What are the security vulnerabilities of the emerging control plane and signaling technologies for dynamically switched optical networks?

Findings:

Systems at the endpoints of dynamically switched optical paths may make assumptions about the origin of traffic arriving on those paths. Compromise of the control plane - or accidental flaws in its design or operation - can invalidate those assumptions, with effects that cannot be predicted.

Control plane traffic is commonly carried in-band. Even when it is isolated, the possibility of it appearing in-band by error may exist.

Recommendations:

Elements of the control plane are end systems with respect to control plane functionality. End-to-end security mechanisms for the control plane should be developed, possibly in parallel with methods for the isolation of control plane traffic. These security mechanisms must be particularly robust against partial network failures and against active attacks through the physical media.