Cyber Security in ICT Networks: CITEL Perspectives

Similar documents
Cybersecurity Standards Coordination and Deployment Strategies: CITEL Initiatives

CITEL s s Focus on Cybersecurity and Critical Infrastructure Protection CITEL

Cybersecurity and Vulnerability Assessment

CSE571 Project Selection CSE571S

ITU-APT Workshop on NGN Planning March 2007, Bangkok, Thailand

What is NGN? Hamid R. Rabiee Mostafa Salehi, Fatemeh Dabiran, Hoda Ayatollahi Spring 2011

Challenges of Global Roaming

ITU-T Standardization on Countering Spam

ITU-T SG 17 Achievements in ICT Security Standardization

Assisting Developing Countries for developing an NGN strategy

ORGANIZACION DE LOS ESTADOS AMERICANOS ORGANIZATION OF AMERICAN STATES

Security Standardization

Standardization Trends of the Next Generation Network in ETSI TISPAN

Future and Emerging Threats in ICT

Security+ SY0-501 Study Guide Table of Contents

Evolution and Migration to IMT-2000 & Systems beyond

SC27 WG4 Mission. Security controls and services

Services and Related Issues of NGN Standards Activities

Introduction to ITU and ITU-T activities. ITU-T, the Standardization Sector of ITU.

standards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in

Alliance for Telecommunications Industry Solutions (ATIS)

Signaling Architecture and Protocols for the Next Generation Network

ITU-T Y PSTN/ISDN evolution to NGN

ITU-T Study Group 13 Overview

Overview of related ITU Activities on NGN

Cybersecurity for ALL

TISPAN. Defining the Next Generation Network

General Framework for Secure IoT Systems

ORGANIZACION DE LOS ESTADOS AMERICANOS ORGANIZATION OF AMERICAN STATES

Next Generation Networks (NGN): Quality of Service Issues & Consumer Protection. Session No 6 (Day 2)

Challenges in Developing National Cyber Security Policy Frameworks

ETSI TISPAN Vision on Convergence. FMCA Convergence & Customer Experience 26 June 2008 Sophia-Antipolis, France

Status of IMS-Based Next Generation Networks for Fixed Mobile Convergence

Regulator's involvement in and skills for ITU standardization: an example of Suisse OFCOM

International Standardization of IPTV at ITU-T IPTV-GSI

Overview and Status of NGN Standardization Activities. Naotaka Morita Vice Chairman of SG13, ITU-T NTT Service Integration Laboratories

Experiences and hopes of an IMS based approach to FMC

Promoting Global Cybersecurity

ITU-T Q.1706/Y.2801 (11/2006) Mobility management requirements for NGN

CDMA Evolution Delivering Real-time & Multimedia Services

ITU Activities Related to the Internet and IP-based Networks

Requirements and capabilities for. NGN services Marco Carugi Nortel Networks March 2005 Jeju Island, South Korea

NIS Standardisation ENISA view

Multi-Service Access and Next Generation Voice Service

COURSE DESCRIPTION IP IN MODERN NETWORKS. Format: Classroom. Duration: 2 Days

IP multimedia in 3G. Structure. Author: MartinHarris Orange. Understanding IP multimedia in 3G. Developments in 3GPP. IP multimedia services

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols

Presented by: Njei Check Head, Audit Security Division, ANTIC

3G Network Convergence

Current Status of Standardization on Digital Signage in ITU. Masahito Kawamori Rapporteur ITU-T SG16 Q13

Forum. Ningbo, China 25 February

COURSE DESCRIPTION UMTS INFRASTRUCTURE & OPERATION (WITH HSPA) Format: Classroom. Duration: 4 Days

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN):

ITU-T Y Next generation network evolution phase 1 Overview

IP-Telephony Introduction

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY. ITU-T X.660 Guidelines for using object identifiers for the Internet of things

ENUM in the UK..and the NGN standards arena

ITU and IPv6. ARIN October, Los Angeles by Richard Hill

ITU-T standardization and coordination

ITU-T Q Signalling architecture and requirements for IP-based short message service over ITU-T defined NGN

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

ITU-T Y Overview of ubiquitous networking and of its support in NGN

Internet of Things Security standards

ISO/IEC INTERNATIONAL STANDARD

About Issues in Building the National Strategy for Cybersecurity in Vietnam

ETSI TR V1.1.1 ( )

Outcomes of the ITU Regional Workshop on the Internet of Things (IoT) and Future Networks. (19-20 June 2017, Saint Petersburg, Russia)

European Telecommunications Standards Institute. Grid Specialist Task Force. Interoperability Gap Analysis

IEEE Standards Activities in the Smart Grid Space (ICT Focus)

The NIST Cybersecurity Framework

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

The Migration to Ipv6

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

Security and resilience in Information Society: the European approach

NGN Security standards for Fixed-Mobile Convergence

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Unsolicited Communication / SPIT / multimedia-spam

Introduction of ITU-T Study Group 17 Security for ITS perspective

IP MULTIMEDIA SUBSYSTEM (IMS) SECURITY MODEL

Key Features of ITU-T T NGN and Future Vision

Evolutionary steps towards NGN communications services in Australia

IMT-2020 NETWORK HIGH LEVEL REQUIREMENTS, HOW AFRICAN COUNTRIES CAN COPE

ITU-T standardization and coordination

CompTIA Network+ Study Guide Table of Contents

FT ETSI STANDARDS FOR PUBLIC COMMENT

RESOLUTION 130 (REV. BUSAN, 2014)

ETSI s role in global ICT standardization

4G: Convergence, Openness for Excellence and Opportunity Cisco Systems, Inc

IMS in the Next Generation Network

ETSI Experiences in Testing and Interoperability

Cyber Security Program

Nairobi (Kenya), 9-12 May 2005 Session 1.2 "International Framework"

Workshop Report. ETSI TISPAN The Home of NGN Standards. Beijing, China, 28 May, 2008

MR-186 BroadbandSuite 3.0 Companion Guide

ISO/IEC JTC 1 N 13127

Overview of ITU-T Study Group 13

I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n

RESOLUTION 130 (Rev. Antalya, 2006)

Transcription:

Cyber Security in ICT Networks: CITEL Perspectives Wayne Zeuch Rapporteur, Standards Coordination CITEL PCC.I OAS Hemispheric Workshop on Cyber Security Rio de Janeiro Brazil Nov 16-18 2009

ICT Networks Convergence Wireline/Wireless PSTN / IP-based Networks Information Technology / Telephony Network-based services / 3 rd Party Applications Next Generation Networks Migration toward IP-based backbone networks is taking place from single-service to multiservice, client/server-based networks Full deployment of NGNs requires a flexible (software) architecture for service delivery based on IP Multimedia Subsystem (IMS) Interoperability Interconnection of networks and Interoperability of Services NGN Infrastructure Technical Notebook, CITEL PCC.I Network convergence and the proliferation of end-user applications creates new security challenges for ICT Networks 2

Service Oriented Networks CHALLENGE: SON implementations must be secure and reliable NGN Standards Technical Notebook, CITEL PCC.I A Service Oriented Network (SON) is one in which service providers use agile methods to rapidly create new products and services from re-usable components (known as Service Enablers) 3

Phases CITEL Work Process Technologies (Security,...) Relevant Standards Policy/Regulatory Case Studies Discussion/Debate Awareness Raising Issue Identification Resolutions Best Practices Proposals Endorsements 4

CITEL PCC.I Technical Notebook DESCRIPTION Provides a formalized means of maintaining an archive of technologies, best practices, policies, or regulatory information made available to the OAS Member States and CITEL telecom industry members Documents relevant activities, completed or in progress As a living document, it is updated on an ongoing basis with relevant information from contributions submitted to the Working Groups Identifying issues and archiving valuable information for the use of the ICT community and in anticipation of future CITEL recommendations 5

CITEL PCC.I Technical Notebooks Cybersecurity Critical Telecom Infrastructure Protection NGN Standards Convergence NGN Infrastructure Broadband Access Technologies NGN Networks Best Practices and Case Studies Fraud in the Provision of Telecom Services IPTV Best Practices VOIP Technology Aspects Number Portability Regulatory Best Practices Power Line Communication Technologies Economic Aspects of Universal Services 6

Cybersecurity Technical Notebook Provides an archive of Cybersecurity information available to the telecommunications industry and the Member States Highlights ongoing Regional and International cybersecurity strategy activities Addresses aspects relevant to developing national cybersecurity strategies Addresses issues of incident response, public-private partnerships, and the awareness-raising and application of relevant security standards Establishes links with the security standards discussions in the NGN Standards Technical Notebook Includes Appendices with national cybersecurity programs and best practices (Dominican Republic, Venezuela, Argentina) 7

Critical Telecommunication Infrastructure Protection (CTIP) Technical Notebook Motivation The number of vulnerabilities in critical infrastructures tends to grow as the interdependencies between the infrastructures increase, both in number and complexity Dissemination of telecommunication networks into all infrastructures, and the increasing reliance of the critical infrastructures upon them, brings with it certain impacts that cannot be neglected Interruption of these services can threaten human life, destroy property, and destroy or corrupt information, possibly interrupting the work of governments and corporations Strategies Key National CTIP Issues, Policies, Strategies Brazil (Information Security Steering Committee, CERT.br, Security Incident Response Team, CTIP Methodologies) Venezuela (SUSCERTE, VENCERT, CENIF) 8

Next Generation Networks: Standards Overview Technical Notebook Identifies NGN related standards that the Standards Coordination Group is studying Provides an archive of NGN technical information (including security-related topics) that is available to the telecom industry and the Member States Documents NGN standards, completed or in progress, which may be considered for future development into an SCD in accordance with the CITEL approval procedures Identifying issues and archiving valuable standards information for the use of the ICT community and in anticipation of future CITEL endorsement 9

Next Generation Networks: Standards Overview Technical Notebook The NGN Standards Technical Notebook identifies NGN related standards including relevant services, architectures and protocols. (e.g., Signaling, Access, Transport, Management, Service Creation, QoS, Internet Protocol, Numbering). In particular,... Chapter 2 Emergency Telecommunications Service (ETS) ETS Types Standardization Activities (ITU, IETF, ETSI, ATIS, others) Chapter 6 Security Standards (active) ITU T T Security Standards Identity Management Chapter 15 Security Standards (archive) Internet Protocol Security (IPsec) Internet Key Exchange (IKE) Security Architecture for End to to End Communication Systems

Cyber Security and CTIP Methodologies and Processes Examples: ITU-T: Recommendation X.805, Security Architecture for End-to-End Network Security VULNERABILITIES Applications Security Services Security Infrastructure Security Access Control Authentication Non-repudiation Data Confidentiality Communication Security Data Integrity Availability Privacy THREATS Interruption Interception Modification Fabrication ATTACKS (NGN Standards Technical Notebook, CITEL PCC.I) End User Plane Control Plane Management Plane 8 Security Dimensions ISO/IEC 27005: Risk Management Process (Cybersecurity Technical Notebook, CITEL PCC.I) Brazil: Methodologies created for Critical Telecommunications Infrastructure Protection (Cybersecurity Technical Notebook, CITEL PCC.I) 11

ITU T Security Architecture ITU T Rec. X.805 Applications Security VULNERABILITIES Services Security Infrastructure Security Access Control Authentication Non-repudiation Data Confidentiality Communication Security Data Integrity Availability Privacy THREATS Interruption Interception Modification Fabrication ATTACKS End User Plane Control Plane Management Plane 8 Security Dimensions Security Architecture for End-to to-end Network Security NGN Standards Technical Notebook, CITEL PCC.I

ITU T Security Architecture Security Program Consists of policies and procedures in addition to technology Includes three phases: Definition and Planning phase Implementation phase Maintenance phase Security Architecture can guide the development of: comprehensive security policy incident response and recovery plans technology architectures Security Architecture ensures that Security Program addresses each Security Dimension for each Security Layer and Plane

ISO/IEC 27005 Security Risk Management Cybersecurity Technical Notebook, CITEL PCC.I

Methodologies for Cybersecurity and CTIP Brazil CTIP Technical Notebook, CITEL PCC.I

Brazil Methodology for Critical Infrastructure Identification (MI 2 C) CTIP Technical Notebook, CITEL PCC.I

Standards Coordination Process CITEL does not develop standards. PCC.I Standards Coordination CITEL identifies relevant standards and endorses their use in the Americas Region. Technology and Standards Presentations, Discussions Standards Coordination Document (SCD) Standards Development (ITU, IETF, ) NGN Technical Notebook (if applicable) PCC.I Resolution Endorsing Standard Raising awareness by socializing technology standardization activities/progress. Archiving standards descriptions in anticipation of future endorsement. 17

Standards Coordination Standards topics identified: Communication system security (security framework, protocols, lawful intercept, identity management, fraud prevention) Multimedia service definition and architectures Signaling requirements and protocols (converged networks) IP-based services (VOIP, IPTV, etc.) Emergency services Interworking between traditional telecommunication networks and evolving networks Metropolitan and Long haul optical transport networks Metropolitan and Long haul optical transport networks Access network transport (LANs, Wireless LANs, xdsl, Ethernet, cable modem, fiber, etc.) Terminals (PC, TV, PDA, phone, codecs, etc.) Management of communications services, networks and equipment Network aspects of IMT-2000 and beyond (wireless internet, harmonization and convergence, network control, mobility, roaming, etc.) Numbering, Naming and Addressing (ENUM) Performance and QoS 18

CITEL PCC.I Resolutions Endorsing Standards for the Americas Region (1) Standard Date Gateway Control Protocol March 2001 Intelligent Networks Capability Set 3 March 2001 Intelligent Networks Capability Set 4 Dec 2002 ITU-T Y.2000-Series Recs for NGN (SG13) Sept 2003 ANSI-41 Evolved Core Network with CDMA2000 Access Network Sept 2003 GSM Evolved UMTS Core Network with UTRAN Access Network Sept 2003 Security Architecture for the Internet Protocol (IPsec) March 2004 Security Architecture for Systems Providing End-to-End Communications (ITU-T Rec. X.805) March 2004

CITEL PCC.I Resolutions Endorsing Standards for the Americas Region (2) Standard Date Packet-Based Multimedia Communications Systems (ITU-T March 2004 Rec. H.323) Interworking Between SIP and BICC Protocols or ISUP (Rec. Sept 2004 Q.1912.5) SIP: Session Initiation Protocol April 2005 ITU-T Rec. G.993.2, VDSL2: Very High Speed DSL-2 Transceivers ITU-T Rec. J.122, Second-Generation Transmission Systems for Interactive Cable Television Services IP Cable Modems Sept 2006 Sept 2006 Internet Protocol Version 6 (IPv6) Sept 2006 E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM) Sept 2007 20

CITEL PCC.I Resolutions Endorsing Standards for the Americas Region (3) Standard ITU-T Rec. E.106, International Emergency Preference Scheme for Disaster Relief Operations ITU-T Rec. E.107, Emergency Telecommunications Service (ETS) and Interconnection Framework for National Implementations of ETS Date March 2008 March 2008 ITU-T Rec. Y.1910, IPTV Functional Architecture May 2009 ITU-T Rec. Y.2270, NGN Identity Management May 2009

ITU T Security Standards ITU T Study Group 17 Telecommunications systems security project Security architecture and framework Security management Cybersecurity Countering spam by technical means Secure aspects of ubiquitous telecommunication services Secure application services Service Oriented Architecture Security Study Group 17 is the Lead Telebiometrics ITU T T Study Group for Security and Identity Identity Management architecture and Management mechanisms

Approved ITU T Security Recommendations M.3016.0, 1, 2, 3, 4 Security for the management plane: Overview, Security requirements, Security services, Security mechanism, Profile proforma X.509 Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks X.805 Security architecture for systems providing end-to-end communications X.893 Information technology Generic applications of ASN.1: Fast infoset security X.1035 Password-authenticated key exchange (PAK) protocol X.1051 Information security management system - Requirements for telecommunications (ISMS-T) X.1055 Risk management guidelines for telecommunications organizations Partial List (1) X.1056 Security incident management guidelines for telecommunications organizations X.1081 The telebiometric multimodal model - A framework for the specification of security and safety aspects of telebiometrics X.1111 Framework for security technologies for home network X.1114 Certificate profile for the device in the home network, User authentication mechanisms for home network service, Authorization framework for home network

Approved ITU T Security Recommendations Partial List (2) X.1121 Framework of security technologies for mobile end-to-end communications X.1122 Guideline for implementing secure mobile systems based on PKI X.1141 Security Assertion Markup Language (SAML 2.0) X.1142 extensible Access Control Markup Language (XACML 2.0) X.1191 Functional requirements and architecture for IPTV security aspects X.1205 Overview of cybersecurity X.1242 Short message service (SMS) spam filtering system X.1244 Overall aspects of countering spam in IP-based multi-media applications Y.2270 NGN Identity Management Framework Y.2701 Security requirements for NGN release 1

ITU T Security Standards SG 17 security work in progress (selected items) SG 17 security work in progress (selected items) Draft Rec. Title or Subject X.1250 Requirements for global identity management trust and interoperability X.1251 Framework for user control of digital identity X.akm X.gopw X.fcsip X.tcs-1 X.tpp-2 X.tai X.tsm-2 X.rfpg Framework for EAP-based authentication and key management Guideline on preventing worm spreading in a data communication network Framework for countering IP multimedia spam Interactive spam countering gateway system Telebiometrics protection procedures Part 2: A guideline for data protection Telebiometrics authentication infrastructure Telebiometrics system mechanism Part 2:Protection profile for client terminals Guideline on protection for personally identifiable information in RFID applications (continued)

IETF Security Standards IETF Standards Development The IETF Security Area has the following active Working Groups developing Internet standards: btns Better-Than-Nothing Security dkim Domain Keys Identified Mail emu EAP Method Update hokey Handover Keying Ipsecme IP Security Maintenance and Extensions isms Integrated Security Model for SNMP keyprov Provisioning of Symmetric Keys kitten Kitten (GSS-API Next Generation) krb-wg Kerberos ltans Long-Term Archive and Notary Services msec Multicast Security nea Network Endpoint Assessment pkix Public-Key Infrastructure (X.509) sasl Simple Authentication and Security Layer smime S/MIME Mail Security syslog Security Issues in Network Event Logging tls Transport Layer Security The Internet Engineering Task Force is a major developer of Internet standards

Summary CITEL continues to address Cybersecurity and Critical Telecommunications Infrastructure Protection and has initiated new work in several key areas CITEL is not only collecting experiences and data on Cybersecurity from its members, but is also actively engaged in discussions of national strategies and best practices, leading to policy recommendations for the Americas Region CITEL is utilizing workshops and Technical Notebooks to increase awareness of cybersecurity issues and to assess best practices and strategies in order to increase security and mitigate the effects of cyber crime

Summary (2) CITEL is utilizing Standards Coordination Documents to increase awareness of relevant security standards and to endorse the use of those standards in the Region Continued cooperation within the Americas Region and continued input from its members on cybersecurity experiences and strategies will allow CITEL to remain focused on the most relevant security issues so as to provide recommendations for the Region and provide value to other bodies internationally

g{tç~ léâ4 Wayne Zeuch CITEL PCC.I Rapporteur, Standards Coordination waynezeuch@aol.com 29 citel@oas.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback