Transcript ATIS Cybersecurity

DOCUMENT #:
GSC15-GTSC8-06
FOR:
Presentation
SOURCE:
ATIS
AGENDA ITEM:
GTSC8; 4.2
CONTACT(S):
Art Reilly ([email protected])
ATIS Cybersecurity
Art Reilly, Cisco
Global Standards Collaboration (GSC)
GSC-15
Highlight of Current Activities (1)
ATIS’ Packet Technologies and Systems
Committee (PTSC)
 Completed:
•
•
•
•
UNI and NNI signalling security standards
UNI and NNI testing standards
NGN authentication requirements
Session Border Controller (SBC) requirements
 Security architecture is layered, both horizontally
and vertically, with border element functions
protecting trusted from untrusted domains
2
Highlight of Current Activities (2)
 PTSC continues to focus on security-related topics
that will ensure robust signalling and
communications standards and network
implementations that will provide adequate
protection and support for multimedia and
emergency services in the current cybersecurity
environment:
•
•
•
•
•
•
ETS Authentication
Data Border Function Requirements
Security Mechanisms
Location
Identity Management
Certificate Management
3
Highlight of Current Activities (3)
 PTSC’s focus is on specifying security
considerations for Layers 1 through 5 for UNIs,
NNIs, ANIs, and SNIs
• Generation of interface requirements will:
 Attempt to reduce number of available
interconnection options, without compromising the
desired flexibility in implementing the services,
thereby facilitating interoperability
 Facilitate interconnection negotiations
 Ensure adequate security will be provided
4
Highlight of Current Activities (4)
ATIS’ Network Performance, Reliability, and
QoS Committee (PRQC)
 Current/Future work:
• Currently working on Standard for Media Plane
Performance Security Impairments Standard for
Evolving VoIP/Multimedia Networks
 Document potential QoS degradations associated with security
mechanisms
 Identify potential security problems associated with QoS
mechanisms
• Extend work initiated in ATIS-0100014, Information &
Communications Security for NGN Converged Services
IP Networks and Infrastructure
 Published:
• ATIS-0100024.2009, User-Network Interface (UNI) Media Plane
Security Standard for Evolving VoIP/Multimedia Networks,
published.
• ATIS-0100014 (see above)
5
Highlight of Current Activities (5)
ATIS’ Telecom Management and Operations
Committee (TMOC)
 TMOC will continue to address
• Management aspects of security, especially
concerning NGN Carrier Interconnection
arrangements and VoIP Registry Database
• Management aspects of security, as driven by
the ATIS Board (e.g., TOPS Council or CIO
Council)
6
Strategic Direction
 ATIS continues to develop a suite of security
authentication and IdM standards that will facilitate
secure interconnection of:
• transport facilities
• signalling facilities
• services and applications
 Cloud computing may pose significant security
issues that will need to be addressed
7
Challenges
 SIP security solutions are tailored to be end
to end
 SIP/SIPPING/SIMPLE/etc. RFCs have well
written security sections that are not fully
implemented in vendor products
 Security solutions have an impact on delay
and performance
8
Next Steps/Actions
 ATIS will continue on its current path of
generating a complete suite of standards
that can be used to facilitate interconnection
negotiations and result in interconnection
scenarios that are secure
9
Proposed Resolution
 Continued support for GSC-14 Security
Related Resolutions:
• Resolution GSC-14/4 - Identity Management
• Resolution GSC-14/25 - Personally Identifiable
Information Protection
 Update Resolution GSC-14/11 - Cybersecurity
to reflect actions at WTDC10 (modified draft
Resolution provided as a GSC contribution)
10
Cybersecurity (ATIS)



Presentations
• Contributions GSC15-GTSC8-06, -07, -10, -11 and -14(-10, -11 and -14 contained
proposed updates to the existing Resolution)
Summary
• Cybersecurity continues to be one of the top priorities in the GSC members.
• Cloud Computing presents an added level of risk to data integrity, privacy and
availability. However, it also offers additional opportunities in these areas as well.
• Countries/regions are developing and sharing best practices to address the
cybersecurity challenges. This could be especially helpful to developing countries.
• The Cybex framework being developed in ITU-T SG 17 provides a model for
o structuring information
o identifying and discovering objects
o requesting and responding with information
o exchanging information over networks
o assured cybersecurity information exchanges
The specifications are especially relevant to Computer Incident Response Teams
(CIRTS), law enforcement and others that must exchange incident or related forensic
information
• Effective cooperation and collaboration across the many organizations, including
standards bodies, doing Cybersecurity work is essential.
Resolution
• Proposed revisions to Resolution GSC-14/11 on Cybersecurity.
11
Supplemental Slides
12
Supplemental Slides
 PTSC Issues may be found at: http://www.atis.org/0191/issues.asp
 PTSC Active Issues which have a security component are:
•
•
•
•
•
•
•
•
•
Issue #
S0051
S0055
S0059
S0060
S0061
S0063
S0065
S0073
S0074
Title
ATIS NGN Identity Management Requirements
Security Mechanisms
ATIS NGN Identity Management Use Cases
ATIS NGN Identity Management Mechanisms
Certificate Management
ATIS ETS Authentication
Enterprise Network Support in NGN
Security Guidelines for DBF Interface
Security Guidelines for Carrier Interconnection (NNI)
13
Supplemental Slides
 PRQC Issues may be found at: http://www.atis.org/0010/issues.asp
 PRQC Active Issues which have a security component are:
•
•
•
•
Issue #
A0010
A0014
A0035
A0045
Title
User Plane Security Requirements in NGNs
Network-Network Interface (NNI) User Plane Security
Impact of Security on QOS Performance in NGNs
Service-specific Security Mechanism Implementation Options
14