Commission addresses numerous systemic failures in 911 service that surfaced after 2012 “derecho” storm.

In a matter of hours on June, 2012, a powerful, fast-moving, killer storm (dubbed a “derecho”) swept from the Midwest to Northern Virginia, a silver-dollar’s-throw across the Potomac from the FCC’s headquarters. It laid bare severe shortcomings in 911 service: from isolated breakdowns to systemic failures, 911 service was unavailable (or at least unreliable) for millions of residents for extended periods.

In the wake of that unacceptably poor performance of a critical public safety function, the FCC completed an extensive review of the 911 system begun in 2011. As a result of that review, the FCC has now imposed on 911 system service providers (SSPs) a new and rigorous set of requirements. (This latest action is separate from, but motivated by some of the same concerns as, the FCC’s Notice of Proposed Rulemaking released last September looking to require facilities-based Commercial Mobile Radio Service providers to provide daily public reports of the percentage of cell sites operating in their networks during and immediately after major disasters.)

SSPs are, generally speaking, wireline phone companies that route 911 calls from wireline and wireless phones to 911 call centers. Historically, SSPs have not been subject to detailed regulatory requirements relative to system maintenance and monitoring. Instead, the Commission has expected SSPs to voluntarily adhere to a number of “best practices” developed by several industry organizations, including (a) the Network Reliability Steering Committee (NRSC) of the Alliance for Telecommunications Industry Solutions, (b) the Network Reliability and Interoperability Council (NRIC) and (c) the Communications Security, Reliability, and Interoperability Council (CSRIC). The FCC did require SSPs to keep track of, and report, outages. Analysis of the outage reports – by both the FCC and the reporting SSP – was thought to provide adequate information, and impetus, to assure the identification and correction of any systemic problems.

The FCC’s review of the 911 system, however, demonstrated convincingly what the derecho experience had strongly suggested: the voluntary approach didn’t work, and the submission of outage reports didn’t uncover the resulting problems.

According to the Commission, the problems encountered in the aftermath of the derecho occurred “in large part because of avoidable planning and system failures, including inadequate physical diversity of critical 911 circuits and a lack of functional backup power in central offices.” Those were among the operational considerations that were supposed to be (a) avoided through implementation of best practices or at least (b) detected and corrected through routine review of outage reports.

As a result, the Commission has now developed an approach that requires all covered SSPs to take “reasonable measures to ensure 911 circuit diversity, availability of backup power at central offices that directly serve PSAPs [public safety answering points], and diversity of network monitoring links.” (What’s a “covered SSP”? Any entity that “provides 911, E911, or NG911 capabilities such as call routing, ALI [automatic location information], ANI [automatic number information], or the functional equivalent of those capabilities, directly to a PSAP , statewide default answering point, or appropriate local emergency authority, or that operates one or more central offices that directly serve a PSAP.” PSAPs themselves are not subject to the new requirements.)

In its Report and Order (R&O), and in the rules adopted in the R&O, the Commission spells out in considerable detail the steps that SSPs will be required to take. They include:

  • annual audits of the “physical diversity of critical 911 circuits or equivalent data paths to each PSAP they serve” (accompanied by certain prophylactic measures, depending on the results of the audits);
  • provision of specified levels of “sufficient, reliable backup power” tested to manufacturers’ specs;
  • annual audits of the physical diversity of the “aggregation points” in their networks (again accompanied by appropriate prophylactic measures). (The aggregation points here are those used “to gather network monitoring data in each 911 service area and the network monitoring links between such aggregation points and their [network operations center(s)])”.)

Each covered SSP will be required to submit an annual certification that it has, in fact, completed all those chores. If an SSP believes that any of the nitty gritty details specified by the Commission are not necessary for that SSP’s particular situation, or if the SSP believes that some alternative approach may be sufficient, the SSP will have to spell that all out in the certification. Any certification that includes such non-conforming provisions will be subject to more detailed review by the Public Safety and Homeland Security Bureau, which will have considerable latitude in evaluating such non-conforming provisions and, in some instances, ordering “remedial action”.

The certification will have to be signed by a corporation officer “responsible for network operations in all relevant service areas”, somebody with “supervisory and budgetary authority over [the SSP’s] entire 911 network.” The goal here is to insure that the top brass in the SSP organization are attuned to the seriousness of 911 reliability so that they make it a corporate priority. To prevent certifying officials from claiming that they were kept in the dark by their underlings, the certification will also have to “reflect the existence of internal controls sufficient to ensure that the certifying official has received all material information necessary to complete the certification accurately.”

Only the certification will have to be filed with the FCC, but the SSP will still have to maintain backup data supporting each certification for two years after the filing.

In addition to the new requirements, the Commission has also tightened up SSP obligations in the event of an outage. Now, SSPs will be required to provide detailed notification to affected PSAPs of outages within 30 minutes of discovery of the outage, with follow-up notifications within two hours of the initial contact.

The new substantive rules are set to take effect 30 days after the R&O is published in the Federal Register. When that effective date arrives, the various chores that were previously only voluntary will become mandatory right away. However, the certification requirement constitutes a new “information collection” and, thus, will have to be run through the standard Paperwork Reduction Act drill at the Office of Management and Budget before it can take effect. Because of that, and because some of the underlying chores (e.g., circuit diversity audits) will take time to implement, the Commission has specified that the first full annual certifications will be due two years after the effective date of the underlying rules. Check back here for updates on that front.

The R&O was not adopted unanimously. The Republican Commissioners – Ajit Pai and new arrival Michael O’Rielly – both dissented. While they both agree that SSPs need to be more effectively monitored, they feel that the imposition of mandatory measures is unnecessarily intrusive and burdensome and will ultimately impose additional costs on PSAPs, to whom the SSPs will pass along their own compliance costs. Both dissents expressed their respective author’s (a) preference to achieve unanimity among the Commissioners and (b) disappointment at having their suggested alternatives rebuffed by the majority. For an agency which has historically prided itself on the collegial and consensus-based nature of its day-to-day workings, a 3-2 decision in the earliest days of Tom Wheeler’s chairmanship is something of a surprise and disappointment. It’s probably too early to say for sure whether this is an aberration or the sign of a new age of dissent at the Portals. Stay tuned.