1 / 19

ARECI Study Recommendation 4 & Today’s Event

ARECI Study Recommendation 4 & Today’s Event. Presentation to the WARP Annual Forum The Law Society, London 3 June 2008. Karl Rauscher Bell Labs Fellow Executive Director Bell Labs Network Reliability & Security Office. Agenda. What is the ARECI Study & why is it important ?

Download Presentation

ARECI Study Recommendation 4 & Today’s Event

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ARECI Study Recommendation 4 & Today’s Event Presentation to the WARP Annual ForumThe Law Society, London 3 June 2008 Karl Rauscher Bell Labs Fellow Executive Director Bell Labs Network Reliability & Security Office

  2. Agenda • What is the ARECI Study & why is it important ? • What is Recommendation 4 & why is today’s event so important for it ? 3. Conclusion

  3. EC ARECI Study - Introduction Study on the Availability and Robustness of Electronic Communications Infrastructures Purpose: Provide guidance on how to make Europe’s communications networks more available and more robust

  4. ARECI Study Participants SFR

  5. Network & Payload Experts Workshop 6 October 2006 London, U.K. Hardware & Software Experts Workshop 11 October 2006 Berlin, Germany Policy & Human Experts Workshop 15 November 2006 Brussels, Belgium Environment & Power Experts Workshop 3 October 2006 Rome, Italy Bell Labs uniquely positioned as a neutral facilitator . . . • Roundtable discussions • Individual conversations • Virtual interviews • Four workshops

  6. EC ARECI Study – Executive Summary

  7. 10 ARECI Recommendations * * *

  8. 10 Recommendations • Emergency Preparedness • Priority Communications on Public Networks • Formal Mutual Aid Agreements • Critical Infrastructure Information Sharing • Inter-Infrastructure Dependency • Supply Chain Integrity and Trusted Operation • Unified Voice in European Standards • Interoperability Testing • Vigorous Ownership of Partnering Health • Discretionary European Expert Best Practices 86%of stakeholders agree or strongly agree

  9. Importance The availability and robustness of communications networks are vital to public safety, critical sector function and economic stability. As society increases its dependence on electronic infrastructure, the importance of available and robust networks only increases. Information sharing is a critical aspect of promoting infrastructure availability and robustness – both during normal steady state operation and during crisis response.

  10. ARECI Recommendation 4 • Recommendation 4 • Member States and the Private Sector should establish formal means for • sharing information that can improve the protection and rapid restoration of • infrastructure critical to the reliability of communications within and • throughout Europe.

  11. Recommendation Presentation

  12. ARECI Recommendation 4 Required Commitments To sustain the viability of this Recommendation, Member States and the Private Sector must be committed to defined courses. Specifically, • (a) Private Sector enterprises that own critical communications infrastructure must jointly establish a trusted environment for sharing information to improve the protection and rapid restoration of that infrastructure. • (b) Private Sector service providers, network operators and equipment suppliers must be willing to share threat and outage information within a trusted environment within the industry for the common good. • (c) Government authorities must be willing to share threat and other sensitive information with providers of critical communications infrastructure, and safeguard information related to critical infrastructure provided by industry. • (d) Member State governments must be willing to share information that will improve the protection and rapid restoration of critical infrastructure with other Member States as well as the providers of that infrastructure within those other Member States. t r u s t s h a r e

  13. Architecture Models

  14. ARECI Recommendation 4 • Next Steps • 4-1. The Private Sector and Member State stakeholders should investigate, and where appropriate, join some of the excellent information sharing organisations that already exist, learning their methods and creating an even larger pool of knowledge, mutually benefiting all organisations.* • 4-2. The Private Sector and the Member State stakeholders should convene to establish a trusted environment for information sharing within each Member State, identifying the owners of critical infrastructure, the key stakeholders and the type of information that will be shared, both from industry to government and from government to industry. • 4-3. Member States governments should identify those information sharing models which will best enable the sharing of threat and other sensitive information across Member State boundaries. These models should be implemented, if they do not already exist, and this information should then be shared, as appropriate, with industry partners within those Member States. • *on page 104, footnote 164 in final report points the reader to www.warp.gov.uk

  15. ARECI Recommendation 4 • WARPS are an excellent next step for European stakeholders to take because they are: • 1. An existing model, which has been developing and running since 2003 • 2. They are flexible and adaptable to different communities and sectors • 3. They can provide both a mesh (bi-lateral) and star information sharing architecture, based on the level of trust existing at the time. • 4. They provide a framework for trusted sharing that grows as the needs of the WARP communities grow. • 5. WARPs can share within communities, within sectors, across sectors, within national boundaries and across national boundaries.

  16. Conclusion • Information sharing within and among critical infrastructures is vital to public safety, economic stability, and nation-state security. • The WARP approach is a world-class role model that many can learn from • The WARP model has the flexibility to accommodate the special needs of Europe To learn more about the ARECI study follow up, please visit: www.bell-labs.com/ARECI other web sites: www.bell-labs.com/EUROPE/bestpractices/ www.bell-labs.com/USA/NRICbestpractices/

  17. Background

  18. ARECI Recommendation 4 • Alternative Approaches and Their Consequences • • Industry stakeholders sharing only with selected partners . . . resulting in fragmented sharing and response to attacks, and various providers of critical infrastructure being left uninformed. • • Critical government information kept within government . . . reduces industry’s ability to prepare and respond to attacks. • • Industry threat and outage information shared only within industry . . . leaves government interests under-protected and eliminates potential benefits of government assistance during a crisis. • • Information sharing kept within a Member State . . . weakens the ability of other Members States to prepare and respond, and negatively impacts the reliability and security of all networks connected to those of the uninformed Members States. • • A mandated environment for information sharing not built on mutual trust . . . results in sharing only to the extent of the mandate, potential unintended consequences, and lost opportunity to benefit from a common body of knowledge. • • Establishment of a European Institution level program . . . resulting in loss of Member State control and less effective “star” architecture

  19. ARECI Recommendation 4 Measures of Success The successful implementation of this Recommendation can be gauged by the following measures: Establishment of information sharing forums within Member States: Individual Member States and industry members who operate within those Member States establish a trust-based forum for information sharing. Implementation of an information sharing model across the European Union:Member State governments and industry stakeholders establish a trust-based forum for bi-directional information sharing. New entrants to the communications industry seek membership in the trusted forums:New entrants to the industry, along with organisations that may not normally be considered part of the industry, begin seeking membership in the information sharing forum to avail themselves of its benefits.

More Related