SBC Launches Research and Development Test Bed to Develop New Layers of Internet Security

Vice-Chairman of President’s Critical Infrastructure Protection Board Endorses Effort to Protect Internet Users, Networks from Rising Tide of Security Violations

Austin, Texas, November 5, 2002

SBC Communications Inc. (NYSE:SBC) today announced the formation of an Internet security test bed designed to uncover new and innovative ways to expand the scope and effectiveness of cyber-security technology.

The project, known as the Internet Assurance and Security Center (IASC), will be designed and managed by SBC Technology Resources Inc., SBC’s research and development center based in Austin.

SBC is launching the IASC in response to the rising tide of Internet security violations, such as viruses, worms and denial-of-service attacks. The CERT Coordination Center, an organization that documents security vulnerabilities, says Internet security violations more than double each year. According to cyber-security experts, the recent Bugbear virus is the most severe widespread attack to occur in 2002. Less than one week after it first appeared, the virus had grown exponentially, affecting millions of users around the world.

Howard Schmidt, Vice Chairman of President Bush’s Critical Infrastructure Protection Board, met with SBC officials last month to review plans for the IASC and other security efforts being implemented by the company.

“SBC is showing just the sort of initiative that is needed in the private sector to help advance cyberspace security,” Schmidt said.

The IASC will focus on development of security technologies and standards that can be applied throughout large telecommunications networks, such as SBC’s, that handle Internet, voice and data traffic for millions of individual users and businesses. While the majority of current security efforts, such as firewalls, place the primary burden of security on end users, IASC research will support a holistic approach that encompasses all elements of the network: telecommunications providers, enterprise networks, customer networks, and hardware and software vendors.

“Internet and network security violations are at an all-time high, and the problem demands our immediate attention,” said Fred Chang, president and CEO, SBC Technology Resources. “SBC recognizes this threat, and we also understand that addressing it will take a cooperative, collaborative effort among the public and private sectors, including network providers and equipment vendors. We have chartered the IASC to help facilitate this effort and begin the process of enhancing overall security for the Internet, carrier and corporate networks.”

In addition to the original research to be conducted by TRI, the IASC also will act as a point of collaboration with existing security research efforts in government, academia and industry. Telcordia Technologies is the first company to partner with SBC on the IASC project. TRI also has a research alliance with the Center for Infrastructure Assurance and Security (CIAS) at the University of Texas-San Antonio. Additional partners and collaborators will be announced in the future.

The IASC will evaluate several methods to detect and neutralize attacks and unwanted content from carrier networks. In addition to investigation of security technologies and systems in general, the IASC will focus on approaches for embedding security components in the network.

Network-based security brings the potential for significant advances:

Security functions could be shared among multiple subscribers on a network, relieving some of the burdens placed on individual users to take security precautions, and ensuring that all subscribers are protected by the latest technology. Attacks and unwanted content could be stopped in the carrier network, preventing congestion of subscriber links. Security technology components in different parts of the network could correlate information and collaborate to thwart attacks.

As an example, security components in several parts of SBC’s network could be designed to detect unusual flows of traffic converging on a particular customer. Once it is determined that this behavior is a distributed denial-of-service attack, the network could automatically filter the offending traffic from multiple locations.

Another area of focus for the IASC will be the development of new security specifications for telecommunications equipment providers. Large telecommunications networks are built using products from several different vendors. The IASC will work with these vendors to encourage widespread adoption of security standards for their components, creating a “designed-in” element of security that will protect networks from the ground up.

The IASC is only one component of SBC’s efforts to provide comprehensive security offerings for three distinct segments of the communications infrastructure: individual users, enterprise networks and large service providers, such as SBC. Currently, the majority of Internet security products and services are developed for individual customers and business networks; these products include firewall and anti-virus software.

The IASC’s focus on carrier security will round out SBC’s complementary Internet security offerings. The company’s DataComm division offers enterprise customers a full network security portfolio to integrate the design, delivery and management of security packages. Residential users who sign up for the new SBC Yahoo! DSL service will receive security software at no extra charge.

The Internet and data networks in general have become a critical infrastructure for business, communications and entertainment.

As the number of Internet users continues to grow each year, many new consumers do not understand the need, or know how, to install and maintain security devices such as firewalls or anti-virus software. This creates a greater number of targets for hackers, and helps to explain why security violations are rising at the same rate as Internet adoption.

In many cases, businesses need even stronger security protection, since they are often the targets of extremely sophisticated intrusions. In 2001, cyber attacks resulting from malicious code cost as much as $13 billion, according to industry sources quoted in the recently released National Strategy to Secure Cyberspace. The costs of security violations go beyond dollars; privacy, reputation, and public safety are other concerns that companies must consider when assessing network security.

Additional information about the IASC can be accessed at www.iascenter.org.

SBC Communications Inc. (www.sbc.com) is one of the world’s leading data, voice and Internet services providers. Through its world-class network and its subsidiaries’ trusted brands – SBC Southwestern Bell, SBC Ameritech, SBC Pacific Bell, SBC Nevada Bell, SBC SNET and Sterling Commerce – SBC companies provide a full range of voice, data, networking and e-business services, as well as directory advertising and publishing. A Fortune 30 company, America’s leading provider of high-speed DSL Internet Access services, and one of the nation’s leading Internet Service Providers, SBC companies currently serve 58 million access lines nationwide. In addition, SBC owns 60 percent of America’s second-largest wireless company, Cingular Wireless, which serves more than 22 million wireless customers. Internationally, SBC has telecommunications investments in 25 countries.