DOCUMENT #: GSC13-GTSC6-12

FOR: Presentation
SOURCE: ATIS
AGENDA ITEM: GTSC; 4.2
CONTACT(S): Art Reilly (arreilly@cisco.com)

ATIS
Cybersecurity

Submission Date:
July 1, 2008
Highlight of Current Activities
(1)
ATIS Packet Technologies and Systems Committee (PTSC)
• Completed:
– UNI and NNI signalling security standards
– NNI testing standard
• Finalized:
– UNI testing Standard
• Require all standards support logging to facilitate creation of
incident reports
• Focus is now on other security related topics that will ensure
robust signalling and communications standards and network
implementations that will provide adequate protection in the
current cyber security environment:
– NGN Authentication
– Security mechanisms
– Certificate Management

2
Highlight of Current Activities (2)
• Focus is on specifying security considerations for Layers 1
through 5 for NNIs on a per service basis
– Generation of templates will:
• Facilitate interconnection negotiations
• Enable adequate security to be provided
• Identify options available
• Facilitate interoperability
ATIS Network Performance, Reliability and Quality of Service
Committee (PRQC)
• Issue A029, Establishment of an ATIS Security Baseline
– Technical Report: Information & Communications Security for NGN
Converged Services IP Networks and Infrastructure
• PRQC-SEC’s major work item completed in 2007
• Developed jointly in Ad-Hoc Group with TMOC and PTSC participants
• TR defines applicability of existing security related standards, best practices,
regulations, and identifies gaps within industry specifications
• 220 pages containing extensive data on communications and information security

3
Strategic Direction
ATIS PTSC is focusing on:
– Creation of a suite of security standards that well facilitate secure
interconnection of:
• transport facilities
• signalling facilities
• services
• ATIS PTSC is not focusing on:
– Security Mechanisms for Messaging Applications
– Tracking
• ATIS is looking to ITU-T SG 17 and other Study Groups to
address the messaging and tracking areas

4
Challenges
• SIP security solutions are tailored to be end to end. Link by link
security solutions do not provide the same level of security.

• SIP/SIPPING/SIMPLE/etc. RFCs have well written security

sections that are not fully implemented in vendor products.

• Security solutions have an impact on delay and performance.

5
Next Steps/Actions
• The PTSC will continue on its current path generating a complete
suite of standards that can be used to facilitate interconnection
negotiations and result in interconnection scenarios that are
secure.

• PRQC will continue to address:

– Standards extending work outlined in the TR
– Impact of Security on QOS Performance in Next Generation
Networks
• Document potential QoS degradations associated with security
mechanisms
• Identify potential security problems associated with QoS mechanisms
– User-Network Interface (UNI) User Plane Security Standard

6
Proposed Resolution
• The text of the current Resolution on cybersecurity, i.e.,
Resolution GSC-12/19: (GTSC) Cybersecurity (Revised), is still
appropriate and no modifications are called for at this time.

7
Supplemental Slides

8
Supplemental Slides
• PTSC Issues may be found at: http://www.atis.org/0191/issues.asp
• PTSC Active Issues which have a security component are:
• Issue # Title
• S0027 IP Device (SIP UA) to Network Interface Standard
• S0033 End to End User Authentication and Signaling Security
• S0046 ATIS NGN Security Requirements
• S0050 VoIP (SIP) UNI Testing Framework
• S0052 UNI Terminal Adapter Requirements
• S0053 UNI Configuration
• S0055 Security Mechanisms
• S0061 Certificate Management
• S0063 ATIS ETS Authentication
• S0065 Enterprise Network Support in NGN