MIT Requirements for TLC IRRIIS MIT Conference ROME 8 February 2007 Giustino FUMAGALLI Arnaud ANSIAUX

IRRIIS ICT networks and systems are the nervous system of our modern technological society. The dependencies of other services (energy, transportation …) supply on ICT networks have grown ever more complex. ICT : Information Communications Technology General context (

IRRIIS Because of this interconnectedness and an increasing reliance on ICT networks, services critical to society and economy are becoming more fragile and may fall faster than ever before because of a major technological collapse of an ICT network or system. ICT : Information Communications Technology General context

IRRIIS The IRRIIS project will provide a novel technology, named « MIT system » aiming at enhancing the dependability, the survivability and the resilience of LCCIs. MIT system will : o Improve the networks’ operators mutual awareness; o Improve the negotiation capacity between different networks; o Reduce the chance that failures spread; o Mitigate the cascading effects. MIT : Middleware Improved Technology; LCCI : Large Complex Critical Infrastructure. IRRIIS project

IRRIIS Why MIT System for Telco ? Telecommunication infrastructure is defined as « Organizations, personnel, procedures, facilities and networks » employed to transmit and receive information. ( TELCO infrastructure is definitly a very complexe system to be handled in globality. Eight Ingredient Framework of Communications Infrastructure

IRRIIS “Intradependencies” in Telco Intradependencies must be taken into account inside a single operator telecommunication network.

IRRIIS Internationalization of Business; Overall mobility of clients; Convergence of telecoms and IT; … Increase the number of interdependencies between telecommunication operators. “Interdependencies” in Telco

IRRIIS To grant its own service delivery each CI operator needs to be granted on the service delivery provided by others CI operators; Service Level Agreements with others CI operators (both for electricity or Telco); Service Level Agreements for a certain service could include regulation about the exchange of information concerning the status of the provided service; The nature of the information exchanged often requires feed-back mechanisms. Fast alerting about SLA reduction should be useful to implement countermeasures on-time, avoiding critical malfunctions afterwards; Automatic negotiated service restoration after a malfunction, may help cooperation to a faster and safer return to a “normal state” of all CI’ service deliveries. Moreover, it may help civil protection emergency activities. Interdependencies means interworking needs

IRRIIS No-one can understand better his own risk in the “service delivery” than the “service provider” itself : Share his own risk perception with others CI operators should be very important. BUT!!! Automatic data exchange doesn’t mean automatic reaction : internal procedures for the risk management must be respected; “Service consumer” operator need to trust in data received. Share only relevant data to others: “service consumer” is interested in being informed about service delivery, not about “service producer troubles”. SO Exchange service relevant data in a simple format: – Risk estimation; – Where (Location and expected area involved); – When (Time and how long). A basic Interdependency Risk reduction : data exchange

IRRIIS Environment drives also Telco Transformation of Telco Operators business model. The telecom carrier is becoming a global service operator (access to IT resources, hosting, outsourcing, etc …); Development of new technologies (high bandwidth capabilities, multimedia technologies, mobile technologies, service platforms, IP convergence…); Strong partnerships with other operators, ISP and content providers / Constraints due to governmental law enforcement. Change of habits of Clients. Development of new end to end services to their clients ( QoS, security guaranties, service profile, … );

IRRIIS Security Management - “Off-line” analysis - Network engineering; - Risk management studies... - Operational Continuity & Emergency Plans - Crisis Management Process (fast reaction) Existing solutions to enhance resilience in Telco Redundancies of main equipments, services and pathways inside operator networks (logically or physically)

IRRIIS Network Operating Center Security Operating Center Existing solutions to enhance resilience in Telco Security Management ; - “On-line” monitoring : Supervision solutions. - Network Operation Center (NOC); - Security Operation Center (SOC);

IRRIIS Remaining and new issues Supervision solutions - Mainly based on technical information collection ; - Large amount of data are collected from networks which involve issues : storage and data mining, complex treatments (filtering, aggregation, correlation…) ; - Too many supervision tools are needed which make a lot of communication interoperability issues and make decision phase more and more complex. IP and mobility technologies are source of new vulnerabilities, threats and malicious attacks for Telco network operators. A lot of effort should be done to develop single efficient system to enhance overall Telco resilience.

IRRIIS Main requirements for MIT system (1/2) Processing functions Collect and process internal data and information, – Embedded computing at lower level inside the network to make efficient, timely and secure the data processing ( filtering, aggregation and correlation mechanisms); Perform analysis and diagnosis useful for the infrastructure where MIT components are installed and for other infrastructures with which they are connected; Process data coming from other infrastructures in order to allow the operator to prevent potential cascading effects; Security policies management capabilities to define emergency conditions and if possible automatic recovery.

IRRIIS Main requirements for MIT system (2/2) Communication functions Support information sharing to provide early warning to neighboring systems and infrastructure; Exchange data with other Communication Components installed on other infrastructures; Enhance global communication capabilities by defining communication standards to resolve interoperability issues (ie : risk common exchange language); Define standard for scallable, tunable information on resilience and security aspects for inter-domain level agreement.

IRRIIS MIT System general architecture MIT system should be implemented both at : The management service level; The collector level; Inside the operator core network : directly on « critical » network equipments; using specific probes. Network Operating Center Security Operating Center Main objectives : Independent and modular architecture; Define the content of RML * messages. * RML : Risk Management Language

IRRIIS Processing functions Communication functions Because each LCCI will remain responsible for his own security management and overall technical capacity management; But also to ensure the most resilience and scalable capabilities within Telco interdependencies … MIT System general architecture MIT system general architecture has been oriented where each MIT system communicates with all interfaced MIT systems making use of client-server paradigm.

IRRIIS Extension of TELCO MIT system to other domains – Global service continuity, resilience with limiting cascading effect between all critical infrastructures; – Global security reaction management with support of authorized recovery; – Global “TRUST & CONFIDENCE”. The application of these general requirements for MIT system should enhance overall resilience of all these complex communication Infrastructures. Because, ICT networks are the nervous system of other infrastructures, it could be then possible to extend the concept of MIT system to other interdependent domains and really start to think about :

IRRIIS THANK YOU