140 likes | 154 Vues
ATIS Cybersecurity. Art Reilly, Cisco. Global Standards Collaboration (GSC) GSC-15. Highlight of Current Activities (1). ATIS’ Packet Technologies and Systems Committee (PTSC) Completed: UNI and NNI signalling security standards UNI and NNI testing standards
E N D
ATIS Cybersecurity Art Reilly, Cisco Global Standards Collaboration (GSC) GSC-15
Highlight of Current Activities (1) ATIS’ Packet Technologies and Systems Committee (PTSC) • Completed: • UNI and NNI signalling security standards • UNI and NNI testing standards • NGN authentication requirements • Session Border Controller (SBC) requirements • Security architecture is layered, both horizontally and vertically, with border element functions protecting trusted from untrusted domains
Highlight of Current Activities (2) • PTSC continues to focus on security-related topics that will ensure robust signalling and communications standards and network implementations that will provide adequate protection and support for multimedia and emergency services in the current cybersecurity environment: • ETS Authentication • Data Border Function Requirements • Security Mechanisms • Location • Identity Management • Certificate Management
Highlight of Current Activities (3) • PTSC’s focus is on specifying security considerations for Layers 1 through 5 for UNIs, NNIs, ANIs, and SNIs • Generation of interface requirements will: • Attempt to reduce number of available interconnection options, without compromising the desired flexibility in implementing the services, thereby facilitating interoperability • Facilitate interconnection negotiations • Ensure adequate security will be provided
Highlight of Current Activities (4) ATIS’ Network Performance, Reliability, and QoS Committee (PRQC) • Current/Future work: • Currently working on Standard for Media Plane Performance Security Impairments Standard for Evolving VoIP/Multimedia Networks • Document potential QoS degradations associated with security mechanisms • Identify potential security problems associated with QoS mechanisms • Extend work initiated in ATIS-0100014, Information & Communications Security for NGN Converged Services IP Networks and Infrastructure • Published: • ATIS-0100024.2009, User-Network Interface (UNI) Media Plane Security Standard for Evolving VoIP/Multimedia Networks, published. • ATIS-0100014 (see above)
Highlight of Current Activities (5) ATIS’ Telecom Management and Operations Committee (TMOC) • TMOC will continue to address • Management aspects of security, especially concerning NGN Carrier Interconnection arrangements and VoIP Registry Database • Management aspects of security, as driven by the ATIS Board (e.g., TOPS Council or CIO Council)
Strategic Direction • ATIS continues to develop a suite of security authentication and IdM standards that will facilitate secure interconnection of: • transport facilities • signalling facilities • services and applications • Cloud computing may pose significant security issues that will need to be addressed
Challenges SIP security solutions are tailored to be end to end SIP/SIPPING/SIMPLE/etc. RFCs have well written security sections that are not fully implemented in vendor products Security solutions have an impact on delay and performance
Next Steps/Actions ATIS will continue on its current path of generating a complete suite of standards that can be used to facilitate interconnection negotiations and result in interconnection scenarios that are secure
Proposed Resolution • Continued support for GSC-14 Security Related Resolutions: • Resolution GSC-14/4 - Identity Management • Resolution GSC-14/25 - Personally Identifiable Information Protection • Update Resolution GSC-14/11 - Cybersecurity to reflect actions at WTDC10 (modified draft Resolution provided as a GSC contribution)
Cybersecurity (ATIS) Presentations Contributions GSC15-GTSC8-06, -07, -10, -11 and -14(-10, -11 and -14 contained proposed updates to the existing Resolution) Summary Cybersecurity continues to be one of the top priorities in the GSC members. Cloud Computing presents an added level of risk to data integrity, privacy and availability. However, it also offers additional opportunities in these areas as well. Countries/regions are developing and sharing best practices to address the cybersecurity challenges. This could be especially helpful to developing countries. The Cybex framework being developed in ITU-T SG 17 provides a model for structuring information identifying and discovering objects requesting and responding with information exchanging information over networks assuredcybersecurity information exchanges The specifications are especially relevant to Computer Incident Response Teams (CIRTS), law enforcement and others that must exchange incident or related forensic information Effective cooperation and collaboration across the many organizations, including standards bodies, doing Cybersecurity work is essential. Resolution Proposed revisions to Resolution GSC-14/11 on Cybersecurity. 11
Supplemental Slides • PTSC Issues may be found at: http://www.atis.org/0191/issues.asp • PTSC Active Issues which have a security component are: Issue # Title • S0051 ATIS NGN Identity Management Requirements • S0055 Security Mechanisms • S0059 ATIS NGN Identity Management Use Cases • S0060 ATIS NGN Identity Management Mechanisms • S0061 Certificate Management • S0063 ATIS ETS Authentication • S0065 Enterprise Network Support in NGN • S0073 Security Guidelines for DBF Interface • S0074 Security Guidelines for Carrier Interconnection (NNI)
Supplemental Slides • PRQC Issues may be found at: http://www.atis.org/0010/issues.asp • PRQC Active Issues which have a security component are: Issue # Title • A0010 User Plane Security Requirements in NGNs • A0014 Network-Network Interface (NNI) User Plane Security • A0035 Impact of Security on QOS Performance in NGNs • A0045 Service-specific Security Mechanism Implementation Options