Cybersecurity Standards Coordination and Deployment Strategies · Cybersecurity Standards...

Inter-American Telecommunication Commission (CITEL)

Cybersecurity Standards Coordination and Deployment Strategies:

CITEL Initiatives

Wayne ZeuchRapporteur: Standards,

Conformance, and InteroperabilityCITEL PCC.I

ITU /CITEL Regional Cybersecurity Workshop for the Americas Salta Argentina Nov 1 2010


Information and Communication Technologies are now an integral part of our lives. Network and service integration and convergence is ever increasing.

ICTsICTsAutomotive Industry &

Manufacturing

Automotive Industry &

Manufacturing

Home/workplace

Home/workplace

Stores and

services

Stores and

servicesEnergy/electricityEnergy/

electricity

Water/sanitationWater/sanitation

Oil and gasOil and gas

HealthHealth

Banking and

finance

Banking and

finance

Transportation/air traffic

control

Transportation/air traffic

control

Public security/law enforcement

Public security/law enforcement

National defenseNational defense

EducationEducation

Life sciences and

biotechnology

Life sciences and

biotechnology

2


• Convergence– Wireline/Wireless– PSTN / IP-based Networks– Information Technology / Telephony– Network-based services / 3rd Party

Applications

• Next Generation Networks– Migration toward IP-based backbone

networks is taking place from single-service to multiservice, client/server-based networks

– Full deployment of NGNs requires a flexible (software) architecture for service delivery –based on IP Multimedia Subsystem (IMS)

• Interoperability– Interconnection of networks and

Interoperability of Services

3

Network convergence and the proliferation of end-user applications creates new security challenges for

ICT Networks

ICT Networks

NGN Infrastructure Technical Notebook, CITEL PCC.I

Inter-American Telecommunication Commission (CITEL)4

Service Oriented Networks

A Service Oriented Network (SON) is one in which service providers use agile methods to rapidly create new products and

services from re-usable components (known as Service Enablers)

NGN Standards Technical Notebook, CITEL PCC.I

CHALLENGE: SON implementations must be secure and reliable


Anything that can be connected and would benefit from being connected will be connected

Source Nortel-2008

Hyperconnectivity is Real andHappening Now: P2P/P2M/M2M

5

Inter-American Telecommunication Commission (CITEL)6


CITELWork Process

7

• Resolutions• Best Practices• Proposals• Endorsements

• Discussion/Debate• Awareness Raising• Issue Identification

• Technologies (Security, ...)• Relevant Standards• Policy/Regulatory• Case Studies

Phases


Standards Coordination

ITU /CITEL Regional Cybersecurity Workshop for the Americas Salta Argentina Nov 1 2010


Standards Coordination Process

Raising awareness by socializing technology standardization activities/progress. Archiving standards descriptions in

anticipation of future endorsement.

StandardsDevelopment(ITU, IETF, …)

PCC.I Standards Coordination

Technology andStandards

Presentations, Discussions

NGN TechnicalNotebook

(if applicable)

StandardsCoordination

Document (SCD)

PCC.I ResolutionEndorsing Standard

9

CITEL does not develop standards.

CITEL identifies relevantstandards and endorsestheir use in the AmericasRegion.


Standards Coordination

• Communication system security (security framework, protocols, lawful intercept, identity management, fraud prevention)

• Multimedia service definition and architectures

• Signaling requirements and protocols (converged networks)

• IP-based services (VOIP, IPTV)• Emergency services• Interworking between

traditional telecommunication networks and evolving networks

• Cloud computing

Standards topics identified:

• Service Oriented Networks• Home Networking• Access network transport (LANs,

Wireless LANs, xDSL, Ethernet, cable modem, fiber, etc.)

• Terminals (PC, TV, PDA, phone, codecs, etc.)

• Management of communications services, networks and equipment

• Network aspects of IMT-2000 and beyond (wireless internet, harmonization and convergence, network control, mobility, roaming, etc.)

• Numbering, Naming and Addressing (ENUM)

• Performance and QoS

10


CITEL PCC.ITechnical NotebookDESCRIPTION

• Provides a formalized means of maintaining an archive of technologies, best practices, policies, or regulatory information – made available to the OAS Member States and CITEL telecom industry members

• Documents relevant activities, completed or in progress• As a ”living document”, it is updated on an ongoing basis with

relevant information from contributions submitted to the Working Groups

Identifying issues and archiving valuable information for the use of the ICT community and in anticipation of

future CITEL recommendations

11


CITEL PCC.I Technical Notebooks

‒ Cybersecurity‒ Critical Telecom Infrastructure

Protection‒ NGN Standards‒ Convergence‒ NGN Infrastructure‒ Broadband Access

Technologies‒ NGN Networks – Best Practices

and Case Studies

‒ Fraud in the Provision of Telecom Services

‒ IPTV – Best Practices‒ VOIP – Technology Aspects‒ Number Portability‒ Regulatory – Best Practices‒ Power Line Communication

Technologies‒ Economic Aspects of

Universal Services

12


Next Generation Networks: Standards Overview Technical Notebook

• Identifies NGN related standards that the Standards Coordination Group is studying

• Provides an archive of NGN technical information (including security-related topics) that is available to the telecom industry and the Member States

• Documents NGN standards, completed or in progress, which may be considered for future development into an SCD in accordance with the CITEL approval procedures

Identifying issues and archiving valuable standards information for the use of the ICT community and in

anticipation of future CITEL endorsement

13


TheThe NGN Standards Technical NotebookNGN Standards Technical Notebook identifies NGN‐related standards including relevant services, architectures and protocols.

(e.g., Signaling, Access, Transport, Management, Service Creation, QoS, Internet Protocol, Numbering). In particular, ...

–– Chapter 2 Chapter 2 –– Emergency Telecommunications Service (ETS)Emergency Telecommunications Service (ETS)•• ETS TypesETS Types

•• Standardization Activities (ITU, IETF, ETSI, ATIS, others)Standardization Activities (ITU, IETF, ETSI, ATIS, others)

–– Chapter 6 Chapter 6 –– Security Standards (active) Security Standards (active) •• ITUITU‐‐T Security Standards (SG 17, SG 13)T Security Standards (SG 17, SG 13)

•• Identity ManagementIdentity Management

–– Chapter 15 Chapter 15 –– Security Standards (archive)Security Standards (archive)•• Internet Protocol Security (IPsec)Internet Protocol Security (IPsec)

•• Internet Key Exchange (IKE) Internet Key Exchange (IKE)

•• Security Architecture for EndSecurity Architecture for End‐‐toto‐‐End Communication SystemsEnd Communication Systems

“Next Generation Networks: Standards Overview”Technical Notebook

14


The weakest links – across boundaries

Effective security requires that a common and consistent approach be applied to:

• Telecommunications & network security• Security management practices• Physical security• Operations security• Business continuity & disaster recover planning• Access control systems & methodology• Cryptography• Application & systems development methodology• Legal requirements including incident management

15


Acce

ss C

ontro

l

Infrastructure Security

Applications Security

Services Security

End User Plane

Control Plane

Management Plane

THREATS

8 Security Dimensions

ATTACKSData

Con

fiden

tialit

y

Com

mun

icat

ion

Secu

rity

Data

Inte

grity

Avai

labi

lity

Priv

acy Interruption

Fabrication

InterceptionModification

Auth

entic

atio

n

Non-

repu

diat

ion

VULNERABILITIES

Security Architecture for EndSecurity Architecture for End--toto--End Network SecurityEnd Network Security

ITU‐T Security Architecture

NGN Standards Technical Notebook, CITEL PCC.I

ITU‐T Rec. X.805

16


Security Program• Consists of policies and procedures in addition to technology• Includes three phases:

– Definition and Planning phase– Implementation phase– Maintenance phase

• Security Architecture can guide the development of:– comprehensive security policy– incident response and recovery plans– technology architectures

• Security Architecture ensures that Security Program addresses each Security Dimension for each Security Layer and Plane

ITU‐T Security Architecture

17

For security standards and programs to be of value, they must first be deployed and then constantly

maintained and re-assessed


CITEL‐PCC.I ResolutionsEndorsing Standards for the Americas Region (1)

Standard DateDateGateway Control Protocol March 2001

Intelligent Networks Capability Set 3 March 2001

Intelligent Networks Capability Set 4 Dec 2002

ITU-T Y.2000-Series Recs for NGN (SG13) Sept 2003

ANSI-41 Evolved Core Network with CDMA2000 Access Network Sept 2003

GSM Evolved UMTS Core Network with UTRAN Access Network Sept 2003

Security Architecture for the Internet Protocol (IPsec) March 2004

Security Architecture for Systems Providing End-to-End Communications (ITU-T Rec. X.805)

March 2004

18


CITEL PCC.I ResolutionsEndorsing Standards for the Americas Region (2)

Standard DatePacket-Based Multimedia Communications Systems (ITU-T Rec. H.323)

March 2004

Interworking Between SIP and BICC Protocols or ISUP (Rec. Q.1912.5)

Sept 2004

SIP: Session Initiation Protocol April 2005

ITU-T Rec. G.993.2 , VDSL2: Very High Speed DSL-2 Transceivers

Sept 2006

ITU-T Rec. J.122, “Second-Generation Transmission Systems for Interactive Cable Television Services – IP Cable Modems”

Sept 2006

Internet Protocol Version 6 (IPv6) Sept 2006

E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)

Sept 2007

19


CITEL‐PCC.I ResolutionsEndorsing Standards for the Americas Region (3)

Standard DateITU-T Rec. E.106, “International Emergency Preference Scheme for Disaster Relief Operations”

March 2008

ITU-T Rec. E.107, “Emergency Telecommunications Service (ETS) and Interconnection Framework for National Implementations of ETS”

March 2008

ITU-T Rec. Y.1910, “IPTV Functional Architecture” May 2009

ITU-T Rec. Y.2270, “NGN Identity Management” May 2009

ITU-T Recommendation L.75 ”Test acepptance and maintenance methods of copper subscriber pairs “

May 2010

20


ITU‐T Study Group 17

Telecommunications systems security projectSecurity architecture and frameworkInformation security managementCybersecurityCountering spam by technical meansSecure aspects of ubiquitous telecommunication servicesSecure application servicesService Oriented Architecture SecurityTelebiometricsIdentity Management architecture and mechanisms

ITU‐T Security Standards

Study Group 17 Study Group 17 is the Lead is the Lead ITUITU‐‐T Study Group for T Study Group for SecuritySecurity and and Identity Identity ManagementManagement

21


IETF Standards DevelopmentThe IETF Security Area has the following active Working

Groups developing Internet standards:• abfab Application Bridging for Federated Access Beyond web• dkim Domain Keys Identified Mail• emu EAP Method Update• hokey Handover Keying• ipsecme IP Security Maintenance and Extensions• isms Integrated Security Model for SNMP• keyprov Provisioning of Symmetric Keys• kitten Kitten (GSS-API Next Generation)• krb-wg Kerberos• ltans Long-Term Archive and Notary Services• msec Multicast Security• nea Network Endpoint Assessment • pkix Public-Key Infrastructure (X.509)• tls Transport Layer Security

IETF Security Standards

The Internet Engineering Task Force is a major is a major developer of Internet developer of Internet standardsstandards

22


Summary• CITEL continues to address Cybersecurity and Security

standards has initiated new studies in several key areas• CITEL is utilizing Standards Coordination Documents to

increase awareness of relevant security standards and to endorse the use of those standards in the Region

• CITEL is utilizing workshops and Technical Notebooks to increase awareness of cybersecurity standards issues and to assess best practices and strategies in order to increase security and mitigate the effects of cyber crime

• Continued cooperation within the Americas Region and continued input from its members on cybersecurity experiences and strategies will allow CITEL to remain focused on the most relevant security issues so as to provide recommendations for the Region and provide value to other bodies internationally

23


g{tÇ~ lÉâ4g{tÇ~ lÉâ4Wayne ZeuchVice Chair: Working Group on Deployment of Technologies and ServicesRapporteur: Standards, Conformance, and [email protected]

[email protected]

Cybersecurity Standards Coordination and Deployment Strategies · Cybersecurity Standards...

Documents

Transcript of Cybersecurity Standards Coordination and Deployment Strategies · Cybersecurity Standards...