ATIS Cybersecurity

1. ATIS Cybersecurity Submission Date:July 1, 2008

2. Highlight of Current Activities (1) ATIS Packet Technologies and Systems Committee (PTSC) • Completed: • UNI and NNI signalling security standards • NNI testing standard • Finalized: • UNI testing Standard • Require all standards support logging to facilitate creation of incident reports • Focus is now on other security related topics that will ensure robust signalling and communications standards and network implementations that will provide adequate protection in the current cyber security environment: • NGN Authentication • Security mechanisms • Certificate Management

3. Highlight of Current Activities (2) • Focus is on specifying security considerations for Layers 1 through 5 for NNIs on a per service basis • Generation of templates will: • Facilitate interconnection negotiations • Enable adequate security to be provided • Identify options available • Facilitate interoperability ATIS Network Performance, Reliability and Quality of Service Committee (PRQC) • Issue A029, Establishment of an ATIS Security Baseline • Technical Report: Information & Communications Security for NGN Converged Services IP Networks and Infrastructure • PRQC-SEC’s major work item completed in 2007 • Developed jointly in Ad-Hoc Group with TMOC and PTSC participants • TR defines applicability of existing security related standards, best practices, regulations, and identifies gaps within industry specifications • 220 pages containing extensive data on communications and information security

4. Strategic Direction ATIS PTSC is focusing on: • Creation of a suite of security standards that well facilitate secure interconnection of: • transport facilities • signalling facilities • services • ATIS PTSC is not focusing on: • Security Mechanisms for Messaging Applications • Tracking • ATIS is looking to ITU-T SG 17 and other Study Groups to address the messaging and tracking areas

5. Challenges • SIP security solutions are tailored to be end to end. Link by link security solutions do not provide the same level of security. • SIP/SIPPING/SIMPLE/etc. RFCs have well written security sections that are not fully implemented in vendor products. • Security solutions have an impact on delay and performance.

6. Next Steps/Actions • The PTSC will continue on its current path generating a complete suite of standards that can be used to facilitate interconnection negotiations and result in interconnection scenarios that are secure. • PRQC will continue to address: • Standards extending work outlined in the TR • Impact of Security on QOS Performance in Next Generation Networks • Document potential QoS degradations associated with security mechanisms • Identify potential security problems associated with QoS mechanisms • User-Network Interface (UNI) User Plane Security Standard

7. Proposed Resolution • The text of the current Resolution on cybersecurity, i.e., Resolution GSC-12/19: (GTSC) Cybersecurity (Revised), is still appropriate and no modifications are called for at this time.

8. Supplemental Slides

9. Supplemental Slides • PTSC Issues may be found at: http://www.atis.org/0191/issues.asp • PTSC Active Issues which have a security component are: • Issue # Title • S0027 IP Device (SIP UA) to Network Interface Standard • S0033 End to End User Authentication and Signaling Security • S0046 ATIS NGN Security Requirements • S0050 VoIP (SIP) UNI Testing Framework • S0052 UNI Terminal Adapter Requirements • S0053 UNI Configuration • S0055 Security Mechanisms • S0061 Certificate Management • S0063 ATIS ETS Authentication • S0065 Enterprise Network Support in NGN