cyber security in ict networks - organization of american ... · inter-american telecommunication...
TRANSCRIPT
Inter-American Telecommunication Commission (CITEL)
Cyber Security in ICT Networks:CITEL Perspectives
Wayne ZeuchRapporteur, Standards Coordination
CITEL PCC.I
OAS Hemispheric Workshop on Cyber Security Rio de Janeiro Brazil Nov 16-18 2009
Inter-American Telecommunication Commission (CITEL)
• Convergence– Wireline/Wireless– PSTN / IP-based Networks– Information Technology / Telephony– Network-based services / 3rd Party
Applications
• Next Generation Networks– Migration toward IP-based backbone
networks is taking place from single-service to multiservice, client/server-based networks
– Full deployment of NGNs requires a flexible (software) architecture for service delivery –based on IP Multimedia Subsystem (IMS)
• Interoperability– Interconnection of networks and
Interoperability of Services
2
Network convergence and the proliferation of end-user applications creates new security challenges for
ICT Networks
ICT Networks
NGN Infrastructure Technical Notebook, CITEL PCC.I
Inter-American Telecommunication Commission (CITEL)3
Service Oriented Networks
A Service Oriented Network (SON) is one in which service providers use agile methods to rapidly create new products and
services from re-usable components (known as Service Enablers)
NGN Standards Technical Notebook, CITEL PCC.I
CHALLENGE: SON implementations must be secure and reliable
Inter-American Telecommunication Commission (CITEL)
CITELWork Process
4
• Resolutions• Best Practices• Proposals• Endorsements
• Discussion/Debate• Awareness Raising• Issue Identification
• Technologies (Security, ...)• Relevant Standards• Policy/Regulatory• Case Studies
Phases
Inter-American Telecommunication Commission (CITEL)
CITEL PCC.ITechnical NotebookDESCRIPTION
• Provides a formalized means of maintaining an archive of technologies, best practices, policies, or regulatory information – made available to the OAS Member States and CITEL telecom industry members
• Documents relevant activities, completed or in progress• As a ”living document”, it is updated on an ongoing basis with
relevant information from contributions submitted to the Working Groups
Identifying issues and archiving valuable information for the use of the ICT community and in anticipation of
future CITEL recommendations
5
Inter-American Telecommunication Commission (CITEL)
CITEL PCC.I Technical Notebooks
‒ Cybersecurity‒ Critical Telecom Infrastructure
Protection‒ NGN Standards‒ Convergence‒ NGN Infrastructure‒ Broadband Access
Technologies‒ NGN Networks – Best Practices
and Case Studies
‒ Fraud in the Provision of Telecom Services
‒ IPTV – Best Practices‒ VOIP – Technology Aspects‒ Number Portability‒ Regulatory – Best Practices‒ Power Line Communication
Technologies‒ Economic Aspects of
Universal Services
6
Inter-American Telecommunication Commission (CITEL)
Cybersecurity Technical Notebook
• Provides an archive of Cybersecurity information available to the telecommunications industry and the Member States
• Highlights ongoing Regional and International cybersecurity strategy activities
• Addresses aspects relevant to developing national cybersecurity strategies
• Addresses issues of incident response, public-private partnerships, and the awareness-raising and application of relevant security standards
• Establishes links with the security standards discussions in the NGN Standards Technical Notebook
• Includes Appendices with national cybersecurity programs and best practices (Dominican Republic, Venezuela, Argentina)
7
Inter-American Telecommunication Commission (CITEL)
Critical Telecommunication InfrastructureProtection (CTIP) Technical Notebook
• Motivation– The number of vulnerabilities in critical infrastructures tends to grow as the
interdependencies between the infrastructures increase, both in number and complexity
– Dissemination of telecommunication networks into all infrastructures, and the increasing reliance of the critical infrastructures upon them, brings with it certain impacts that cannot be neglected
– Interruption of these services can threaten human life, destroy property, and destroy or corrupt information, possibly interrupting the work of governments and corporations
• Strategies– Key National CTIP Issues, Policies, Strategies
• Brazil (Information Security Steering Committee, CERT.br, Security Incident Response Team, CTIP Methodologies)
• Venezuela (SUSCERTE, VENCERT, CENIF) 8
Inter-American Telecommunication Commission (CITEL)
Next Generation Networks: Standards Overview Technical Notebook
• Identifies NGN related standards that the Standards Coordination Group is studying
• Provides an archive of NGN technical information (including security-related topics) that is available to the telecom industry and the Member States
• Documents NGN standards, completed or in progress, which may be considered for future development into an SCD in accordance with the CITEL approval procedures
Identifying issues and archiving valuable standards information for the use of the ICT community and in
anticipation of future CITEL endorsement
9
Inter-American Telecommunication Commission (CITEL)
TheThe NGN Standards Technical NotebookNGN Standards Technical Notebook identifies NGN‐related standards including relevant services, architectures and protocols.
(e.g., Signaling, Access, Transport, Management, Service Creation, QoS, Internet Protocol, Numbering). In particular, ...
–– Chapter 2 Chapter 2 –– Emergency Telecommunications Service (ETS)Emergency Telecommunications Service (ETS)•• ETS TypesETS Types
•• Standardization Activities (ITU, IETF, ETSI, ATIS, others)Standardization Activities (ITU, IETF, ETSI, ATIS, others)
–– Chapter 6 Chapter 6 –– Security Standards (active) Security Standards (active) •• ITUITU‐‐T Security StandardsT Security Standards
•• Identity ManagementIdentity Management
–– Chapter 15 Chapter 15 –– Security Standards (archive)Security Standards (archive)•• Internet Protocol Security (IPsec)Internet Protocol Security (IPsec)
•• Internet Key Exchange (IKE) Internet Key Exchange (IKE)
•• Security Architecture for EndSecurity Architecture for End‐‐toto‐‐End Communication SystemsEnd Communication Systems
“Next Generation Networks: Standards Overview”Technical Notebook
Inter-American Telecommunication Commission (CITEL)11
Cyber Security and CTIPMethodologies and Processes
• ITU-T: Recommendation X.805, “Security Architecture for End-to-End Network Security”(NGN Standards Technical Notebook, CITEL PCC.I)
• ISO/IEC 27005: Risk Management Process (Cybersecurity Technical Notebook, CITEL PCC.I)
• Brazil: Methodologies created for Critical Telecommunications Infrastructure Protection
(Cybersecurity Technical Notebook, CITEL PCC.I)
Acce
ss C
ontro
l
Infrastructure Security
Applications Security
Services Security
End User Plane
Control Plane
Management Plane
THREATS
8 Security Dimensions
ATTACKSData
Con
fiden
tialit
y
Com
mun
icat
ion
Secu
rity
Dat
a In
tegr
ity
Avai
labi
lity
Priv
acy Interruption
Fabrication
InterceptionModification
Auth
entic
atio
n
Non-
repu
diat
ion
VULNERABILITIES
Examples:
Inter-American Telecommunication Commission (CITEL)
Acce
ss C
ontro
l
Infrastructure Security
Applications Security
Services Security
End User Plane
Control Plane
Management Plane
THREATS
8 Security Dimensions
ATTACKSData
Con
fiden
tialit
y
Com
mun
icat
ion
Secu
rity
Data
Inte
grity
Avai
labi
lity
Priv
acy Interruption
Fabrication
InterceptionModification
Auth
entic
atio
n
Non-
repu
diat
ion
VULNERABILITIES
Security Architecture for EndSecurity Architecture for End--toto--End Network SecurityEnd Network Security
ITU‐T Security Architecture
NGN Standards Technical Notebook, CITEL PCC.I
ITU‐T Rec. X.805
Inter-American Telecommunication Commission (CITEL)
Security Program• Consists of policies and procedures in addition to technology• Includes three phases:
– Definition and Planning phase– Implementation phase– Maintenance phase
• Security Architecture can guide the development of:– comprehensive security policy– incident response and recovery plans– technology architectures
• Security Architecture ensures that Security Program addresses each Security Dimension for each Security Layer and Plane
ITU‐T Security Architecture
Inter-American Telecommunication Commission (CITEL)
Security Risk ManagementISO/IEC 27005
Cybersecurity Technical Notebook, CITEL PCC.I
Inter-American Telecommunication Commission (CITEL)
Brazil
Methodologies for Cybersecurity and CTIP
CTIP Technical Notebook, CITEL PCC.I
Inter-American Telecommunication Commission (CITEL)
Methodology for Critical Infrastructure Identification (MI2C)
Brazil
CTIP Technical Notebook, CITEL PCC.I
Inter-American Telecommunication Commission (CITEL)
Standards Coordination Process
Raising awareness by socializing technology standardization activities/progress. Archiving standards descriptions in
anticipation of future endorsement.
StandardsDevelopment(ITU, IETF, …)
PCC.I Standards Coordination
Technology andStandards
Presentations, Discussions
NGN TechnicalNotebook
(if applicable)
StandardsCoordination
Document (SCD)
PCC.I ResolutionEndorsing Standard
17
CITEL does not develop standards.
CITEL identifies relevantstandards and endorsestheir use in the AmericasRegion.
Inter-American Telecommunication Commission (CITEL)
Standards Coordination
• Communication system security (security framework, protocols, lawful intercept, identity management, fraud prevention)
• Multimedia service definition and architectures
• Signaling requirements and protocols (converged networks)
• IP-based services (VOIP, IPTV, etc.)
• Emergency services• Interworking between
traditional telecommunication networks and evolving networks
• Metropolitan and Long haul optical transport networks
Standards topics identified:
• Metropolitan and Long haul optical transport networks
• Access network transport (LANs, Wireless LANs, xDSL, Ethernet, cable modem, fiber, etc.)
• Terminals (PC, TV, PDA, phone, codecs, etc.)
• Management of communications services, networks and equipment
• Network aspects of IMT-2000 and beyond (wireless internet, harmonization and convergence, network control, mobility, roaming, etc.)
• Numbering, Naming and Addressing (ENUM)
• Performance and QoS
18
Inter-American Telecommunication Commission (CITEL)
CITEL‐PCC.I ResolutionsEndorsing Standards for the Americas Region (1)
Standard DateDateGateway Control Protocol March 2001
Intelligent Networks Capability Set 3 March 2001
Intelligent Networks Capability Set 4 Dec 2002
ITU-T Y.2000-Series Recs for NGN (SG13) Sept 2003
ANSI-41 Evolved Core Network with CDMA2000 Access Network Sept 2003
GSM Evolved UMTS Core Network with UTRAN Access Network Sept 2003
Security Architecture for the Internet Protocol (IPsec) March 2004
Security Architecture for Systems Providing End-to-End Communications (ITU-T Rec. X.805)
March 2004
Inter-American Telecommunication Commission (CITEL)
CITEL PCC.I ResolutionsEndorsing Standards for the Americas Region (2)
Standard DatePacket-Based Multimedia Communications Systems (ITU-T Rec. H.323)
March 2004
Interworking Between SIP and BICC Protocols or ISUP (Rec. Q.1912.5)
Sept 2004
SIP: Session Initiation Protocol April 2005
ITU-T Rec. G.993.2 , VDSL2: Very High Speed DSL-2 Transceivers
Sept 2006
ITU-T Rec. J.122, “Second-Generation Transmission Systems for Interactive Cable Television Services – IP Cable Modems”
Sept 2006
Internet Protocol Version 6 (IPv6) Sept 2006
E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)
Sept 2007
20
Inter-American Telecommunication Commission (CITEL)
CITEL‐PCC.I ResolutionsEndorsing Standards for the Americas Region (3)
Standard DateITU-T Rec. E.106, “International Emergency Preference Scheme for Disaster Relief Operations”
March 2008
ITU-T Rec. E.107, “Emergency Telecommunications Service (ETS) and Interconnection Framework for National Implementations of ETS”
March 2008
ITU-T Rec. Y.1910, “IPTV Functional Architecture” May 2009
ITU-T Rec. Y.2270, “NGN Identity Management” May 2009
Inter-American Telecommunication Commission (CITEL)
ITU‐T Study Group 17
Telecommunications systems security projectSecurity architecture and frameworkSecurity managementCybersecurityCountering spam by technical meansSecure aspects of ubiquitous telecommunication servicesSecure application servicesService Oriented Architecture SecurityTelebiometricsIdentity Management architecture and mechanisms
ITU‐T Security Standards
Study Group 17 Study Group 17 is the Lead is the Lead ITUITU‐‐T Study Group for T Study Group for SecuritySecurity and and Identity Identity ManagementManagement
Inter-American Telecommunication Commission (CITEL)
Approved ITU‐T Security RecommendationsM.3016.0, 1, 2, 3, 4
Security for the management plane: Overview, Security requirements, Security services, Security mechanism, Profile proforma
X.509 Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks
X.805 Security architecture for systems providing end-to-end communications
X.893 Information technology – Generic applications of ASN.1: Fast infoset security
X.1035 Password-authenticated key exchange (PAK) protocol
X.1051 Information security management system - Requirements for telecommunications (ISMS-T)
X.1055 Risk management guidelines for telecommunications organizations
X.1056 Security incident management guidelines for telecommunications organizations
X.1081 The telebiometric multimodal model - A framework for the specification of security and safety aspects of telebiometrics
X.1111 Framework for security technologies for home networkX.1114 Certificate profile for the device in the home network, User authentication
mechanisms for home network service, Authorization framework for home network
PartialList (1)
Inter-American Telecommunication Commission (CITEL)
X.1121 Framework of security technologies for mobile end-to-end communications
X.1122 Guideline for implementing secure mobile systems based on PKI
X.1141 Security Assertion Markup Language (SAML 2.0)
X.1142 eXtensible Access Control Markup Language (XACML 2.0)
X.1191 Functional requirements and architecture for IPTV security aspects
X.1205 Overview of cybersecurity
X.1242 Short message service (SMS) spam filtering system
X.1244 Overall aspects of countering spam in IP-based multi-media applications
Y.2270 NGN Identity Management Framework
Y.2701 Security requirements for NGN release 1
Approved ITU‐T Security Recommendations PartialList (2)
Inter-American Telecommunication Commission (CITEL)
SG 17 security work in progress (selected items)
Draft Rec. Title or Subject
X.1250 Requirements for global identity management trust and interoperabilityX.1251 Framework for user control of digital identityX.akm Framework for EAP-based authentication and key managementX.gopw Guideline on preventing worm spreading in a data communication network
X.fcsip Framework for countering IP multimedia spamX.tcs-1 Interactive spam countering gateway systemX.tpp-2 Telebiometrics protection procedures – Part 2: A guideline for data
protectionX.tai Telebiometrics authentication infrastructureX.tsm-2 Telebiometrics system mechanism – Part 2:Protection profile for client
terminalsX.rfpg Guideline on protection for personally identifiable information in RFID
applications
(continued)
ITU‐T Security StandardsSG 17 security work in progress (selected items)
Inter-American Telecommunication Commission (CITEL)
IETF Standards DevelopmentThe IETF Security Area has the following active Working
Groups developing Internet standards:• btns Better-Than-Nothing Security• dkim Domain Keys Identified Mail• emu EAP Method Update• hokey Handover Keying• Ipsecme IP Security Maintenance and Extensions• isms Integrated Security Model for SNMP• keyprov Provisioning of Symmetric Keys• kitten Kitten (GSS-API Next Generation)• krb-wg Kerberos• ltans Long-Term Archive and Notary Services• msec Multicast Security• nea Network Endpoint Assessment • pkix Public-Key Infrastructure (X.509)• sasl Simple Authentication and Security Layer• smime S/MIME Mail Security• syslog Security Issues in Network Event Logging• tls Transport Layer Security
IETF Security Standards
The Internet Engineering Task Force is a major is a major developer of Internet developer of Internet standardsstandards
Inter-American Telecommunication Commission (CITEL)
Summary• CITEL continues to address Cybersecurity and Critical
Telecommunications Infrastructure Protection and has initiated new work in several key areas
• CITEL is not only collecting experiences and data on Cybersecurity from its members, but is also actively engaged in discussions of national strategies and best practices, leading to policy recommendations for the Americas Region
• CITEL is utilizing workshops and Technical Notebooks to increase awareness of cybersecurity issues and to assess best practices and strategies in order to increase security and mitigate the effects of cyber crime
Inter-American Telecommunication Commission (CITEL)
Summary (2)• CITEL is utilizing Standards Coordination Documents to
increase awareness of relevant security standards and to endorse the use of those standards in the Region
• Continued cooperation within the Americas Region and continued input from its members on cybersecurity experiences and strategies will allow CITEL to remain focused on the most relevant security issues so as to provide recommendations for the Region and provide value to other bodies internationally
Inter-American Telecommunication Commission (CITEL)
g{tÇ~ lÉâ4g{tÇ~ lÉâ4Wayne ZeuchCITEL PCC.IRapporteur, Standards [email protected]