1. ATIS Cybersecurity DOCUMENT #: GSC13-GTSC6-12 FOR: Presentation
SOURCE:
ATIS
AGENDA ITEM:
GTSC; 4.2
CONTACT(S):
Art Reilly
ATIS Cybersecurity
Submission Date: July 1, 2008

2. Highlight of Current Activities (1)
ATIS Packet Technologies and Systems Committee (PTSC)
Completed:
UNI and NNI signalling security standards
NNI testing standard
Finalized:
UNI testing Standard
Require all standards support logging to facilitate creation of incident reports
Focus is now on other security related topics that will ensure robust signalling and communications standards and network implementations that will provide adequate protection in the current cyber security environment:
NGN Authentication
Security mechanisms
Certificate Management

3. Highlight of Current Activities (2)
Focus is on specifying security considerations for Layers 1 through 5 for NNIs on a per service basis
Generation of templates will:
Facilitate interconnection negotiations
Enable adequate security to be provided
Identify options available
Facilitate interoperability
ATIS Network Performance, Reliability and Quality of Service Committee (PRQC)
Issue A029, Establishment of an ATIS Security Baseline
Technical Report: Information & Communications Security for NGN Converged Services IP Networks and Infrastructure
PRQC-SEC’s major work item completed in 2007
Developed jointly in Ad-Hoc Group with TMOC and PTSC participants
TR defines applicability of existing security related standards, best practices, regulations, and identifies gaps within industry specifications
220 pages containing extensive data on communications and information security

4. Strategic Direction ATIS PTSC is focusing on:
Creation of a suite of security standards that well facilitate secure interconnection of:
transport facilities
signalling facilities
services
ATIS PTSC is not focusing on:
Security Mechanisms for Messaging Applications
Tracking
ATIS is looking to ITU-T SG 17 and other Study Groups to address the messaging and tracking areas

5. Challenges
SIP security solutions are tailored to be end to end. Link by link security solutions do not provide the same level of security.
SIP/SIPPING/SIMPLE/etc. RFCs have well written security sections that are not fully implemented in vendor products.
Security solutions have an impact on delay and performance.

6. Next Steps/Actions
The PTSC will continue on its current path generating a complete suite of standards that can be used to facilitate interconnection negotiations and result in interconnection scenarios that are secure.
PRQC will continue to address:
Standards extending work outlined in the TR
Impact of Security on QOS Performance in Next Generation Networks
Document potential QoS degradations associated with security mechanisms
Identify potential security problems associated with QoS mechanisms
User-Network Interface (UNI) User Plane Security Standard

7. Proposed Resolution
The text of the current Resolution on cybersecurity, i.e., Resolution GSC-12/19: (GTSC) Cybersecurity (Revised), is still appropriate and no modifications are called for at this time.

8. Supplemental Slides

9. Supplemental Slides
PTSC Issues may be found at:
PTSC Active Issues which have a security component are:
Issue # Title
S0027 IP Device (SIP UA) to Network Interface Standard
S0033 End to End User Authentication and Signaling Security
S0046 ATIS NGN Security Requirements
S0050 VoIP (SIP) UNI Testing Framework
S0052 UNI Terminal Adapter Requirements
S0053 UNI Configuration
S0055 Security Mechanisms
S0061 Certificate Management
S0063 ATIS ETS Authentication
S0065 Enterprise Network Support in NGN