Disruptions to Communications

Federal Register, Volume 81 Issue 133 (Tuesday, July 12, 2016)

Federal Register Volume 81, Number 133 (Tuesday, July 12, 2016)

Rules and Regulations

Pages 45055-45068

From the Federal Register Online via the Government Publishing Office www.gpo.gov

FR Doc No: 2016-16274

=======================================================================

-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 4

ET Docket No. 04-35; FCC 16-63

Disruptions to Communications

AGENCY: Federal Communications Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: In this Report and Order, the Commission updates several of its outage reporting metrics, methodologies, and procedures for a number of providers covered in the Commission's rules concerning disruptions to communications and directs the Public Safety and Homeland Security Bureau (Bureau) to further evaluate issues related to the sharing of information from the Commission's Network Outage Reporting System (NORS) with state and federal partners. The Order on Reconsideration limits outage reporting for events affecting airports to outages that impact airport critical communications, and exempts satellite and terrestrial wireless carriers from reporting outages affecting all ``special offices and facilities.''

DATES: The final rules are effective August 11, 2016, except 47 CFR 4.5(b) and (c), 4.7(d) and (e)(2), and 4.9 (a)(2), the second sentence in paragraph (a)(4), the second and sixth sentence in paragraph (b), (e), (f)(2), and the second sentence in paragraph (f)(4) which contain new or modified information collection requirements that have not been approved by OMB. The Federal Communications Commission will publish a document in the Federal Register announcing the effective date.

FOR FURTHER INFORMATION CONTACT: Brenda D. Villanueva, Attorney Advisor, Public Safety and Homeland Security Bureau, (202) 418-7005 or brenda.villanueva@fcc.gov.

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Report and Order and Order on Reconsideration in PS Docket Nos. 11-82 and 15-

80 and ET Docket No. 04-35, adopted on May 25, 2016, and released on May 26, 2016. The full text of this document is available for public inspection during regular business hours in the FCC Reference Center, Room CY-A257, 445 12th Street SW., Washington, DC 20554, or online at https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-63A1.pdf. This Order updates several of the Commission's outage reporting metrics, methodologies, and procedures for a number of providers covered under its part 4 rules concerning disruptions to communications and directs the Public Safety and Homeland Security Bureau (Bureau) to further evaluate issues related to the sharing of information from the Commission's NORS program with state and federal partners.

Synopsis of the Report and Order

1. Report and Order

   1. Codified in part 4 of our rules, outage reporting requirements support our public safety goals by directing providers to report network outages that exceed specified magnitude and duration thresholds. Outage data give the Commission an overall picture of communications network reliability that

      Page 45056

      enables it to identify adverse trends. In turn, the data enable Commission staff, working closely with providers and industry working groups, to understand and address systemic vulnerabilities. Such collaborative efforts have led to measurable improvements in network reliability and resiliency, and to the formulation of policies to promote more reliable and secure communications. Moreover, outage reports, particularly in the early stages of a communications disruption, provide critical situational awareness that enables the Commission to be an effective participant in emergency response and service restoration efforts.

      1. Major Transport Facility Outages

   1. Major Transport Facility Outage Metric and Threshold

   2. In 2004, the Commission required outage reporting for communication disruptions impacting major transport facilities, specifically those with significant traffic-carrying capacity, such as DS3 circuits. The Commission created a metric and threshold for this outage reporting in standards defined in impacts to DS3 circuits; specifically, the Commission adopted DS3 as the base metric and 1,350 DS3 minutes as the reporting threshold. Since then, our part 4 rules require a covered provider to file reports with the Commission in the NORS online database when a DS3 circuit (or its equivalent) that it owns, operates, leases, or otherwise utilizes, experiences a communication disruption that lasts for at least 30 minutes and meets the 1,350 DS3 minute threshold. When the Commission originally adopted the part 4 rules, DS3 circuits were the ``common denominator,'' that is, the standard facility used in networks for major traffic transport. Today, however, providers use larger, fiber facilities for major traffic transport, and thus have decreased their use of DS3 circuits. This shift has rendered the DS3-based reporting metric and the corresponding 1,350 DS3 minute threshold obsolete and unhelpful for outage analysis. This is borne out by the past ten years' NORS data, which show a marked increase in reported DS3 standard-based incidents that involve only minor disruptions that are unlikely to have any significant communications impact or jeopardize public safety. In the same period, the industry has broadly adopted OC3 as the predominate architecture for major transport facilities.

   3. Accordingly, in the Notice, we proposed to change the base major transport facility outage reporting metric from DS3 to OC3, to preserve our near-and medium-term ability to obtain critical information to analyze communications network reliability. We also proposed a corresponding reporting threshold shift from DS3 minutes to OC3 minutes. Finally, we proposed language to ensure inclusion of other transport facilities beyond OC3, i.e., ``other circuits or aggregations of circuits that provide equal or greater capacity.'' To effectuate that technologically neutral objective, we proposed to adjust the number of OC3 minutes based on some measure of equivalency to the current 900,000 user-minute threshold for voice-grade users, which we posited as 667 OC3 minutes. Despite suggestions to move our metric to OC12 or higher, we find that OC3 gives us the right amount of visibility into customer access circuits that may not be captured by a metric above OC3.

   4. The record reflects strong support for adjusting the major transport facility outage metric and threshold as we proposed in the Notice. Several commenters agree that major transport traffic now takes place more on fiber than on DS3 circuits. Many commenters also acknowledge that changing the standard as proposed will give the Commission information on significant outages that are more likely to have a material impact on users. Indeed, commenters predict that the change from DS3 to OC (whether at OC3 or above) will enhance outage reporting efficiency and reduce reporting burdens while also ensuring that the rules continue to target high-capacity facilities and track major outage events that have a material impact on users. Commenters also agree that changing the standard from a DS3 basis to a higher capacity level basis will reduce the number of outage reports required for relatively minor incidents.

   5. Despite broad support that the major transport facility outage reporting metric should change from a DS3 to a higher capacity, those supporting the change do not agree on what that specific capacity level should be. Several commenters share our view that the new metric should be based on OC3--where the threshold would be 667 OC3 minutes. Others, however, propose alternative metrics and thresholds. For example, some commenters suggest OC12 (or similarly high capacity level) as the appropriate standard because, in their view, it more properly reflects the past decade's network technology advancements than OC3. Others, like CenturyLink, push for an even higher metric, e.g., OC48 or OC192.

   6. AT&T, on the other hand, recommends an OC12-based metric, and further proposes to measure the transport facility's ``working'' capacity, as opposed to our current measure of ``failed'' capacity, as the appropriate standard for reporting. In support of its working capacity proposal, AT&T explains that OC3 circuits are usually on its network edge (e.g., enterprise local loop and access services), and thus it argues that an OC3 metric would provide little insight on outages affecting the core of the network. Ultimately, AT&T proposes the elimination of major transport facility outage reporting altogether, and advocates instead that the Commission focus on events that impact customer service, such as ``end office isolations, SS7 isolations, call blockages, and E911 failures.'' AT&T maintains that in proposing a new metric and threshold, we miss an opportunity to conduct a comprehensive review of the information that will ``best apprise the Commission of the overall health of the nation's networks,'' and, that failed transport capacity is an inadequate metric because it does not necessarily reveal the effect on customers' service or provide an accurate portrayal of network health.

   7. Comcast proposes to abandon a time-division multiplexing (TDM)-

      based metric and advocates using a bandwidth-based metric instead. Comcast advocates for the adoption of a ``bandwidth-based standard, such as 1GB outage that lasts for at least 30 minutes.'' Comcast further suggests that its approach can accommodate future changes more readily than a TDM-based standard. Verizon disagrees, arguing that more study is needed to ensure Comcast's platform-shift approach would capture a ``genuine outage or significant degradation of service,'' and ``apply on a cross-platform basis.''

   8. We adopt our proposals to (i) change the metric and threshold for major facility outages from a DS3-based to an OC3-based metric, and (ii) adjust the threshold to 667 OC3 user minutes accordingly. There is substantial record support for moving our metric to a standard based on higher capacity levels (e.g., to OC3 or higher). These changes update our major transport facility reporting to reflect prevalent technological changes in networks, and do so in a logical and technologically neutral manner. Compliance with this revised metric shall begin no later than 6 months after the Effective Date of the rules.

   9. Moreover, multiple commenters agree that providers have been moving a majority of their traffic onto larger fiber facilities, a trend that is likely to continue. Thus, although a DS3-based

      Page 45057

      metric may have been the right standard for 2004's predominant technology for major transport, it is no longer appropriate. At this time, adjusting the metric to OC3 will streamline the reporting in general, a benefit both to providers and the Commission alike through reduced reporting of minor incidents, allowing time and resources for an increased focus on meaningful outage reporting that is more likely to have a user material impact.

   10. At this time, we are not persuaded by those commenters who advocate for a higher OC level. An OC3-based metric will generate the visibility into the network components that an OC12-based metric may not, as it would capture access circuit outages for business customers. Setting a metric at OC12 would provide the Commission with limited, inadequate visibility into major transport facility infrastructure and related outages, i.e., those beyond the network core. Further, we recognize that some networks may utilize OC3 circuits as access circuits and others may utilize them for interoffice facility traffic, and so an OC3-based metric may not provide the same degree of visibility into operational health for all providers' networks. Nevertheless, we believe that basing our outage reporting requirements at the OC3 level ``or their equivalents'' as proposed in the Notice captures the important communication disruptions in networks large and small, regardless of providers' OC3 circuit usage. Moreover, an OC3 metric allows the Commission to better focus on outage trends that may uniquely affect small and medium-sized businesses, whose traffic is often transported over OC3 facilities. Therefore, we adopt an OC3 metric for major facility outages.

   11. In doing so, we affirm the importance of an independent outage reporting requirement for major transport facility failures. Through the collected information on the ``potential impact on all communications services of major infrastructure failures,'' specifically information about ``infrastructure components having significant traffic-carrying capacity,'' as the part 4 rules were intended to capture, our work has led to increased collaborative efforts with providers and a more efficient mitigation of outage trends. AT&T's proposal to eliminate major transport facility reporting requirements assumes that (1) our 900,000 user-minute threshold captures the same visibility of major transport facilities as our current DS3 metric and threshold, and that (2) providers only use OC3 circuits as access circuits to conclude that the adoption of our proposal would lead to duplicative reporting. While a few communication disruptions may be reportable outages because they meet both thresholds (900,000 user minutes; 1,350 DS3 minutes), by having the two metrics and thresholds we capture outages caused by switch failures or major transport equipment failures. Therefore, if we eliminated the major transport outage reporting, we would likely miss communication disruptions experienced in interoffice transport facilities. Moreover, while some providers, such as AT&T, may use OC3 circuits as access circuits, other providers may design their networks differently and some customers, like small and medium-sized businesses may be uniquely impacted at the OC3 level. To address networks designed like AT&T's, the rules adopted today capture communication disruptions experienced in higher capacity levels than OC3, by defining OC3 minutes using OC3 ``or their equivalents.''

   12. The adoption of the OC3 metric ensures an appropriate level of Commission visibility into the resiliency and reliability of critical infrastructure presently--and for at least the near-to-medium term--in use in communications networks for major traffic transport. Such visibility, adjusted to the OC3 level, is an essential component of the Commission's network reliability and public safety duties. Thus, we decline proposals to eliminate major transport facility outage reporting.

   13. Finally, two commenters suggest alternative proposals, neither of which provides the needed visibility into the nation's networks for the Commission to ensure communications are reliable and resilient. AT&T's ``working capacity'' proposal would use a measure such as ``the percentage of the circuit dedicated to voice channels.'' It would thus require providers to assess whether and when to give the Commission the major transport facility outage reports it needs. Our current requirements give clear direction: once a DS3 circuit experiences a communication disruption for at least 1,350 DS3 minutes and lasts for at least 30 minutes, the provider must report the outage accordingly. As announced in 2004, we continue to believe that ``our concern is the failure of working DS3s regardless of the services being carried or the fill at the time of the failure.'' Significantly, AT&T's ``working capacity'' proposal would generate burdens on providers by imposing measurement mechanisms based on a working capacity metric that, as an initial step, would require the provider to identify the percentage of the circuit dedicated to voice channels. It remains unclear whether other providers can measure working capacity on their facilities at this time, or the costs involved with such monitoring. It is also unclear how AT&T's proposal applies in the legacy or the transition network contexts. Further, AT&T's proposal would constitute a shift that does not comport with the logic of outage reporting, which necessarily focuses on what does not work, instead of what does work. Accordingly, we reject AT&T's ``working capacity'' proposal.

   14. Comcast proposes a bandwidth-based standard for major transport facility outages, as described above. The proposal requires further study and therefore cannot be the basis to change our metric and threshold for major transport facility outage reporting at this time. We agree with Comcast that data traffic makes up an increasingly large part of bandwidth needs for transport services. We also note that we are in a state of transition from TDM to IP. This state of transition requires reporting requirements that are sufficient to capture outages in both TDM and IP networks, including specifically those outages impacting physical facilities and network components (e.g., copper and fiber cables, networking switches and routers). We also believe that the successful and reliable delivery of IP-based services and applications (e.g., email) is important. The OC3 metric and 667 OC3 minute threshold adopted today address outages in major transport facilities carried through TDM-based and SONET facilities. We nevertheless find that Comcast's proposal has merit and seek further input on broadband reporting thresholds in the related Further Notice. Therefore, we decline to adopt Comcast's proposal for a bandwidth-based standard for reporting at this time.

   2. Simplex Outage Reporting

   15. Under our current rules, providers must file reports for simplex event outages lasting five days or more. A simplex event occurs when a DS3 circuit, designed with multiple paths to provide circuit resiliency, experiences a failure on one working path. In the Notice, we proposed to shorten the reporting window for simplex events to 48 hours. As we explained, in recent years the Commission has noticed an uptick in simplex outage reports, which suggests that our expectations that providers would implement best practices for resolving such events when we established the five-day reporting window were not met. Thus, in the Notice, we concluded that our proposed 48-hour window would ensure that

       Page 45058

       providers properly prioritize service maintenance and restoration in the event of simplex outages.

   16. Most commenters oppose our proposal to reduce the reporting window from five days to 48 hours. Several commenters argue that factors such as weather, other hazardous conditions, or the complexity of repair tasks could render a 48-hour target unattainable in many cases. Other commenters claim that a 48-hour window would unnecessarily increase reporting burdens as well as compliance costs without corresponding benefits. Some commenters maintain that, rather than tighten the window, the Commission should eliminate outage reporting for simplex events entirety. And, although Verizon supports the status quo, it argues that a three-day threshold would be preferable to a 48-

       hour threshold as a way to better accommodate service providers' practices and technician maintenance and work schedules.

   17. We conclude that simplex outage reporting remains an important part of the situational awareness matrix that NORS provides. The Commission has a responsibility to ensure network reliability and resiliency, including in major transport facilities designed with a built-in path protection. Over the years, we have observed a rise in simplex event outage reports as the rule stands now with the five-day reporting window, which appears to indicate that providers filing these reports are not able to repair the simplex events in a period less than five days.

   18. We are persuaded by the record, however, that moving the reporting window from five days to 48 hours may not strike the proper balance between providers' best practice-driven repair and maintenance capabilities and incentives, and the Commission's situational awareness needs and network reliability-assurance goals through simplex event outage reports. We acknowledge, as some commenters argue, that factors such as weather or hazardous conditions impact service repair. We cannot, however, ignore that extended simplex events jeopardize service reliability.

   19. Accordingly, we adopt a four-day interval for simplex outage reports. Further, compliance with this revised interval shall begin no later than six (6) months after OMB approval. In this regard, we reject proposals by some commenters to maintain the current five-day window, which we view as inadequate to incent timely repair, and we reject those calls for eliminating simplex reporting altogether. The Commission has a responsibility to ensure network reliability and resiliency, including in major transport facilities designed with built-in path protection, and simplex reporting is a needed and helpful tool used to meet this responsibility.

   20. Currently, we require that providers report simplex events lasting longer than 5 days; we have not required reports for events repaired within five days. A provider may experience a short simplex event, conduct necessary repairs within five days and not be obligated to report the event under part 4. We no longer believe that our five-

       day reporting window for simplex outages is an adequate measurement tool to ensure network reliability and resiliency. The four-day reporting window that we adopt today is designed to alert the Commission to trends that include significant outages, while also accommodating Verizon's suggested need for providing a reasonable amount of time to address the outages before the reporting threshold is met.

       2. Wireless Outage Reporting

   1. Calculating the Number of Potentially Affected Users in Wireless Outages

   21. To determine if a wireless network outage is reportable based on meeting the 900,000 user-minute threshold, a wireless service provider must calculate the number of users ``potentially affected'' by the outage. Pursuant to Sections 4.7(e) and 4.9(e), providers should perform the calculation ``by multiplying the simultaneous call capacity of the affected equipment by a concentration ratio of 8.'' This call capacity measurement is typically undertaken at the mobile switching center (MSC). As wireless technologies have evolved, however, providers have made different technological and engineering choices, resulting in a variety of methods by which they measure simultaneous call capacity. These developments have led to a lack of methodological consistency among providers in reporting outages. Such inconsistencies compromise the Commission's ability to detect and analyze wireless network outage trends.

   22. We proposed in the Notice to adopt a more standardized, technologically neutral method for calculating the number of users ``potentially affected'' by a wireless network outage. Under the first approach, wireless providers would calculate potentially affected users by multiplying the number of disabled cell sites by the average number of users the provider serves per site. Under the second approach, providers would use the Visitor Location Register (VLR) to determine the actual number of users that were being served at each affected cell site when the outage commenced.

   23. The majority of commenters support our proposal to adopt a more standardized method for wireless providers to calculate the number of users ``potentially affected'' by an outage. While ATIS appreciates our goal, it does recommend that wireless providers should be allowed to pick the method they want to use. CCA opposes the proposal on the basis that it would create two separate metrics, one for Public Safety Answering Point (PSAP) outages and the other for all other outages, which would complicate outage reporting or impose administrative burdens on carriers, particularly smaller carriers with limited staff support.

   24. The majority of commenters also support adopting the first approach to calculating potentially affected users--multiplying the number of disabled sites by the average number of users per site. Commenters universally oppose the VLR option for determining the number of potentially affected users in a wireless outage. Several commenters assert the use of the VLR makes the calculation more complex, would potentially be costly to implement, and would likely lead to potentially inconsistent reporting. Many commenters also point out that the VLR is being phased out, as wireless technology advances.

   25. We believe that a more standardized, technologically neutral method for calculating the number of ``potentially affected'' users for wireless network outages is critically important to ensure consistency in reporting across providers, regardless of the technological differences in their networks, and that such consistent reporting will enhance our situational awareness through more uniform, accurate, and reliable NORS data. To accomplish these aims, we adopt the first of our proposed approaches: to determine if an outage meets the 900,000 user-

       minute threshold, a wireless provider must multiply the number of macro cell sites disabled in the outage by the average number of users served per site, which is calculated as the total number of users for the provider divided by the total number of the provider's macro cell sites. For purposes of this calculation, wireless providers should include only traditional cell tower deployments, i.e., macro cell sites, and not small cell sites (e.g., femto-cells, pico-cells, and micro-cells) or other wireless architecture (e.g., Wi-Fi, Distributed Antenna Systems).

       Page 45059

       Compliance with this revised methodology shall begin no later than nine (9) months after the Effective Date of the rules.

   26. We agree with commenters that this approach is simpler than the current measurement and can be implemented at little to no additional cost. This simplicity of measurement and implementation promotes consistent outage reporting that should facilitate accurate analysis of the NORS data we receive. Conversely, as several commenters noted, using data from the VLR (i.e., the second approach) would be costly to implement, less likely to provide consistent data among providers and, in any event, would be less useful over time because the VLR itself is currently being phased out.

   27. Given that the method we adopt is relatively straight-forward for carriers to calculate and will result in uniform, consistent reporting, we disagree with ATIS that wireless providers should be allowed to pick the method they want to use. Such an approach would lead to inconsistent data among providers, thwarting the very goal of adopting the new metric. Also, given that we believe, and providers tend to agree, that the new method will be easy to implement, we disagree with CCA that implementing a new, uniform method for calculating the number of ``potentially affected'' users with wireless outages would complicate outage reporting or impose administrative burdens on carriers, particularly smaller carriers with limited staff support. Although we are sympathetic to CCA's concern that wireless providers will have to use one calculation for wireless outages generally and another for those affecting PSAPs, the scenarios are different and warrant different treatment. One calculation ensures the Commission has situational awareness of network health holistically, while the other provides direct public safety/emergency preparedness awareness through 911-specific outage reporting. We intend to monitor the need to revisit this reporting scheme based on experience, as small cells become capable of covering more capacity.

   28. Finally, we note that Verizon and T-Mobile each propose alternatives that depart from using the ``user-minutes'' standard. Verizon suggests simply notifying the Commission whenever 30 macro cell sites go out in a particular geographic area, such as a Cellular Market Area (CMA) or Partial Economic Area (PEA). We believe the approach we adopt effectively achieves Verizon's simplicity objectives through per-

       cell site reporting, maintaining the user-minute reporting standard common across various platforms (wireless, wireline, VoIP, satellite, etc.). Moreover, Verizon's threshold of 30 cell sites within a CMA or PEA would not cover many--if not most--rural areas. T-Mobile advocates allowing carriers to measure outages ``using real-time data where technically feasible,'' and when it is not feasible, to use the approach we adopt herein. We are concerned that, too often, such data will not be available, which will result in only a few carriers reporting using this data, resulting in the kind of reporting inconsistency we seek to avoid.

   2. Calculating the Number of Potentially Affected Wireless Users for Wireless Outages Affecting a PSAP

   29. Under our rules, wireless service providers must report any outage of at least 30 minutes duration that ``potentially affects'' a 911 special facility (i.e., PSAP). An outage potentially affects a 911 special facility whenever, among other things, there is a loss of communications to a PSAP potentially affecting at least 900,000 user minutes. Shortly after the Commission adopted part 4, Sprint asked for clarification of this requirement when a wireless outage affects only some of the subtending PSAPs. Specifically, Sprint proposed that wireless providers be able to allocate the users covered by the MSC equally among the number of subtending PSAPs affected by the outage.

   30. Sprint's proposed method of allocation, however, does not take into account the fact that PSAPs vary greatly in the number of users served. Therefore, in the Notice we proposed that wireless providers can allocate capacity when only one subtending PSAP is affected, but if they do, they must do so in reasonable proportion to the size of the PSAP in terms of number of users served. As we stated in the Notice, this calculation method is consistent with what we observe to be the current reporting practice of most providers. Several commenters support our proposal to allocate capacity to each subtending PSAP in reasonable proportion to its size in terms of number of users served.

   31. We adopt our proposal and allow wireless providers to allocate capacity when an outage only affects some PSAPs served by an MSC, so long as the allocation is done in reasonable proportion to the size of the subtending PSAP(s) in terms of number of users. As noted by the California Public Utilities Commission (CPUC), PSAPs vary greatly in size nationwide, and allocating capacity to subtending PSAPs will limit reporting to those significant outages that potentially impact public safety and for which the rules are intended. In determining the number of potentially affected users served by a PSAP, providers can use various sources for the data so long as the method they choose provides a reasonable estimate of the relative size of the PSAP and can be occasionally updated. Reasonable estimates could be based on but are not limited to the following sources: the subtending PSAPs' relative size determined by using the number of 911 calls sent to the PSAP on a historical basis; the number of 911 calls to each PSAP during the outage (if available in real time); or the population served by each PSAP determined either through subjective data or extrapolated from census or other objective data sources that would be relied upon by a population statistician. Any of these methods should account for the relative size of the PSAP affected by the outage. Compliance with this revised allocation standard shall begin no later than nine (9) months after the Effective Date of this requirement.

   32. We decline to adopt an across-the-board allocation standard, such as Sprint apparently suggests; however, providers may use the Sprint allocation approach or an alternate method that provides a reasonable estimate of the relative size of the PSAP. Providers must inform the Commission, in writing, of the approach they are using via the first NORS filing in which they are reporting data based on their approach. While Sprint's approach may be simple to calculate, dividing simply by the number of subtending PSAPs would not capture the significance of the outage. Only by allocating capacity based on the size of the PSAP will the estimate reflect an accurate picture of the size of the outage. We recognize, as ATIS and CTIA note, PSAP boundaries can fluctuate and the number of users allocated to the PSAP may change. Based on our experience dealing with PSAPs on a regular basis, we do not anticipate that these fluctuations will be significant or occur frequently, although the Commission would revisit this issue in the future if necessary. So long as the method reasonably captures the relative size of PSAPs, the method of allocation will be acceptable and, to the extent that it is needed, providers can work with Commission staff informally for further guidance.

       Page 45060

       3. Call Failures--Reporting on Outages That Significantly Degrade Communications to PSAPs

   33. On January 26, 2011, a significant snow and ice storm hit the Washington, DC metropolitan area, causing widespread problems for all affected counties and cities in a several hundred mile swath from central Virginia through Baltimore, Maryland. These problems included the failure of roughly 10,000 wireless 911 calls carried over a major wireless provider's network to reach PSAPs in Montgomery and Prince George's Counties, Maryland. The provider did not report these outages, nor the problem(s) that caused them, to either the Commission or to affected PSAPs.

   34. Inquiry into the outages revealed the root cause: cascading, ``wink'' failures of the Centralized Automatic Message Accounting (CAMA) trunks used in the provider's 911 network architecture. ``Wink'' failures occur when a selective router attempts to deliver a 911 call to a PSAP over an idle trunk, but the hand-off protocol between the router and the PSAP (the ``wink'') ultimately fails. More specifically, this means that the PSAP's customer premises equipment (CPE) fails to communicate to the selective router that it is ``off-hook'', i.e., open and able to receive ANI and ALI information associated with the 911 call. This can occur when the CPE fails to recognize quickly enough that a 911 caller has disconnected--i.e., that an ``on-hook'' condition has become an ``off-hook'' one--and, thus, that that a new 911 call can be received (``seized''). The result is a miscommunication that that particular trunk is unavailable to receive a call from the 911 selective router (a ``no-wink'' failure), which then pushes the call to the next best available trunk. If a call is re-presented to the original trunk that had the no-wink failure (as is common in heavy call volume periods) and the same problem occurs (a ``double wink'' failure), the 911 selective router will stop attempting to deliver calls via that trunk. If a heavy call volume event persists, the problem can cascade to all trunks serving a PSAP, leading to reduced, or total loss of, call-handling capacity within the trunk groups serving a particular PSAP. CAMA trunk arrangements are commonly used in legacy wireline network architecture for 911 call delivery, so the ``wink'' failures during the January 2011 storm are not specific to the provider's network trunk arrangements.

   35. In the Notice, the Commission proposed to codify in part 4 how to address this situation, and asked commenters to discuss specific rules proposed toward that end. Specifically, we sought comment on whether to amend Section 4.5(e)(1) to specify when ``degradation of communications to a PSAP constitutes a reportable outage'' under part 4. By doing so, we rejected the notion that PSAP-related outages need only be reported ``when a PSAP is rendered unable to receive any 911 calls for a long enough period to meet the reporting threshold.'' We proposed revising Section 4.5(e)(1) to provide that ``any network malfunction or higher-level issue that significantly degrades or prevents 911 calls from being completed constitutes a `loss of communications to PSAP(s),' regardless of whether the PSAP is rendered completely unable to receive 911 calls.''

   36. Many public safety, state, and carrier commenters agree that the Commission should specify the circumstances under which a ``loss of communications'' to PSAPs rises to the level of ``significant degradation'' such that it would be reportable under part 4. APCO advises that ``knowledge of a significant degradation of service short of a complete failure is of high value to PSAPs and emergency managers,'' a sentiment echoed by NASNA, which believes that ``it should not matter'' whether a PSAP has suffered a complete or only a partial loss of ability to receive 911 calls.

   37. Comcast, CenturyLink and XO Communications do not oppose such an approach, so long as the Commission (i) does not require reporting when re-routing is available for all calls to PSAPs, (ii) requires reporting only when an outage that meets the 30 minute/900,000 user minutes threshold ``actually'' impacts emergency call handling or completion, and (iii) gives providers sufficient lead time to make the necessary adjustments to ensure compliance (e.g., through properly configuring alarms on trunks, etc.).

   38. On the other hand, wireless providers are largely opposed to the proposal to include ``loss of communications'' to PSAPs under Section 4.5(e). Sprint opposes the proposed rules on the grounds that ``CMRS providers do not have visibility into PSAP facilities on the PSAP side of the point of demarcation, so CMRS providers would not be able to report on whether a PSAP is experiencing an issue that significantly degrades or prevents 9-1-1 calls from being completed.'' Several providers maintain that part 4 reports should only be required where a PSAP is completely unable to receive 911 calls.

   39. Part 4's purpose is to collect information on ``service disruptions that could affect homeland security, public health or safety.'' To meet this goal, the rules must include the kinds of 911 call-impacting trunk failures at issue in the January 2011 DC area storm. Indeed, subsequent work done by the Commission (and, eventually, by industry vis-agrave-vis ATIS) to identify, study and develop solutions to the CAMA trunk failures is a model of what could--and should--have happened under part 4: A ``systematic analysis of the conditions that led to significant communications degradations that helped reveal potential solutions.'' The ability to analyze, develop solutions, and work with providers to implement those solutions enhances public safety.

   40. With respect to 911-related outages, our rules are quantitative and qualitative in scope and application, and define reportable outages both in terms of total connectivity failure and qualitative failures. Consistent with that approach, we adopt the proposal in the Notice to specify that a ``loss of communications'' should trigger part 4 reporting obligations in the same way as a ``network malfunction or higher-level issue that significantly degrades or prevents 911 calls from being completed to PSAPs.'' We provide that a ``loss of communications'' occurs when at least 80 percent of a 911 service provider's trunks serving a PSAP (i.e., trunks over which the 911 service provider has control) become impaired to the point that they cannot support 911 call delivery in accordance with the Commission's rules, including the information typically delivered with 911 calls. In other words, a 911 service provider would not need to report when 80 percent of its trunks go down if the remaining 20 percent could support delivery of 911 calls, including the number and location information, but it must report if not all 911 traffic can be re-routed, or if the re-routed traffic cannot be delivered without stripping it of number or location information. We disagree with Comcast that the Commission must further define ``impairment'' of a 911 call for service providers to comply with the reporting rules. Moreover, this approach maintains the thrust of the rule as currently written: If sufficient re-routing is available for all affected 911 calls and no necessary information is stripped from those calls, then providers are not required to report to the Commission, irrespective of the percentage of available trunk capacity.

   41. We find this to be a clear, objective metric about which 911 service providers would ``become reasonably aware pursuant to normal business practices,'' such as the

       Page 45061

       installation and monitoring of trunk alarms. We do not intend to list, define, or otherwise impose particular compliance solutions for providers, consistent with the Commission's long-standing practice of deferring to network service providers in the design and engineering of their networks. Trunk alarms are already ubiquitous as a network reliability ``best practice,'' and would presumably enable providers to determine when the 80 percent threshold is approaching or is reached in a given event. We acknowledge Sprint and Verizon's comments about needing visibility into trunks to know when a ``loss in communications'' occurs, but we note that this rule applies to 911 service providers, which, by definition, do have visibility into such trunks. We also believe that this metric strikes a fair balance between proposals from the public safety community who believe the bar should be set as low as possible and include even non-critical outages, and 911 service providers who want only to report in instances of complete 911 call failure across all trunks (which would not include the January 2011 incident described above).

   42. We also agree with CenturyLink that an 80 percent threshold will not be overly burdensome so long as providers are given the lead time necessary to manage the costs of solution development and implementation needed for their particular networks. To allow time for compliance with other 911-related Commission requirements, CenturyLink initially proposed a one-year implementation deadline for this requirement. We recognize that some providers will be able to move faster and achieve compliance well before one year, given present or scheduled investments in necessary facilities, but others will need more time to comply with the requirements. Further, we note that providers have had ample time to comply with the requirements underlying CenturyLink's concern, but we nevertheless feel a one-year implementation timeframe is appropriate to allow flexibility for smaller carriers. Thus, because it does not interfere with other part 4 reporting requirements, we find that a one-year implementation timeframe should be sufficient for both small and large providers to achieve compliance, and incorporate that timeframe into our rules. Accordingly, compliance with this revised metric shall begin no later than one year after OMB approval.

   43. Finally, we disagree with CTIA's argument that our concerns are ``speculative'': The 10,000 911 call failures associated with the January 2011 DC area storm had a significant real world impact but was nevertheless deemed non-reportable by a licensee. Nor do we believe our proposals are ``unworkable'': 911 service providers should reasonably be expected to have adequate visibility into PSAP trunk failure.

       4. Special Offices and Facilities

   1. Identifying Special Offices and Facilities

   44. A major underlying goal of outage reporting generally, and for reporting on ``special offices and facilities'' in particular, is for the Federal government--including Federal government users--to have situational awareness of events that impact homeland security and the nation's economic well-being. When the Commission adopted rules in 2004, the Commission deferred to the National Communications System (NCS) to determine which facilities would be considered major military installations or key government facilities, and would, under certain conditions, report ``mission-affecting outages'' to the NCS. The NCS would in turn forward reports of those outages to the Commission. However, the NCS was dissolved in 2012. Accordingly, in the Notice, the Commission sought comment on how it should thereafter identify ``special offices and facilities'' for part 4.

   45. We note that reporting requirements applicable to ``special offices and facilities'' have been an integral part of part 4 since the rules' adoption in 2004. As it relates to covered airports, the rules stated that all outages lasting 30 minutes or longer that ``potentially affect communications'' must be reported, and that ``mission-affecting outages'' to certain government facilities and military installations (as determined by NCS) also were covered by part 4.

   46. We proposed to classify as ``special offices and facilities'' those facilities enrolled in or eligible for the Telecommunications Service Priority (TSP) Program, which prioritizes the restoration and provisioning of circuits used by entities with National Security/

       Emergency Preparedness (NS/EP) responsibilities and duties. We also asked whether there were alternative classification frameworks that would be more suitable, including broadening the scope of the definition of ``special offices and facilities'' to include those facilities that are guaranteed priority restoration under ``TSP-like'' provisions in service-level agreements. We concluded by requesting comment on our assumption that redefining the term ``special offices and facilities'' to include some variant of TSP-enrolled and/or-

       eligible facilities would not have an appreciable cost impact.

   47. Comments on our ``special offices and facilities'' classification proposal range from a call to eliminate reporting all together, to multiple alternatives for identifying the subject facilities. Most commenters who oppose the special facilities reporting proposal (to include all TSP enrollees and eligible participants) feel that it would subject too many entities to the rules, without a corresponding increase in public safety or situational awareness; would needlessly divert a provider's resources to tracking down and tagging circuits; and would require providers to identify tens of thousands of new, potentially TSP-eligible parties.

   48. Many commenters express support for our proposal so long as the Commission limits applicability of the rules to entities that are (1) enrolled in the TSP program, and (2) only those designated at the highest TSP priority levels (i.e., Levels 1 and 2). In its comments, Comcast suggests that the Commission include, in any new or amended rule, only those TSP participants that constitute ``major military installations'' or ``key government facilities'' as ``special offices and facilities:''

       For the most part, such entities will be those enrolled in TSP priority Level 1 or Level 2. Extending the definition to all entities that are enrolled in the TSP program, irrespective of priority level, would flood the Commission with reports related to outages that do not actually impact a ``special office or facility.'' Although such offices and facilities unquestionably are important and should be part of the TSP program, reporting outages that affect such facilities, rather than ``major military installations'' or ``key government facilities,'' risks obfuscating truly critical outages.

   49. As a preliminary matter, we reject comments suggesting the ``special offices and facilities'' reporting rule itself is outdated and ought to be eliminated altogether. Under the rules that have been in place since 2004, neither the NCS nor its member agencies appear to have followed the applicable portions of Sections 4.5 (on self-

       identification as a ``special office or facility'') and 4.13 (on member agencies reporting qualifying outages to the NCS, and NCS using its discretion to forward those outage reports to the Commission), so that previous ``special offices and facilities'' formula did not work as the Commission intended. We do not believe, however, that this fact in and of itself signifies that reporting outages at special offices and facilities is

       Page 45062

       not useful. Rather, we should fix the rule, not eliminate it, to facilitate its original goals. Reporting on ``special offices and facilities'' (as amended) is an important component in our efforts to promote public safety.

   50. Today, we characterize ``special offices and facilities'' as those enrolled in Levels 1 or 2 of the TSP program. To close the significant reporting gap on special offices and facilities, we proposed initially to classify all facilities enrolled in, or eligible for, the TSP program as ``special offices and facilities'' for part 4 reporting purposes. As we observed in the Notice, the TSP program prioritizes the restoration and provisioning of circuits used by entities with NS/EP responsibilities and duties and comprises five priority levels, with Levels 1 and 2 reserved for critical national security and military communications and the remaining levels dedicated to the protection of public safety and health and the continued functioning of the economy. As the Bureau previously has noted, ``very few circuits receive a TSP priority Level 1 or Level 2 assignment.'' Compliance with this requirement shall begin no later than eighteen (18) months after OMB approval.

   51. We believe that outages affecting highest-priority TSP enrollees (i.e., Levels 1 and 2) are the types of outages for which we must have situational awareness; the communication security of TSP enrollees affects our nation's security leadership and posture, its public safety and public health, and our national economic system, and the Commission must be aware of any trends, through NORS analysis, that relate to certain TSP enrollees. As commenters note, were we to adopt a formula to cover all entities that were either enrolled or eligible to be enrolled in the TSP program, the number of reportable events would overwhelm both the covered parties and available Commission resources, with no concomitant increase in public safety or national security. Even to include parties that are enrolled at all priority levels in the program would have posed significant challenges. Thus, we believe limiting coverage to only Levels 1 and 2 strikes an appropriate balance between the untenable position of eliminating any rules applicable to ``special offices and facilities,'' and extending the rules to all entities that are enrolled or eligible to be enrolled in the TSP program at any of the five priority levels, which we concede could incur a significant cost for a minimal benefit. We find that limiting our rule to Levels 1 and 2 will not present widespread technical, administrative, or financial burdens to covered parties.

   2. Section 4.13

   52. Section 4.13 directs special offices and facilities to report outages to the now-dissolved NCS, which could then forward the reported information to the Commission at its discretion. Because our rules separately impose requirements on communications providers to report outages that potentially affect ``special offices and facilities,'' and in light of the elimination of the NCS, we proposed deleting Section 4.13 ``as redundant with respect to information that providers are already required to supply, and obsolete with respect to obligations regarding the NCS.''

   53. We agree with commenters that we should remove Section 4.13 from our rules as redundant of other provisions within part 4, and accordingly will delete it. While supporting elimination of Section 4.13, AT&T added that we should incorporate elsewhere in the rules a requirement that ``affected facilities'' initiate contact with the communications provider about the disruption in service. We decline to adopt AT&T's proposal, finding it would unnecessarily preclude alternative methods that providers may use to receive information about outages without corresponding benefit.

   3. Airport Reporting Requirements

   54. Airports included in the Federal Aviation Administration's (FAA) National Plan of Integrated Airports Systems (NPIAS) are designated as falling into one of four categories: Primary commercial service (PR), non-primary commercial service (CM), reliever (RL), and general aviation (GA). Currently, airports designated as PR, CM, and RL are defined as ``special offices and facilities'' for purposes of Section 4.5(b) of the Commission's rules, and so are subject to outage reporting requirements set forth in Sections 4.11 and 4.13 of the Commission's rules that do not apply to outages affecting other kinds of facilities.

   55. In the Notice, we proposed two significant changes to our reporting requirements for outages that affect airport communications. First, we proposed amending Section 4.5(b)'s definition of the types of airports considered as ``special offices and facilities,'' to narrow its focus to airports designated as PR. Second, we proposed to clarify that reportable outages are those that impact ``critical communications'' at those airports.

   56. Regarding narrowing the scope of airports to only those designated ``PR,'' we noted that most reports concerned outages not significant enough to pose a substantial threat to public safety, particularly at smaller regional airports, and thus we sought comment on amending the definition of ``special offices and facilities'' to exclude all airports other than those designated ``primary commercial service'' airports (i.e., the nation's most heavily trafficked airports, where even minor degradations in critical communications can pose grave threats to public safety and national security) in the NPIAS.

   57. With respect to our proposal to clarify that only outages that potentially affect critical communications at an airport should be reported, we sought comment on defining the phrase ``critical communications.'' From 1994 through 2004, under 47 CFR 63.100(a)(6), the Commission defined outages affecting ``critical communications'' at airports. We also noted that, were we to clarify that our intent was to receive reports only of outages that affected critical communications at airports, then few (if any) outages at an airport would rise to the threshold of being reportable, which in turn would represent an affirmative cost savings to communications providers.

   58. In 2004, the Commission proposed to incorporate, but ultimately did not adopt, the Part 63 definition of an outage that ``potentially affects'' an airport:

       (i) Disrupts 50 percent or more of the air traffic control links or other FAA communications links to any airport; or

       (ii) has caused an Air Route Traffic Control Center (ARTCC) or airport to lose its radar; or

       (iii) causes a loss of both primary and backup facilities at any ARTCC or airport; or

       (iv) affects an ARTCC or airport that is deemed important by the FAA as indicated by FAA inquiry to the provider's management personnel; or

       (v) has affected any ARTCC or airport and that has received any media attention of which the communications provider's reporting personnel are aware.

   59. Most commenters agree that we should adopt the proposal in the Notice to narrow the scope of airports to only those designated PR in NPIAS. On the issue of the types of communication outages that would be reportable, commenters agree that only outages that potentially affect critical communications at an airport should be considered, but raised some concerns. CenturyLink, for example, notes that while it generally supports the proposal to clarify what constitutes ``critical

       Page 45063

       communications,'' ``there is some question on the details of the NPRM's proposal to define what outages potentially affect an airport and would be reportable,'' believing the 2004 Part 4 NPRM definition was not sufficiently clear on how providers would be able to assess when 50 percent of an airport's air traffic control links are disrupted, along with vagueness on how providers would be notified of airports ``deemed important'' by the FAA.

   60. On whether to narrow the scope of airports covered by our rules, we agree that the rule as currently written is unnecessarily broad. The airport-originating reports received by the Commission in recent years have generally related to outages within the retail sections of an airport. We agree with commenters that requiring providers to report these outages represents a substantial financial and administrative burden on those providers. Moreover, we do not believe that eliminating communications outage reporting from non-

       primary commercial service and reliever airports will negatively impact the safe operation of our nation's airports and air travel system. We therefore amend Section 4.5(b) to limit the requirement of reporting outages that ``potentially affect'' an airport to only those determined by the FAA to provide primary commercial service.

   61. On the issue of limiting the type of communications subject to this rule, we clarify that our concern is only with outages that potentially affect critical communications at covered airports. We note that the Commission first adopted the ``five-point'' definition in 1994, to provide clarity and thoroughness in reporting, as 47 CFR 63.100(a)(6), although it did not apply this definition in 47 CFR part 4.5(c). In the Notice, we posited that, even though the Commission refrained from adopting it in 2004, the definition from former rule 47 CFR 63.100(a)(6) would be appropriate to make clear that for reporting purposes, only outages that impact critical communications at an airport are of concern. We find that the concerns raised by CenturyLink about ambiguity in the definition from the 2004 Part 4 Notice are unfounded. Regarding CenturyLink's concern about a provider's ability to ascertain when 50 percent of an airport's control links are disrupted, we conclude that providers have sufficient ability to quantify outages at this level, which is a rational expectation of a provider's network monitoring practices and capability. Thus, the definition the Commission adopted in 1994 in part 63, used through 2004, and proposed to incorporate into Part 4 in 2004, and does incorporate here, provides necessary and sufficient clarity. We note that Section 63.100(a)(6) had long been in force and that carriers should already be familiar with this definition. For example, we note Sprint's 2004 petition for reconsideration requesting that the Commission, inter alia, require reporting only in those scenarios defined by the ``previous outage reporting rules, see 47 CFR 63.100(a)(6).'' Regarding CenturyLink's concern regarding whether an airport has been deemed ``important'' by the FAA, we believe our narrowing the scope of airports covered by our rules resolves this issue, adding only that providers that serve airports must make themselves aware of the category of those airports (i.e., we do not anticipate or expect the airport itself to notify providers as to the airport's FAA classification).

   62. We note that commercial aviation is increasingly dependent on information systems that are not collocated with airport facilities and invite comment in the related Further Notice as to whether non-airport critical aviation information facilities should be eligible for outage reporting perhaps as enrollees in the previously mentioned TSP Levels 3 and 4.

   4. Reporting Obligations of Satellite and Terrestrial Wireless Service Providers as to ``Special Offices and Facilities''

   63. In 2004, the Commission determined that because the critical communications infrastructure serving airports is landline-based, satellite and terrestrial wireless communications providers were exempt from reporting outages potentially affecting airports. CTIA, Cingular Wireless and Sprint each filed petitions arguing that wireless providers should be exempt from reporting outages pertaining to all other ``special offices and facilities,'' on the grounds that the rationale for excluding wireless carriers from outage reporting for airports applies equally to all special offices and facilities, that is, that wireless carriers lacked dedicated access lines to all special offices and facilities. In the Notice, we asked whether, in spite of the continued growth in the use of wireless networks, we should extend the satellite and terrestrial wireless exemption to all ``special offices and facilities.''

   64. Commenters on this issue all agree that the current exemption afforded satellite and terrestrial wireless providers with respect to airports ought to be retained, and that such providers further should be exempt from reporting outages potentially affecting all special offices and facilities. Sprint supports extending the wireless providers' exemption to all special offices and facilities, arguing that, as with airports, ``the communications infrastructure serving other special offices and facilities remain primarily `landline based,' '' and that unless a wireless carrier provides a dedicated access line to a special office or facility, it has no way of knowing whether one of its phones was being used by personnel at such office or facility.

   65. Although wireless service has become ubiquitous in many respects throughout the United States, we have not observed special offices and facilities adopting such service for their critical communications, and otherwise abandoning wireline-based communications. As CTIA points out, the Department of Defense (DoD) commented in our Technology Transitions proceeding that DoD and federal executive agencies continue to rely heavily on wireline TDM-based networks and services and would do so for the foreseeable future. We will, therefore, continue to exempt satellite and terrestrial wireless providers from reporting outages potentially affecting airports, and will extend that exemption to all special offices and facilities. To the extent our decision today responds affirmatively to the requests of CTIA, Cingular, and Sprint to exempt wireless carriers from being required to report outages potentially affecting all special offices and facilities, we grant their petitions.

       5. Information Sharing

   66. Section 4.2 of our rules provides that reports filed in NORS are presumed confidential, and thus withheld from routine public inspection. This presumption recognizes both the ``likelihood of substantial competitive harm from disclosure of information in outage reports'' and the Commission's concern that ``the national defense and public safety goals that we seek to achieve by requiring these outage reports would be seriously undermined if we were to permit these reports to fall into the hands of terrorists who seek to cripple the nation's communications infrastructure.'' The Commission routinely shares NORS reports with the Office of Emergency Communications at the Department of Homeland Security (DHS), which may ``provide information from those reports to such other governmental authorities as it may deem to be appropriate,'' but the Commission does not share NORS information directly with state governments. In 2009, the CPUC filed a petition requesting that the Commission amend

       Page 45064

       its rules to permit state agencies to directly access the NORS database.

   67. The Notice proposed to grant state governments ``read-only access to those portions of the NORS database that pertain to communications outages in their respective states,'' conditioned on a certification that each state ``will keep the data confidential and that it has in place confidentiality protections at least equivalent to those set forth in the federal Freedom of Information Act (FOIA).'' The Commission sought comment on this proposal, as well as whether states' use of NORS data should be restricted to activities relating to its ``traditional role of protecting public health and safety'' and, if so, what activities such a role would encompass. In addition, the Commission sough comment on whether information collected under part 4 should be shared directly with the National Coordinating Center for Communications (NCC), a government-industry initiative led by DHS representing 24 federal agencies and more than 50 private-sector communications and information technology companies.

   68. Commenters generally support providing state and federal officials with direct access to NORS, as long as there are sufficient security and confidentiality protections to prevent disclosure to competitors or hostile parties. The National Association of Regulatory Utility Commissioners, for example, notes that it unanimously adopted a resolution in support of the CPUC Petition, adding that ``while California filed the Petition on its own behalf, and some States do receive certain outage information directly from carriers, all States share the need for immediate, secure and confidential access to the service outage detail provided in NORS.''

   69. Commenters disagree, however, on many of the details of implementation for sharing information with state entities, including the nature and extent of confidentiality measures and whether the Commission should attach conditions to the use of information obtained from NORS. Service providers argue for a broad range of conditions such as: Limitations on the number and job description of state personnel with access to NORS; security training or nondisclosure agreements for such personnel; data breach notifications to the Commission, to affected service providers, or to both; tracking or auditing of states' use of NORS information; and loss of access or other penalties for states that fail to maintain confidentiality. Industry commenters also question whether a certification of confidentiality protections ``at least equivalent to FOIA'' would be an effective safeguard in light of variations in state open records laws and the tendency of some state courts to construe such laws in favor of disclosure. Consequently, several commenters urge the Commission to explore mechanisms other than FOIA and its state equivalents as a basis for stronger legal protections for NORS data.

   70. Some commenters urge the Commission to preempt state open records laws to the extent they could allow disclosure of NORS information, while others suggest ``a rule with language similar to the statutory language that Congress enacted to govern a federal agency's sharing of homeland security information with a state government.'' Commenters point to several other contexts in which the Commission has shared information on a confidential basis with state counterparts, such as the existing processes for sharing state-specific Form 477 data on broadband subscribership and numbering resources from the North American Numbering Plan Administration. But the record also reflects concerns that these models may be inadequate to provide states with real-time access to NORS data or to provide state-specific data on outages affecting multiple states. Intrado further suggests that outage information could not realistically be shared with states on a confidential basis without an extensive redesign of the NORS database and associated form fields.

   71. States and service providers also dispute whether use of NORS data should be limited to the states' ``traditional role of protecting public health and safety,'' a phrase that first appeared in the CPUC Petition but here receives support from industry commenters as a condition on states' access to NORS. AT&T, for example, comments that ``the Commission should restrict state commissions' use of the NORS data to evaluating the cause of outages to monitor communications network functionality within a state.'' State governments generally agree that they should only receive information on outages within their geographic boundaries but oppose other limitations on their use of NORS data. Michigan, for example, asserts that ``restricting the information that states can access regarding service outages would obscure the true picture of the providers' services . . . rendering the reporting--and any conclusions drawn thereon--incomplete.''

   72. Commenters also disagree on the extent to which direct access to NORS data should replace state-level outage reporting requirements. Without routine access to NORS data, many states independently require communications providers to file network outage reports with their public utility commissions or similar agencies. Industry commenters argue that ``sharing appropriate data with state agencies could minimize the burden on providers for filing multiple reports given that the content of some state outage reporting overlaps with Part 4 reporting,'' but also that ``the Commission should condition a state's access to NORS data on the state's waiver or elimination of any independent outage reporting requirement imposed by state law.'' Intrado further contends that ``dual reporting is unnecessary, unduly expensive and inappropriate,'' and that ``not every state needs access to NORS.'' State commissions tend to disagree, generally arguing that states should remain free to adopt their own independent requirements.

   73. The record reflects broad agreement that state and federal partners would benefit from more direct access to NORS data, and we conclude that such a process would serve the public interest if implemented with appropriate and sufficient safeguards. But, with competitively sensitive information and critical communications infrastructure at stake, we also conclude that this process requires more careful consideration of details that may determine the long-term success and effectiveness of the NORS program. Accordingly, while we agree that other FCC processes may be helpful models in developing appropriate procedures for sharing NORS data, we are not persuaded that existing processes for information sharing can be replicated in the context of NORS without important refinements.

   74. In light of the significant security and confidentiality concerns described above, as well as federalism concerns that may be inherent in any national coordination of outage reporting requirements, we find that the Commission's part 4 information sharing proposals raise a number of complex issues that warrant further consideration. We seek comment in the related Further Notice with respect to how NORS data from broadband providers could be properly shared with state and federal entities other than DHS, including instances where state law may prohibit information sharing. Furthermore, to assist the Commission in addressing these issues, we direct the Bureau to study these issues, and develop proposals for the Commission consideration regarding how NORS

       Page 45065

       filings and information collected from all part 4 providers could be shared in real time with state commissions, with other federal partners, and with the NCC, keeping in mind current information sharing privileges granted to DHS.

       6. Cost-Benefit Analysis

       In the Notice we provided estimates of the annual industry-wide cost of adoption of the proposed rules. In total, we estimated that industry-wide reporting costs would fall by $307,520 due to a net decrease of 1,922 reports per year. While several commenters argued that our per-report cost estimates were too low, only AT&T provided a revised quantitative estimate. AT&T argued that it spends approximately twelve hours to prepare and file outage reports, in contrast to our estimate of two hours. Although we are not convinced that twelve hours are necessary, we note that using AT&T's figure, the resulting decrease in costs would be six times our estimate, or $1,845,120. In either case, we conclude that the rule changes adopted in this Report and Order will have the overall effect of reducing reporting costs.

   75. As to benefits, our part 4 rules enhancements will ensure the Commission receives the appropriate type and quality of outage and operational status information to allow us to continue to fulfill our statutory obligation to promote ``safety of life and property'' by protecting the nation's communications networks. The current part 4 outage reporting rules played a significant and well-documented role in the Commission's successful efforts to promote more reliable and resilient communications networks. The Commission's receipt of data on major transport facility outages, wireless outages, outages that significantly degrade communications to PSAPs, and outages affecting special offices and facilities will enable it to adapt this established practice to a wider cross-section of the critical communication infrastructure.

   76. We further believe that the benefits of the adopted rules will substantially exceed the minimal costs expected to be imposed by some of these rules, and we expect that the combined effect of all these rules will be to reduce the costs imposed on affected parties. Outage reporting provides the Commission with critical data on communications reliability that it has no means of gathering on a consistent and reliable basis from any other source. Absent these rules, the Commission lacks adequate visibility into the reliability of major transport facilities and wireless communications infrastructure, and has inadequate visibility into degradations of special offices and facilities as well as communications to PSAPs. This lack of visibility hinders the Commission's ability to discharge its public safety responsibilities. The data gathered by these outage reports will permit Commission staff, working closely with providers and industry working groups, to identify and address systemic vulnerabilities. Such collaborative efforts have led to measurable improvements in network reliability and resiliency, and to the formulation of policies to promote more reliable and secure communications. Moreover, outage reports, particularly in the early stages of a communications disruption, provide critical situational awareness to the Commission that enable it to participate effectively in emergency response and service restoration efforts.

2. Order on Reconsideration

   1. Airport Reporting Requirements

      77. In January 2005, in response to the 2004 Part 4 Order, Sprint filed a petition requesting that, among other issues, the Commission ``clarify that wireline carriers are only required to report outages affecting airports when such outages `disrupt 50% or more of the air traffic control lines or other FAA communications links' as was the case under the previous outage reporting rules, see 47 CFR 63.100(a)(6).'' Sprint argues that in adopting the new part 4 rules, ``the Commission did not mention, let alone justify, doing away with the Section 63.100(a)(6) limitation that carriers report only outages affecting the critical communications facilities serving airports'' and urges the Commission ``to clarify that it had no intention of removing the Section 63.100(a)(6) language from Part 4 that limits reporting of airport outages to disruptions in communications being carried over critical infrastructure serving such airports, i.e., air traffic control or other FAA communications links, and to restore such language to Section 4.5 of the rules.''

      78. As noted above, reports in this category generally have involved communications outages within the retail sections of an airport. A strict interpretation of current Section 4.5(c)--i.e. that ``all outages that potentially affect communications for at least 30 minutes with any airport that qualifies as a `special office and facility' . . . shall be reported,''--would have required providers to report outages that were not mission-critical, and which could represent a financial and administrative burden on those providers, with virtually no public safety benefit or public policy goal. Therefore, we amend Section 4.5(c) to clarify that carriers need only report disruptions of critical communications, which impact the airports covered by our rules. To the extent our decision today responds affirmatively to Sprint's request, we grant its request for clarification, which will be reflected in our ordering clause.

   2. Reporting Obligations of Satellite and Terrestrial Wireless Service Providers

      79. In 2004, the Commission exempted satellite and terrestrial wireless communications providers from reporting outages potentially affecting airports, on the grounds that the critical communications infrastructure serving those airports was landline-based. CTIA, Cingular Wireless, and Sprint filed petitions urging the Commission to exempt wireless providers from reporting outages pertaining to all other special offices and facilities, positing that the rationale for excluding wireless carriers from outage reporting for airports, i.e., that critical communications were landline-based, applied as well to all special offices and facilities. In the 2015 Part 4 Notice, we asked whether, in spite of the continued growth in the use of wireless networks, we should extend the satellite and terrestrial wireless exemption to all ``special offices and facilities.'' CTIA and Sprint again urged that the exemption be extended. CTIA notes that, today as in 2004, wireless networks provide undifferentiated service to all end users, even with the growth of wireless telephone in the past decade. As a matter of practice, wireless providers do not assign dedicated access lines to specific end users, and therefore do not have dedicated access lines for the critical portions of any of the special offices and facilities. Sprint argues that, as with airports, the communications infrastructure serving all special offices and facilities remains primarily landline-based, and that unless a wireless carrier provides a dedicated access line to a special office or facility, it has no way of knowing whether one of its phones is being used by personnel at such an office or facility.

      80. As previously noted, we will extend the wireless exemption for satellite and terrestrial wireless carriers to all special offices and facilities. To the extent our decision today responds affirmatively to the requests of CTIA, Cingular, and Sprint to exempt wireless carriers from being required to report outages potentially affecting all special offices and facilities, we grant their

      Page 45066

      requests, which will be reflected in our ordering clause.

3. Procedural Matters

   1. Accessible Formats

      81. To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an email to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (TTY).

   2. Paperwork Reduction Act of 1995

      82. The Report and Order contains new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. It will be submitted to the Office of Management and Budget (OMB) for review under Section 3507(d) of the PRA. OMB, the general public, and other Federal agencies will be invited to comment on the new or modified information collection requirements contained in this proceeding. In addition, we note that pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), we previously sought specific comment on how the Commission might further reduce the information collection burden for small business concerns with fewer than 25 employees. In this Report and Order and Order on Reconsideration, we have assessed the effects of updates to the part 4 outage reporting rules, and find that these updates does not have significant effects on business with fewer than 25 employees.

4. Final Regulatory Flexibility Analysis

   83. As required by the Regulatory Flexibility Act of 1980, as amended (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the Amendments to Part 4 of the Commission's Rules Concerning Disruptions to Communications; New Part 4 of the Commission's Rules Concerning Disruptions to Communications, Notice of Proposed Rulemaking, Second Report and Order, and Order on Reconsideration. The Commission sought written public comment on the proposals in the Notice, including comment on the IRFA. No comments were received. This present Final Regulatory Flexibility Analysis (FRFA) conforms to the RFA.

       1. Need for, and Objectives of, the Report and Order and Order on Reconsideration

   84. In this Report and Order, we take specific steps to improve our current part 4 rules by adopting various proposals made in a Notice of Proposed Rulemaking (Notice) adopted in 2015. These specific amendments stem from our experience with outage reporting over the past ten years, and will enhance the information we receive on outages for services already covered in part 4. In this Report and Order, we adopt the following changes to our part 4 outage reporting rules:

       Update the reporting metric and threshold for communication disruptions impacting major transport facilities from a DS3-based to OC3-based standard, and reduce the reporting window for simplex events (transmission line disruptions) from five days to four days;

       update the reporting of wireless outages by adopting a standardized method to calculate the number of users ``potentially affected'' in an outage, and clarify that, when an outage affects only some 911 calling centers, or PSAPs, served by a mobile switching center, wireless providers may utilize their own identifiable scheme to allocate the number of potentially affected users so long as the allocation reflects the relative size of the affected PSAP(s);

       find that a ``loss of communications'' to a PSAP occurs when there is a network malfunction or higher-level issue that significantly degrades or prevents 911 calls from being completed to PSAPs, including when 80 percent or more of a provider's trunks serving a PSAP become disabled;

       update the rules regarding reporting of outages affecting ``special offices and facilities'' by (i) extending the reporting obligation to high-level enrollees in the Telecommunications Service Priority program, (ii) eliminating outdated and non-applicable rules, (iii) narrowing the types of airports that are considered ``special offices and facilities,'' and (iv) limiting outage reporting from airports to critical communications only; and

       conclude that direct access to NORS by our state and federal partners is in the public interest, but determine that further consideration is warranted to ensure that the process includes adequate safeguards to maintain the security and confidentiality of sensitive information, and accordingly direct the Public Safety and Homeland Security Bureau (Bureau) to study these issues and develop recommendations for the successful implementation of our information-

       sharing proposals.

   85. The Order on Reconsideration limits outage reporting for events affecting airports to those outages that impact airport critical communications, and exempts satellite and terrestrial wireless carriers from reporting outages affecting all ``special offices and facilities,'' extending the exemption previously limited to airports.

       2. Legal Basis

   86. The legal bases for the rule changes adopted in this Report and Order are contained in Sections 1, 4(i), 4(j), 4(o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-

       1, and 615c of the Communications Act of 1934, as amended, and Section 706 of the Communications Act of 1996, 47 U.S.C. 151, 154(i)-(j) & (o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, 615c, and 1302.

       3. Summary of Significant Issues Raised by Public Comments in Response to the IRFA

   87. The IRFA solicited comment on the impact of the proposed rules to small businesses, as required by the RFA. While no comments were submitted specifically in response to the IRFA, a few commenters express concerns about the estimated costs for reporting. NTCA urges the Commission to consider small rural service providers and their unique circumstances. Other commenters argue that we underestimate the time burdens associated with filing NORS reports. We maintain that the reports cost an estimated $160 to file, and that other costs associated with ``setting up and implementing a monitoring regime'' are routine business costs independent of our reporting requirements.

       4. Description and Estimate of the Number of Small Entities to Which Rules Will Apply

   88. The RFA directs agencies to provide a description of, and, where feasible, an estimate of, the number of small entities that may be affected by rules such as those adopted herein. The RFA generally defines the term ``small entity'' the same as the terms ``small business,'' ``small organization,'' and ``small governmental jurisdiction.'' In addition, the term ``small business'' has the same meaning as the term ``small business concern'' under the Small Business Act. A ``small business concern'' is one which: (1) Is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the Small Business Administration (SBA).

   89. Our action may, over time, affect small entities that are not easily categorized at present. We therefore describe here, at the outset, three comprehensive, statutory small entity size standards. First, nationwide, there

       Page 45067

       are a total of approximately 28.2 million small businesses, according to the SBA. In addition, a ``small organization'' is generally ``any not-for-profit enterprise which is independently owned and operated and is not dominant in its field.'' Nationwide, as of 2007, there were approximately 1,621,315 small organizations. Finally, the term ``small governmental jurisdiction'' is defined generally as ``governments of cities, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand.'' Census Bureau data for 2011 indicate that there were 89,476 local governmental jurisdictions in the United States. We estimate that, of this total, as many as 88,506 entities may qualify as ``small governmental jurisdictions.'' Thus, we estimate that most governmental jurisdictions are small. We believe that the Report and Order and Order on Reconsideration may affect the following small entities, as further discussed in the document, https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-63A1.pdf: (1) Wireline providers, including incumbent Local Exchange Carriers (incumbent LECs); and interexchange carriers; (2) Wireless Providers-Fixed and Mobile, including wireless telecommunications carriers (except satellite); (3) Satellite Service Providers, including satellite telecommunications providers and all telecommunications providers; (4) Cable Service Providers, including cable companies and systems and cable system operators; and (5) All Other Telecommunications.

       5. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements for Small Entities

   90. The rules adopted in the Report and Order and Order on Reconsideration require telecommunications providers to report those outages that meet specified NORS outage reporting threshold criteria, now determined by a variety of factors, including the number of end users potentially affected by the outage and the duration of the outage. Providers must now comply with an updated OC3 metric for major transport facilities; adjust calculations for determining when there has been a ``loss of communications'' such that reporting is required; and report outages affecting as Level 1 and 2 enrollees of the Telecommunication Service Priority (TSP) program as ``special offices and facilities.'' The document, https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-63A1.pdf, discusses the requirements in full.

       6. Steps Taken To Minimize the Significant Economic Impact on Small Entities, and Significant Alternatives Considered

   91. The RFA requires an agency to describe any significant alternatives that it has considered in developing its approach, which may include the following four alternatives (among others): ``(1) The establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the rule for such small entities; (3) the use of performance rather than design standards; and (4) an exemption from coverage of the rule, or any part thereof, for such small entities.''

   92. The new and updated reporting requirements are minimally necessary to assure that we receive adequate information to perform our statutory responsibilities with respect to the reliability of telecommunications and their infrastructures. The Commission considered other possible proposals and sought comment on the reporting thresholds and the analysis presented. Ultimately, we believe that outage reporting triggers are set sufficiently high as to make it unlikely that small businesses would be impacted significantly by the final rules. In fact, we anticipate that in many instances, small businesses will find their burden decreased by the new reporting thresholds. In the Commission's experience administering NORS, small companies only rarely experience outages that meet the NORS outage reporting threshold criteria, and we expect that small companies will only be slightly impacted by our rule changes adopted today. Telecommunications providers already file required notifications and reports for internal purposes. We believe the only burden associated with the reporting requirements contained here will be the time required to complete any additional notifications and reports following the proposed changes.

5. Congressional Review Act

   93. The Commission will send a copy of this Report and Order and Order on Reconsideration to Congress and the Government Accountability Office pursuant to the Congressional Review Act, see 5 U.S.C. 801(a)(1)(A).

6. Ordering Clauses

   94. Accordingly it is ordered that, pursuant to the authority contained in Sections 1, 4(i), 4(j), 4(o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, and 615c of the Communications Act of 1934, as amended, and Section 706 of the Communications Act of 1996, 47 U.S.C. 151, 154(i)-(j) & (o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, 615c, and 1302, this Report and Order in PS Docket 15-80 and 11-82 is ADOPTED.

   95. It is further ordered that the Commission's Public Safety and Homeland Security Bureau shall develop and recommend to the Commission proposed rules, published elsewhere in this Federal Register, for NORS information sharing in accordance with its delegated authority and this Report and Order.

       List of Subjects in 47 CFR Part 4

       Airports, Communications common carriers, Communications equipment, Reporting and recordkeeping requirements, Telecommunications.

       Federal Communications Commission.

       Gloria J. Miles,

       Federal Register Liaison Officer, Office of the Secretary.

       Final Rules

       For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR part 4 as follows:

       PART 4--DISRUPTIONS TO COMMUNICATIONS

       0

   1. The authority citation for part 4 is revised to read as follows:

      Authority: Sections 1, 4(i), 4(j), 4(o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, and 615c of Pub. L. 73-416, 48 Stat. 1064, as amended, and section 706 of Pub. L. 104-104, 110 Stat. 56; 47 U.S.C. 151, 154(i)-(j) & (o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, 615c, and 1302, unless otherwise noted.

      0

   2. Section 4.5 is amended by revising paragraphs (b) and (c) as follows and removing and reserving paragraph (d):

      Sec. 4.5 Definitions of outage, special offices and facilities, and 911 special facilities.

      * * * * *

      (b) Special offices and facilities are defined as entities enrolled in the Telecommunications Service Priority (TSP) Program at priority Levels 1 and 2, which may include, but are not limited to, major military installations, key government facilities, nuclear power plants, and those airports that are listed as current primary (PR) airports in the FAA's National Plan of Integrated Airports Systems (NPIAS) (as issued at

      Page 45068

      least one calendar year prior to the outage).

      (c) A critical communications outage that potentially affects an airport is defined as an outage that:

      (1) Disrupts 50 percent or more of the air traffic control links or other FAA communications links to any airport;

      (2) Has caused an Air Route Traffic Control Center (ARTCC) or airport to lose its radar;

      (3) Causes a loss of both primary and backup facilities at any ARTCC or airport;

      (4) Affects an ARTCC or airport that is deemed important by the FAA as indicated by FAA inquiry to the provider's management personnel; or

      (5) Has affected any ARTCC or airport and that has received any media attention of which the communications provider's reporting personnel are aware.

      (d) Reserved

      * * * * *

      0

   3. Section 4.7 is amended by revising paragraphs (d) and (e)(2) to read as follows:

      Sec. 4.7 Definition of metrics used to determine the general outage-

      reporting threshold criteria.

      * * * * *

      (d) Optical Carrier 3 (OC3) minutes are defined as the mathematical result of multiplying the duration of an outage, expressed in minutes, by the number of previously operating OC3 circuits or their equivalents that were affected by the outage.

      (e) * * *

      (2) The mathematical result of multiplying the duration of an outage, expressed in minutes, by the number of end users potentially affected by the outage, for all other forms of communications. For interconnected VoIP service providers to mobile users, the number of potentially affected users should be determined by multiplying the simultaneous call capacity of the affected equipment by a concentration ratio of 8.

      * * * * *

      0

   4. Section 4.9 is amended by revising paragraph (a)(2), the second sentence in paragraph (a)(4), revising the second and sixth sentence in paragraph (b), revising paragraph (e), (f)(2) and the second sentence in paragraph (f)(4) to read as follows:

      Sec. 4.9 Outage reporting requirements--threshold criteria.

      (a) * * *

      (2) Affects at least 667 OC3 minutes;

      * * * * *

      (4) * * * (OC3 minutes and user minutes are defined in paragraphs (d) and (e) of Sec. 4.7.) * * *

      * * * * *

      (b) * * * Providers must report IXC and LEC tandem outages of at least 30 minutes duration in which at least 90,000 calls are blocked or at least 667 OC3-minutes are lost.* * * (OC3 minutes are defined in paragraph (d) of Sec. 4.7.) * * *

      * * * * *

      (e)(1) All wireless service providers shall submit electronically a Notification to the Commission within 120 minutes of discovering that they have experienced on any facilities that they own, operate, lease, or otherwise utilize, an outage of at least 30 minutes duration:

      (i) Of a Mobile Switching Center (MSC);

      (ii) That potentially affects at least 900,000 user minutes of either telephony and associated data (2nd generation or lower) service or paging service;

      (iii) That affects at least 667 OC3 minutes (as defined in Sec. 4.7);

      (iv) That potentially affects any special offices and facilities (in accordance with paragraphs (a) through (d) of Sec. 4.5) other than airports through direct service facility agreements; or

      (v) That potentially affects a 911 special facility (as defined in paragraph (e) of Sec. 4.5), in which case they also shall notify, as soon as possible by telephone or other electronic means, any official who has been designated by the management of the affected 911 facility as the provider's contact person for communications outages at that facility, and they shall convey to that person all available information that may be useful to the management of the affected facility in mitigating the effects of the outage on callers to that facility.

      (2) In determining the number of users potentially affected by a failure of a switch, a wireless provider must multiply the number of macro cell sites disabled in the outage by the average number of users served per site, which is calculated as the total number of users for the provider divided by the total number of the provider's macro cell sites.

      (3) For providers of paging service only, a notification must be submitted if the failure of a switch for at least 30 minutes duration potentially affects at least 900,000 user-minutes.

      (4) Not later than 72 hours after discovering the outage, the provider shall submit electronically an Initial Communications Outage Report to the Commission. Not later than 30 days after discovering the outage, the provider shall submit electronically a Final Communications Outage Report to the Commission.

      (5) The Notification and Initial and Final reports shall comply with the requirements of Sec. 4.11.

      (f) * * *

      (2) Affects at least 667 OC3 minutes;

      * * * * *

      (4) * * * (OC3 minutes and user minutes are defined in paragraphs (d) and (e) of Sec. 4.7.) * * *

      * * * * *

      Sec. 4.13 Removed and Reserved

      0

   5. Section 4.13 is removed and reserved.

      FR Doc. 2016-16274 Filed 7-8-16; 11:15 am

      BILLING CODE 6712-01-P