Fostering worldwide interoperabilityGeneva, July 2009 ITU-T Telecom Security Update Arkadiy Kremer ITU-T SG 17 Chairman Global Standards Collaboration (GSC) 14 DOCUMENT #:GSC14-GSC7-03 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:GTSC 4.2
Fostering worldwide interoperability Telecom Security is an Essential Part of IP-based Networks and Services Integration of telecommunication and security infrastructures is constantly increasing Convergence of services where voice, data/video and broadcasting are appearing on all types of network platforms Internet is a part of telecommunication infrastructure Next-generation business model for network operators demands subscriber-centric data consolidation 2
Fostering worldwide interoperability Highlight of Current Activities Terms and definitions alignment across members of GSC Security Compendium includes catalogs of approved security-related Recommendations and security definitions extracted from approved Recommendations Security Standards Roadmap includes searchable database of approved ICT security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS) JCA-IdM (was discussed on PLEN 6.4) JCA-CIT - a standard is the real standard if it is verified (more in supplementary slides) Business Use of Security Standards - a standard is the real standard if it has the business-applications. ITU-T together with the GSC members would like to provide a report which will consist of summary sheets for analysed top security standards (status and summary who does the standard affect? business benefits technologies involved technical implications) (more in supplementary slides) 3
Fostering worldwide interoperability 44 Geneva, July 2009 Providing a Global Cybersecurity Information Exchange Framework – X.cybief (more in supplementary slides) Responsive to GSC-13/11, resolves 5: promote global, consistent, and interoperable processes for sharing incident-response related information Large-scale effort to bring “best of breed” of security information exchange standards into the ITU and facilitating global interoperability and trust for security state, vulnerabilities, incidents, threats Facilitated by a global security exchange identification scheme for organizations, information identifiers, and policies use of Extended Validation Certificates based on X.509 Providing for close working relationship with principal CIRT/CERT organization (FIRST) and a ssisting developing countries to establish CIRTs on a national basis (WTSA Res. 58) Highlight of Current Activities
Fostering worldwide interoperability 55 Geneva, July 2009 Work on telecom security standardization convergence points gaps: Security architecture SOA security Network security business infrastructure security ICT security information critical infrastructure security Personal data protection IdM Security management security collaboration Security collaboration No one organization can provide its own security without interaction with others Security collaboration contains measures, which pertain to the readiness and ability of the organizations to interact with other entities (including operators, users and law enforcement authorities) to counter the threats Need a framework for raising the understanding of what is achievable Strategic Directions
Fostering worldwide interoperability 66 Geneva, July 2009 Strategic Directions Essential to pessimistically evaluate threats in light of the success we expect Three great classes of threats: Insider attacks Social engineering Organized crime’s monetization of malware and fragility Connecting systems is good. Sharing vulnerability is bad. Systems must fundamentally distrust the systems with which they interact Minimal disclosure technology is fundamental in a federated world. “Need to know” Internet
Fostering worldwide interoperability 77 Geneva, July 2009 Keeping ahead of security needs vulnerabilities incidents Getting isolated security communities to cooperate effectively Implementing needed identity management platforms and trust models in the infrastructure widespread deployment of "Extended validation certificates" for organization/provider trust that accommodate the diversity of parties and assurance levels/requirements Making security “measurable” Challenges
Fostering worldwide interoperability 88 Geneva, July 2009 Proceed with the development and adoption of the Global Cybersecurity Information Exchange Framework Adopt X.evcert – an Extended Validation Certificate Framework Get an OID identifier arc assigned for identifying organizations, information, and policies Work with existing and emerging new security organizations to facilitate development and use of a common exchange framework Next Steps/Actions
Fostering worldwide interoperability 9 Proposed Modification Resolution on Cybersecurity Modify the Cybersecurity resolution “recognizing” section by adding a new paragraph: Achieving most of the above requirements is highly dependent on a global framework for the trusted structured exchange of information concerning the cybersecurity state of devices/systems, vulnerabilities, incidents, and heuristics among the operators, vendors, security organizations and agencies Modify the Cybersecurity resolution resolves 5 section by changing to promote trusted global, structured, interoperable, and measurable processes for sharing cybersecurity state, vulnerability, and incident-response related information through a global framework 9 Geneva, July 2009
Fostering worldwide interoperability 10 Geneva, July 2009 Supplementary Slides
Fostering worldwide interoperability 11 JCA-CIT A standard is the real standard if it is verified The main objectives of the JCA-CIT are to coordinate: The collection of and making available information about testing activities and testing methodologies Provision of feedback on collected information as appropriate Development of a common understanding of Conformance vs. Interoperability testing Development of the requirements placed on writing Recommendations to accommodate testing Provision of technical assistance to Rapporteurs and editors writing Recommendations for testing and test specification Provision of input towards the evolution of Recommendations that define testing methodology Dissemination of information about testing across other SDOs Preparation of material for tutorials, workshops, conferences and make presentation if appropriate Promotion of the use of a common terminology and methodology of testing Finding working methods to co-ordinate activities and improve sharing of results
Fostering worldwide interoperability 12 Business Use of Security Standards A standard is the real standard if it has the business-applications. ITU-T together with the GSC members would like to provide a report which will consist of summary sheets for analysed top security standards (status and summary who does the standard affect? business benefits technologies involved technical implications) Your comments and views on the following would be appreciated: Do you agree that this work activity would be useful to organizations and/or DC/CETs planning to deploy telecommunications/ICT security systems? Does your organization have existing information that may be related to this work activity or that may be used to progress this work? Does your organization have contact with DC/CETs that may further elaborate on their needs and detail the information they may find most useful to capture in the activity output? Does your organization have any suggestions to provide additional detail regarding the proposed summary sheet elements or criteria to select standards? Would your organization be willing to assist the ITU-T in progressing this work?
Fostering worldwide interoperability 13 Purposes Enable global capabilities for the structured exchange of cybersecurity information by identifying and incorporating existing “best of breed” platform standards as necessary, making the existing standards more global and interoperable Move beyond guidelines and facilitate the scaling and broad implementation of core capabilities already developed within cybersecurity communities Global Cybersecurity Information Exchange Framework
Fostering worldwide interoperability 14 Cybersecurity information: structured information or knowledge concerning 1.The “state” of equipment, software or network based systems as related to cybersecurity, especially vulnerabilities 2.Forensics related to incidents or events 3.Heuristics and signatures gained from experienced events 4.Parties who implement cybersecurity information exchange capabilities within the scope of this framework 5.Specifications for the exchange of cybersecurity information, including modules, schemas, and assigned numbers 6.The identities and trust attributes of all of the above 7.Implementation requirements, guidelines and practices Global Cybersecurity Information Exchange Framework
Fostering worldwide interoperability 15 Global Cybersecurity Information Exchange Framework Cybersecurity Information acquisition (out of scope*) Cybersecurity Information use (out of scope*) Structured information Identification & discovery of cybersecurity information and entities Trusted exchange Cybersecurity Entities Cybersecurity Entities *Some specialized cybersecurity exchange implementations may require application specific frameworks specifying acquisition and use capabilities
Fostering worldwide interoperability 16 Global Cybersecurity Information Exchange Framework – Capabilities and Context The Framework enables exchange capabilities for the entire Cyber Security Ecosystem, by providing for the dashed information exchanges
Fostering worldwide interoperability 17 Framework Capabilities Outline Cybersecurity structured information Identify existing standards Bring some of them into ITU-T as X-series standards and supplement as needed for global interoperability Cybersecurity identification and discovery Identify existing standards Bring some of them into ITU-T as X-series standards and supplement as needed for global interoperability Cybersecurity trusted acquisition and exchange Identify existing standards Bring some of them into ITU-T as X-series standards and supplement as needed for interoperability