Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards and Critical Network Infrastructures Michael Harrop TSACC GSC-8111 SOURCE:TSACC TITLE:Standards and Critical Network Infrastructures AGENDA ITEM:Joint.

Published byAsher Collins Modified over 9 years ago

Similar presentations

Presentation on theme: "Standards and Critical Network Infrastructures Michael Harrop TSACC GSC-8111 SOURCE:TSACC TITLE:Standards and Critical Network Infrastructures AGENDA ITEM:Joint."— Presentation transcript:

1 Standards and Critical Network Infrastructures Michael Harrop TSACC GSC-8111 SOURCE:TSACC TITLE:Standards and Critical Network Infrastructures AGENDA ITEM:Joint Item 4.6, Security DOCUMENT FOR: Decision DiscussionX Information

2 17 September 2015M. Harrop GSC-8, OTTAWA Outline of Presentation Overview of the Paper The role of standards in attacks of the infrastructure The need for standards bodies to play a lead role.

3 17 September 2015M. Harrop GSC-8, OTTAWA Overview of the Paper Paper sets the context for presentation What are Critical Network Infrastructures? Attacks on the critical infrastructure & why the risk to network infrastructures has increased Some examples of Canadian critical network infrastructures and dependent industries –Telecommunications, Internet, Electricity –Finance, Government, Transportation, Healthcare, Electronic Commerce

4 17 September 2015M. Harrop GSC-8, OTTAWA Overview of the Paper - 2 The role of standards in critical infrastructure problems The ASN.1 example – an example of the impact of a problem in a standards-based implementation The current role of standards bodies in CNI A possible future role for standards bodies in CNI protection

5 17 September 2015M. Harrop GSC-8, OTTAWA The Importance of Standards Hackers have shown themselves to be adept at taking advantage of flaws in protocols and network implementations. It is very important, therefore, that implementations be “correct” and fault free. Standardization has a significant role to play in minimizing design and implementation errors.

6 17 September 2015M. Harrop GSC-8, OTTAWA The ASN.1 Example A problem discovered in 2001 in the widely-used Simple Network Management Protocol was believed to be associated with the use of ASN.1 in defining the protocol ASN.1 has been used to code many other (possibly even most) network protocols at all layers therefore the problem could be widespread Potentially, the type of protocol error identified allows an attacker to bring down a network without knowing much about it The cost of reparations could be greater than the cost of Y2K fixes (C & W had to change 2154 routers and 2100 firewalls in Feb. 2002)

7 17 September 2015M. Harrop GSC-8, OTTAWA The ASN.1 Example-2 Implementers and Standards groups have had difficulty agreeing on responsibility for the problem but the ASN.1 example provides us with some important lessons Regardless of whether such problems are with the standard or with the way the standard is used, the problems are serious and threaten the network infrastructure. Such problems demand a rapid and coordinated response. They need be fixed quickly. Standards bodies need to take a lead in ensuring a fast and coordinated response to such problems, regardless of the cause.

8 17 September 2015M. Harrop GSC-8, OTTAWA Possible role for Standards Bodies in protecting the network infrastructure

9 17 September 2015M. Harrop GSC-8, OTTAWA Summary Problems associated with the implementation of standards can have wide implications and can threaten the critical network infrastructure Such problems need to be addressed quickly in a coordinated way Standards bodies should take the lead in addressing problems with infrastructure implications and collaborate with bodies working to protect the critical network infrastructure.

Download ppt "Standards and Critical Network Infrastructures Michael Harrop TSACC GSC-8111 SOURCE:TSACC TITLE:Standards and Critical Network Infrastructures AGENDA ITEM:Joint."

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.

Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.
Consultancy Infrastructure Requirements for Fast, Reliable and Secure HL7 V3 Messaging Andrew Hinchley CPL Consulting.

Consultancy Infrastructure Requirements for Fast, Reliable and Secure HL7 V3 Messaging Andrew Hinchley CPL Consulting.
Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.

Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.
GSTC Report to GSC-9 Plenary Presented by Dr Ki-Shik Park - ETRI 1GSC-9, Seoul SOURCE:ACIF TITLE: AGENDA ITEM: CONTACT:Ron Box, GTSC Rapporteur GSC9-018.

GSTC Report to GSC-9 Plenary Presented by Dr Ki-Shik Park - ETRI 1GSC-9, Seoul SOURCE:ACIF TITLE: AGENDA ITEM: CONTACT:Ron Box, GTSC Rapporteur GSC9-018.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
GSC-8160 SOURCE:ITU-T TITLE:Successful E-Meetings AGENDA ITEM:EWG DOCUMENT FOR: Decision DiscussionX Information 28 Apr - 1 May 2003GSC-8, OTTAWA1 Successful.

GSC-8160 SOURCE:ITU-T TITLE:Successful E-Meetings AGENDA ITEM:EWG DOCUMENT FOR: Decision DiscussionX Information 28 Apr - 1 May 2003GSC-8, OTTAWA1 Successful.
29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.

29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart,

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart,
Article: The Cyberweapon that could take down the Internet By Jacob Aron February 11, 2011 Presentation by Jacob Russell CSCE390 April 18 th, 2011.

Article: The Cyberweapon that could take down the Internet By Jacob Aron February 11, 2011 Presentation by Jacob Russell CSCE390 April 18 th, 2011.
1 Research on National Security at the Wharton Risk Center Advisory Committee Meeting Wharton School University of Pennsylvania June 16, 2006.

1 Research on National Security at the Wharton Risk Center Advisory Committee Meeting Wharton School University of Pennsylvania June 16, 2006.
What is an Information System? Input of DataResourcesProcessing Data Data Control of System Performance Storage of Data Resources Output of InformationProducts.

What is an Information System? Input of DataResourcesProcessing Data Data Control of System Performance Storage of Data Resources Output of InformationProducts.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Applegate, L.M., Austin, R.D., and Soule, D.L., Corporate Information Strategy and Management, 8 th edition, Burr Ridge, IL: McGraw-Hill/Irwin, 2009 Instructor’s.

Applegate, L.M., Austin, R.D., and Soule, D.L., Corporate Information Strategy and Management, 8 th edition, Burr Ridge, IL: McGraw-Hill/Irwin, 2009 Instructor’s.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Jeju, 13 – 16 May 2013Standards for Shared ICT HIS – Smart Grid Karen Bartleson, President, IEEE Standards Association Document No: GSC17-PLEN-72 Source:

Jeju, 13 – 16 May 2013Standards for Shared ICT HIS – Smart Grid Karen Bartleson, President, IEEE Standards Association Document No: GSC17-PLEN-72 Source:
Chapter 41 Procurement and Supply Management. Chapter 4Management of Business Logistics, 7 th Ed.2 Learning Objectives Understand the role and nature.

Chapter 41 Procurement and Supply Management. Chapter 4Management of Business Logistics, 7 th Ed.2 Learning Objectives Understand the role and nature.

Similar presentations

Ads by Google