DOCUMENT #: GSC13-GTSC6-12 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC; 4.2 CONTACT(S): Art Reilly (arreilly@cisco.com) ATIS Cybersecurity Submission Date: July 1, 2008 Highlight of Current Activities (1) ATIS Packet Technologies and Systems Committee (PTSC) • Completed: – UNI and NNI signalling security standards – NNI testing standard • Finalized: – UNI testing Standard • Require all standards support logging to facilitate creation of incident reports • Focus is now on other security related topics that will ensure robust signalling and communications standards and network implementations that will provide adequate protection in the current cyber security environment: – NGN Authentication – Security mechanisms – Certificate Management 2 Highlight of Current Activities (2) • Focus is on specifying security considerations for Layers 1 through 5 for NNIs on a per service basis – Generation of templates will: • • • • Facilitate interconnection negotiations Enable adequate security to be provided Identify options available Facilitate interoperability ATIS Network Performance, Reliability and Quality of Service Committee (PRQC) • Issue A029, Establishment of an ATIS Security Baseline – Technical Report: Information & Communications Security for NGN Converged Services IP Networks and Infrastructure • PRQC-SEC’s major work item completed in 2007 • Developed jointly in Ad-Hoc Group with TMOC and PTSC participants • TR defines applicability of existing security related standards, best practices, regulations, and identifies gaps within industry specifications • 220 pages containing extensive data on communications and information security 3 Strategic Direction ATIS PTSC is focusing on: – Creation of a suite of security standards that well facilitate secure interconnection of: • transport facilities • signalling facilities • services • ATIS PTSC is not focusing on: – Security Mechanisms for Messaging Applications – Tracking • ATIS is looking to ITU-T SG 17 and other Study Groups to address the messaging and tracking areas 4 Challenges • SIP security solutions are tailored to be end to end. Link by link security solutions do not provide the same level of security. • SIP/SIPPING/SIMPLE/etc. RFCs have well written security sections that are not fully implemented in vendor products. • Security solutions have an impact on delay and performance. 5 Next Steps/Actions • The PTSC will continue on its current path generating a complete suite of standards that can be used to facilitate interconnection negotiations and result in interconnection scenarios that are secure. • PRQC will continue to address: – Standards extending work outlined in the TR – Impact of Security on QOS Performance in Next Generation Networks • Document potential QoS degradations associated with security mechanisms • Identify potential security problems associated with QoS mechanisms – User-Network Interface (UNI) User Plane Security Standard 6 Proposed Resolution • The text of the current Resolution on cybersecurity, i.e., Resolution GSC-12/19: (GTSC) Cybersecurity (Revised), is still appropriate and no modifications are called for at this time. 7 Supplemental Slides 8 Supplemental Slides • • • • • • • • • • • • • PTSC Issues may be found at: http://www.atis.org/0191/issues.asp PTSC Active Issues which have a security component are: Issue # Title S0027 IP Device (SIP UA) to Network Interface Standard S0033 End to End User Authentication and Signaling Security S0046 ATIS NGN Security Requirements S0050 VoIP (SIP) UNI Testing Framework S0052 UNI Terminal Adapter Requirements S0053 UNI Configuration S0055 Security Mechanisms S0061 Certificate Management S0063 ATIS ETS Authentication S0065 Enterprise Network Support in NGN 9