150 likes | 156 Vues
Infrastructure Security: The impact on Telecommunications. Charles Brookson Department of Trade & Industry, UK. Network and Information Security: NIS Report.
E N D
Infrastructure Security: The impact on Telecommunications Charles Brookson Department of Trade & Industry, UK
Network and Information Security: NIS Report • Response from European Standards Bodies to the "Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions: Network and Information Security: Proposal for a European Policy Approach”
NIS threats • Electronic communication can be intercepted and data copied or modified. • Unauthorised access with malicious intent to copy, modify or destroy data and is likely to include systems and automatic equipment in the home. • Disruptive attacks on the Internet have become quite common and in future the telephone network may be threatened...
NIS threats • Malicious software, such as viruses, can disable computers, delete or modify data or reprogram home equipment. • Misrepresentation of people or entities can cause substantial damages, • Many security incidents are due to unforeseen and unintentional events such as natural disasters, hardware or software failures, human error.
Infrastructure security Assets -> Threats-> Services
European Initiatives • eEurope – An information Society for All • europa.eu.int • ETSI – European Telecommunications Standards Institute www.etsi.org • CENELEC www.cenelec.org • CEN – European Committee for Standardisation • ISSS Information Society Standardisation System • www.cenorm.be/isss • ENISA - European Network and Information Security Agency • www.enisa.eu.int • NISSG NIS Steering Group to act as interface to standards activities
European Network and InformationSecurity Agency • ENISA aims at ensuring particularly high levels of network and information security within the Community... contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union. • assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security... • serve as a centre of expertise for both Member States and EU Institutions to seek advice on...
Some areas of relevant standardisation • Lawful Interception • Algorithms • Electronic Signatures • Smart Cards • E-Authentication • Personal data protection • Security on the move
Lawful Interception (LI) • Technical standards to facilitate LI • Telecommunications, Internet and Mobile • Help law enforcement combat crime • Supporting electronic commerce • 2002 produced updated standard for handover. • Technology specific for 3G mobile, Multimedia IP, IP Cablecom
Algorithms and ElectronicSignatures • Algorithms for: • Mobile: 3G, DECT, GSM, TETRA • Authentication and encryption of traffic • Smart cards • CEN and ETSI co-operating on the European Electronic Signature • Goal to provide Europe with reliable electronic signatures
Smart cards and authentication • Smart cards • Machine readable cards • Access tokens in public transport • Banking and payment • Healthcare • SCP – Smart Card Platform • E-authentication • European and standards • e-Authentication, e-Government • Co-operate with worldwide standards
Personal data protection • IPSE – Initiative for Privacy Standardisation in Europe • Personal data protection • Related to the European Data Protection Directive
Security on the move • 3rd Generation and GSM standards • Including Digital Cordless Phones (DECT), • Trunked Radio (TETRA) and • Railways (GSM-R) • EMTEL and MESA • Emergency Telecommunications
Latest developments • 30 Recommendations being addressed • Co-ordination between worldwide standards bodies • Official liaisons, minimising duplication of effort • Information for important users, current and live
Conclusions • Initiatives in the process of coming together • Working together • Rapidly evolving technology • Recognition of the need for security issues • Privacy, Protection, Preparedness • Existing standards and new standards required • Requirements in new standards • Citizen, Business and Government