Standards for Shared ICTJeju, 13 – 16 May 2013
Gale LightfootSenior Staff Program Manager, Office
of the CTO, SPBCisco
ATIS Cybersecurity Standards
Document No:
GSC17-GTSC10-08
Source: ATIS
Contact: Gale Lightfoot, [email protected]
GSC Session:
GTSC
Agenda Item:
4.2
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Highlight of Current Activities• ATIS recently developed end-to-end network topology and
security zones to be used as foundation for comprehensively
addressing cyber-related design and implementation
vulnerabilities in devices, networks and computing infrastructures.
The work identifies the following security zones: – Untrusted zones, which includes terminal equipment border
elements such as residential gateways, modems, managed routers,
HeNB, etc.;
– Trusted but vulnerable zones, which includes network border
elements such as base station routers and session border
controllers; and
– Trusted zones, which includes both carrier network ingress points,
such as cell tower receivers, DSLAMs, etc. and carrier network, end
office, hub or aggregation facilities.2
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Highlight of Current Activities• End-to-End Network Topology and Security Zones:
– Provides an E2E network topology for service delivery; – Security zones to be overlaid according to multiple network
designs;– Will provide security requirements for specific functions
within each scenario;– Foundation for further development in validating network
hardware, trust and identity architectures, mobile device management, etc.; and
– Applicable to M2M, cloud and inter-service provider integrated solutions, among others.
3
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Highlight of Current ActivitiesNumerous U.S. initiatives related to cybersecurity:• Presidential
– Executive Order – Improving Critical Infrastructure Cybersecurity• Focuses on information sharing, standards and privacy protections.
– Presidential Policy Directive 21 (PPD-21)• Overall strategy for integrating government functions for critical infrastructure
• Legislation– Cybersecurity Information Sharing Protection Act (CISPA)
• National Institute of Standards & Technology (NIST)– Based upon the Executive Order, NIST will work with industry to develop
a framework, consisting of standards, guidelines, and best practices to promote the protection of information and information systems supporting critical infrastructure operations
• Federal Communications Commission (FCC)– Communications Security, Reliability and Interoperability Council (C– Technology Advisory Council
4
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Highlight of Current Activities
5
• The Cybersecurity Subcommittee of ATIS’ Packet Technologies and Systems Committee (PTSC) will:– Develop implementable security standards relevant to
packet-based telecommunications networks taking into consideration factors such as multi-service aspects (e.g., mobile, cloud, transport, services network), emerging technology, network evolution, and the multi-provider ecosystem.
– Address the impact of new government regulations and address requests by government agencies (see previous slide).
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Strategic Direction• Ensure consistent and comprehensive cybersecurity
designs across multiple network technologies.• ATIS continues to develop a suite of security
authentication and IdM standards that will facilitate secure interconnection of:– transport facilities– signalling facilities– services and applications
• Cloud computing may pose significant cybersecurity issues that will need to be addressed, and ATIS committees will continue to collaborate (e.g., PTSC, CSF, etc.) on such matters.
6
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Challenges• Cyberecurity solutions have an impact on
delay and performance.• Prioritizing the numerous government
activities related to cybersecurity (e.g., White House Executive Order, NIST Request for Information, FCC, etc.).
• Sensitivity to discussing cybersecurity sensitivities, network attacks, etc., by companies in an open environment.
7
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Next Steps/Actions• ATIS will continue on its current path of generating a
complete suite of standards that can be used to
facilitate interconnection negotiations and result in
interconnection scenarios that are secure.
• ATIS will continue to collaborate with and provide input
into the ITU-T on global solutions for cybersecurity-
and IdM-related matters.
• ATIS will host a Cybersecurity
Governance, Communication and Cooperation
Workshop on June 18-19 in Washington, DC.
8
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Proposed Resolution• ATIS supports the reaffirmation of the
existing Cybersecurity Resolution contained in:– Resolution GSC-16/11 – Cybersecurity
9
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
Supplemental Slides
10
GSC17-GTSC10-08
Standards for Shared ICTGSC-17, Jeju / Korea Standards for Shared ICT
ATIS PTSC Cybersecurity Subcommittee
• The PTSC Cybersecurity Subcommittee will lead and coordinate with other ATIS
committees where appropriate on the following tasks:– Develop implementable security standards relevant to packet-based telecommunications
networks taking into consideration factors such as multi-service aspects (e.g., mobile,
cloud, transport, services network), emerging technology, network evolution, and the
multi-provider ecosystem.
– Maintain and further develop the cybersecurity reference architecture developed by the
ATIS Cybersecurity Focus Group.
– Address the impact of government regulations and address requests by government
agencies (e.g., White House Executive Order, NIST, and FCC Cybersecurity, etc.).
– Assess new cybersecurity issues that arise.
– Maintain liaisons with appropriate ATIS committees, as well as with standards-setting
bodies external to ATIS and adopt other SDO standards as appropriate.
– Review and prepare contributions related to cybersecurity for submission to the ITU-T
and ITU-R Study Groups or other standards organizations and fora.
– Review the positions of other SDOs, agencies or administrations in related standards
development and take or recommend appropriate actions.
11