ATIS Cybersecurity Standards

1. ATIS CybersecurityStandards Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco

2. Highlight of Current Activities • ATIS recently developed end-to-end network topology and security zones to be used as foundation for comprehensively addressing cyber-related design and implementation vulnerabilities in devices, networks and computing infrastructures. The work identifies the following security zones: • Untrusted zones, which includes terminal equipment border elements such as residential gateways, modems, managed routers, HeNB, etc.; • Trusted but vulnerable zones, which includes network border elements such as base station routers and session border controllers; and • Trusted zones, which includes both carrier network ingress points, such as cell tower receivers, DSLAMs, etc. and carrier network, end office, hub or aggregation facilities.

3. Highlight of Current Activities • End-to-End Network Topology and Security Zones: • Provides an E2E network topology for service delivery; • Security zones to be overlaid according to multiple network designs; • Will provide security requirements for specific functions within each scenario; • Foundation for further development in validating network hardware, trust and identity architectures, mobile device management, etc.; and • Applicable to M2M, cloud and inter-service provider integrated solutions, among others.

4. Highlight of Current Activities Numerous U.S. initiatives related to cybersecurity: • Presidential • Executive Order – Improving Critical Infrastructure Cybersecurity • Focuses on information sharing, standards and privacy protections. • Presidential Policy Directive 21 (PPD-21) • Overall strategy for integrating government functions for critical infrastructure • Legislation • Cybersecurity Information Sharing Protection Act (CISPA) • National Institute of Standards & Technology (NIST) • Based upon the Executive Order, NIST will work with industry to develop a framework, consisting of standards, guidelines, and best practices to promote the protection of information and information systems supporting critical infrastructure operations • Federal Communications Commission (FCC) • Communications Security, Reliability and Interoperability Council (C • Technology Advisory Council

5. Highlight of Current Activities • The Cybersecurity Subcommittee of ATIS’ Packet Technologies and Systems Committee (PTSC) will: • Develop implementable security standards relevant to packet-based telecommunications networks taking into consideration factors such as multi-service aspects (e.g., mobile, cloud, transport, services network), emerging technology, network evolution, and the multi-provider ecosystem. • Address the impact of new government regulations and address requests by government agencies (see previous slide).

6. Strategic Direction • Ensure consistent and comprehensive cybersecurity designs across multiple network technologies. • ATIS continues to develop a suite of security authentication and IdM standards that will facilitate secure interconnection of: • transport facilities • signalling facilities • services and applications • Cloud computing may pose significant cybersecurityissues that will need to be addressed, and ATIS committees will continue to collaborate (e.g., PTSC, CSF, etc.) on such matters.

7. Challenges Cyberecurity solutions have an impact on delay and performance. Prioritizing the numerous government activities related to cybersecurity (e.g., White House Executive Order, NIST Request for Information, FCC, etc.). Sensitivity to discussing cybersecurity sensitivities, network attacks, etc., by companies in an open environment.

8. Next Steps/Actions ATIS will continue on its current path of generating a complete suite of standards that can be used to facilitate interconnection negotiations and result in interconnection scenarios that are secure. ATIS will continue to collaborate with and provide input into the ITU-T on global solutions for cybersecurity- and IdM-related matters. ATIS will host a Cybersecurity Governance, Communication and Cooperation Workshop on June 18-19 in Washington, DC.

9. Proposed Resolution • ATIS supports the reaffirmation of the existing Cybersecurity Resolution contained in: • Resolution GSC-16/11 – Cybersecurity

10. Supplemental Slides

11. ATIS PTSC Cybersecurity Subcommittee • The PTSC Cybersecurity Subcommittee will lead and coordinate with other ATIS committees where appropriate on the following tasks: • Develop implementable security standards relevant to packet-based telecommunications networks taking into consideration factors such as multi-service aspects (e.g., mobile, cloud, transport, services network), emerging technology, network evolution, and the multi-provider ecosystem. • Maintain and further develop the cybersecurity reference architecture developed by the ATIS Cybersecurity Focus Group. • Address the impact of government regulations and address requests by government agencies (e.g., White House Executive Order, NIST, and FCC Cybersecurity, etc.). • Assess new cybersecurity issues that arise. • Maintain liaisons with appropriate ATIS committees, as well as with standards-setting bodies external to ATIS and adopt other SDO standards as appropriate. • Review and prepare contributions related to cybersecurity for submission to the ITU-T and ITU-R Study Groups or other standards organizations and fora. • Review the positions of other SDOs, agencies or administrations in related standards development and take or recommend appropriate actions.