1 / 22

Sustainable Broadband Communications: International Perspective – Common Criteria

Joint ITU-GISFI Workshop on “Bridging the Standardization Gap: Workshop on Sustainable Rural Communications” (Bangalore, India, 17-18 December 2012). Sustainable Broadband Communications: International Perspective – Common Criteria. David Martin,

lockridge
Download Presentation

Sustainable Broadband Communications: International Perspective – Common Criteria

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joint ITU-GISFI Workshop on “Bridging the Standardization Gap: Workshop on Sustainable Rural Communications”(Bangalore, India, 17-18 December 2012) Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International Assurance, Common Criteria Scheme Director, CESG, UK, david.martin@cesg.gsi.gov.uk

  2. David Martin Involved in Information Assurance Standards for many years Chair of International Common Criteria Development Board Scheme Director for the UK Common Criteria Scheme (operated by UK government) Representing UK Scheme - reporting on new CC vision statement

  3. Common Criteria - Background • Standards for Assurance of IT Product Security • 26 Nations (more to come) • 16 Nations evaluate/certify products • Also an ISO standard (15408 and 18045) • Run by a Management Committee (with an executive to support) and a Development Board

  4. Common Criteria – The Value • Manufacturers do not have to evaluate products in multiple places. • Evaluation is very expensive in time and money • Good cyber defence (and sustainable telecom) needs many more products evaluated • All nations agree and procure to the common standard • Industry involvement (CCUF)

  5. Common Criteria – New Vision – Rationale -1 • CC usage has been little changed for more than 12 years • A number of nations found that:- • The focus on ‘assurance level (EAL)’ was damaging product security • Not enough products are evaluated - Cyber defence needs many more • Expertise is applied in the wrong place, inconsistently, and without wide peer review.

  6. Common Criteria – New Vision – Rationale -2 • Smartcard Community has developed a very effective way of using CC • Work has taken place to support a similar approach for general IT products • Resulting in the CCMC (management Committee) vision statement – published in September 2012

  7. For more information Common Criteria Portal: www.commoncriteriaportal.org • The vision statement links from the front page • Other links show the products, schemes, operating documents etc. • Also see CCUF at www.ccusersforum.org

  8. Existing Approach

  9. New Approach

  10. Technical Communities

  11. Meeting virtually

  12. Much quicker and more effective

  13. Bespoke design/evaluation

  14. Better to have known standards

  15. Other Important developments Common view on cryptography Security Configuration Automation Strong Linkage to Vulnerability/Weakness reporting Supply Chain working group Consistent Government Procurement (and other major users) – addressing what ‘recognition’ really means

  16. Common support for procurement

  17. Common Criteria – New Vision – Summary • More assurance than a simple ‘EAL approach’ • Uses worldwide expertise, instead of relying on single ‘expert’ • Open, Transparent, Repeatable – as befitting an International Standard • Step change in volume – better for cyberdefence • Lowers procurement costs

  18. What does this mean for Sustainable Broadband Communications? • More assurance (Ignore ‘EAL’ look at what is assured) • More responsive • Lower cost • Wider range and choice of products • Uses worldwide expertise, instead of relying on single ‘expert’ • Open, Transparent, Repeatable – as befitting an International Standard

  19. Further detail • First International Technical Community about to launch – based on USB storage device • Many more to follow next year • Already many TCs exist (mostly US based)

  20. Example TC Areas Networking (NDPP, Firewalls, VPNs, etc) Storage (USB, Hard disks, etc) Applications on Operating systems Mobile telecoms (VOIP, SIP, MDM, etc) Multifunction devices (printers etc.)

  21. Telecoms Applicability • 3gPP discussion – potential development of cPPs • Could extend to system approaches • Key is to have the real technical expertise setting the standards • CCRA maintains the fairness, the reliability/reputation, and the worldwide recognition for vendors

  22. Conclusions and Recommendations

More Related