Standards and Critical Network Infrastructures

1. Standards and Critical Network Infrastructures GSC-8 111 Michael Harrop TSACC

2. Outline of Presentation • Overview of the Paper • The role of standards in attacks of the infrastructure • The need for standards bodies to play a lead role. M. Harrop GSC-8, OTTAWA

3. Overview of the Paper • Paper sets the context for presentation • What are Critical Network Infrastructures? • Attacks on the critical infrastructure & why the risk to network infrastructures has increased • Some examples of Canadian critical network infrastructures and dependent industries • Telecommunications, Internet, Electricity • Finance, Government, Transportation, Healthcare, Electronic Commerce M. Harrop GSC-8, OTTAWA

4. Overview of the Paper - 2 • The role of standards in critical infrastructure problems • The ASN.1 example – an example of the impact of a problem in a standards-based implementation • The current role of standards bodies in CNI • A possible future role for standards bodies in CNI protection M. Harrop GSC-8, OTTAWA

5. The Importance of Standards • Hackers have shown themselves to be adept at taking advantage of flaws in protocols and network implementations. • It is very important, therefore, that implementations be “correct” and fault free. • Standardization has a significant role to play in minimizing design and implementation errors. M. Harrop GSC-8, OTTAWA

6. The ASN.1 Example • A problem discovered in 2001 in the widely-used Simple Network Management Protocol was believed to be associated with the use of ASN.1 in defining the protocol • ASN.1 has been used to code many other (possibly even most) network protocols at all layers therefore the problem could be widespread • Potentially, the type of protocol error identified allows an attacker to bring down a network without knowing much about it • The cost of reparations could be greater than the cost of Y2K fixes (C & W had to change 2154 routers and 2100 firewalls in Feb. 2002) M. Harrop GSC-8, OTTAWA

7. The ASN.1 Example-2 • Implementers and Standards groups have had difficulty agreeing on responsibility for the problem but the ASN.1 example provides us with some important lessons • Regardless of whether such problems are with the standard or with the way the standard is used, the problems are serious and threaten the network infrastructure. Such problems demand a rapid and coordinated response. They need be fixed quickly. • Standards bodies need to take a lead in ensuring a fast and coordinated response to such problems, regardless of the cause. M. Harrop GSC-8, OTTAWA

8. Possible role for Standards Bodies in protecting the network infrastructure M. Harrop GSC-8, OTTAWA

9. Summary • Problems associated with the implementation of standards can have wide implications and can threaten the critical network infrastructure • Such problems need to be addressed quickly in a coordinated way • Standards bodies should take the lead in addressingproblems with infrastructure implications and collaborate with bodies working to protect the critical network infrastructure. M. Harrop GSC-8, OTTAWA