Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Infrastructure Security: The impact on Telecommunications

advertisement 
International Telecommunication Union
Infrastructure
Security: The impact
on
Telecommunications
Charles Brookson
Department of Trade & Industry, UK
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Network and Information Security:
NIS Report
ITU-T
o Response from European Standards
Bodies to the "Communication from the
Commission to the Council, the European
Parliament, the European Economic and
Social Committee and the Committee of
the Regions: Network and Information
Security: Proposal for a European Policy
Approach”
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
2
NIS threats
ITU-T
o Electronic communication can be
intercepted and data copied or modified.
o Unauthorised access with malicious intent
to copy, modify or destroy data and is
likely to include systems and automatic
equipment in the home.
o Disruptive attacks on the Internet have
become quite common and in future the
telephone network may be threatened...
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
3
NIS threats
ITU-T o Malicious software, such as viruses,
can disable computers, delete or
modify data or reprogram home
equipment.
o Misrepresentation of people or entities
can cause substantial damages,
o Many security incidents are due to
unforeseen and unintentional events
such as natural disasters, hardware or
software failures, human error.
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
4
Infrastructure security
ITU-T
Assets -> Threats-> Services
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
5
European Initiatives
ITU-T
o eEurope – An information Society for All
• europa.eu.int
o ETSI – European Telecommunications Standards
Institute www.etsi.org
o CENELEC www.cenelec.org
o CEN – European Committee for Standardisation
• ISSS Information Society Standardisation System
• www.cenorm.be/isss
o ENISA - European Network and Information
Security Agency
• www.enisa.eu.int
• NISSG NIS Steering Group to act as interface to
standards activities
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
6
European Network and Information
Security Agency
ITU-T
o ENISA aims at ensuring particularly high levels of
network and information security within the
Community... contribute to the development of a
culture of network and information security for
the benefit of the citizens, consumers,
enterprises and public sector organisations of the
European Union.
o assists the Commission, the Member States and,
consequently, the business community in meeting
the requirements of network and information
security...
o serve as a centre of expertise for both Member
States and EU Institutions to seek advice on...
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
7
Some areas of relevant
standardisation
ITU-T
o Lawful Interception
o Algorithms
o Electronic Signatures
o Smart Cards
o E-Authentication
o Personal data protection
o Security on the move
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
8
Lawful Interception (LI)
ITU-T
o Technical standards to facilitate LI
o Telecommunications, Internet and Mobile
o Help law enforcement combat crime
• Supporting electronic commerce
o 2002 produced updated standard for
handover.
• Technology specific for 3G mobile,
Multimedia IP, IP Cablecom
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
9
Algorithms and Electronic
Signatures
ITU-T
o Algorithms for:
• Mobile: 3G, DECT, GSM, TETRA
• Authentication and encryption of traffic
• Smart cards
o CEN and ETSI co-operating on the
European Electronic Signature
o Goal to provide Europe with reliable
electronic signatures
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
10
Smart cards and authentication
ITU-T o Smart cards
• Machine readable cards
• Access tokens in public transport
• Banking and payment
• Healthcare
• SCP – Smart Card Platform
o E-authentication
• European and standards
• e-Authentication, e-Government
• Co-operate with worldwide standards
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
11
Personal data protection
ITU-T
o IPSE – Initiative for Privacy Standardisation
in Europe
• Personal data protection
o Related to the European Data Protection
Directive
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
12
Security on the move
ITU-T
o 3rd Generation and GSM standards
• Including Digital Cordless Phones (DECT),
• Trunked Radio (TETRA) and
• Railways (GSM-R)
o EMTEL and MESA
• Emergency Telecommunications
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
13
Latest developments
ITU-T
o 30 Recommendations being addressed
• Co-ordination between worldwide
standards bodies
• Official liaisons, minimising duplication of
effort
• Information for important users, current
and live
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
14
Conclusions
ITU-T o Initiatives in the process of coming
together
o Working together
• Rapidly evolving technology
• Recognition of the need for security issues
• Privacy, Protection, Preparedness
o Existing standards and new standards
required
• Requirements in new standards
o Citizen, Business and Government
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
15
Related documents
Document No ___ 21-22 May 2008 Original:________ TELECOMMUNICATION
Document No ___ 21-22 May 2008 Original:________ TELECOMMUNICATION
SE– x October 2012 English only Original: English
SE– x October 2012 English only Original: English
Download
advertisement