View
231
Download
3
Category
Preview:
Citation preview
Inter-American Telecommunication Commission (CITEL)
Cybersecurity Standards Coordination and Deployment Strategies:
CITEL Initiatives
Wayne ZeuchRapporteur: Standards,
Conformance, and InteroperabilityCITEL PCC.I
ITU /CITEL Regional Cybersecurity Workshop for the Americas Salta Argentina Nov 1 2010
Inter-American Telecommunication Commission (CITEL)
Information and Communication Technologies are now an integral part of our lives. Network and service integration and convergence is ever increasing.
ICTsICTsAutomotive Industry &
Manufacturing
Automotive Industry &
Manufacturing
Home/workplace
Home/workplace
Stores and
services
Stores and
servicesEnergy/electricityEnergy/
electricity
Water/sanitationWater/sanitation
Oil and gasOil and gas
HealthHealth
Banking and
finance
Banking and
finance
Transportation/air traffic
control
Transportation/air traffic
control
Public security/law enforcement
Public security/law enforcement
National defenseNational defense
EducationEducation
Life sciences and
biotechnology
Life sciences and
biotechnology
2
Inter-American Telecommunication Commission (CITEL)
• Convergence– Wireline/Wireless– PSTN / IP-based Networks– Information Technology / Telephony– Network-based services / 3rd Party
Applications
• Next Generation Networks– Migration toward IP-based backbone
networks is taking place from single-service to multiservice, client/server-based networks
– Full deployment of NGNs requires a flexible (software) architecture for service delivery –based on IP Multimedia Subsystem (IMS)
• Interoperability– Interconnection of networks and
Interoperability of Services
3
Network convergence and the proliferation of end-user applications creates new security challenges for
ICT Networks
ICT Networks
NGN Infrastructure Technical Notebook, CITEL PCC.I
Inter-American Telecommunication Commission (CITEL)4
Service Oriented Networks
A Service Oriented Network (SON) is one in which service providers use agile methods to rapidly create new products and
services from re-usable components (known as Service Enablers)
NGN Standards Technical Notebook, CITEL PCC.I
CHALLENGE: SON implementations must be secure and reliable
Inter-American Telecommunication Commission (CITEL)
Anything that can be connected and would benefit from being connected will be connected
Source Nortel-2008
Hyperconnectivity is Real andHappening Now: P2P/P2M/M2M
5
Inter-American Telecommunication Commission (CITEL)
CITELWork Process
7
• Resolutions• Best Practices• Proposals• Endorsements
• Discussion/Debate• Awareness Raising• Issue Identification
• Technologies (Security, ...)• Relevant Standards• Policy/Regulatory• Case Studies
Phases
Inter-American Telecommunication Commission (CITEL)
Standards Coordination
ITU /CITEL Regional Cybersecurity Workshop for the Americas Salta Argentina Nov 1 2010
Inter-American Telecommunication Commission (CITEL)
Standards Coordination Process
Raising awareness by socializing technology standardization activities/progress. Archiving standards descriptions in
anticipation of future endorsement.
StandardsDevelopment(ITU, IETF, …)
PCC.I Standards Coordination
Technology andStandards
Presentations, Discussions
NGN TechnicalNotebook
(if applicable)
StandardsCoordination
Document (SCD)
PCC.I ResolutionEndorsing Standard
9
CITEL does not develop standards.
CITEL identifies relevantstandards and endorsestheir use in the AmericasRegion.
Inter-American Telecommunication Commission (CITEL)
Standards Coordination
• Communication system security (security framework, protocols, lawful intercept, identity management, fraud prevention)
• Multimedia service definition and architectures
• Signaling requirements and protocols (converged networks)
• IP-based services (VOIP, IPTV)• Emergency services• Interworking between
traditional telecommunication networks and evolving networks
• Cloud computing
Standards topics identified:
• Service Oriented Networks• Home Networking• Access network transport (LANs,
Wireless LANs, xDSL, Ethernet, cable modem, fiber, etc.)
• Terminals (PC, TV, PDA, phone, codecs, etc.)
• Management of communications services, networks and equipment
• Network aspects of IMT-2000 and beyond (wireless internet, harmonization and convergence, network control, mobility, roaming, etc.)
• Numbering, Naming and Addressing (ENUM)
• Performance and QoS
10
Inter-American Telecommunication Commission (CITEL)
CITEL PCC.ITechnical NotebookDESCRIPTION
• Provides a formalized means of maintaining an archive of technologies, best practices, policies, or regulatory information – made available to the OAS Member States and CITEL telecom industry members
• Documents relevant activities, completed or in progress• As a ”living document”, it is updated on an ongoing basis with
relevant information from contributions submitted to the Working Groups
Identifying issues and archiving valuable information for the use of the ICT community and in anticipation of
future CITEL recommendations
11
Inter-American Telecommunication Commission (CITEL)
CITEL PCC.I Technical Notebooks
‒ Cybersecurity‒ Critical Telecom Infrastructure
Protection‒ NGN Standards‒ Convergence‒ NGN Infrastructure‒ Broadband Access
Technologies‒ NGN Networks – Best Practices
and Case Studies
‒ Fraud in the Provision of Telecom Services
‒ IPTV – Best Practices‒ VOIP – Technology Aspects‒ Number Portability‒ Regulatory – Best Practices‒ Power Line Communication
Technologies‒ Economic Aspects of
Universal Services
12
Inter-American Telecommunication Commission (CITEL)
Next Generation Networks: Standards Overview Technical Notebook
• Identifies NGN related standards that the Standards Coordination Group is studying
• Provides an archive of NGN technical information (including security-related topics) that is available to the telecom industry and the Member States
• Documents NGN standards, completed or in progress, which may be considered for future development into an SCD in accordance with the CITEL approval procedures
Identifying issues and archiving valuable standards information for the use of the ICT community and in
anticipation of future CITEL endorsement
13
Inter-American Telecommunication Commission (CITEL)
TheThe NGN Standards Technical NotebookNGN Standards Technical Notebook identifies NGN‐related standards including relevant services, architectures and protocols.
(e.g., Signaling, Access, Transport, Management, Service Creation, QoS, Internet Protocol, Numbering). In particular, ...
–– Chapter 2 Chapter 2 –– Emergency Telecommunications Service (ETS)Emergency Telecommunications Service (ETS)•• ETS TypesETS Types
•• Standardization Activities (ITU, IETF, ETSI, ATIS, others)Standardization Activities (ITU, IETF, ETSI, ATIS, others)
–– Chapter 6 Chapter 6 –– Security Standards (active) Security Standards (active) •• ITUITU‐‐T Security Standards (SG 17, SG 13)T Security Standards (SG 17, SG 13)
•• Identity ManagementIdentity Management
–– Chapter 15 Chapter 15 –– Security Standards (archive)Security Standards (archive)•• Internet Protocol Security (IPsec)Internet Protocol Security (IPsec)
•• Internet Key Exchange (IKE) Internet Key Exchange (IKE)
•• Security Architecture for EndSecurity Architecture for End‐‐toto‐‐End Communication SystemsEnd Communication Systems
“Next Generation Networks: Standards Overview”Technical Notebook
14
Inter-American Telecommunication Commission (CITEL)
The weakest links – across boundaries
Effective security requires that a common and consistent approach be applied to:
• Telecommunications & network security• Security management practices• Physical security• Operations security• Business continuity & disaster recover planning• Access control systems & methodology• Cryptography• Application & systems development methodology• Legal requirements including incident management
15
Inter-American Telecommunication Commission (CITEL)
Acce
ss C
ontro
l
Infrastructure Security
Applications Security
Services Security
End User Plane
Control Plane
Management Plane
THREATS
8 Security Dimensions
ATTACKSData
Con
fiden
tialit
y
Com
mun
icat
ion
Secu
rity
Data
Inte
grity
Avai
labi
lity
Priv
acy Interruption
Fabrication
InterceptionModification
Auth
entic
atio
n
Non-
repu
diat
ion
VULNERABILITIES
Security Architecture for EndSecurity Architecture for End--toto--End Network SecurityEnd Network Security
ITU‐T Security Architecture
NGN Standards Technical Notebook, CITEL PCC.I
ITU‐T Rec. X.805
16
Inter-American Telecommunication Commission (CITEL)
Security Program• Consists of policies and procedures in addition to technology• Includes three phases:
– Definition and Planning phase– Implementation phase– Maintenance phase
• Security Architecture can guide the development of:– comprehensive security policy– incident response and recovery plans– technology architectures
• Security Architecture ensures that Security Program addresses each Security Dimension for each Security Layer and Plane
ITU‐T Security Architecture
17
For security standards and programs to be of value, they must first be deployed and then constantly
maintained and re-assessed
Inter-American Telecommunication Commission (CITEL)
CITEL‐PCC.I ResolutionsEndorsing Standards for the Americas Region (1)
Standard DateDateGateway Control Protocol March 2001
Intelligent Networks Capability Set 3 March 2001
Intelligent Networks Capability Set 4 Dec 2002
ITU-T Y.2000-Series Recs for NGN (SG13) Sept 2003
ANSI-41 Evolved Core Network with CDMA2000 Access Network Sept 2003
GSM Evolved UMTS Core Network with UTRAN Access Network Sept 2003
Security Architecture for the Internet Protocol (IPsec) March 2004
Security Architecture for Systems Providing End-to-End Communications (ITU-T Rec. X.805)
March 2004
18
Inter-American Telecommunication Commission (CITEL)
CITEL PCC.I ResolutionsEndorsing Standards for the Americas Region (2)
Standard DatePacket-Based Multimedia Communications Systems (ITU-T Rec. H.323)
March 2004
Interworking Between SIP and BICC Protocols or ISUP (Rec. Q.1912.5)
Sept 2004
SIP: Session Initiation Protocol April 2005
ITU-T Rec. G.993.2 , VDSL2: Very High Speed DSL-2 Transceivers
Sept 2006
ITU-T Rec. J.122, “Second-Generation Transmission Systems for Interactive Cable Television Services – IP Cable Modems”
Sept 2006
Internet Protocol Version 6 (IPv6) Sept 2006
E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)
Sept 2007
19
Inter-American Telecommunication Commission (CITEL)
CITEL‐PCC.I ResolutionsEndorsing Standards for the Americas Region (3)
Standard DateITU-T Rec. E.106, “International Emergency Preference Scheme for Disaster Relief Operations”
March 2008
ITU-T Rec. E.107, “Emergency Telecommunications Service (ETS) and Interconnection Framework for National Implementations of ETS”
March 2008
ITU-T Rec. Y.1910, “IPTV Functional Architecture” May 2009
ITU-T Rec. Y.2270, “NGN Identity Management” May 2009
ITU-T Recommendation L.75 ”Test acepptance and maintenance methods of copper subscriber pairs “
May 2010
20
Inter-American Telecommunication Commission (CITEL)
ITU‐T Study Group 17
Telecommunications systems security projectSecurity architecture and frameworkInformation security managementCybersecurityCountering spam by technical meansSecure aspects of ubiquitous telecommunication servicesSecure application servicesService Oriented Architecture SecurityTelebiometricsIdentity Management architecture and mechanisms
ITU‐T Security Standards
Study Group 17 Study Group 17 is the Lead is the Lead ITUITU‐‐T Study Group for T Study Group for SecuritySecurity and and Identity Identity ManagementManagement
21
Inter-American Telecommunication Commission (CITEL)
IETF Standards DevelopmentThe IETF Security Area has the following active Working
Groups developing Internet standards:• abfab Application Bridging for Federated Access Beyond web• dkim Domain Keys Identified Mail• emu EAP Method Update• hokey Handover Keying• ipsecme IP Security Maintenance and Extensions• isms Integrated Security Model for SNMP• keyprov Provisioning of Symmetric Keys• kitten Kitten (GSS-API Next Generation)• krb-wg Kerberos• ltans Long-Term Archive and Notary Services• msec Multicast Security• nea Network Endpoint Assessment • pkix Public-Key Infrastructure (X.509)• tls Transport Layer Security
IETF Security Standards
The Internet Engineering Task Force is a major is a major developer of Internet developer of Internet standardsstandards
22
Inter-American Telecommunication Commission (CITEL)
Summary• CITEL continues to address Cybersecurity and Security
standards has initiated new studies in several key areas• CITEL is utilizing Standards Coordination Documents to
increase awareness of relevant security standards and to endorse the use of those standards in the Region
• CITEL is utilizing workshops and Technical Notebooks to increase awareness of cybersecurity standards issues and to assess best practices and strategies in order to increase security and mitigate the effects of cyber crime
• Continued cooperation within the Americas Region and continued input from its members on cybersecurity experiences and strategies will allow CITEL to remain focused on the most relevant security issues so as to provide recommendations for the Region and provide value to other bodies internationally
23
Recommended