The ISO Advisory Group on
Security
COPOLCO Workshop
24 May, 2005
Presented by
Dr. George W. Arnold
Chairman of the Board of Directors
American National Standards Institute
1
COPOLCO Workshop
24 May, 2005
Slide 2
Security: More than Preventing Terrorism
Earthquakes
13,000 fatalities / year
Transportation disasters
7,800
“
Epidemics
6,500
“
Floods
5,000
“
Industrial disasters
2,900
“
Terrorism
2,500
“
Catastrophic storms
1,300
“
Internet attacks
140,000 incidents/year
Sources: WHO, CERT
COPOLCO Workshop
24 May, 2005
Slide 3
Advisory Group Membership









Members
AU – Bala Balakrishnan
CA – Alice Sturgeon
Husam Mansour
DE – Hans-Peter Grode
FR – Jean-Marie Decore
IL – Avi Ginzburg
JP – Ichiro Nakajima
NL – Herman Schipper
UK – Ted Humphries
US – Kathleen Higgins






Chair
George Arnold, US
ISO CS Secretariat
Mike Smith
Keith Brannon
Liaisons
IEC – Tim Rotti
ITU – Herb Bertine
CEN – Alois Sieber
COPOLCO Workshop
24 May, 2005
Slide 4
Questions
What standards are needed?
 Which already exist?
 Are they up-to-date?
 What are the gaps?
 Where should ISO contribute to address
these gaps?

COPOLCO Workshop
24 May, 2005
Slide 5
ISO Technical Committees Related to Security










Ships and marine technology
Aircraft and space vehicles
Fire protection and fire safety
Food products
Financial services
Nuclear energy
Personal safety – protective
clothing and equipment
Design of structures
Freight containers
Air Quality








Intelligent transportation systems
Environmental management
Health informatics
Drinking water supply and water
quality
Cards and personal identification
IT security
Biometrics
Automatic identification and
data capture
COPOLCO Workshop
24 May, 2005
Slide 6
Observations






35 of 205 ISO TCs have work related to security
Some very key activities – biometrics, detecting illicit
movement of radioactive material, maritime port security,
information security, …
No work on some topics – emergency preparedness, security
of petroleum facilities (there are reasons for this), chemical
plants
Outdated standards in some areas (e.g. buildings)
Opportunities for new standards (e.g. detecting contamination
of water, food, air supply)
Currently, bottom-up process
COPOLCO Workshop
24 May, 2005
Slide 7
Recommendations (1)






Permanent ISO Security Strategic Advisory Group
ISO/IEC Guidelines for Technical Committees
Web Portal
Security Management Framework Standard
Emergency Preparedness Standard
Reactivate TC 223 on Civil Defense
COPOLCO Workshop
24 May, 2005
Slide 8
Recommendations (2)

Updated and/or New Standards Needs







Built Infrastructure
Protection for First Responders
Equipment for First Responders
Healthcare – Infection Control
Resources – Security Aspects of Air, Food, Water Supply
Cybersecurity
Personal Identification
COPOLCO Workshop
24 May, 2005
Slide 9
Recommendations (3)

Transportation


Ships, marine ports, intermodal supply chain – active work
program underway, coordinated by TC 8, but needs to be
extended to include land transport
Air, rail, and road transport


Current work addresses identity cards, biometrics, freight
container seals, RFID and IT security
Potential to address additional requirements requires consultation
with intergovernmental organizations (e.g. ICAO, UIC, UN/ECE)
COPOLCO Workshop
24 May, 2005
Slide 10
Conclusion






Evident that ISO has a large role to play in international security
standardization
All recommendations were accepted by ISO TMB at February
2005 meeting
Initial implementation steps set in motion
Permanent Security Advisory Group to be formed following June
TMB meeting
COPOLCO input is very timely!
For further information:
 George W. Arnold, garnold@lucent.com, +1.732.949.1029
COPOLCO Workshop
24 May, 2005
Slide 11