Global Standards Collaboration (GSC) 14 DOCUMENT #: GSC14-GSC7-03 FOR: Presentation SOURCE: ITU-T AGENDA ITEM: GTSC 4.2 CONTACT(S): kremer@rans.ru ITU-T Telecom Security Update Arkadiy Kremer ITU-T SG 17 Chairman Geneva, 13-16 July 2009 Fostering worldwide interoperability Telecom Security is an Essential Part of IP-based Networks and Services Integration of telecommunication and security infrastructures is constantly increasing Convergence of services where voice, data/video and broadcasting are appearing on all types of network platforms Internet is a part of telecommunication infrastructure Next-generation business model for network operators demands subscriber-centric data consolidation Fostering worldwide interoperability 2 Highlight of Current Activities Terms and definitions alignment across members of GSC Security Compendium includes catalogs of approved security-related Recommendations and security definitions extracted from approved Recommendations Security Standards Roadmap includes searchable database of approved ICT security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS) JCA-IdM (was discussed on PLEN 6.4) JCA-CIT - a standard is the real standard if it is verified (more in supplementary slides) Business Use of Security Standards - a standard is the real standard if it has the business-applications. ITU-T together with the GSC members would like to provide a report which will consist of summary sheets for analysed top security standards (status and summary who does the standard affect? business benefits technologies involved technical implications) (more in supplementary slides) Fostering worldwide interoperability 3 Highlight of Current Activities Providing a Global Cybersecurity Information Exchange Framework – X.cybief (more in supplementary slides) Responsive to GSC-13/11, resolves 5: promote global, consistent, and interoperable processes for sharing incident-response related information Large-scale effort to bring “best of breed” of security information exchange standards into the ITU and facilitating global interoperability and trust for security state, vulnerabilities, incidents, threats Facilitated by a global security exchange identification scheme for organizations, information identifiers, and policies use of Extended Validation Certificates based on X.509 Providing for close working relationship with principal CIRT/CERT organization (FIRST) and assisting developing countries to establish CIRTs on a national basis (WTSA Res. 58) Geneva, 13-16 July 2009 Fostering worldwide interoperability 4 Strategic Directions Work on telecom security standardization convergence points gaps: Security architecture SOA security Network security business infrastructure security ICT security information critical infrastructure security Personal data protection IdM Security management security collaboration Security collaboration No one organization can provide its own security without interaction with others Security collaboration contains measures, which pertain to the readiness and ability of the organizations to interact with other entities (including operators, users and law enforcement authorities) to counter the threats Need a framework for raising the understanding of what is achievable Geneva, 13-16 July 2009 Fostering worldwide interoperability 5 Strategic Directions Essential to pessimistically evaluate threats in light of the success we expect Three great classes of threats: Insider attacks Social engineering Organized crime’s monetization of malware and fragility Connecting systems is good. Sharing vulnerability is bad. Systems must fundamentally distrust the systems with which they interact Minimal disclosure technology is fundamental in a federated world. “Need to know” Internet Geneva, 13-16 July 2009 Fostering worldwide interoperability 6 Challenges Keeping ahead of security needs vulnerabilities incidents Getting isolated security communities to cooperate effectively Implementing needed identity management platforms and trust models in the infrastructure widespread deployment of "Extended validation certificates" for organization/provider trust that accommodate the diversity of parties and assurance levels/requirements Making security “measurable” Geneva, 13-16 July 2009 Fostering worldwide interoperability 7 Next Steps/Actions Proceed with the development and adoption of the Global Cybersecurity Information Exchange Framework Adopt X.evcert – an Extended Validation Certificate Framework Get an OID identifier arc assigned for identifying organizations, information, and policies Work with existing and emerging new security organizations to facilitate development and use of a common exchange framework Geneva, 13-16 July 2009 Fostering worldwide interoperability 8 Proposed Modification Resolution on Cybersecurity Modify the Cybersecurity resolution “recognizing” section by adding a new paragraph: Achieving most of the above requirements is highly dependent on a global framework for the trusted structured exchange of information concerning the cybersecurity state of devices/systems, vulnerabilities, incidents, and heuristics among the operators, vendors, security organizations and agencies Modify the Cybersecurity resolution resolves 5 section by changing to promote trusted global, structured, interoperable, and measurable processes for sharing cybersecurity state, vulnerability, and incident-response related information through a global framework Geneva, 13-16 July 2009 Fostering worldwide interoperability 9 Supplementary Slides Geneva, 13-16 July 2009 Fostering worldwide interoperability 10 JCA-CIT A standard is the real standard if it is verified The main objectives of the JCA-CIT are to coordinate: The collection of and making available information about testing activities and testing methodologies Provision of feedback on collected information as appropriate Development of a common understanding of Conformance vs. Interoperability testing Development of the requirements placed on writing Recommendations to accommodate testing Provision of technical assistance to Rapporteurs and editors writing Recommendations for testing and test specification Provision of input towards the evolution of Recommendations that define testing methodology Dissemination of information about testing across other SDOs Preparation of material for tutorials, workshops, conferences and make presentation if appropriate Promotion of the use of a common terminology and methodology of testing Finding working methods to co-ordinate activities and improve sharing of results Fostering worldwide interoperability 11 Business Use of Security Standards A standard is the real standard if it has the business-applications. ITU-T together with the GSC members would like to provide a report which will consist of summary sheets for analysed top security standards (status and summary who does the standard affect? business benefits technologies involved technical implications) Your comments and views on the following would be appreciated: Do you agree that this work activity would be useful to organizations and/or DC/CETs planning to deploy telecommunications/ICT security systems? Does your organization have existing information that may be related to this work activity or that may be used to progress this work? Does your organization have contact with DC/CETs that may further elaborate on their needs and detail the information they may find most useful to capture in the activity output? Does your organization have any suggestions to provide additional detail regarding the proposed summary sheet elements or criteria to select standards? Would your organization be willing to assist the ITU-T in progressing this work? Fostering worldwide interoperability 12 Global Cybersecurity Information Exchange Framework Purposes Enable global capabilities for the structured exchange of cybersecurity information by identifying and incorporating existing “best of breed” platform standards as necessary, making the existing standards more global and interoperable Move beyond guidelines and facilitate the scaling and broad implementation of core capabilities already developed within cybersecurity communities Fostering worldwide interoperability 13 Global Cybersecurity Information Exchange Framework Cybersecurity information: structured information or knowledge concerning 1.The “state” of equipment, software or network based systems as related to cybersecurity, especially vulnerabilities 2.Forensics related to incidents or events 3.Heuristics and signatures gained from experienced events 4.Parties who implement cybersecurity information exchange capabilities within the scope of this framework 5.Specifications for the exchange of cybersecurity information, including modules, schemas, and assigned numbers 6.The identities and trust attributes of all of the above 7.Implementation requirements, guidelines and practices Fostering worldwide interoperability 14 Global Cybersecurity Information Exchange Framework Cybersecurity Entities Cybersecurity Information acquisition (out of scope*) Cybersecurity Entities Structured information Identification & discovery of cybersecurity information and entities Trusted exchange Cybersecurity Information use (out of scope*) *Some specialized cybersecurity exchange implementations may require application specific frameworks specifying acquisition and use capabilities Fostering worldwide interoperability 15 Global Cybersecurity Information Exchange Framework – Capabilities and Context The Framework enables exchange capabilities for the entire Cyber Security Ecosystem, by providing for the dashed information exchanges Fostering worldwide interoperability 16 Framework Capabilities Outline Cybersecurity structured information Identify existing standards Bring some of them into ITU-T as X-series standards and supplement as needed for global interoperability Cybersecurity identification and discovery Identify existing standards Bring some of them into ITU-T as X-series standards and supplement as needed for global interoperability Cybersecurity trusted acquisition and exchange Identify existing standards Bring some of them into ITU-T as X-series standards and supplement as needed for interoperability Fostering worldwide interoperability 17