1. Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow Georgia Tech Research Institute Document No: GSC17-GTSC10-07 Source: TIA Contact: Eric Barnhart barnhart@gatech.edu GSC Session: GTSC10 Agenda Item: 4.2

2. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 2 TIA Cybersecurity Background TIA focus on Critical Infrastructure Protection and Homeland Security includes efforts in Network Security TIA TR-51 (Smart Utility Networks) views TR-50 (M2M-Smart Device Communications) as logical group to address security in parallel with deference to ITU-T SG17 (Security) from ITU Focus Group SMART TIA Cybersecurity Working Group released cybersecurity policy recommendations for critical infrastructure and the global supply chain (July, 2012).

3. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 3 Highlight of Current Activities TIA EC TR-50 (M2M-Smart Device Communications) –Focuses on Cybersecurity within context of efforts to contribute requirements, architecture, protocols, etc. related to the topic of Smart Device Communications. –Ensures architectures, protocols, or specifications meet the requirements established in TR-50 regarding security –Architecture, protocols, or specifications should support options that can be exported without restriction from countries for which TIA serves as a regional Standards Development Organization (SDO). –Contributions to oneM2M Document Pool –TIA is founding member of oneM2M

4. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 4 Highlight of Current Activities TIA TR-50 (M2M-Smart Device Communications) Recent Publications:

5. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 5 Highlight of Current Activities TIA Recommendations in July, 2012 White Paper: –Recommendation 1: Efforts to improve cybersecurity should leverage public-private partnerships as an effective tool for collaboration on addressing current and emerging threats. –Recommendation 2: The U.S. government should enable and stimulate greater cyber threat information sharing between the public and private sector. –Recommendation 3: Policymakers and regulators should address economic barriers for owners and operators of critical infrastructure to secure cyberspace. –Recommendation 4: Congress should prioritize federal research funding for ICT and specifically cybersecurity research and development. –Recommendation 5: A global industry necessarily requires a global approach to address cybersecurity concerns. –Recommendation 6: A global supply chain can only be secured through industry-driven adoption of best practices and global standards.

6. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 6 Highlight of Current Activities On February 19, President Obama issued Executive Order 13636 (“Improving Critical Infrastructure Cybersecurity’’), along with a related Presidential Policy Directive (PPD-21, “Critical Infrastructure Security and Resilience”) EO 13636: http://www.whitehouse.gov/the-press- office/2013/02/12/executive-order-improving-critical-infrastructure- cybersecurityhttp://www.whitehouse.gov/the-press- office/2013/02/12/executive-order-improving-critical-infrastructure- cybersecurity PPD-21: http://www.whitehouse.gov/the-press- office/2013/02/12/presidential-policy-directive-critical-infrastructure- security-and-resilhttp://www.whitehouse.gov/the-press- office/2013/02/12/presidential-policy-directive-critical-infrastructure- security-and-resil The Executive Order and PPD-21 require numerous Federal agencies to undertake activities to enhance the effectiveness of its cybersecurity and report to Congress on their progress, including the creation of a voluntary “Cybersecurity Framework” (that integrates existing standards efforts and best practices) by February 2014

7. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 7 Highlight of Current Activities Consistent with views in TIA’s July 2012 Cybersecurity Whitepaper, TIA has submitted public responses to two requests for information to date that will inform the implementation of the Executive Order: Comments to the National Institute of Standards and Technology (NTIA)’s Developing a Framework To Improve Critical Infrastructure Cybersecurity (Docket Number 130208119–3119–01): http://www.tiaonline.org/sites/default/files/pages/TIA_Comments_NIST_Cyb ersecurity_Framework_040813.pdf http://www.tiaonline.org/sites/default/files/pages/TIA_Comments_NIST_Cyb ersecurity_Framework_040813.pdf Comments to the NTIA and National Telecommunications and Information Administration’s Incentives To Adopt Improved Cybersecurity Practices (Docket Number 130206115–3115–01): http://www.tiaonline.org/sites/default/files/pages/TIA-Comments-NIST-NTIA- Cybersecurity-Framework-Incentives-042913.pdf http://www.tiaonline.org/sites/default/files/pages/TIA-Comments-NIST-NTIA- Cybersecurity-Framework-Incentives-042913.pdf TIA will continue to engage the Federal government on cybersecurity as it implements the Executive Order and PPD-21, as well as more generally in the US Congress and Federal agencies.

8. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 8 Highlight of Current Activities TIA Hosting upcoming Workshop on M2M and Cybersecurity in early June in Arlington, Virginia:

9. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 9 Strategic Direction TIA supports cyber security objectives and study items of ITU-T Study Group 17 as captured in Question 4/17- Cybersecurity TIA 2013 Goals and Positions include: –that successful efforts to improve cybersecurity will leverage public-private partnerships to effectively collaborate on addressing current and emerging threats –that the U.S. government should enable and stimulate greater cyber threat information sharing between the public and private sector –that policymakers and regulators should ensure that they address economic barriers for owners and operators of critical infrastructure in efforts to secure cyberspace –that Federal research funding for ICT and specifically cybersecurity research and development should be prioritized –that the global nature of the ICT industry necessarily requires a global approach to address cybersecurity concerns –that a global supply chain can only be secured through an industry-driven adoption of best practices and global standards.

10. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 10 Challenges With M2M Cybersecurity in TR-50 (M2M-Smart Device Communications) as current TIA cybersecurity focal point, extend focus as appropriate to address needs: –TR-30 Multimedia Access, Protocols and Interfaces –TR-41 User Premises Telecommunications Systems –TR-45 Mobile and Personal Communications Systems Standards –TR-47 Terrestrial Mobile Multimedia Multicast –TR-48 Vehicular Telematics –TR-49 eHealthcare ICT –TR-51 Smart Utility Networks

11. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 11 Challenges Embracing user community (including verticals) contiunes to be vital – MSTF and oneM2M interactions are key User needs are particularly important to understand with regard to risks and security demands – examples include energy management and healthcare ICT Export control and harmonization issues demand attention

12. GSC17-GTSC10-07 GSC-17, Jeju / Korea Standards for Shared ICT 12 Next Steps / Actions In TIA Engineering Committee TR-50 M2M-Smart Device Communications: –Continue focus on Data In Transit Multilayer Security Interaction of M2M Service Layer with Underlying Networks –Continue focus on Data At Rest Security Analysis of System Architecture Host M2M & Cybersecurity Workshop on June 4-5 Examine Test Bed needs to investigate and resolve Cybersecurity Issues to complement Standards Activity