Cyber Security in Europe Priorities, Standards and Cooperation - - PowerPoint PPT Presentation

cyber security in europe
SMART_READER_LITE
LIVE PREVIEW

Cyber Security in Europe Priorities, Standards and Cooperation - - PowerPoint PPT Presentation

Sep 04, 2022 14 likes •395 views

Cyber Security in Europe Priorities, Standards and Cooperation Opportunities Alessandro Guarino ETSI TC CYBER StudioAG EU-SEA Workshop - Hanoi 2/12/2015 Hanoi National University 1 / 38 Introduction Who am I ? Day job: Information

slide-1
SLIDE 1

1 / 38

Cyber Security in Europe

Priorities, Standards and Cooperation Opportunities

Alessandro Guarino ETSI TC CYBER – StudioAG

EU-SEA Workshop - Hanoi 2/12/2015 Hanoi National University

slide-2
SLIDE 2

2 / 38

Introduction

  • Who am I ?
  • Day job: Information Security consultant and adviser

– StudioAG www.studioag.eu

  • Standardisation activity

– ISO SC 27 – ETSI Technical Commitee “CYBER” – Cyber Security Coordination Group

  • Independent researcher and speaker

– CyCon 2013, ISSE 13-15

slide-3
SLIDE 3

3 / 38

Introduction

  • Priorities – the 2013 EU Cyber Security Strategy

– Achieving cyber resilience (NIS) – (Drastically) reducing cybercrime – Developing cyberdefence policy and capabilities related to

the Common Security and Defence Policy

– Develop industrial and technological resources for

cybersecurity

– Establish a coherent international cyberspace policy for the

EU, promote EU values

  • Critical Infrastructure Protection
slide-4
SLIDE 4

4 / 38

Europe Cybersecurity Ecosystem

slide-5
SLIDE 5

5 / 38

Introduction

  • Horizon 2020 – The EU research program

– Just published the 16-17 work programme – Periodic “Calls” open to consortia (European

and Extra-EU)

– Specific “Digital Security” area (beside direct

calls for cooperation)

  • Standardisation work

– ESOs: CEN/CENELC and ETSI – Similarities and differences – Cyber Security Coordination Group

slide-6
SLIDE 6

6 / 38

CSCG

  • Advisory Body of the three ESOs

(CEN/CENELEC/ETSI)

  • Composed of ESO members and EU institutions

– ENISA, JRC, DG GROWTH, DG CNECT

  • White Paper Feb 2014: 9 main Recommendations for a

Strategy on European Cyber Security Standardization

http://www.din.de/de/din-und-seine-partner/din-e- v/organisation/koordinierungsstellen/kits/cscg/cscg-white-paper- published-61526

slide-7
SLIDE 7

7 / 38

CSCG White Paper Areas

  • GOVERNANCE

– Coordination, scope, trust

  • HARMONISATION

– PKI/cryptography, requirements/evaluation, EU security

label, interface with research

  • GLOBALISATION

– Harmonisation with international key players, global

promotion of EU Cyber Security standards

slide-8
SLIDE 8

8 / 38

ETSI – Some Facts

  • Created in 1988
  • Recognised ESO
  • Independent, non for profit
  • ICT Focus
  • Governed by (worldwide) ETSI Members

– Born European, global outreach – Technical standards

  • ETSI Members participate directly in the standardisation

process

slide-9
SLIDE 9

9 / 38

Products & services

  • Technical Specifications and Standards with global

application

  • Support to industry and European regulation
  • Specification & testing methodologies
  • Interoperability testing
slide-10
SLIDE 10

10 / 38

Membership

10

  • Over 800 companies, big and small,

from 64 countries on 5 continents

Manufacturers, network operators, service and content providers, national administrations, ministries, universities, research bodies, consultancies, user

  • rganizations
slide-11
SLIDE 11

11 / 38

Innovations

11

Effjcient and speedy standards-making Agreement by consensus !!! Free download of all our standards Electronic working to boost effjciency and reduce cost and environmental impact Quality certjfjed to ISO 9001:2008

slide-12
SLIDE 12

12 / 38

ETSI Clusters

12

slide-13
SLIDE 13

13 / 38

Areas of security standardization

  • Cyber Security
  • Mobile/Wireless Comms (GSM/UMTS, TETRA, DEC) – Inolvement in 3GPP
  • Lawful Interception and Retained Data
  • Electronic Signatures
  • Smart Cards
  • Machine-to-Machine (M2M)
  • Methods for Testing and Specification (MTS)
  • Emergency Communications / Public Safety
  • RFID
  • Intelligent Transport Systems
  • Information Security Indicators
  • Quantum Key Distribution (QKD)
  • Quantum –Safe Cryptography (QSC)
  • Algorithms
  • Network Functions Virtualisation (NFV)

13

slide-14
SLIDE 14

14 / 38

ETSI TC CYBER

  • Cyber Security Standardisation
  • Security of infrastructures, devices, services and protocols
  • Security advice, guidance and operational security requirements

to users, manufacturers and network and infrastructure operators

  • Tools and techniques to ensure security
  • Creation of security specifications and alignment with work

done in other TCs and ISGs

  • Coordinate work with external groups such as the CSCG with

CEN, CENELEC, the NIS Platform and ENISA

  • Collaborate with other SDOs (ISO, ITU, NIST, ANSI...)
  • Answer to policy requests on Cyber Security and ICT security in

broad sense

slide-15
SLIDE 15

15 / 38

ETSI TC CYBER

  • Created in 2014 - met five times face-to-face
  • Next meeting (CYBER #6) scheduled for February 2016

– On average over 50 participants per meeting – Work carried out on 13 documents

  • Participating organisations:

– Industry: Manufacturers, Operators, SMEs... – Public Administrations – The European Commission – ENISA – Universities and Research Bodies – Service Providers – Micro Enterprises – Consultancy

slide-16
SLIDE 16

16 / 38

TC CYBER – 13 Active Documents

  • TR 103 303 Protection measures for ICT in the context of Critical

Infrastructure

  • TR 103 304 PII Protection and Retention
  • TR 103 305 Security Assurance by Default; Critical Security Controls for

Effective Cyber Defence

  • TR 103 306 Global Cyber Security Ecosystem (approved)
  • TS 103 307 Security Aspects for LI and RD interfaces
  • TR 103 308 A security baseline regarding LI for NFV
  • TR 103 309 Secure by Default adoption – platform security technology
  • TR 103 369 Design requirements ecosystem
  • TR 103 370 Practical introductory guide to privacy
  • TR 103 331 Structured threat information sharing
  • EG 203 310 Post Quantum Computing Impact on ICT Systems
  • TS 103 485 Mechanisms for privacy assurance and verification
  • TS 103 486 Identity management
slide-17
SLIDE 17

17 / 38

Areas of work

  • Critical Infrastructure Protection

– Guidance for the deployment of ICT security technologies

and security management to deliver and maintain effective Critical Infrastructures

  • Structured Threat Information Sharing

– Guidance for exchanging cyber threat information in a

standardized and structured manner

– Provide technical indicators of adversary activity,

contextual information, exploitation targets, and courses

  • f action

17

slide-18
SLIDE 18

18 / 38

Areas of work

  • Security by Default

– Published May 2015 – Critical Security Controls for Effective Cyber Defence – Guidance to detect, prevent, respond, and mitigate damage from

the most common to the most advanced of cyber attacks

– Measures reflecting the combined knowledge of actual attacks

and effective defenses

  • Structured Threat Information Sharing

– Published August 2015 – Guidance to business decision makers for the development and

adoption of secure by default platform security technologies

– Encourage industry to adopt device hardware security features

18

slide-19
SLIDE 19

19 / 38

Areas of work

  • Security for Lawful Interception and RD interfaces

– Guidance to protect information flows and interfaces from a security

perspective (confidentiality, integrity and authenticity) including implementation details (technologies, algorithms, options, minimum requirements on keys etc) in a context of provision of Lawful Interception (LI) and Retained Data (RD) functionalities

  • Lawful Interception in the NFV context

– To be Published end 2015 – Guidance related to the legal and physical challenges to ensure LI

functionalities in a Network Functions Virtualization context

– Focus on the infrastructure of NFV rather than the functions

themselves

19

slide-20
SLIDE 20

20 / 38

Areas of work

  • Post-Quantum Computing Impact on ICT

– Review nature and vulnerabilities of security algorithms when

subjected to quantum computing attacks

– Evaluate characteristics required of algorithms in order to be

invulnerable under such attacks

  • Global Cyber Security Ecosystem

– To be Published end 2015 – Constantly updated overview of cyber security work being

undertaken in multiple forums worldwide

  • Design Requirements Ecocystem

– Structured ecosystem of security design requirements that may be

applicable to ICT networks and devices

20

slide-21
SLIDE 21

21 / 38

Areas of work

  • Privacy measures (4 documents)

– Guidance on the basics for privacy management: terms and

definitions, standards, practical applications

– Guidance for the protection and retention of PII (Personally

Identifiable Information) and how to enable the secure portability of data transferred from one service provider to another

– Provision of technical means, that enable assurance of

privacy and verification of said assurance

– Identification of means to protect identity in order to alleviate

some of the resultant threats

21

slide-22
SLIDE 22

22 / 38

In-Depth

  • ETSI White Paper (7th Edition, June 2015)

– Achievements and current work – List of all Security publications

– www.etsi.org/security/whitepaper

  • Membership details

– www.etsi.org/membership

– Fees vary by organisation type and size

slide-23
SLIDE 23

23 / 38

TC CYBER Work Details

In the final slides you will find the full scope for all TC CYBER documents for your reference.

slide-24
SLIDE 24

24 / 38

Opportunities

  • ETSI Membership

– Direct involvement in standardisation and policy

  • H2020 “Digital Security” Calls involvement

– Look for the presentation on H2020 tomorrow – Almost all ASEAN countries eligible for

participation in H2020 partnerships

– Full spectrum of research, from basic research

to product deployment

  • Direct networking with EU partners

– Thanks CONNECT2SEA project!

slide-25
SLIDE 25

25 / 38

Thank you! Any questions?

Contacts: a.guarino@studioag.eu @alexsib17

Slide Deck Available at: www.studioag.pro (Information Security Blog)

StudioAG – Infosec Consultancy Firm www.studioag.eu

slide-26
SLIDE 26

26 / 38

TR 103 303, Protection measures for ICT in the context of Critical Infrastructure

  • Scope: The critical infrastructure protection addressed in the

EU’s published directive is essentially Power and Transport. It is clear to most casual observers that the global economic infrastructure is now composed of a huge set of ICT networks and

  • services. It would not be a stretch to say that ICT capabilities now

underpin all of the other critical infrastructures. This means food security, economic activity security, citizen safety and just about everything else. The purpose of the TR to be delivered by this work item is to identify the role of ICT protections through the deployment

  • f security technologies and security management to deliver effective

Critical Infrastructures that are reliant on ICT technology. The topics to be addressed by the work item include: Resilience (taking as input the ENISA reports on this topic and work from related national programmes); M2M communications (in close liaison with oneM2M and smartM2M); eHealth (in order to give assurance of access to ICT enabled eHealth systems). The report is intended to highlight aspects of CI and ICT that have to be addressed to ensure that CI maintains its infrastructure role.

slide-27
SLIDE 27

27 / 38

TR 103 304, PII Protection and Retention

  • Scope: Essentially different than any previous telco

scenario where user data was accessible from network functional elements only, today even sensitive PII is directly accessible from terminals. Server-based data access control technologies are becoming less effective for PII protection. This new WI is intended to describe novel access control technologies that enable 1) data protection, based on policy rules, as soon as data leaves the boundary of terminal’s OS and 2) portability of protection settings when data moves from one service provider to another.

slide-28
SLIDE 28

28 / 38

TR 103 305, Security Assurance by Default; Critical Security Controls for Effective Cyber Defence

  • Scope: This Technical Report describes a specific set of

technical measures available to detect, prevent, respond, and mitigate damage from the most common to the most advanced of cyber attacks developed and maintained by the Council of Cybersecurity. The measures reflect the combined knowledge of actual attacks and effective defenses.

slide-29
SLIDE 29

29 / 38

TR 103 306, Global Cyber Security Ecosystem

  • Scope: This proposed NWI provides a structured overview
  • f cyber security work occurring in multiple other technical

forums worldwide. The overview includes global identification

  • f Cyber Security Centres of Excellence, heritage sites,

historical collections, and reference libraries. It is intended to be continuously updated to account for the dynamics of the sector.

slide-30
SLIDE 30

30 / 38

TS 103 307, Security Aspects for LI and RD interfaces

  • Scope: It is envisaged that TC Cyber would assess the

information flows and interfaces (as identified by TC LI) from a security (confidentiality, integrity and authenticity) perspective and provide guidance on the implementation details (technologies, algorithms, options, minimum requirements on keys etc).

slide-31
SLIDE 31

31 / 38

TR 103 308, A security baseline regarding LI for NFV and related platforms

  • Scope: The lawful interception capability is capable of

being virtualised but the legal and physical challenges of doing so must be taken into account. The initial study is focused on the LI aspects. The challenge for both Lawful Interception and NFV as a community is that it is necessary to establish the fundamental security principles for generic platforms upon which the related groups can build. There is an urgent requirement to establish a minimum set of security principles for generic telecommunications platforms that will allow the virtualised network functions to utilise the features necessary to afford them appropriate protection and at the same time allow to undertake appropriate activities (LI, fraud management, cyber defense). Establishing such a baseline will help the industry as a whole to be better protected against Cyber threats. There is no overlap with other work e.g. SECAM – in fact the work is intended to be

  • complementary. The focus of this work item is on the NFV

infrastructure and not virtual network functions.

slide-32
SLIDE 32

32 / 38

TR 103 309, Secure by Default adoption – platform security technology

  • Scope: A proposed TR to describe the following: An approach to

encourage development and adoption of 'secure by default' platform security technologies by showing how they can be used to effectively solve real business problems, and improve the usability of secure

  • services. The intended audience is decision makers rather than

engineering teams. These could be deciding which features to include in a new platform, or which are required as part of a procurement activity. We will first produce a structure for describing identified business requirements/issues for a particular set of users; detailing the characteristics required of possible solutions, and finally identifying existing or emerging standards which provide those

  • characteristics. The last two activities require technical expertise,

hence the production of this TR within TC-CYBER. A particular example is to identify challenges relating to end user devices for large organisations. Currently adoption of device hardware security features is low, despite widespread agreement within the technical community that they are needed. This example will aim to show that a market for these features does exist, and that a strong case can be made for organisations to actively seek them out.

slide-33
SLIDE 33

33 / 38

TR 103 331, Structured threat information sharing

  • Scope: This work item will produce a Technical Report on

means for describing and exchanging cyber threat information in a standardized and structured manner. Such information includes include technical indicators of adversary activity, contextual information, exploitation targets, and courses of action.

slide-34
SLIDE 34

34 / 38

EG 203 310, Post Quantum Computing Impact on ICT Systems

  • Scope: The intent of the work item is to address business

continuity arising from the concern that quantum computing is likely to invalidate the problems that lie at the heart of both RSA and ECC asymmetric cryptography. The current assumptions that underpin the security strength of RSA and ECC are that the solution to the prime factoring, and the discrete logarithm problems are infeasible without prior knowledge. It has been widely suggested that the application of quantum computing to these problems removes the assertion of

  • infeasibility. Whilst it is not known when quantum computing will

arrive or how long it will be until the factorisation and discrete logarithm problems are themselves solved the report will review the nature of the algorithms when subjected to QC attack and why they become vulnerable. In addition the report will highlight the characteristics required of algorithms in order to be invulnerable under QC attack. The report will consider a number of sub topics to be covered in considering the transition to the post-quantum era and they are not all algorithmic but many of the necessary considerations apply to business continuity. For example how to re-assert CAs in a PKI? How to distribute new algorithms? How to distribute new keys?

slide-35
SLIDE 35

35 / 38

TR 103 369, Design requirements ecosystem

  • Scope: This document proposes a Technical Report which

provides a high level structured ecosystem of security design requirements that may be applicable to communication and IT networks and attached devices. The TR identifies where there may be synergies or conflicts among the design requirements, and provides a bibliography of reference information.

slide-36
SLIDE 36

36 / 38

TR 103 370, Practical introductory guide to privacy

  • Scope: This document will present the basics for privacy
  • management. it will consists of three parts : Part 1 Privacy terms and

definitions based on existing documents (ENISA, and others) Part 2 Status of standardisation work taking into account existing or future work in ISO, CEN/CENELEC, ETSI and others bodies. identification

  • f the basic building blocks Part 3 Practical guide how to introduce

Privacy management in equipment , services and solutions.

slide-37
SLIDE 37

37 / 38

TS 103 485, Mechanisms for privacy assurance and verification

  • Scope: To provide technical means, building on ongoing work in

TC CYBER, that enable assurance of privacy and verification of said

  • assurance. The document shall address Identity Management with

respect to privacy, naming structures with respect to PII and objects that may be associated as proxies to entities requiring PII protection, protocols and policy mechanisms to give assurance and the verification of assurance for PII.

slide-38
SLIDE 38

38 / 38

TS 103 486, Identity management and naming schema protection mechanisms

  • Scope: The intent of this work item is to identify means to protect

identity (as distinct from privacy) in order to alleviate some of the resultant threats. The structure of identity and the means to build associations between identifiers and other data is a source of data leakage in many systems that when abused may lead to identity theft, loss of privacy, as the bootstrap to crime, and many other societal and technical ills. The work item shall detail the mechanisms to protect such data in the general case and link to specific use cases in NFV, the PLMN domain, and the wider Internet of Things domain to ensure the widest scope of protection can be defined.