Embed Size (px)
Citation preview
Jeju, 13 – 16 May 2013 Standards for Shared ICT
CYBERSECURITY-RELATED CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE STANDARDS ACTIVITY IN THE
TELECOMMUNICATIONS TELECOMMUNICATIONS INDUSTRY ASSOCIATIONINDUSTRY ASSOCIATION
Eric Barnhart, FellowEric Barnhart, Fellow
Georgia Tech Research InstituteGeorgia Tech Research Institute
Document No:
GSC17-GTSC10-07
Source: TIA
Contact: Eric Barnhart [email protected]
GSC Session:
GTSC10
Agenda Item:
4.2
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT2
TIA Cybersecurity BackgroundTIA Cybersecurity Background• TIA focus on Critical Infrastructure Protection and Homeland
Security includes efforts in Network Security• TIA TR-51 (Smart Utility Networks) views TR-50 (M2M-Smart
Device Communications) as logical group to address security in parallel with deference to ITU-T SG17 (Security) from ITU Focus Group SMART
• TIA Cybersecurity Working Group released cybersecurity policy recommendations for critical infrastructure and the global supply chain (July, 2012).
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT3
Highlight of Current ActivitiesHighlight of Current Activities• TIA EC TR-50 (M2M-Smart Device
Communications)– Focuses on Cybersecurity within context of efforts to
contribute requirements, architecture, protocols, etc. related to the topic of Smart Device Communications.
– Ensures architectures, protocols, or specifications meet the requirements established in TR-50 regarding security
– Architecture, protocols, or specifications should support options that can be exported without restriction from countries for which TIA serves as a regional Standards Development Organization (SDO).
– Contributions to oneM2M Document Pool– TIA is founding member of oneM2M
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT4
Highlight of Current ActivitiesHighlight of Current Activities• TIA TR-50 (M2M-Smart Device Communications)
Recent Publications:
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT5
Highlight of Current ActivitiesHighlight of Current Activities• TIA Recommendations in July, 2012 White
Paper:– Recommendation 1: Efforts to improve cybersecurity should leverage
public-private partnerships as an effective tool for collaboration on addressing current and emerging threats.
– Recommendation 2: The U.S. government should enable and stimulate greater cyber threat information sharing between the public and private sector.
– Recommendation 3: Policymakers and regulators should address economic barriers for owners and operators of critical infrastructure to secure cyberspace.
– Recommendation 4: Congress should prioritize federal research funding for ICT and specifically cybersecurity research and development.
– Recommendation 5: A global industry necessarily requires a global approach to address cybersecurity concerns.
– Recommendation 6: A global supply chain can only be secured through industry-driven adoption of best practices and global standards.
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT6
Highlight of Current ActivitiesHighlight of Current Activities• On February 19, President Obama issued Executive Order 13636
(“Improving Critical Infrastructure Cybersecurity’’), along with a related Presidential Policy Directive (PPD-21, “Critical Infrastructure Security and Resilience”)
• EO 13636: http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
• PPD-21: http://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
• The Executive Order and PPD-21 require numerous Federal agencies to undertake activities to enhance the effectiveness of its cybersecurity and report to Congress on their progress, including the creation of a voluntary “Cybersecurity Framework” (that integrates existing standards efforts and best practices) by February 2014
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT7
Highlight of Current ActivitiesHighlight of Current Activities• Consistent with views in TIA’s July 2012 Cybersecurity Whitepaper, TIA
has submitted public responses to two requests for information to date that will inform the implementation of the Executive Order:
• Comments to the National Institute of Standards and Technology (NTIA)’s Developing a Framework To Improve Critical Infrastructure Cybersecurity (Docket Number 130208119–3119–01): http://www.tiaonline.org/sites/default/files/pages/TIA_Comments_NIST_Cybersecurity_Framework_040813.pdf
• Comments to the NTIA and National Telecommunications and Information Administration’s Incentives To Adopt Improved Cybersecurity Practices (Docket Number 130206115–3115–01): http://www.tiaonline.org/sites/default/files/pages/TIA-Comments-NIST-NTIA-Cybersecurity-Framework-Incentives-042913.pdf
• TIA will continue to engage the Federal government on cybersecurity as it implements the Executive Order and PPD-21, as well as more generally in the US Congress and Federal agencies.
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT8
Highlight of Current ActivitiesHighlight of Current Activities
• TIA Hosting upcoming Workshop on M2M and Cybersecurity in early June in Arlington, Virginia:
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT9
Strategic DirectionStrategic Direction
• TIA supports cyber security objectives and study items of ITU-T Study Group 17 as captured in Question 4/17- Cybersecurity
• TIA 2013 Goals and Positions include:– that successful efforts to improve cybersecurity will leverage public-private partnerships to
effectively collaborate on addressing current and emerging threats– that the U.S. government should enable and stimulate greater cyber threat information
sharing between the public and private sector– that policymakers and regulators should ensure that they address economic barriers for
owners and operators of critical infrastructure in efforts to secure cyberspace– that Federal research funding for ICT and specifically cybersecurity research and
development should be prioritized– that the global nature of the ICT industry necessarily requires a global approach to address
cybersecurity concerns– that a global supply chain can only be secured through an industry-driven adoption of best
practices and global standards.
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT10
ChallengesChallenges• With M2M Cybersecurity in TR-50 (M2M-Smart Device
Communications) as current TIA cybersecurity focal point, extend focus as appropriate to address needs:– TR-30 Multimedia Access, Protocols and Interfaces
– TR-41 User Premises Telecommunications Systems
– TR-45 Mobile and Personal Communications Systems Standards
– TR-47 Terrestrial Mobile Multimedia Multicast
– TR-48 Vehicular Telematics
– TR-49 eHealthcare ICT
– TR-51 Smart Utility Networks
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT11
ChallengesChallenges
• Embracing user community (including verticals) contiunes to be vital – MSTF and oneM2M interactions are key
• User needs are particularly important to understand with regard to risks and security demands – examples include energy management and healthcare ICT
• Export control and harmonization issues demand attention
GSC17-GTSC10-07
GSC-17, Jeju / Korea Standards for Shared ICT12
Next Steps / ActionsNext Steps / Actions
• In TIA Engineering Committee TR-50 M2M-Smart Device Communications:– Continue focus on Data In Transit
• Multilayer Security • Interaction of M2M Service Layer with Underlying
Networks– Continue focus on Data At Rest
• Security Analysis of System Architecture
• Host M2M & Cybersecurity Workshop on June 4-5• Examine Test Bed needs to investigate and resolve
Cybersecurity Issues to complement Standards Activity
