1 / 30

ottawa, ontario, april 21-22, 2005

Telecommunications Infrastructure Emergency Preparedness. This presentation is based on a paper submitted to this workshop entitled:

Ava
Télécharger la présentation

ottawa, ontario, april 21-22, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. Telecommunications InfrastructureEmergency Preparedness This presentation is based on a paper submitted to this workshop entitled: Telecommunications Infrastructure Emergency Preparedness Disclaimer: This presentation details, from the authors personal perspective, Industry Canada activities in support of Telecommunications Cyber Security and Emergency Preparedness. Accordingly, they do not necessarily reflect the opinions or positions of Industry Canada, PSEPC or CTCP members

    3. IC Emergency Telecom Program Ensure a robust telecommunications infrastructure: Reliable and adequately protected from all foreseeable hazards Mitigation strategies in place in the event of security incidents to minimize down-time and impact on the economy and society That ensures confidence by all Canadians in the telecom infrastructure

    4. Industry Canada Interest Areas Industry/government collaboration Cross border and international collaboration Integration of telecommunications protection activities with federal initiatives underway at PSEPC Support of the E-Economy Need and feasibility for Canada-wide Public Alerting Enhancement of Emergency Telecommunications Services (ETS) and ensuring ETS for NGN Telecom Engineering Analysis and R&D initiatives

    5. The Network Awakening Many had been warning about the changing threat environment and the need to act CA-2002-03 took most of us by surprise and was for many the event that caused an across the board awakening on the need to act

    6. The A word was ASN1

    7. Views started to emerge on the way forward Providers could cooperate with competitors to respond to and resolve threats to their cyber infrastructure Governments and critical infrastructure owners/operators need to work together to assure the continued viability and resiliency of cyber Collaboration, including the sharing of information, coordinated assurance and protection, and defined roles and responsibilities among private industry, government and other stake holders all needed to be defined For government and industry to work together on this problem, bilateral trust relationships would need to be developed along with the definition of what type of information should and could be exchanged and how it would be used

    8. Defining a new approach A consultation with the telecommunications industry suggested that an Information Sharing and Analysis Center (ISAC) as exists in the US was not palatable in Canada Recognizing that the networks are interconnected and therefore only as secure as the weakest interconnect, industry did see value in sharing information to protect the networks. In February 2003 a joint government/industry group, the Canadian Telecommunication Cyber Protection Working Group (CTCP), was established to

    9. Genesis of the CTCP Promote cooperation and collaboration on technical and operational safeguards Enhance the cyber security of networks through active defense utilizing Prevention, Detection, Response and Recovery Emphasis on information and network systems

    10. Points of contact and procedures for outreach during an incident Trust and confidence between industry and government enabling the sharing of timely and pertinent network security information Guidelines for sharing information including encryption techniques Sharing best practices such as IDS, Firewalls, Incident Handling Survey that developed a baseline of existing security metrics Government security clearances for members

    11. CTCP recognizes that cyber protection of the telecom networks involves partnerships with many other stake holders and that there is a need to work with other critical infrastructure owners CTCP has joined the Cross Sector Information Exchange (CSIE) CSIE includes the electrical, telecommunications, energy and banking sectors and will expand soon to include petroleum CSIE focus has been physical CTCP will attempt to get the necessary dialog on the cyber interdependencies between telecommunications and the other sectors in the CSIE agenda

    12. Cross Border Collaboration The Department of Homeland Security (DHS) and PSEPC have setup the Canada-US CIP Steering Committee. The Steering Committees Telecommunications Working Group is co-chaired by Industry Canada and the US National Communications System The groups objectives include: Exchanging information, views and expertise on new technologies Developing mutual aid programs that will protect the physical and cyber components of the infrastructures Strengthening telecommunications networks against all forms of attack In time of physical emergency or cyber attack or cyber vulnerability, supporting each other by facilitating the exchange of information, equipment, personnel or expert staff Exercising US/Canadian programs to protect physical and cyber critical infrastructures

    13. Cross Border Collaboration There have been multiple instances of cooperation over the years The US provided Canada with much needed telephone poles and equipment during the Ice Storm During 9/11, Canada implemented Line Load Control of outbound traffic to the effected New York area codes A switch, intended for implementation within Canada, was sent to the US to facilitate service restoration Instances of cross border collaboration occur at the industry to industry level Industry Canada acts as the broker and administrator In instances such as the switch, Industry Canadas role would include ascertaining Canadian inventory of equipment, facilitating police escorts of equipment to the border, and ensuring customs pre-clearance

    14. Integrating with PSEPC InitiativesNERS PSEPC is in the process of finalizing and rolling out a National Emergency Response System (NERS) The NERS will compliment and respect existing provincial and territorial response systems The intent is to ensure a harmonized federal response to an incident requiring coordination the various federal mandates and to provide a strategic process that enables real time tactical decisions, as may be required in fast moving incidents such as a cyber or hijacking incident

    15. Integrating with PSEPC InitiativesNERS Earlier this month Canada, the US and the UK participated in a major exercise TRIPLE PLAY was the name of the Canadian portion of the exercise, TOPOFF 3 was the American component and in the UK, it was Atlantic Blue One of the Canadian objectives of participating in this exercise was to conduct an initial test of the NERS TRIPLE PLAY had no major cyber component, as there was a need to first test whether or not NERS met its objectives from the physical perspective Lessons learnt from TRIPLE PLAY will be folded into the NERS, and a cyber based exercise will be conducted in the near future Telecommunications will obviously play a significant role in a cyber exercise

    16. Integrating with PSEPC InitiativesCCIRC CCIRC is a coordinated cyber watch, warning and response centre The intent is early warning via dissemination of information on existing or imminent threats and incidents Early warning of vulnerabilities, viruses, etc. is extremely important to the telecommunications industry It provides them with lead time to identify potential impact to their networks and develop mechanisms to protect against the threat The CCIRC has the potential of being very valuable to the telecommunications sector It is hoped that early cooperation between CTCP and PSEPC will facilitate this

    17. Integrating with PSEPC InitiativesCShield CShield is a pilot system that does event tracking utilizing Canadian data and is accessible 24/7 CShield is used to monitor trends such as targeted ports and services as well as malware trends Thus far participation has been limited to federal departments and agencies as well as the provinces and territories PSEPC and CTCP are working together to ascertain the feasibility and benefits of expanding CShield to include data from non-government feeds such as the telecommunications sector

    18. eCommerce Protection Attacks against users such as Spam and Phishing (email fraud), threaten the telecommunications infrastructure both from a network congestion perspective, as well as a loss of public trust and confidence in the E-Economy. Industry Canada as the department responsible for industry, promotes a strong and vibrant E-Economy A joint government/industry Task Force to address Spam was created May 11, 2004 The Task Force will report its final findings to the Minister of Industry Canada later this spring Many of the voluntary technical measures and best practices arising from the Task Forces work have been implemented Resulting in significantly reduced amounts of Spam on our Canadian networks

    19. eCommerce Protection It is not practical to create a task force for every new issue that arises New issues can be addressed in existing cooperative forums such as CTCP Industry Canada is working on a Discussion Paper entitled The Internet and the e-Economy: Building Trust and Confidence Feedback received will help determine the best way forward in ensuring a strong and vibrant eCommerce for Canada. As well, the discussion outputs will provide insight and guidance to the development of a national Cyber Security Strategy for Canada

    20. New methods of Public Alerting Public Altering is not new Air raid sirens were put in place during the Second World War to alert the public of an attack The Province of Alberta has its own Emergency Public Warning System, as do a small number of municipalities in high risk areas Environment Canada has developed a Weather Radio system The penetration rate of all these systems, however, is between 2% and 4%. The recent Southeast Asia tsunami has highlighted the need for countries to have a national Public Alerting mechanism

    21. New methods of Public Alerting Industry Canada provided seed money to stimulate the development of broadcast and telecom based public systems to fill public alerting gaps Industry Canada has also engaged stakeholders and established a Provincial Champions Public Alerting Working Group and a Broadcasters Public Alerting Working Group On January 24th, 2005, the Federal, Provincial and Territorial (F/P/T) Emergency Management Ministers approved a Work Plan which agreed to expedite the initiative led by Industry Canada to develop and implement a National Public Alerting Strategy Industry Canada will continue to provide its expertise to assist the development and deployment of novel alerting systems for public safety.

    22. Emergency Telecom Services Emergency Telecommunications Services (ETS) are those services which can be used by individuals responsible for responding to an emergency Industry Canada works with emergency responders and telecommunications providers to determine ETS requirements, and with the ITU-T to ensure international compatibility Industry Canada administers the databases of ETS users Current services include: Priority Access for Dialing (PAL) Wireless Priority Service (WPS) Future services may include High Probability of Completion (HPC)

    23. Priority Access for Dialling (PAD) Administered by Industry Canada Identifies lines deemed essential during emergencies Enables them with priority dial tone during instances of telephone degradation or overload. Includes Essential Service Protection (ESP) and Line Load Control (LLC) ESP gives priority service for dial tone to designated essential users, while maintaining service to all customers LLC is designed to protect the telephone switching equipment from crashing during conditions of overload LLC ensures continuity of telephone services essential to defense, health, welfare and safety of the general public during an emergency. At the same time, it allows customer access within the reduced capabilities of the network.

    24. Wireless Priority Service (WPS) Wireless telecommunication services are increasingly vital to Canadas ability to coordinate and respond during crisis The 2003 Blackout drove home the need for a priority access service for wireless Industry Canada working with telecommunications providers developed a Wireless Priority Service (WPS) - an enhancement to basic mobile service If wireless network capacity is strained during an emergency, WPS ensures that authorized callers queue up for the next available wireless channel As with PAD, the system is based on next available channel, hence no calls are dropped

    25. High Probability of Completion (HPC) Both PAD and WPS are access enhancers They provide faster access for essential users during times of crisis However, neither PAD nor WPS do anything to enhance the probability of call completion across an overloaded network High Probability of Completion (HPC) is another technology Industry Canada is investigating HPC would make an essential users call identifiable as a priority across the whole network in order to assist it in reaching its destination No guarantee, but higher probability of completion

    26. Engineering Analysis and Research Industry Canada believes that it is necessary to invest in research and analysis to be able to predict and minimize the damages due to cyber security threats Collaboration will continue with industry, academia and the standards community to assure the necessary knowledge base and standards exist within Canada CRC is active in multiple areas of telecommunications security R&D from wireless to networks and computers (Covered in detail in another presentation)

    27. Engineering Analysis and Research Recognizing the need to provide expertise on issues facing government and industry in the areas such as network convergence, the IP Telecom group was established in 2001 The IP Telecom group has three primary tasks: Provide for the department an authoritative focal point of technical expertise on telecommunications Ensure that necessary technical standards and practices are available, both for national and international communications Operate and Maintain the Protocol Analysis Laboratory

    28. Engineering Analysis and Research The focus of the Protocol Analysis Laboratory is both the protection of traditional telecommunications and the protection of Next Generation Networks (NGN): Provide analysis on any emerging security threats to telecommunications Provide analysis of what threats exist that have yet to be exploited Be a conduit of collaborate initiatives between government, academia and the telecommunications industry in order to quantify and resolve threats to telecommunications

    29. Conclusion Industry Canada, working in cooperation with both the Canadian telecommunications industry and PSEPC work collaboratively in support of Cyber Security and Emergency Preparedness Adequate safeguards to assure telecommunications are our goal, not an end point Protection measures meeting todays requirements, likely wont meet tomorrows requirements There is an ever increasing reliance on telecommunications Collaboration is key to protection Engineering Analysis and R&D are key to protection Our E-Economy relies on protection

    30. Thank you. Thank you.

More Related