Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.

Published byAllan Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International."— Presentation transcript:

1 Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International Assurance, Common Criteria Scheme Director, CESG, UK, david.martin@cesg.gsi.gov.uk Joint ITU-GISFI Workshop on “Bridging the Standardization Gap: Workshop on Sustainable Rural Communications” (Bangalore, India, 17-18 December 2012)

2 David Martin Involved in Information Assurance Standards for many years Chair of International Common Criteria Development Board Scheme Director for the UK Common Criteria Scheme (operated by UK government) Representing UK Scheme - reporting on new CC vision statement Bangalore, India,17-18 December 2012 2

3 3 Common Criteria - Background Standards for Assurance of IT Product Security 26 Nations (more to come) 16 Nations evaluate/certify products Also an ISO standard (15408 and 18045) Run by a Management Committee (with an executive to support) and a Development Board

4 Bangalore, India,17-18 December 2012 4 Common Criteria – The Value Manufacturers do not have to evaluate products in multiple places. Evaluation is very expensive in time and money Good cyber defence (and sustainable telecom) needs many more products evaluated All nations agree and procure to the common standard Industry involvement (CCUF)

5 Bangalore, India,17-18 December 2012 5 Common Criteria – New Vision – Rationale -1 CC usage has been little changed for more than 12 years A number of nations found that:- The focus on ‘assurance level (EAL)’ was damaging product security Not enough products are evaluated - Cyber defence needs many more Expertise is applied in the wrong place, inconsistently, and without wide peer review.

6 Bangalore, India,17-18 December 2012 6 Common Criteria – New Vision – Rationale -2 Smartcard Community has developed a very effective way of using CC Work has taken place to support a similar approach for general IT products Resulting in the CCMC (management Committee) vision statement – published in September 2012

7 Bangalore, India,17-18 December 2012 7 For more information Common Criteria Portal: www.commoncriteriaportal.org www.commoncriteriaportal.org The vision statement links from the front page Other links show the products, schemes, operating documents etc. Also see CCUF at www.ccusersforum.org www.ccusersforum.org

8 Existing Approach Bangalore, India,17-18 December 2012 8

9 New Approach Bangalore, India,17-18 December 2012 9

10 Technical Communities Bangalore, India,17-18 December 201210

11 Meeting virtually Bangalore, India,17-18 December 201211

12 Much quicker and more effective Bangalore, India,17-18 December 2012 12

13 Bespoke design/evaluation Bangalore, India,17-18 December 2012 13

14 Better to have known standards Bangalore, India,17-18 December 2012 14

15 Other Important developments Common view on cryptography Security Configuration Automation Strong Linkage to Vulnerability/Weakness reporting Supply Chain working group Consistent Government Procurement (and other major users) – addressing what ‘recognition’ really means Bangalore, India,17-18 December 201215

16 Common support for procurement Bangalore, India,17-18 December 201216

17 Bangalore, India,17-18 December 2012 17 Common Criteria – New Vision – Summary More assurance than a simple ‘EAL approach’ Uses worldwide expertise, instead of relying on single ‘expert’ Open, Transparent, Repeatable – as befitting an International Standard Step change in volume – better for cyberdefence Lowers procurement costs

18 Bangalore, India,17-18 December 2012 18 What does this mean for Sustainable Broadband Communications? More assurance (Ignore ‘EAL’ look at what is assured) More responsive Lower cost Wider range and choice of products Uses worldwide expertise, instead of relying on single ‘expert’ Open, Transparent, Repeatable – as befitting an International Standard

19 Bangalore, India,17-18 December 2012 19 Further detail First International Technical Community about to launch – based on USB storage device Many more to follow next year Already many TCs exist (mostly US based)

20 Example TC Areas Networking (NDPP, Firewalls, VPNs, etc) Storage (USB, Hard disks, etc) Applications on Operating systems Mobile telecoms (VOIP, SIP, MDM, etc) Multifunction devices (printers etc.) Bangalore, India,17-18 December 2012 20

21 Bangalore, India,17-18 December 2012 21 Telecoms Applicability 3gPP discussion – potential development of cPPs Could extend to system approaches Key is to have the real technical expertise setting the standards CCRA maintains the fairness, the reliability/reputation, and the worldwide recognition for vendors

22 Conclusions and Recommendations Bangalore, India,17-18 December 2012 22

Download ppt "Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International."

Similar presentations

National Information Assurance Partnership Paul Mansfield January 2013

National Information Assurance Partnership Paul Mansfield January 2013
BS 8903 Your route to full competence. About BS 8903 BS 8903 is the first standard in the world to define and describe best practice in sustainable procurement.

BS 8903 Your route to full competence. About BS 8903 BS 8903 is the first standard in the world to define and describe best practice in sustainable procurement.
Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.

Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.
European e-Competence Framework 1.0 A common European framework for ICT Professionals in all industry sectors www.ecompetences.eu.

European e-Competence Framework 1.0 A common European framework for ICT Professionals in all industry sectors
Connect. Communicate. Collaborate TNC 2008 - Bruges, 22 May 2008 GÉANT2: The Good the Bad and the Ugly - What worked and what didn’t work? Robin G. Arak.

Connect. Communicate. Collaborate TNC Bruges, 22 May 2008 GÉANT2: The Good the Bad and the Ugly - What worked and what didn’t work? Robin G. Arak.
Developments in Consumer/Customer Needs Related to Whey Based Products Richard Field, Orrani Consulting 1.

Developments in Consumer/Customer Needs Related to Whey Based Products Richard Field, Orrani Consulting 1.
Janet Leach Head of Enfield’s Joint Service for Disabled Children Susan Tanner Head of Commissioning and Joint Planning Department for Children and Education.

Janet Leach Head of Enfield’s Joint Service for Disabled Children Susan Tanner Head of Commissioning and Joint Planning Department for Children and Education.
The RTN New Skills 4 Green Jobs UK Workshop University of Exeter Monday July 9 th 2012.

The RTN New Skills 4 Green Jobs UK Workshop University of Exeter Monday July 9 th 2012.
CERN Summary Ian Bird eInfrastructure Workshop 9 December, 2003.

CERN Summary Ian Bird eInfrastructure Workshop 9 December, 2003.
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Supporting Further and Higher Education Building the UK National Information Environment - Lessons from the Past and Pointers To the Future Norman Wiseman.

Supporting Further and Higher Education Building the UK National Information Environment - Lessons from the Past and Pointers To the Future Norman Wiseman.
The Householder Appeals Service Making it easier, simpler and quicker Sean Canavan Head of Quality and Special Projects.

The Householder Appeals Service Making it easier, simpler and quicker Sean Canavan Head of Quality and Special Projects.
Common Criteria National Information Assurance Partnership Evaluation of Mobile Technology Janine Pedersen 1.

Common Criteria National Information Assurance Partnership Evaluation of Mobile Technology Janine Pedersen 1.
SMART GRID DEVICES SECURITY CERTIFICATION

SMART GRID DEVICES SECURITY CERTIFICATION
Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.

Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.
Developing ‘Virtual Communities’ within CAMHS services Mark Johnson – Director of Informatics – Mental Health Strategies Atif Ali – Project Manager, Greater.

Developing ‘Virtual Communities’ within CAMHS services Mark Johnson – Director of Informatics – Mental Health Strategies Atif Ali – Project Manager, Greater.
1 Stanford Archival Repository Project Brian Cooper Arturo Crespo Hector Garcia-Molina Department of Computer Science Stanford University.

1 Stanford Archival Repository Project Brian Cooper Arturo Crespo Hector Garcia-Molina Department of Computer Science Stanford University.
EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.

EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.

Similar presentations

Ads by Google