California cold feet on E911 Legislation?

This Avaya CONNECTED Blog
is also available as an MP3 Audio File


CPUC-MLTS Logo.pngIt’s no great secret that for several years now California has been touted as being very progressive with its E911 legislation. After initial Public Utilities Commission hearings in 2010, Bill A.B. 911 has recently been moving forward at lightning speed as it navigates its way through the legislative process.

A few weeks back, the bill was put into “SUSPENSE,” and today a Senate Appropriations Committee Fiscal Summary Bill Analysis was published on the California PUC website explaining the reasoning for this change.

Cue the suspenseful music!

The analysis reports a change to the Fiscal Impact (as proposed to be amended):
“Unknown one time costs, possibly in the hundreds of thousands to millions of dollars, from General Fund and various special funds to replace and update any ML TS system owned and operated by the state to be able to transmit the required information with 911 calls.”

As proposed, the bill would go into effect on January 1, 2016, and would require that the MLTS be operated and maintained so that dialing 911, or 911 and any additional digit for access codes (9 for example), route the caller to the PSAP with the “automatic display of the callers number address and location of the phone.”

161-5Percent-iStock_000014802700XSmall.jpgAs stated earlier in the PUC report, only a small fraction of companies would be affected by this new legislation, however that would account for a large majority of constituents that are serviced by these systems. The report documents that 95% of the 1.3 million businesses and government agencies within California would actually be exempt from this legislation, and the remaining 65,000 businesses “employ 9,521,366 Californians or 60.5% of the California workforce and serve countless visitors, customers, clients and tourists, are the business MLTS customers and end-users that require this critical E9-1-1 emergency services protection and would benefit from Enhanced 9-1-1 legislative mandate.”

Part of the issue here is that, despite the data presented during the PUC workshop in 2010, there is still a perception that 911 remediation is a costly undertaking for an MLTS environment. It is also clear that some of the base guidelines that are stated in the NENA MLTS Model Legislation document have not been taken into consideration. For example, requiring station level reporting to the PSAP becomes the burden for enterprises when implementing an E911 solution. Many stations within the enterprise do not have their own individual direct inward dial telephone number, and an organization with several thousand telephone instruments could be challenged with the operational costs managing locations at the individual device level.

As the NENA model legislation states, zone level reporting with the appropriate on-site notification mechanisms is adequate when establishing emergency response plans for a particular address. This reduces the complexity of the solution, as well as eliminates the ongoing and costly maintenance of the carrier PS-ALI database, which can now become static. Based on Avaya’s experience, eliminating this complexity not only reduces cost, but improves the chances of systems actually being implemented to where they will do some good. Let’s face it, you can have the best solution possible but if no one uses it, it’s worthless.

While I’m a proponent for legislation around E911 services in the enterprise, I do not believe in legislation that doesn’t actually solve the problem. California has an excellent opportunity to follow in the footsteps of states like Michigan, Massachusetts, Virginia, and the 15 other states that have implemented legislation and guidance around emergency services and multiline telephone systems.

Adopting this legislation, without clarification on zone level reporting requirements would be a huge mistake, now or in the future, and delaying the implementation of this bill until 2017 serves no purpose whatsoever. If there was a level of concern over requiring existing implementations enough time to evaluate and become compliant, there is always the proverbial “grandfather clause” that would allow existing systems to operate for an extended period of time past the implementation of the bill. New systems purchased on or after that date would require compliance, with of course a six month window at the beginning of the bill effective date to allow those businesses with construction plans already in place a short grace period.

martha.pngAPN Legal Correspondent Martha Buyer says, “There’s an old adage about never wanting to watch either legislation or sausage being made. My suspicion is that lobbyists got in the middle of this draft legislation and convinced the bill’s author and those supporting it, that the requested change was paramount to its adoption. Unfortunately, in the course of modifying the legislation to appease someone, the teeth–and effectiveness–may have been removed. At the end of the day, E911 legislation is all about safety and protecting people. Employers, who may have lobbied against an additional regulatory burden, may be unaware that they continue to have exposure, with or without legislation, for creating and maintaining a safe workplace, both for employees and guests.”

Again, most systems today will provide some level of 911 location granularity and reporting. This is not new to the industry, and we’ve worked closely with our DevConnect community to make it available several different solutions, at several different levels of functionality, and several price points which are nowhere near the costs indicated in the recent Bill Analysis.


Want more Technology, News and Information from Avaya? Be sure to check out the Avaya Podcast Network landing page at http://avaya.com/APN . There you will find additional Podcasts from Industry Events such as Avaya Evolutions and INTEROP, as well as other informative series by the APN Staff.

APN Blog Banner

Thanks for stopping by and reading the Avaya CONNECTED Blog on E9-1-1, I value your opinions, so please feel free to comment below or if you prefer, you can email me privately.

Public comments, suggestions, corrections and loose change is all graciously accepted 😉
Until next week. . . dial carefully.

Be sure to follow me on Twitter @Fletch911

Fletch_Sig.png 


CacheFly LogoAPN is Powered by Cachefly
CacheFly is the world’s fastest CDN, delivering rich-media content up to 10x faster than traditional delivery methods. With a proven track record and over a decade’s worth of CDN experience, companies around the world choose the CacheFly CDN for reliable and unbeatable performance. For more information, visit www.cachefly.com

Related Articles:

Call it what you will: Multi-channel, Omnichannel—It isn’t about the Contact Center!

At this point, we know that most companies are competing exclusively on the customer experience (83%, according to Dimension Data). McKinsey Insights shows that effective customer journeys are impactful: increase revenue by up to 15%, boost customer satisfaction by up to 20%, and turn predictive insight into customers’ needs by up to 30%. The issue isn’t that companies fail to understand the importance of the customer experience (CX). The problem is that over half of companies today fail to grasp what is arguably the single most important driver of a successful CX strategy: organizational alignment.

This isn’t to say that companies aren’t taking the necessary steps to strengthen their CX strategies. Looking back five years ago, 92% of organizations were already working to integrate multiple interaction channels—call it multi-channel, omnichannel, digital transformation—to deliver more consistent, contextualized experiences. The needle is moving in the right direction. However, companies will find themselves in a stalemate if they limit the customer experience to the contact center.

Customer Experience is the Entire Brand Journey

That’s right, the customer experience is NOT about the contact center. In fact, it never was. The customer experience is instead about seamlessly supporting consumers across their entire brand journey regardless of where, when, how and with whom it happens. This means supporting not just one business area (i.e., the contact center), but the entire organization as one living, breathing entity. This means supporting not just one single interaction, but the entire experience a customer has with a company from start to—well, forever. After all, the customer journey never truly ends.

Are companies ready for this future of the customer experience? Perhaps not: 52% of companies currently don’t share customer intelligence outside of the contact center, according to Deloitte.

Executives are planning for not only contact channels to expand but most are expecting these interaction journeys to grow in complexity. It’s clear that a contact-center-only structure doesn’t cut it anymore. At today’s rate of growth and change, it’s easy to see how a CX strategy can miss the mark when the entire customer journey is being limited to the contact center. Imagine how much stronger a company would perform if it supported the customer experience as the natural enterprise-wide journey it is? A journey where interactions take place across multiple channels and devices, unfolding across multiple key areas of business (i.e., sales, HR, billing, marketing)?

Imagine, for instance, a hospital immediately routing an outpatient to the travel nurse who cared for him last week, although she is now on the road to her next location. Imagine a bank being able to automatically route a customer to a money management expert after seeing that the last five questions asked via live chat were about account spending. Imagine a salesperson knowing that a customer attended a webinar last week on a new product launch and had submitted three questions—all before picking up the phone. Imagine a retail store associate knowing you walked in and that you were searching online for formal attire.

Contextual Awareness is Critical

Today’s CX strategy is no longer about asking the right questions: it’s about having the right information at the right time to drive anticipatory engagement. It’s no longer about being able to resolve a customer issue quickly. It’s about building an authentic, organization-wide relationship based on contextual awareness. In short, this means companies being able to openly track, measure, and share customer data across all teams, processes, and customer touch points. This ability either makes or breaks the CX today.

So, are you near the breaking point? Consider that nearly 40% of executives say their agents’ top frustration is that they can’t access all of the information they need. Less than 25% of contact centers today enjoy full collaboration on process design with their entire enterprise. Connected customer journeys and the overall CX are now top areas of focus as most organizations support up to nine channel options. CX will encounter a dramatic shift of reimagined customer engagements that will be able to incorporate technologies such as artificial intelligence, IoT, analytics, and augmented reality and virtual reality.

The bottom line is this: organizations must support an enterprise-wide customer journey to support the future of the CX now! They must share contextual data inside and outside of the contact center, and they need seamless and immediate access to that data anytime, anywhere, under any given circumstance. Above all, organizations need the right architectural foundation to support this anytime, anywhere ecosystem—otherwise, even their best moves will always result in a draw.

Get out of the Queue: Drive Your CX with Attribute Matching

At this point, nearly every company is working overtime to realign around two simple words: customer experience (CX). So much so that nearly 90% of companies now compete solely on CX—a drastic increase from 36 % in 2010—and 50 % of consumer product investments are expected to be redirected to CX innovations—like attribute matching—by the end of this year.

But what exactly does the CX consist of, especially in today’s new world of digital business innovation? This next-generation CX is supported by several advanced technologies—big data analytics, omnichannel, automation—however, these investments are all aimed at driving one thing: contextualization.

The rise of contextualized service—the ability for companies to not only gain insightful information about their customers but also deliver information in a way that is relevant and meaningful to customers based on individual circumstances to improve their experience—has evolved the CX to a point where it looks virtually nothing like it did as recently as 10 years ago. Whereas consumers once primarily focused on the act of purchasing, driven by such things as product quality and price, they now focus on the richness of brand relationships, driven by the personal value that companies deliver throughout the customer journey. Just consider that 70% of buying experiences are now based on how customers feel they are being treated. This is the key factor that sets apart market leaders like Amazon, Trader Joe’s, and Apple from the competition.

According to Accenture, there is an estimated $6 trillion in global revenue up for grabs due to dissatisfied customers constantly switching providers. The ability for companies to offer contextualized service is vital for operating at the speed of the consumer and capturing more of this market share. There’s just one thing preventing companies from seizing this limitless potential: the traditional call queue.

Every customer is familiar with the call queue. This is the place where statements like, “Your call is important to us. Please continue to hold,” and “Let me transfer you to a specialized team who can help you with that” perpetually live. It’s where exhaustive efforts to route customers to the correct service rep become lost, or where consumers must repeat the same information to multiple agents across different teams. It’s the greatest barrier preventing companies from being more dynamically connected to their consumers, and one of the greatest reasons why customers reduce their commitment to a brand.

Driving Contextualization with Attribute Matching

In a world where customers demand a profound level of connection and transparency, organizations can no longer support a contact center environment in which calls are distributed among agents who are organized by function (i.e., sales, service, support). In today’s smart, digital world, companies must transform the traditional call center into an integrated, digital communications hub. This means moving away from a siloed, metric-driven queue and instead working to put customers in touch with the best organizational resource depending on their exact need or circumstance as immediately as possible. The most effective way to achieve this is to migrate from archaic infrastructure towards an integrated, agile, next-generation platform built on open communications architecture.

Open communications architecture allows organizations to seamlessly collect, track and share contextual data across various teams, processes, and customer touch points. This integrated environment supports a real-time data repository from which businesses can pull from to route customers based on needs beyond traditional characteristics (like language preference). Rather, the technology allows companies to build customized learning algorithms that drive anticipatory engagement, enabling them to match customers based on next-level variables like personality, emotion and relatability.

Imagine, for example, a hotel routing a customer directly to an IT staffer after seeing that the person tweeted about a poor in-room Wi-Fi connection. Imagine a bank being able to route a customer to a money management expert after seeing that the last five questions asked via live chat were about account spending. Imagine an athletic apparel company matching a customer with an agent who is an avid runner after noticing that the individual recently signed up for a 5K.

The future of the CX means creating and continually building a contextualized view of customers throughout their entire brand journey. It means going beyond customer service to establish unparalleled, organization-wide relationships. It means transforming peoples’ lives, verses simply answering questions. This is what companies must work to align themselves with. The good news is that technology has evolved to a point where they can now easily, effectively and cost-efficiently do so.

Interested in learning more or getting beyond the queue to Redefine Your Customer and Employee Experiences? Contact us. We’d love to hear from you.

Reducing the Risks of Distributed Denial of Service Attacks

Picture what may just be one of the scariest scenarios in your career: The network has slowed to a crawl. You can barely hold a management interface, let alone control the network elements involved. The attack propagates, and as it does you watch your services drop one by one. Panic sets in. You’re experiencing a Denial of Service (DoS) attack. All resources are focused on stamping this fire out—and that may very well be the intention of the attackers.

A DoS attack might be a smokescreen to get you to focus elsewhere while the intruder goes about covert business in a much safer fashion, leaving little forensics afterward.

DoS attacks are an easy thing to comprehend. Even the term Distributed Denial of Service (DDoS) is an easy extension. But the strategy behind why they’re used and their intent can vary dramatically. A DoS attack can occur in an array of sophistication. Here’s a quick breakout from the simplest to most complex attacks:

  • Network Level attacks:

    The simplest ones—TCP, UDP, ICMP, Floods

  • Reflective/Amplified attacks:

    Service focused—DNS, NTP, SNMP, SSDP, Specific floods

  • Fragmentation:

    Session specific—overlaps, missing, too many

  • Application specific:

    Repetitive GET, slow READ or loop calls

  • Crafted:

    Stack and protocol level, buffer resources

These methods are often overlapped in a targeted fashion. In essence the attack is a series of waves that each hit in varying degrees of sophistication and focus. Other times the attack is relatively primitive and easy to isolate. The reason for this is that in the simplest levels, it’s an easy thing to do. As an example, a disgruntled student, upset over a new vending matching policy, could mount a DoS attack against his or her school administration. On the other end of the spectrum is a much darker orchestration, the sleight of the hand to get you to look elsewhere. This is typically the signature of an Advanced Persistent Threat (APT).

Unless an attack is very simple and short-lived, it needs to be distributed in the way it operates. It needs to be generated from various points of origin. This is referred to as a DDoS attack. The attacker needs to coordinate a series of end points to execute some particular event at the same point in time or perhaps, in more sophisticated examples, as phased against a time series. For a DDoS attack, the attacker requires a command and control (C2) capability. This means that they need to have access and response to the compromised systems. This is referred to as a Botnet.

Botnets do not have to be sophisticated to be successful. They only have to implement a simple set of instructions at the right point in time. Let’s take the recent reflective/amplified DDoS attack on Dynamic DNS services on the East coast of the U.S., which affected several large firms such as Amazon and Yahoo. The attack was mounted from residential video surveillance cameras. Even though there was no direct intrusion, the firms were impacted. Which leads us to two lessons.

Lesson number one: Security in IoT needs to be taken more seriously in the product design stages. Perhaps the concept and treatment of residential security systems needs to be rethought.

Lesson number two: As we move to outsourcing and cloud services we need to realize that we spread the reality of our exposed risk. Due diligence is required to assure that service providers and partners are doing their role in end-to-end security. But do you recall I mentioned that the source of the orchestrated attack was from the residential network? This brings about a new degree of challenges as we look at the new world of consumer IoT.

How do we maintain security in that sector? Clearly the residence itself should uphold best practices with a well-maintained and monitored gateway. But let’s face it, this is generally not going to happen. The monitoring of behaviors and abnormalities at the provider interface level is the next best catch and many providers are moving to reach this goal.

The other key point to remember about botnets is that in order to command, one has to control. This can happen in various ways. One is automatic. It infects and sits until a predefined time and then activates. This is the simplest. Another method requires true C2. Either way, bad code gets residence or existing code gets leveraged in negative ways. You should be able to pick out the anomalies.

Proper design with hyper-segmentation can greatly reduce the risk of propagation from the initial infection. The botnet is contained and should be readily identified, if you’re watching. Are you?