FG1B Cybersecurity Sept13

Document Sample
FG1B Cybersecurity Sept13 Powered By Docstoc
					Network Reliability and Interoperability Council




                                             Focus Group 1B
                                              Cybersecurity
                       Dr. Bill Hancock, CISSP
                      Cable and Wireless America
                                                   FG1B Chair
                            bill.hancock@exodus.net
                                   972-740-7347
                                                   Charter of FG1B Cybersecurity
Network Reliability and Interoperability Council




         • Generate Best Practices for cybersecurity
                  – Telecommunications sector
                  – Internet services
         • Deliverables
                  – December 2002 – prevention
                  – March 2003 – restoration
         • New team, very little previous material to
           use for a base or as a guideline
                                                   Composition and Organization
Network Reliability and Interoperability Council




         • Made up predominantly of Chief Security
           Officers or equivalent at most telecom
           companies in the U.S. as well as selected
           Subject Matter Experts (SMEs)
         • Members include various U.S. Government
           agencies such as DoC, DoD, DoJ, FCC,
           Federal Reserve, etc.
         • Group is divided into 10 working teams,
           each with a team leader
Network Reliability and Interoperability Council
                                                   Working Efforts

       • Focus is on “gap filling” for cybersecurity Best
         Practices (BP)
                – Find and use existing BPs for cybersecurity
                – Identify where there are gaps in completeness
                – Create master list of existing BPs
       • 75+ focus areas identified in initial meetings
       • Each team meets at the same time each week via
         conference call
       • Working BPs are entered into an agreed-upon
         template that all teams use
       • There is a process in-place to collect, share and
         provide documents between team members
                                                     Network Security Framework
  Network Reliability and Interoperability Council    (Based on Bell Labs model)

                                  Application Security




                                                                                                                                        Communication Security
                                                                                                                                                                                                      THREATS




                                                                Access Management


                                                                                                      Non-repudiation
                                                                                    Authentication


                                                                                                                        Data Security




                                                                                                                                                                             Availability
                                                                                                                                                                                                        Interruption




                                                                                                                                                                 Integrity


                                                                                                                                                                                            Privacy
                                    Service Security                                                                                                                                                    Interception
VULNERABILITIES
                                                                                                                                                                                                        Modification
                                                                                                                                                                                                        Fabrication

                                    Infrastructure Security                                                                                                                                           ATTACKS



                             End User Plane
                          Control Plane                                                              8 Security Dimensions
                       Management Plane


                                                              * Proposed to the ITU as a standard.
                                                   FG1B Cybersecurity Teams
Network Reliability and Interoperability Council




                                • Fundamentals
                                • Transport
                                • OAM&P (operations, administration,
                                  maintenance and provisioning
                                • AAA (authentication, accounting,
                                  audit)
                                • Services
                                • Personnel
                                • Users
                                • Architecture
                                • Incidents
                                                   Security Framework Mapping
Network Reliability and Interoperability Council




                            Application              Service       Infrastructure
                             Security                Security         Security
                                                      Users
End-
User
Plane                                                                Transport
                                                                                    Apply to all:




                                                        Services
                                                                                    AAA
Control
                                                                                    Fundamentals
Plane                                                                               Architectures

                                                                                    Incidents
Mgmt
                                                      OAM&P
Plane
                                                     Personnel
                                                   FG1B Project Management
Network Reliability and Interoperability Council




         • First consolidation of BPs is in mid October
         • First major edit process in early November
         • Final assembly for FG1B cybersecurity
           prevention deliverable in mid November
         • Deliverable for cybersecurity prevention on
           December 6, 2002
         • Edit process for FG1B restoration in
           January 2003
         • Deliverable for cybersecurity restoration in
           March 2003
                                                   Expectations on Deliverables
Network Reliability and Interoperability Council




         • Cybersecurity technologies are being
           implemented to varying degrees
         • BPs identified will be evaluated for factors
           affecting implementation
         • BPs will recommend “what”, not “how” to
           implement BPs for cybersecurity

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:7
posted:7/27/2012
language:
pages:9