Standards and Critical Network Infrastructures

1
Standards and Critical Network Infrastructures
GSC-8
111

• Michael Harrop
• TSACC

2
Outline of Presentation

• Overview of the Paper
• The role of standards in attacks of the
  infrastructure
• The need for standards bodies to play a lead
  role.

3
Overview of the Paper

• Paper sets the context for presentation
• What are Critical Network Infrastructures?
• Attacks on the critical infrastructure why the
  risk to network infrastructures has increased
• Some examples of Canadian critical network
  infrastructures and dependent industries
• Telecommunications, Internet, Electricity
• Finance, Government, Transportation, Healthcare,
  Electronic Commerce

4
Overview of the Paper - 2

• The role of standards in critical infrastructure
  problems
• The ASN.1 example an example of the impact of a
  problem in a standards-based implementation
• The current role of standards bodies in CNI
• A possible future role for standards bodies in
  CNI protection

5
The Importance of Standards

• Hackers have shown themselves to be adept at
  taking advantage of flaws in protocols and
  network implementations.
• It is very important, therefore, that
  implementations be correct and fault free.
• Standardization has a significant role to play in
  minimizing design and implementation errors.

6
The ASN.1 Example

• A problem discovered in 2001 in the widely-used
  Simple Network Management Protocol was believed
  to be associated with the use of ASN.1 in
  defining the protocol
• ASN.1 has been used to code many other (possibly
  even most) network protocols at all layers
  therefore the problem could be widespread
• Potentially, the type of protocol error
  identified allows an attacker to bring down a
  network without knowing much about it
• The cost of reparations could be greater than the
  cost of Y2K fixes (C W had to change
  2154 routers and 2100 firewalls in Feb. 2002)

7
The ASN.1 Example-2

• Implementers and Standards groups have had
  difficulty agreeing on responsibility for the
  problem but the ASN.1 example provides us with
  some important lessons
• Regardless of whether such problems are with the
  standard or with the way the standard is used,
  the problems are serious and threaten the network
  infrastructure. Such problems demand a rapid and
  coordinated response. They need be fixed quickly.
• Standards bodies need to take a lead in ensuring
  a fast and coordinated response to such problems,
  regardless of the cause.

8
Possible role for Standards Bodies in protecting
the network infrastructure
9
Summary

• Problems associated with the implementation of
  standards can have wide implications and can
  threaten the critical network infrastructure
• Such problems need to be addressed quickly in a
  coordinated way
• Standards bodies should take the lead in
  addressing problems with infrastructure
  implications and collaborate with bodies working
  to protect the critical network infrastructure.