Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Wayne Zeuch, ATIS ATIS Cybersecurity Standards Document No: GSC16-GTSC9-10 Source: ATIS Contact: Wayne Zeuch, GSC Session: GTSC-9 Agenda Item: 4.2
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 ATIS’ Packet Technologies and Systems Committee (PTSC) - Completed ATIS , NGN Security Mechanisms and Procedures –Describes the security mechanisms and specifies the suite of options that can be used to fulfill the requirements described in ATIS (NGN Security Requirements). –Describes identification, authentication and authorization mechanisms; discusses transport security for signalling, OAM&P and media security; and describes audit-trail-related mechanisms and provisioning. ATIS , ATIS Identity Management (IdM): Requirements and Use Cases Standard –Provides IdM example use cases and requirements for the NGN and its interfaces. IdM functions and capabilities are used to increase confidence in identity information and support and enhance business and security applications including identity-based services. 2 Highlight of Current Activities (1)
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC Highlight of Current Activities (1) ATIS’ Packet Technologies and Systems Committee (PTSC) – Is Currently Developing a Standard that provides a framework for the design, implementation, and operations of a security architecture by NGN providers, and guidelines for a structured approach and methodology for NGN security planning and operations. Defining security guidelines to support IP Network Interface (INI) to an IP emergency network. Defining the security guidelines for external Data Border Function (DBF) interfaces (UNI, ANI, NNI, SNI). Addressing the necessary requirements and mechanisms in support of Emergency Telecommunications Services (ETS) authentication.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 PTSC continues to focus on security-related topics that will ensure robust signalling and communications standards and network implementations that will provide adequate protection and support for multimedia and emergency services in the current cybersecurity environment: –ETS Authentication –Data Border Function Requirements –Security Mechanisms –Location –Identity Management –Certificate Management Security architecture is layered, both horizontally and vertically, with border element functions protecting trusted from untrusted domains. 4 Highlight of Current Activities (2)
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 PTSC’s focus is on specifying security considerations for Layers 1 through 5 for UNIs, NNIs, ANIs, and SNIs –Generation of interface requirements will: Attempt to reduce number of available interconnection options, without compromising the desired flexibility in implementing the services, thereby facilitating interoperability Facilitate interconnection negotiations Ensure adequate security will be provided 5 Highlight of Current Activities (3)
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 ATIS’ Telecom Management and Operations Committee (TMOC) TMOC will continue to address –Management aspects of security, especially concerning NGN Carrier Interconnection arrangements and VoIP Registry Database –Management aspects of security, as driven by the ATIS Board (e.g., TOPS Council or CIO Council) 6 Highlight of Current Activities (4)
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 ATIS continues to develop a suite of security authentication and IdM standards that will facilitate secure interconnection of: –transport facilities –signalling facilities –services and applications Cloud computing may pose significant security issues that will need to be addressed, and ATIS committees will continue to collaborate (e.g., PTSC, CSF, etc.) on such matters. 7 Strategic Direction
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 SIP security solutions are tailored to be end to end SIP/SIPPING/SIMPLE/etc. RFCs have well written security sections that are not fully implemented in vendor products Security solutions have an impact on delay and performance 8 Challenges
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 ATIS will continue on its current path of generating a complete suite of standards that can be used to facilitate interconnection negotiations and result in interconnection scenarios that are secure ATIS will continue to collaborate with and provide input into the ITU-T on global solutions for security- and IdM-related matters. 9 Next Steps/Actions
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 ATIS supports the reaffirmation of the existing Cybersecurity Resolution contained in: –Resolution GSC-15/11 – Cybersecurity Request that the Resolutions Editor make editorial formatting updates; e.g.: Align bullet formatting Removal of blank items –Recognizing #17 –Resolves #7 10 Proposed Resolution
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC Supplemental Slides
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 Supplemental Slides PTSC Issues may be found at: PTSC Active Issues which have a security component are: Issue # Title –S0060ATIS NGN Identity Management Mechanisms –S0061Certificate Management –S0063ATIS ETS Authentication –S0073Security Guidelines for DBF Interface –S0074Security Guidelines for Carrier Interconnection (NNI) –S0093NGN Security Planning & Operations Guidelines –S0094Security Guidelines for IP Network Interface (INI) to an Emergency Services Network 12
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All GSC16-GRSC9-10 Supplemental Slides PRQC Issues may be found at: PRQC Active Issues which have a security component are: Issue # Title –A0010User Plane Security Requirements in NGNs –A0014Network-Network Interface (NNI) User Plane Security –A0035Impact of Security on QOS Performance in NGNs –A0045Service-specific Security Mechanism Implementation Options 13