Ofcom’s Resilience and Security Guidance, confusion over internet-based calls

Posted on: 1st October 2024, by Magrathea

It is probably embarrassing to admit that we enjoy receiving an Ofcom statement when they’ve acknowledged points we have made and tweaked the outcome as a result, which is how we initially felt receiving the recent statement (see here) on resilience guidance.  However, it was short lived.

A simple footnote included in the draft guidance had us, and others, concerned that Ofcom were attempting to introduce yet another definition of voice services and one that distinguishes between voice services provided over dedicated connectivity and voice services provided via the wider internet.  ‘Primary Line’ was the term used and we responded pointing out the challenges that this would introduce.

The statement acknowledges that using this term could cause confusion and therefore removed the footnote, however they then immediately started referring to ‘digital landline’ instead!

Whatever you call it, the meaning is clear, Ofcom essentially don’t think that a voice service provided over the general internet should be used for emergency calls.  The flip side of that is, if you read it as we have, that those providing voice services relying on the general internet should not provide emergency calls, something that would immediately put them in breach of the General Conditions.

Even Ofcom recognise that ‘over the top’ services are increasing in availability as a PSTN replacement service, therefore we find it remarkable that this guidance has been shared with an established sector introducing confusion and potentially worsening levels of service received in the market today.

 

How resilient is the internet in reality?

Ofcom have concerns that voice services that run over or are exposed to the public internet are more susceptible to security compromises or outages, something we aren’t convinced there is much evidence of.  In fact, we suspect that more impactful outages occur due to issues within access networks or individual ISPs which are at least limited to their own users, it could be argued that those services with access to the wider internet have greater resilience by the very nature of the distributed design of the internet.

Regardless of Ofcom’s actual intent, we find this latest guidance to be confusing and contradictory.  We have written to Ofcom to request clarification of their intent and to help us better understand the justification for introducing a distinction of service beyond those already detailed in the General Conditions.

 

Interconnect and peering reviewed

The other topic we felt would have impact on some of our clients and partners was that of interconnect.  We argued that carrier level partners should be able to request a dedicated interconnect (i.e. avoiding general internet traffic) for critical services where they believe it is appropriate.  However, we do not believe that this requirement should be mandated for all, especially small providers wishing to exchange traffic directly for network efficiency.

The flexibility to have alternative methods where proportionate and reasonable to do so would help keep the industry accessible to small and new entrants.  Alternatives such as peering via an internet exchange for example can offer an excellent alternative and be much more cost effective.

Ofcom have agreed that arrangements such as peering via LINX will suffice, but they have not relented on the use of the general internet, acknowledging that even low volumes of traffic or users could still represent critical (e.g. emergency traffic) and should be treated accordingly.  They go so far as to say they are mindful that this change may encourage providers to exit the market, and that the topic will be covered again in the Wholesale Voice Market Review which will be in the consultation phase next year.  We will of course be actively engaged with that consultation.

Obviously here at Magrathea we want to do our utmost to prevent our smaller clients from being deterred by increasing regulatory intervention and the resulting cost, so we are working on solutions to help provide additional affordable interconnect solutions.  We will publish more details this winter but if this is of particular concern to you, please do get in touch so we can discuss the options.

The latest guidance can be found here, is effective immediately, and forms part of the work arising from the Telecommunications (Security) Act.  It contains a lot of detail, but the key points can be summarised as:

  • Providers must ensure that networks are designed to avoid or reduce single points of failure.
  • Key infrastructure points must have automatic failover functionality built in so that when equipment fails, network traffic is immediately diverted to another device or site that can maintain end user connectivity.
  • Guidance should be followed around processes, tools, and training to support the requirements on resilience.

 

Magrathea’s approach to resilience

Resilience has been at the core of what we do here at Magrathea since day one, with continued investment in our network, tech and teams our priority.  Of course, we would never be so arrogant as to claim that we are entirely fault free – we don’t believe any network can be – and problems do arise from time to time, but we can confidently say we have this aim as a core focus which filters throughout our business meaning we are constantly challenging ourselves to do better.

Ever mindful of how much impact any outages have on our clients (and their customers), we endeavour to ensure any issues that do occur are detected and mitigated swiftly and with minimal impact.  Network separation, geographic diversity, resilient interconnects and advanced monitoring tools all help us to keep any issues to a minimum, both in terms of impact and time.

At Magrathea we ensure we listen to what is important to our clients so we know for the majority that their priority is to have a network that they can rely on to ‘just work’.  So, this remains at the heart of what we do, day in and day out.  We continually invest in efficiencies, improvements and most importantly in this context, resilience testing to help ensure our clients can sleep at night.  All of this in turn helps us stay true to our mission of enabling others to build innovative solutions for their customers without worrying about the carrier side.

It always feels easier and more exciting to shout about new products and services, which we do when needed, however as a wholesale carrier our aim is to prioritise what is most critical to our clients.  So this is a great opportunity to spotlight our commitment to our core function, both the investment in our continuous improvement work and our fantastic team of voice specialists whose focus every day is to ensure our network ‘just works’.

 

Tools that enhance client resilience

As well as doing what we can to provide clients with a network that they can rely on to comply with their own resilience obligations, we also help clients with tools and features that can strengthen any measures they have in place for their customers.

For example, numbering can be made more resilient by using our automatic failover measures to re-route to new end points in the event of failures.  And for those rare scenarios where automatic detection isn’t possible, such as a commercial issue or subtle degradation of service, we have additional measures such as our ‘back up switch’ tool which with one command can force all calls to a new end point or even an alternative phone number.

For clients who prefer not to touch the voice part of the service our Mag-Net product gives them full control via a secure interface to manage the routing of calls thus reducing some potential points of failure.

Outbound calls are equally as important and again we have automated failover routing between multiple carriers to ensure your calls have the highest chance of connecting.

With resilience being so important to us all, wherever we sit in the supply chain, we are here to work with our clients to support their unique requirements and welcome a conversation if you would like to talk about how to boost your current measures.  Chances are we have a solution in place already, but if we don’t, we are often very happy to create something bespoke to help with compliance and of course to bring comfort that your service is as reliable as possible.

 

Magrathea’s guide to resilience and security

Aware that the introduction of the Telecommunication (Security) Act, the Security Code of Practice and now this new guidance from Ofcom can be a lot to absorb, our team have produced a simplified guide to help navigate the legal and regulatory requirements.  Along with a breakdown of which rules apply to which type of provider we aim to remove the complexity of focusing in on where you really need to invest in improvements to bolster your solutions.  The document will be available to clients through The Guide next week (within our MAGIC Portal) or contact our support team and they will email you a copy.

In conclusion, whilst we want to clear up some confusion and make sure Ofcom’s intentions are clear (and support our thriving sector!), we do genuinely support the spirit of the guidance and are committed to helping our clients reduce areas of weakness and build in resilience in order to provide a service with less stress, less risk and greater commercial value.

After all, what price can you put on a good nights’ sleep!