Optus, iiNet concerned at 'relaxed' NBN infosec rules

By on
Optus, iiNet concerned at 'relaxed' NBN infosec rules

Ring fencing round two.

Optus and iiNet have voiced concerns that hard-fought rules on how Telstra handles confidential information it receives in the course of migrating users onto the NBN are about to be "relaxed". 

The concerns are raised in submissions to a Department of Communications inquiry on revised migration plan principles - regulations that govern how Telstra transitions mostly copper customers to the National Broadband Network.

The revisions are required to implement the multi-technology mix (MTM) rollout strategy, according to the Government.

They include neutralising fibre-specific references in the old plan, "clarifying" Telstra's responsibilities, and reflecting changes in the new definitive agreements between Telstra and NBN Co. The proposed changes also incorporate key learnings from the first areas where copper customers have been migrated to NBN fibre.

But iiNet chief regulatory officer Steve Dalby has argued that the new definition of NBN Co 'migration information' in the revisions represents a relaxation of information security rules because it only applies to the FTTP portion of the NBN rollout - a shrinking piece of the NBN.

Although there is a provision for information related to the growing FTTB, FTTN and HFC portions of the network to be protected, the clause is only operational "from time to time", and its operation is contingent on a number of exclusions. (pdf)

"As regards information that relates to FTTB, FTTN or HFC, the definition of NBN information in schedule 4 of the 2015 migration plan principles effectively allows Telstra to have complete discretion over whether, or the extent to which, any information relating to the FTTB, FTTN or HFC rollout is covered by the NBN information obligation," Dalby said. (pdf)

Optus, meanwhile, focused its submission on schedule 2 of the new draft migration plan, which lists "matters which are outside Telstra's responsibility".

Given Telstra's recent contracts for the design and rollout of the FTTN portion of the NBN, Optus noted that "Telstra, as key vendor to NBN Co, would have internal knowledge of the FTTN rollout".

"In this role Telstra is likely to receive sensitive information in advance of other [retail service providers]," Optus' head of interconnect and economic regulation Andrew Sheridan said. (pdf)

"Processes must be put in place that effective [sic] ring fence the Telstra divisions that deal with the planning and deployment of NBN and retail or shared divisions.

"Rigorous information security processes need to be established so that Telstra does not receive a competition advantage due to its role as a key vendor to NBN Co. The process must cover both FTTN and HFC networks."

Despite the industry concerns, the Government asserted in December [pdf] that there was "no compelling reason to further extend the application of the information security provisions of the current migration plan to information related to the FTTN, FTTB and HFC components of the NBN".

It believes a new carrier license condition for NBN Co, and the operation of existing competition laws as well as the definitive agreements, could act in place of specific information security rules for the handling of FTTB, FTTN and HFC data. (pdf)

iiNet and Optus have a long-running interest in the information security rules governing Telstra's handling of confidential NBN information.

The first iteration of Telstra's information security plan for dealing with such information involved significant wrangling and revisions, as Telstra sought to limit its effect. Optus and iiNet were among ISPs at the time that sought specific regulatory protections.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?