Standards for Shared ICTJeju, 13 – 16 May 2013

Gale LightfootSenior Staff Program Manager, Office

of the CTO, SPBCisco

ATIS Cybersecurity Standards

Document No:

GSC17-GTSC10-08

Source: ATIS

Contact: Gale Lightfoot, lightfg@cisco.com

GSC Session:

GTSC

Agenda Item:

4.2

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Highlight of Current Activities• ATIS recently developed end-to-end network topology and

security zones to be used as foundation for comprehensively

addressing cyber-related design and implementation

vulnerabilities in devices, networks and computing infrastructures.

The work identifies the following security zones: – Untrusted zones, which includes terminal equipment border

elements such as residential gateways, modems, managed routers,

HeNB, etc.;

– Trusted but vulnerable zones, which includes network border

elements such as base station routers and session border

controllers; and

– Trusted zones, which includes both carrier network ingress points,

such as cell tower receivers, DSLAMs, etc. and carrier network, end

office, hub or aggregation facilities.2

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Highlight of Current Activities• End-to-End Network Topology and Security Zones:

– Provides an E2E network topology for service delivery; – Security zones to be overlaid according to multiple network

designs;– Will provide security requirements for specific functions

within each scenario;– Foundation for further development in validating network

hardware, trust and identity architectures, mobile device management, etc.; and

– Applicable to M2M, cloud and inter-service provider integrated solutions, among others.

3

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Highlight of Current ActivitiesNumerous U.S. initiatives related to cybersecurity:• Presidential

– Executive Order – Improving Critical Infrastructure Cybersecurity• Focuses on information sharing, standards and privacy protections.

– Presidential Policy Directive 21 (PPD-21)• Overall strategy for integrating government functions for critical infrastructure

• Legislation– Cybersecurity Information Sharing Protection Act (CISPA)

• National Institute of Standards & Technology (NIST)– Based upon the Executive Order, NIST will work with industry to develop

a framework, consisting of standards, guidelines, and best practices to promote the protection of information and information systems supporting critical infrastructure operations

• Federal Communications Commission (FCC)– Communications Security, Reliability and Interoperability Council (C– Technology Advisory Council

4

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Highlight of Current Activities

5

• The Cybersecurity Subcommittee of ATIS’ Packet Technologies and Systems Committee (PTSC) will:– Develop implementable security standards relevant to

packet-based telecommunications networks taking into consideration factors such as multi-service aspects (e.g., mobile, cloud, transport, services network), emerging technology, network evolution, and the multi-provider ecosystem.

– Address the impact of new government regulations and address requests by government agencies (see previous slide).

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Strategic Direction• Ensure consistent and comprehensive cybersecurity

designs across multiple network technologies.• ATIS continues to develop a suite of security

authentication and IdM standards that will facilitate secure interconnection of:– transport facilities– signalling facilities– services and applications

• Cloud computing may pose significant cybersecurity issues that will need to be addressed, and ATIS committees will continue to collaborate (e.g., PTSC, CSF, etc.) on such matters.

6

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Challenges• Cyberecurity solutions have an impact on

delay and performance.• Prioritizing the numerous government

activities related to cybersecurity (e.g., White House Executive Order, NIST Request for Information, FCC, etc.).

• Sensitivity to discussing cybersecurity sensitivities, network attacks, etc., by companies in an open environment.

7

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Next Steps/Actions• ATIS will continue on its current path of generating a

complete suite of standards that can be used to

facilitate interconnection negotiations and result in

interconnection scenarios that are secure.

• ATIS will continue to collaborate with and provide input

into the ITU-T on global solutions for cybersecurity-

and IdM-related matters.

• ATIS will host a Cybersecurity

Governance, Communication and Cooperation

Workshop on June 18-19 in Washington, DC.

8

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Proposed Resolution• ATIS supports the reaffirmation of the

existing Cybersecurity Resolution contained in:– Resolution GSC-16/11 – Cybersecurity

9

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

Supplemental Slides

10

GSC17-GTSC10-08

Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT

ATIS PTSC Cybersecurity Subcommittee

• The PTSC Cybersecurity Subcommittee will lead and coordinate with other ATIS

committees where appropriate on the following tasks:– Develop implementable security standards relevant to packet-based telecommunications

networks taking into consideration factors such as multi-service aspects (e.g., mobile,

cloud, transport, services network), emerging technology, network evolution, and the

multi-provider ecosystem.

– Maintain and further develop the cybersecurity reference architecture developed by the

ATIS Cybersecurity Focus Group.

– Address the impact of government regulations and address requests by government

agencies (e.g., White House Executive Order, NIST, and FCC Cybersecurity, etc.).

– Assess new cybersecurity issues that arise.

– Maintain liaisons with appropriate ATIS committees, as well as with standards-setting

bodies external to ATIS and adopt other SDO standards as appropriate.

– Review and prepare contributions related to cybersecurity for submission to the ITU-T

and ITU-R Study Groups or other standards organizations and fora.

– Review the positions of other SDOs, agencies or administrations in related standards

development and take or recommend appropriate actions.

11