The Department of Homeland Security rightfully devotes substantial resources to Cybersecurity initiatives.  One example is the US-CERT document:   Information Technology (IT) Security -Essential Body of Knowledge (EBK):  A Competency and Functional Framework for IT Security Workforce Development.  The stated purpose of the EBK is:

“The EBK effort was launched to advance the IT security training and certification landscape and to help ensure the most qualified and appropriately trained IT security workforce possible.”

EBK and similar Cybersecurity initiatives are noble and worthwhile.  However, Cybersecurity as a term and the substance of the dialog always defaults to IT or data concepts and ignores the other half of enterprise networks – Voice.  What is meant by Voice Security?  The main areas are:

1. Toll or Dial-through Fraud
2. Modems as Attack Vectors to Data Networks
3. Voice Social Engineering/ID Theft and Contact Center Fraud
4. Harassing, Threatening or Restricted Calls
5. Compliance & Data Leakage
6. Availability Assurance
7. Legal Risk & Investigations

These are enormous vulnerabilities.  For example, Toll Fraud is a substantial, growing problem as evidenced by two reports from June 2009:

• the Communications Fraud Control Association (www.cfca.org) released their 2008 survey of annual global fraud losses which are estimated to be in the range of $72 - $80 billion (USD), up 34% from their 2005 survey.  In that report, Toll Fraud against PBX/Voicemail systems to be $15 billion annually.

• U.S. and Italian authorities arrested a group of hackers who committed Toll Fraud against enterprises around the globe, particularly in the USA.  According to Italian officials illegal profits funded terrorist activities.

It is true that IT security professionals are paying more attention to the impact of voice traffic over data networks with the migration to IP telephony.  However, Voice Security issues transcend the nature of the protocol and are focused on vulnerability of the voice service.  Leading government and commercial enterprises are beginning the new best security practice of installing Voice Firewalls on voice network connections to the un-trusted public telephone network, just as they place data firewalls on every connection to the Internet.

A few examples of such Voice Security savvy enterprises:   Bloomberg, eBay, FAA, FBI, Museum of Modern Art, NASA, State Farm, Sempra Energy, Symantec, U.S. Air Force, U.S. Army, U.S. House of Representatives, Wachovia and Wal-Mart.

It is important to secure the entire enterprise network for the reasons stated above.