G Long

Term Evolution fixed wireless network

covering approximately 4 per cent of

the population outside the fibre

footprint. The premises in the fixed

wireless footprint will be hooked up to

an antenna allowing a connection to a

wireless base station; the base station

links to a PoI via a backhaul. The 2.3

GHz and 3.4 GHz spectrums will be

used to deliver these fixed wireless

services. Unlike the mobile networks,

only premises can connect to the

NBN's fixed wireless network. Users at

the edge of the coverage for each base

station will receive a peak speed of 12

megabits per second, the speed

increases “considerably” moving

closer to the base station.

NBN Co is expected to launch two Ka band satellites by 2015, each offering 80

gigabits per second of bandwidth, compared to four to six gigabits per second

capacity available from current satellites servicing Australia. The satellites will be

used to bounce signals from a satellite dish on the premises to an earth station,

known as a "gateway"; the gateway is then connected to a PoI via a fibre backhaul.

Source: Wikipedia – About the National Broadband Network, Australia


Transforming the IT service industry

By taking the cuffs off on the bandwidth limitations, the NBN will allow much more

bandwidth hungry applications to be hosted and stored on clouds. Besides, location

and market access that have long since been controlled by the big players, may no

longer dictate success factor in the federally-controlled NBN network. This move is

likely to attract many new players into this arena in the coming years. This has the

potential to alter

the way in

which IT

services are

delivered and

consumed in the

years to come.

The

telecommunic

ations and

media marketplaces will change out of recognition following the

deployment of the NBN. However, the winners and losers will depend

on the strategies adopted by the individual players and the evolving

regulatory landscape for the next five years. - Allen & Overy

The additional capacity that NBN brings to the table is likely to call for a revamp of

the existing service delivery mechanisms and better integrate them for providing

consolidated online service packages. Such services can include free-to-air television,

satellite television, voice and data calls, teleconferencing, telebanking, lessons on-

demand, social networking on-demand and many more. Furthermore, delivering

such services over a variety of media such as mobile and fixed devices is likely to

become the norm.


Providing high-quality content

On 12 August 2011, NBN Co

announced details of a multicast

facility to enable delivery of quality

video and interactive services by any

NBN retail service provider to any

fibre-connected consumer. This add-on

feature will give retail service

providers the opportunity to introduce

triple-play voice, broadband and video

content to their fibre-based customers.

It will have the capacity to provide

content such as non-English speaking

channels, high-definition television,

3D television, and interactive services.

While the multicast feature will

initially be available only on the fibre

access network, NBN Co may offer

multicast over the wireless and

satellite access networks in the future.


Source: NBN Corporate Plan 2013-2016, NBN-FI-CFO-019, June 2013

Fibre Access Nodes & Aggregation sites

The majority of NBN Co’s FAN sites

(NBN Co plans for approximately 940

FAN sites) and 121 PoIs are to be located

inside existing Telstra exchange buildings.

These buildings provide the necessary

physical environment (such as temperature

control, security and access to

uninterrupted power) for complex active

equipment and are also the termination

points for Telstra’s Duct and Dark Fibre

Networks which are being extensively used

by NBN Co.

On handover, NBN Co carries out any

additional site make ready works (such as

installing additional power or cooling if

required) and installs the basic Common

Network Infrastructure (CNI) such as rack

shelving, Optical Distribution Frames

(ODFs), Fibre Termination Panels (FTPs)

and patch cables.


NBN Delivery & Partners

Ten of the 121 PoIs are being constructed

for NBN Co by Emerson. These facilities

will also contain equipment designed to

house NBN Co facilities and to act as

central depots for essential network

spares. NBN Co will have two such

facilities in each of the major capital cities.

NBN Co has engaged Nokia Siemens

Networks (NSN) to provide a turn-key

solution for its rollout, of the DWDM

Network which is designed and installed

on a ring-by-ring basis.

adapted from NBN Corporate Plan 2013-2016, NBN-FI-CFO-019, June 2013 * Kindly note that the figures noted in this table may include forecasts and are subject to change from when they were reported\

The Dark Fibre phenomenon. A significant proportion of the fibre for the Transit

Network is ‘Dark Fibre’ being provided by Telstra. Dark Fibre consists of a pair of fibres in

an existing Telstra fibre optic cable, which is reserved exclusively for NBN’s use. NBN’s

FANs and PoIs are predominantly located in Telstra exchanges, and Telstra has high

capacity fibre links between these sites as part of its own core network. In addition to using

Dark Fibre Links provided by Telstra, NBN Co has entered into agreements that will give it

access to fibre built as part of RBBP.


Post-NBN Landscape

Higher speed broadband will

provide a discernible improvement

in the user’s experience, not only by

reducing the time required to

download large files, but also to

enable participation in high quality

real-time audio visual

communications.

adapted from Towards Universal Broadband Access in Australia, ITU Report, July 2012

While the NBN Co. promises to deliver high-speed broadband throughout

Mainland Australia, it remains up to the retailers such as Telstra, Optus,

BigPond, iiNet and others to package their Internet services in a manner that

is readily consumable.

From

a pred

omin

antly

static interactiv

e phase, N

BN

is likely to lau

nch

Au

stralia into an

era of hig

hly in

teractive onlin

e virtual en

viron

men

t. This level of in

teraction, n

ot witn

essed so

far can h

ave far-reaching

imp

acts on the en

tertainm

ent an

d edu

cation sectors.


Given the propensity for IT services to become integrated in the post-NBN era, cloud

based storage and service hosting as well as customised service delivery are likely to

take the driver’s seat. In such a scenario, access to data and their control are the

primary concern. New technologies in access control and privacy and trust management

are likely to be born.

Today, many of these concerns remain with the individual; however, as critical

infrastructure systems get integrated with the NBN, the access and control to and

from the NBN is likely to gain a new meaning. When operating at 10x and 100x speeds,

the name servers and the gateway routers may increasingly become absorbed into the critical

infrastructure framework. Besides, reliability and availability of services over the NBN

may gain critical

importance.

Individuals and

businesses can no

longer afford to be

disconnected from the

network in a post-

NBN world.

While the NBN promises

to deliver very high-speed

raw bandwidth, its true

potential can only be unlocked by tapping into the applications and their delivery

mechanisms. This is likely to give rise to several new entrants in the app-space and

possibly in the cloud-based market. However, guaranteeing the fundamental

principles of confidentiality, integrity and access-control are going to hold the key.

New age electronics and embedded sec-mecs1 are potential light bearers in such an

arena.

1 Stands for security mechanisms


Post NBN Era: The Cybersecurity Angle

Major players like Telstra, BigPond and Optus are looked up on for leadership in providing

security solutions in the end-user space; more to the point, these players are likely to continue

their dominance over bandwidth retail space and providing usable Internet solutions

including cloud environs and ISP services.

The dramatic breakthrough in speeds

is likely to call for novel approaches in

securing IT enabled services to be

delivered and secured. Traditional

technologies involving packet

inspection can require a rethink when

time-critical applications enter the

fray.

When major organizations and critical

infrastructures are targeted, the

damages are likely to be catastrophic.

Interestingly, while SLAs are in place

to drive the NBN implementation, it

remains unclear how the service

providers such as Telstra, Optus,

BigPond and iiNet are going to operate

the sudden spurt of IPs that are likely

to spring up. Moreover, significant

challenges in protecting the

infrastructure may need to be met to

support the projected end-user

bandwidth.

In an increasingly growing and connected world, anything and

everything is fair game!

As much as the NBN is likely to interconnect systems far-and-wide across Australia,

it exposes the service providers like Telstra and Optus who are likely to bear the

brunt of potential threats and cyberattacks. While technologies such as IDS and IPS

exist, handling packets at the rate of several Gbps within the core network can

require a drastic rethink in strategy leading to valuable innovations. As envisaged,

embedded hardware designs may be trusted with the task of handling the speeds.

Today, this remains is anyone’s game!


Challenges for Tomorrow

The rate of uptake is directly proportional to the level of maturity that the NBN

experiences. Besides, as the level of exposure increases, systems may need to be

able to evaluate their risks against exposure. We conclude our report by outlining

four grand challenges in the post-NBN era.

Trustworthiness. This is likely to

motivate new R & D for assessing the

trustworthiness of systems requesting

connections to the NBN. The connection

requests coming from open networks and

systems are likely to come under scrutiny.

Providing service level guarantees may

provide short term gains – however, new

technologies may be called for assess the

trustworthiness in the long run.

Enterprise Security metrics. A

corollary to the trustworthiness

challenge is the ability for a NBN-

connected system to measure its security on

an ongoing basis. Enterprise security

metrics can take a new meaning.

Human speed will not cut it anymore. Threats are too fast and too

vast - FBI Director James Comey

Reliability, Availability &

Robustness. Once connected to the

NBN, systems cannot afford to go offline.

Mechanisms in provable security for

guaranteeing five-9 SLAs can give birth to

new technologies that can integrate with

the NBN architecture in a scalable

manner.

Resilience & Regeneration. As more

advanced system are being developed

with increasingly large amount of

intelligence built-in, an NBN-connected

can be expected to be resilient to external

and internal cyber-attacks and regenerate

for full-functionality. Systems with such

capability may become preferred over

existing systems which can lead to a

more dynamic NBN.

With

the projected u

sage m

odels that are likely

to influ

ence ou

r futu

res, this m

ay be an

exciting

opp

ortun

ity to d

evelop in

nov

ative w

ays to light u

p th

e dark fibres as N

BN

begins to realise its

true p

otential


References

1. NBN Corporate Plan 2013-2016, NBN-FI-CFO-019, June 2013

2. NBN Corporate Plan 2010-2013, Dec 2010

3. Colin Oliver, Toward Universal Broadband Access, ITU Report, July 2012

4. Colin Oliver, Toward Universal Broadband Access, ITU Report, Nov 2009

5. Amy Lind, The New Broadband Buildout, IBM Whitepaper, Dec 2009

6. Rohan Pierce, NBN 2.0: What future for Australia’s NBN?, ComputerWorld

Magazine, Nov 2013

7. David Anthony, The National Broadband Network and South Eastern NSW,

Discussion Paper, Sept 2011

8. Matt Yardley, Developing successful PPP to foster investment in universal

broadband networks, ITU Report, Sept 2012

9. The National Broadband Network: Opportunities, Govt. of Victoria, Melbourne,

VIC, 2009

10. The Impact of the National Broadband Network on the Communications Sector: A

forensic view, Allen & Overy Venture Consulting, Feb 2011

11. NBN: An implementation study, NBN Co report, July 2013

Documents

NBN Assessment Report