Emerging Global Ecosystem for Infrastructure Protection and ...


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Emerging Global Ecosystem for Infrastructure Protection and ...

  1. 1. An Emerging Global Ecosystem for Infrastructure Protection and Network Forensics Anthony M Rutkowski VP for Regulatory Affairs and Standards, VeriSign mailto:trutkowski@verisign.com Visiting Prof., Georgia Tech Nunn School President, Global LI Industry Association Fostering International Collaboration in Information Security Research Symposium #727 AAAS, St. Louis, USA 16-17 Jan 2006 V1.0
  2. 2. Outline <ul><li>The emerging global ecosystem </li></ul><ul><ul><li>Paradigm shifts and what they produce </li></ul></ul><ul><ul><li>Public infrastructures and what we expect of them </li></ul></ul><ul><ul><li>Next Generation Network public infrastructures </li></ul></ul><ul><ul><li>Ecosystem forums and major developments </li></ul></ul><ul><ul><li>Network forensics and why they are necessary </li></ul></ul><ul><li>Fostering collaboration on needed capabilities </li></ul><ul><ul><li>Nudging </li></ul></ul><ul><ul><li>Just do it </li></ul></ul>
  3. 3. Paradigm Shifts <ul><li>Fundamental points of inflection </li></ul><ul><ul><li>Digital networks </li></ul></ul><ul><ul><li>Morris Worm of 1988 </li></ul></ul><ul><ul><li>Intelligent Network failure of 1991 </li></ul></ul><ul><ul><li>Nomadicity (wireless, IP, smart objects) </li></ul></ul><ul><ul><li>Rapidly scaling SPAM, cybercrime and cyberterrorism </li></ul></ul><ul><ul><li>9/11 </li></ul></ul><ul><ul><li>Katrina, Rita, … </li></ul></ul><ul><li>Produce significant changes to infrastructures and their ecosystems </li></ul><ul><li>Drive changes to policies and practices </li></ul>
  4. 4. Public infrastructures – definition and treatment <ul><li>Capabilities “generally available to the public” </li></ul><ul><li>Characteristics and expectations </li></ul><ul><ul><li>Substantial availability, especially during and after emergencies </li></ul></ul><ul><ul><li>Protection for users </li></ul></ul><ul><ul><li>Quid pro quos established in law, regulations, and standards </li></ul></ul>
  5. 5. Typical public network infrastructure requirements <ul><li>Availability, Security and Protection </li></ul><ul><ul><li>High availability </li></ul></ul><ul><ul><ul><li>analysis network metrics and outages </li></ul></ul></ul><ul><ul><li>Network attack mitigation </li></ul></ul><ul><ul><li>Priority access and notices during emergencies </li></ul></ul><ul><ul><li>Restoration </li></ul></ul><ul><ul><li>Personal emergency services </li></ul></ul><ul><ul><li>Prevent unwanted intrusions </li></ul></ul><ul><ul><ul><li>Filters (DoNotCAll) </li></ul></ul></ul><ul><ul><ul><li>Aids (CallerID) </li></ul></ul></ul><ul><ul><li>Nomadicity </li></ul></ul><ul><ul><ul><li>Number portability </li></ul></ul></ul><ul><ul><ul><li>Roaming </li></ul></ul></ul><ul><ul><ul><li>Payment method flexibility </li></ul></ul></ul><ul><ul><li>Cybercrime mitigation </li></ul></ul><ul><ul><ul><li>Forensics capability </li></ul></ul></ul><ul><ul><ul><li>Law enforcement/national security assistance </li></ul></ul></ul><ul><ul><ul><li>Fraud detection and management </li></ul></ul></ul><ul><ul><ul><li>Prevent cyberstalking </li></ul></ul></ul><ul><ul><ul><li>Digital rights management </li></ul></ul></ul><ul><li>Competition Requirements </li></ul><ul><ul><li>Unbundling </li></ul></ul><ul><ul><li>Service interoperability </li></ul></ul><ul><ul><li>User/subscriber access by service providers </li></ul></ul><ul><ul><li>Default service and routing options </li></ul></ul><ul><li>Operations Requirements </li></ul><ul><ul><li>Directory access among providers </li></ul></ul><ul><ul><li>Intercarrier compensation </li></ul></ul><ul><ul><li>Transaction accounting </li></ul></ul><ul><li>Innovation and Business Opportunities </li></ul><ul><ul><li>Infrastructure protection and security products </li></ul></ul><ul><ul><li>Signalling and authentication products </li></ul></ul><ul><li>Other Consumer Requirements </li></ul><ul><ul><li>Disability assistance </li></ul></ul><ul><ul><li>Universal Service </li></ul></ul>Significant synergies between these groups
  6. 6. <ul><li>Government mandates </li></ul><ul><ul><li>Government specifications </li></ul></ul><ul><ul><li>Government capability requirements followed by industry collective (standards) or individual actions </li></ul></ul><ul><ul><ul><li>Model is CALEA and E911: legislative authority; FCC framework; industry or “home-brew” implementations with fail-safe recourse; certification and enforcement process </li></ul></ul></ul><ul><li>Enforcement </li></ul><ul><ul><li>Self-certification </li></ul></ul><ul><ul><li>Proof of performance </li></ul></ul><ul><ul><li>Periodic tests </li></ul></ul>Implementing public infrastructure requirements
  7. 7. Next Generation Network Public Infrastructures Nationwide and Worldwide Public Networks Open IP-enabled For Communications, Commerce and Content For Always-On, Nomadic People and Objects Working assumption for scope and definition
  8. 8. NGN – Long-Term Network Convergence Perspective 1990 1980 1970 Public Switched Telecommunication Network (PSTN) Intelligent Network Internet (IN) Open Systems Interconnection Internet (OSI) Commercial Mobile Radio Systems 2000 NGNs IP Internet (IP) private quasi-public Was never designed as public infrastructure
  9. 9. NGN Architecture Intelligent Infrastructure for IP-enabled NGNs is much more critical than for legacy networks – especially for protection and security
  10. 10. Emergence of an ecosystem <ul><li>Collective behavior </li></ul><ul><ul><li>Forums </li></ul></ul><ul><ul><li>Common activities </li></ul></ul><ul><ul><li>Marketplace </li></ul></ul>Nationwide and Worldwide Public Networks Open IP-enabled For Communications, Commerce and Content For Always-On, Nomadic People and Objects Directed at protection and security for this infrastructure
  11. 11. Next Generation Network Standards Forums ITU-T IETF ATIS ETSI NGN Framework NGN OSS 3GPP NGN Focus Group STF NGN GSC SG17 GSC9 WAE FG MWS FG VoIP FG TISPAN WG8 WG1 WTSC PTSC OPTXS TMOC CableLabs W3C OASIS SA5 DSL Forum ECMA [email_address] Parlay JWG PAM CCUI CBC PM Applications LI AT-D WG7 WG3 WG4 WG5 WG6 WG2 Global NGN Framework WTSA SG11 SG02 SG19 SG04 NGNMFG SG09 SG13 3GPP2 TSG-C TSG-S TSG-A TSG-X SG03 TIA TR-41 TR-8.8 3GPP2 OP TR-45.2 TR-45.6 TR-34.1.7 CPWG MESA SG15 TeleManagementForum SA2 OBF IPDR EPCglobal OSS/J DMTF OMA NGN Focus Group General Internet O&M Routing Security Transport PGC SA1 SA4 GSC10 SG16 INC TR-45 SA3 NIIF EIDQ
  12. 12. Ecosystem standards activities <ul><li>Pragmatically meeting real needs today </li></ul><ul><ul><li>IP-enabled public product standards </li></ul></ul><ul><ul><li>Global interoperability and markets </li></ul></ul><ul><ul><li>Secure, stable infrastructure </li></ul></ul><ul><ul><li>Compatibility with existing network infrastructures </li></ul></ul><ul><ul><li>Common regulatory requirements </li></ul></ul><ul><li>Engaging all relevant standards bodies </li></ul><ul><ul><li>Identifying existing useable standards </li></ul></ul><ul><ul><li>New standards and administrative practices adopted only as necessary </li></ul></ul><ul><li>Focused on “open” unbundled service modules and capability sets </li></ul><ul><ul><li>Staged in multiple “releases” over time </li></ul></ul><ul><li>Standards participants primarily other industry players – worldwide, regionally, and nationally </li></ul><ul><li>Significant consensus focus (but no agreement on specifics) </li></ul><ul><ul><li>Infrastructure protection </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Directories </li></ul></ul><ul><ul><li>Resource access controls </li></ul></ul>
  13. 13. Unification of communities and requirements <ul><li>Legal </li></ul><ul><ul><li>FCC rules under both CALEA and Title I authority </li></ul></ul><ul><ul><li>ITU and Cybercrime Treaties form basis of international cooperation </li></ul></ul><ul><li>Institutional </li></ul><ul><ul><li>FCC Homeland Security Bureau formed </li></ul></ul><ul><ul><li>EC Joint IS – JHA joint staff group formed </li></ul></ul><ul><ul><li>New DHS policy chief appointed </li></ul></ul><ul><ul><li>New NSC Cybersecurity Director appointed </li></ul></ul><ul><ul><li>DOD cyberwarfare command scales work </li></ul></ul>Justice Infrastructure Protection HomelandSecurity Cyberwar Telecom Regulatory
  14. 14. NGN Policy-Legal-Regulatory Ecosystem Forums ITU Convention Int’l Telecom Regs APEC-TEL Commission of the European Community USA FCC [WCIT] PP2006 eSec TG NSTAC Canada Australia Infso Parliament ACA NANC Industry Canada Many Others Cybercrime Convention Signatories & Justice Ministers CITEL DOS Other multilateral and bilateral agreements DOJ DOC DHS PSECP WGSC WGANTS PCC.I NGN WG NGN reg i2010 JHA Germany RegTP France Netherlands UK Home Office Parliament CIOT EZ OFCOM Justice ART Justice BfV
  15. 15. Ecosystem legal-regulatory activity <ul><li>Pragmatically meeting real needs today </li></ul><ul><ul><li>National public infrastructures have special properties – the public and the nation depend on these infrastructures </li></ul></ul><ul><ul><li>Responsibility for national public infrastructure rests with designated governmental authorities and coordinated through intergovernmental treaties </li></ul></ul><ul><ul><li>Shift from common carrier models to capability requirements on public infrastructures </li></ul></ul><ul><ul><li>Interest in service innovation and marketplace competition </li></ul></ul><ul><li>Tripartite ensemble emerging almost everywhere </li></ul><ul><ul><li>Telecom regulators and consumer protection agencies (infrastructure capabilities) </li></ul></ul><ul><ul><li>Homeland security and national security agencies (real-time analysis and response) </li></ul></ul><ul><ul><li>Justice agencies (analysis and enforcement) </li></ul></ul><ul><li>Pervasive vulnerabilities not well understood </li></ul><ul><ul><li>Rapid introduction of new technologies, especially platforms not designed for public infrastructure use </li></ul></ul><ul><ul><li>Open complex public communication network infrastructures </li></ul></ul><ul><ul><li>Nomadic users and providers </li></ul></ul><ul><ul><li>Uncontrolled access devices and capabilities </li></ul></ul><ul><ul><li>Growing appreciation of cybercrime and potential terrorism actions </li></ul></ul><ul><ul><li>Lack of real-time response mechanisms made apparent with Tsunami + Katrina-Rita </li></ul></ul>
  16. 16. NGN Security and Infrastructure Protection Capabilities <ul><li>PSTN/ISDN Emulation services </li></ul><ul><li>PSTN/ISDN Simulation services </li></ul><ul><li>Internet access </li></ul><ul><li>Other services </li></ul><ul><li>Media resource management </li></ul><ul><li>QoS-based Resource and Traffic Management </li></ul><ul><li>QoS service level support </li></ul><ul><li>Classes and Priority Management </li></ul><ul><li>Processing/traffic overload management </li></ul><ul><li>Accounting, Charging and Billing </li></ul><ul><li>Identification </li></ul><ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Security and Privacy </li></ul><ul><li>Mobility management (personal and terminal) </li></ul><ul><li>Critical Infrastructure Protection </li></ul><ul><li>Inter-provider and universal service compensation </li></ul><ul><li>Service unbundling </li></ul><ul><li>Exchange of user information among providers </li></ul><ul><li>Services Coordination </li></ul><ul><li>Application Service Interworking </li></ul><ul><li>Service discovery </li></ul><ul><li>Service Registration </li></ul><ul><li>Profile Management </li></ul><ul><li>User Profile </li></ul><ul><li>Device Profile </li></ul><ul><li>Policy Management </li></ul><ul><li>Personal information support </li></ul><ul><li>Group management </li></ul><ul><li>Personal information support/management </li></ul><ul><li>Presence </li></ul><ul><li>Location management </li></ul><ul><li>Push-based support </li></ul><ul><li>Device management </li></ul><ul><li>Session handling </li></ul><ul><li>Digital Rights Management </li></ul><ul><li>Fraud Detection and Management </li></ul><ul><li>Number portability </li></ul><ul><li>Users with disabilities </li></ul><ul><li>Lawful interception </li></ul><ul><li>Malicious user identification </li></ul><ul><li>Emergency communications </li></ul><ul><li>Presentation of identities </li></ul><ul><li>Network/Service provider selection </li></ul>
  17. 17. The network forensics Rosetta Stone Identity Stored Traffic Analysis Provider Subscriber Network Identifiers Content Data <ul><li>Necessary for </li></ul><ul><li>Law Enforcement </li></ul><ul><li>Homeland Security </li></ul><ul><li>Infrastructure Protection </li></ul><ul><li>Network Management </li></ul>Real-Time Traffic Content Data Additionally necessary for a broad array of operational, public interest and commercial needs
  18. 18. Public network forensic components <ul><li>Identity </li></ul><ul><ul><li>Ability to authoritatively identify the service provider, obtain contact information and get to authoritative user/subscriber/object directories and network identifier bindings </li></ul></ul><ul><ul><li>Key requirements established by law and regulation; and may be maintained in part by government agencies </li></ul></ul><ul><li>Stored Traffic </li></ul><ul><ul><li>Any information generated by network processes that is relevant to a user/subscriber/object communication and has significant latency (i.e., is not real-time) </li></ul></ul><ul><ul><li>Requirements and access controlled by law and regulation, and may include ad hoc requests (e.g., subpoena), preservation orders, and general data retention </li></ul></ul><ul><li>Real-time Traffic </li></ul><ul><ul><li>Any information generated by network processes that is obtained in real-time </li></ul></ul><ul><ul><li>Requirements and access controlled by law and regulation (lawful interception capabilities and execution of orders) </li></ul></ul><ul><li>Analysis </li></ul><ul><ul><li>Network Operations, Administration, and Maintenance </li></ul></ul><ul><ul><li>Fraud detection and prevention </li></ul></ul><ul><ul><li>Infrastructure protection </li></ul></ul><ul><ul><li>Law enforcement, public safety, and national security needs </li></ul></ul>
  19. 19. EU Data Retention Directive effect on network forensics <ul><li>Harmonizes data retention and access across Europe </li></ul><ul><li>Applies to </li></ul><ul><ul><li>Fixed network telephony </li></ul></ul><ul><ul><li>Mobile telephony </li></ul></ul><ul><ul><li>Internet access, messaging and telephony </li></ul></ul><ul><li>Provides data necessary to </li></ul><ul><ul><li>trace and identify the source of a communication </li></ul></ul><ul><ul><li>trace and identify the destination of a communication </li></ul></ul><ul><ul><li>identify the date, time and duration of a communication </li></ul></ul><ul><ul><li>identify the type of communication </li></ul></ul><ul><ul><li>identify the communication device or purported device </li></ul></ul><ul><ul><li>identify the location of mobile communication equipment </li></ul></ul><ul><li>Does not include content </li></ul><ul><li>Includes privacy enhancement features </li></ul><ul><li>Adopted by European Parliament on 14 Dec 2005 </li></ul><ul><li>Likely to be the subject of considerable implementation collaboration activities in 2006-2007 </li></ul>Identity Stored Traffic Provider Subscriber Network Identifiers Content Data
  20. 20. Specific network forensic “enablers” needed now <ul><li>Provider information </li></ul><ul><ul><li>All providers of services on Next Generation public communication infrastructures must be </li></ul></ul><ul><ul><ul><li>Registered with appropriate authority </li></ul></ul></ul><ul><ul><ul><li>Authenticated </li></ul></ul></ul><ul><ul><ul><li>Provided a unique global identifier which is automatically “resolvable” into provider identity information, subscriber directory URI, and used in all network communications </li></ul></ul></ul><ul><li>User/subscriber information </li></ul><ul><ul><li>All users or subscribers of public communication services and the “bindings” with their communication identifiers must be </li></ul></ul><ul><ul><ul><li>Capable of common global discovery </li></ul></ul></ul><ul><ul><ul><li>Automatically “resolvable” through the provider into trusted contact and reference information using a common global directory standard (E.115v2) </li></ul></ul></ul><ul><li>Ability to exchange and analyze information related to protection and security </li></ul><ul><ul><li>Common global protocols and arrangements for rapidly discovering and exchanging forensic data for protection and security </li></ul></ul>
  21. 21. Collaboration <ul><li>Nudging </li></ul><ul><ul><li>Analyzing </li></ul></ul><ul><ul><li>Evangelizing </li></ul></ul><ul><ul><li>Breaking down stovepipes </li></ul></ul><ul><ul><li>Filing </li></ul></ul><ul><ul><ul><li>Statutory and regulatory proceedings </li></ul></ul></ul><ul><ul><ul><li>Standards activities </li></ul></ul></ul><ul><li>Just do it </li></ul><ul><ul><li>Forums </li></ul></ul><ul><ul><li>Specifications </li></ul></ul><ul><ul><li>Products and services </li></ul></ul>