Cybersecurity Standards Coordination and Deployment Strategies: CITEL Initiatives Wayne Zeuch Rapporteur: Standards, Conformance, and Interoperability CITEL PCC.I ITU /CITEL Regional Cybersecurity Workshop for the Americas Salta Argentina Nov 1 2010
Information and Communication Technologies are now an integral part of our lives. Network and service integration and convergence is ever increasing. Energy/ electricity Stores and services Banking and finance National defense Life sciences and biotechnology Automotive Industry & Manufacturing ICTs Health Water/sanitation Education Transportatio n/air traffic control Home/ workplace Oil and gas Public security/ law enforcement 2
ICT Networks Convergence Wireline/Wireless PSTN / IP-based Networks Information Technology / Telephony Network-based services / 3 rd Party Applications Next Generation Networks Migration toward IP-based backbone networks is taking place from single-service to multiservice, client/server-based networks Full deployment of NGNs requires a flexible (software) architecture for service delivery based on IP Multimedia Subsystem (IMS) Interoperability Interconnection of networks and Interoperability of Services NGN Infrastructure Technical Notebook, CITEL PCC.I Network convergence and the proliferation of end-user applications creates new security challenges for ICT Networks 3
Service Oriented Networks CHALLENGE: SON implementations must be secure and reliable NGN Standards Technical Notebook, CITEL PCC.I A Service Oriented Network (SON) is one in which service providers use agile methods to rapidly create new products and services from re-usable components (known as Service Enablers) 4
Hyperconnectivity is Real and Happening Now: P2P/P2M/M2M Anything that can be connected and would benefit from being connected will be connected 5 Source Nortel-2008
6
Phases CITEL Work Process Technologies (Security,...) Relevant Standards Policy/Regulatory Case Studies Discussion/Debate Awareness Raising Issue Identification Resolutions Best Practices Proposals Endorsements 7
Standards Coordination ITU /CITEL Regional Cybersecurity Workshop for the Americas Salta Argentina Nov 1 2010
Standards Coordination Process CITEL does not develop standards. PCC.I Standards Coordination CITEL identifies relevant standards and endorses their use in the Americas Region. Technology and Standards Presentations, Discussions Standards Coordination Document (SCD) Standards Development (ITU, IETF, ) NGN Technical Notebook (if applicable) PCC.I Resolution Endorsing Standard Raising awareness by socializing technology standardization activities/progress. Archiving standards descriptions in anticipation of future endorsement. 9
Standards Coordination Standards topics identified: Communication system security (security framework, protocols, lawful intercept, identity management, fraud prevention) Multimedia service definition and architectures Signaling requirements and protocols (converged networks) IP-based services (VOIP, IPTV) Emergency services Interworking between traditional telecommunication networks and evolving networks Cloud computing Service Oriented Networks Home Networking Access network transport (LANs, Wireless LANs, xdsl, Ethernet, cable modem, fiber, etc.) Terminals (PC, TV, PDA, phone, codecs, etc.) Management of communications services, networks and equipment Network aspects of IMT-2000 and beyond (wireless internet, harmonization and convergence, network control, mobility, roaming, etc.) Numbering, Naming and Addressing (ENUM) Performance and QoS 10
CITEL PCC.I Technical Notebook DESCRIPTION Provides a formalized means of maintaining an archive of technologies, best practices, policies, or regulatory information made available to the OAS Member States and CITEL telecom industry members Documents relevant activities, completed or in progress As a living document, it is updated on an ongoing basis with relevant information from contributions submitted to the Working Groups Identifying issues and archiving valuable information for the use of the ICT community and in anticipation of future CITEL recommendations 11
CITEL PCC.I Technical Notebooks Cybersecurity Critical Telecom Infrastructure Protection NGN Standards Convergence NGN Infrastructure Broadband Access Technologies NGN Networks Best Practices and Case Studies Fraud in the Provision of Telecom Services IPTV Best Practices VOIP Technology Aspects Number Portability Regulatory Best Practices Power Line Communication Technologies Economic Aspects of Universal Services 12
Next Generation Networks: Standards Overview Technical Notebook Identifies NGN related standards that the Standards Coordination Group is studying Provides an archive of NGN technical information (including security-related topics) that is available to the telecom industry and the Member States Documents NGN standards, completed or in progress, which may be considered for future development into an SCD in accordance with the CITEL approval procedures Identifying issues and archiving valuable standards information for the use of the ICT community and in anticipation of future CITEL endorsement 13
Next Generation Networks: Standards Overview Technical Notebook The NGN Standards Technical Notebook identifies NGN related standards including relevant services, architectures and protocols. (e.g., Signaling, Access, Transport, Management, Service Creation, QoS, Internet Protocol, Numbering). In particular,... Chapter 2 Emergency Telecommunications Service (ETS) ETS Types Standardization Activities (ITU, IETF, ETSI, ATIS, others) Chapter 6 Security Standards (active) ITU T T Security Standards (SG 17, SG 13) Identity Management Chapter 15 Security Standards (archive) 14 Internet Protocol Security (IPsec) Internet Key Exchange (IKE) Security Architecture for End to to End Communication Systems
The weakest links across boundaries Effective security requires that a common and consistent approach be applied to: Telecommunications & network security Security management practices Physical security Operations security Business continuity & disaster recover planning Access control systems & methodology Cryptography Application & systems development methodology Legal requirements including incident management 15
ITU T Security Architecture ITU T Rec. X.805 Applications Security VULNERABILITIES Services Security Infrastructure Security Access Control Authentication Non-repudiation Data Confidentiality Communication Security Data Integrity Availability Privacy THREATS Interruption Interception Modification Fabrication ATTACKS End User Plane Control Plane Management Plane 8 Security Dimensions Security Architecture for End-to to-end Network Security NGN Standards Technical Notebook, CITEL PCC.I 16
ITU T Security Architecture Security Program Consists of policies and procedures in addition to technology Includes three phases: Definition and Planning phase Implementation phase Maintenance phase Security Architecture can guide the development of: comprehensive security policy incident response and recovery plans technology architectures Security Architecture ensures that Security Program addresses each Security Dimension for each Security Layer and Plane For security standards and programs to be of value, they must first be deployed and then constantly maintained and re-assessed 17
CITEL PCC.I Resolutions Endorsing Standards for the Americas Region (1) Standard Date Gateway Control Protocol March 2001 Intelligent Networks Capability Set 3 March 2001 Intelligent Networks Capability Set 4 Dec 2002 ITU-T Y.2000-Series Recs for NGN (SG13) Sept 2003 ANSI-41 Evolved Core Network with CDMA2000 Access Network Sept 2003 GSM Evolved UMTS Core Network with UTRAN Access Network Sept 2003 Security Architecture for the Internet Protocol (IPsec) March 2004 Security Architecture for Systems Providing End-to-End Communications (ITU-T Rec. X.805) March 2004 18
CITEL PCC.I Resolutions Endorsing Standards for the Americas Region (2) Standard Date Packet-Based Multimedia Communications Systems (ITU-T March 2004 Rec. H.323) Interworking Between SIP and BICC Protocols or ISUP (Rec. Sept 2004 Q.1912.5) SIP: Session Initiation Protocol April 2005 ITU-T Rec. G.993.2, VDSL2: Very High Speed DSL-2 Transceivers ITU-T Rec. J.122, Second-Generation Transmission Systems for Interactive Cable Television Services IP Cable Modems Sept 2006 Sept 2006 Internet Protocol Version 6 (IPv6) Sept 2006 E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM) Sept 2007 19
CITEL PCC.I Resolutions Endorsing Standards for the Americas Region (3) Standard ITU-T Rec. E.106, International Emergency Preference Scheme for Disaster Relief Operations ITU-T Rec. E.107, Emergency Telecommunications Service (ETS) and Interconnection Framework for National Implementations of ETS Date March 2008 March 2008 ITU-T Rec. Y.1910, IPTV Functional Architecture May 2009 ITU-T Rec. Y.2270, NGN Identity Management May 2009 ITU-T Recommendation L.75 Test acepptance and maintenance methods of copper subscriber pairs May 2010 20
ITU T Security Standards ITU T Study Group 17 Telecommunications systems security project Security architecture and framework Information security management Cybersecurity Countering spam by technical means Secure aspects of ubiquitous telecommunication services Secure application services Service Oriented Architecture Security Study Group 17 is the Lead Telebiometrics ITU T T Study Group for Security and Identity Identity Management architecture and Management mechanisms 21
IETF Security Standards IETF Standards Development The IETF Security Area has the following active Working Groups developing Internet standards: abfab Application Bridging for Federated Access Beyond web dkim Domain Keys Identified Mail emu EAP Method Update hokey Handover Keying ipsecme IP Security Maintenance and Extensions isms Integrated Security Model for SNMP keyprov Provisioning of Symmetric Keys kitten Kitten (GSS-API Next Generation) krb-wg Kerberos ltans Long-Term Archive and Notary Services msec Multicast Security nea Network Endpoint Assessment pkix Public-Key Infrastructure (X.509) tls Transport Layer Security The Internet Engineering Task Force is a major developer of Internet standards 22
Summary CITEL continues to address Cybersecurity and Security standards has initiated new studies in several key areas CITEL is utilizing Standards Coordination Documents to increase awareness of relevant security standards and to endorse the use of those standards in the Region CITEL is utilizing workshops and Technical Notebooks to increase awareness of cybersecurity standards issues and to assess best practices and strategies in order to increase security and mitigate the effects of cyber crime Continued cooperation within the Americas Region and continued input from its members on cybersecurity experiences and strategies will allow CITEL to remain focused on the most relevant security issues so as to provide recommendations for the Region and provide value to other bodies internationally 23
g{tç~ léâ4 Wayne Zeuch Vice Chair: Working Group on Deployment of Technologies and Services Rapporteur: Standards, Conformance, and Interoperability waynezeuch@aol.com 24 citel@oas.org