ATIS Cybersecurity

1
ATIS Cybersecurity
DOCUMENT GSC13-GTSC6-12
FOR Presentation
SOURCE ATIS
AGENDA ITEM GTSC 4.2
CONTACT(S) Art Reilly (arreilly_at_cisco.com)
Submission DateJuly 1, 2008
2
Highlight of Current Activities (1)

• ATIS Packet Technologies and Systems Committee
  (PTSC)
• Completed
• UNI and NNI signalling security standards
• NNI testing standard
• Finalized
• UNI testing Standard
• Require all standards support logging to
  facilitate creation of incident reports
• Focus is now on other security related topics
  that will ensure robust signalling and
  communications standards and network
  implementations that will provide adequate
  protection in the current cyber security
  environment
• NGN Authentication
• Security mechanisms
• Certificate Management

3
Highlight of Current Activities (2)

• Focus is on specifying security considerations
  for Layers 1 through 5 for NNIs on a per service
  basis
• Generation of templates will
• Facilitate interconnection negotiations
• Enable adequate security to be provided
• Identify options available
• Facilitate interoperability
• ATIS Network Performance, Reliability and
  Quality of Service Committee (PRQC)
• Issue A029, Establishment of an ATIS Security
  Baseline
• Technical Report Information Communications
  Security for NGN Converged Services IP Networks
  and Infrastructure
• PRQC-SECs major work item completed in 2007
• Developed jointly in Ad-Hoc Group with TMOC and
  PTSC participants
• TR defines applicability of existing security
  related standards, best practices, regulations,
  and identifies gaps within industry
  specifications
• 220 pages containing extensive data on
  communications and information security

4
Strategic Direction

• ATIS PTSC is focusing on
• Creation of a suite of security standards that
  well facilitate secure interconnection of
• transport facilities
• signalling facilities
• services
• ATIS PTSC is not focusing on
• Security Mechanisms for Messaging Applications
• Tracking
• ATIS is looking to ITU-T SG 17 and other Study
  Groups to address the messaging and tracking areas

5
Challenges

• SIP security solutions are tailored to be end to
  end. Link by link security solutions do not
  provide the same level of security.
• SIP/SIPPING/SIMPLE/etc. RFCs have well written
  security sections that are not fully implemented
  in vendor products.
• Security solutions have an impact on delay and
  performance.

6
Next Steps/Actions

• The PTSC will continue on its current path
  generating a complete suite of standards that can
  be used to facilitate interconnection
  negotiations and result in interconnection
  scenarios that are secure.
• PRQC will continue to address
• Standards extending work outlined in the TR
• Impact of Security on QOS Performance in Next
  Generation Networks
• Document potential QoS degradations associated
  with security mechanisms
• Identify potential security problems associated
  with QoS mechanisms
• User-Network Interface (UNI) User Plane Security
  Standard

7
Proposed Resolution

• The text of the current Resolution on
  cybersecurity, i.e., Resolution GSC-12/19
  (GTSC) Cybersecurity (Revised), is still
  appropriate and no modifications are called for
  at this time.

8
Supplemental Slides
9
Supplemental Slides

• PTSC Issues may be found at http//www.atis.org/0
  191/issues.asp
• PTSC Active Issues which have a security
  component are
• Issue Title
• S0027 IP Device (SIP UA) to Network Interface
  Standard
• S0033 End to End User Authentication and
  Signaling Security
• S0046 ATIS NGN Security Requirements
• S0050 VoIP (SIP) UNI Testing Framework
• S0052 UNI Terminal Adapter Requirements
• S0053 UNI Configuration
• S0055 Security Mechanisms
• S0061 Certificate Management
• S0063 ATIS ETS Authentication
• S0065 Enterprise Network Support in NGN