The ISO Advisory Group on Security COPOLCO Workshop 24 May, 2005 Presented by Dr. George W. Arnold Chairman of the Board of Directors American National Standards Institute 1 COPOLCO Workshop 24 May, 2005 Slide 2 Security: More than Preventing Terrorism Earthquakes 13,000 fatalities / year Transportation disasters 7,800 “ Epidemics 6,500 “ Floods 5,000 “ Industrial disasters 2,900 “ Terrorism 2,500 “ Catastrophic storms 1,300 “ Internet attacks 140,000 incidents/year Sources: WHO, CERT COPOLCO Workshop 24 May, 2005 Slide 3 Advisory Group Membership Members AU – Bala Balakrishnan CA – Alice Sturgeon Husam Mansour DE – Hans-Peter Grode FR – Jean-Marie Decore IL – Avi Ginzburg JP – Ichiro Nakajima NL – Herman Schipper UK – Ted Humphries US – Kathleen Higgins Chair George Arnold, US ISO CS Secretariat Mike Smith Keith Brannon Liaisons IEC – Tim Rotti ITU – Herb Bertine CEN – Alois Sieber COPOLCO Workshop 24 May, 2005 Slide 4 Questions What standards are needed? Which already exist? Are they up-to-date? What are the gaps? Where should ISO contribute to address these gaps? COPOLCO Workshop 24 May, 2005 Slide 5 ISO Technical Committees Related to Security Ships and marine technology Aircraft and space vehicles Fire protection and fire safety Food products Financial services Nuclear energy Personal safety – protective clothing and equipment Design of structures Freight containers Air Quality Intelligent transportation systems Environmental management Health informatics Drinking water supply and water quality Cards and personal identification IT security Biometrics Automatic identification and data capture COPOLCO Workshop 24 May, 2005 Slide 6 Observations 35 of 205 ISO TCs have work related to security Some very key activities – biometrics, detecting illicit movement of radioactive material, maritime port security, information security, … No work on some topics – emergency preparedness, security of petroleum facilities (there are reasons for this), chemical plants Outdated standards in some areas (e.g. buildings) Opportunities for new standards (e.g. detecting contamination of water, food, air supply) Currently, bottom-up process COPOLCO Workshop 24 May, 2005 Slide 7 Recommendations (1) Permanent ISO Security Strategic Advisory Group ISO/IEC Guidelines for Technical Committees Web Portal Security Management Framework Standard Emergency Preparedness Standard Reactivate TC 223 on Civil Defense COPOLCO Workshop 24 May, 2005 Slide 8 Recommendations (2) Updated and/or New Standards Needs Built Infrastructure Protection for First Responders Equipment for First Responders Healthcare – Infection Control Resources – Security Aspects of Air, Food, Water Supply Cybersecurity Personal Identification COPOLCO Workshop 24 May, 2005 Slide 9 Recommendations (3) Transportation Ships, marine ports, intermodal supply chain – active work program underway, coordinated by TC 8, but needs to be extended to include land transport Air, rail, and road transport Current work addresses identity cards, biometrics, freight container seals, RFID and IT security Potential to address additional requirements requires consultation with intergovernmental organizations (e.g. ICAO, UIC, UN/ECE) COPOLCO Workshop 24 May, 2005 Slide 10 Conclusion Evident that ISO has a large role to play in international security standardization All recommendations were accepted by ISO TMB at February 2005 meeting Initial implementation steps set in motion Permanent Security Advisory Group to be formed following June TMB meeting COPOLCO input is very timely! For further information: George W. Arnold, garnold@lucent.com, +1.732.949.1029 COPOLCO Workshop 24 May, 2005 Slide 11