tssr sample notification - cisc branding
TRANSCRIPT
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Notification of Proposed Change to a
Telecommunications System or
Telecommunications Service
Form TSS1
When to use this form Carriers and nominated carriage service providers should use this form to notify the
Communications Access Co-ordinator of a proposed change under section 314A(3)
of the Telecommunications Act 1997.
Purpose of this form The information in this form is used to assess the proposed change under
section 314B of the Act.
Completing this form All fields are required unless otherw ise noted.
Please spell out all acronyms or organisation-specific terms.
Failing to provide detailed responses or documents referred to in a response
may delay consideration of the proposed change.
Returning your form Check that all required questions are answ ered and that the form is dated and
electronically signed.
Export or save this form as a Portable Document Format (PDF) f ile and submit that
f ile and all attachments through TSS forms and resources (cisc.gov.au).
Next steps The Communications Access Co-ordinator w ill provide w ritten notice of the
assessment outcome to the designated contacts w ithin 30 days of the submission
date.
For more information Go to CISC.gov.au or email [email protected] or call 1300 27 25 24.
Notification of Proposed Change to a Telecommunications System or Telecommunications Service
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Section 1
Carrier or Provider Details
1.1 Notifying entity
Name of carrier or nominated carriage service provider
Carrier Network
ABN or D-U-N-S Number 12345-678910
Carrier Licence Number 12341
1.1.1 Details of other carriers this notification applies to
Note: add additional rowsusing the + button on the right-hand side of the last row.
Carrier name ABN or D-U-N-S Number Carrier Licence Number
Carrier Network 12345-678910 12341
1.1.2 Acknowledgement and certification
By typing my name below , I:
1. acknow ledge that know ingly producing a document in compliance w ith a law of the Commonw ealth that is false
or misleading can constitute an offence under subsection 136.2(1) of the Criminal Code Act 1995 (Cth);
2. certify that I am authorised by the above named carrier(s) or nominated carriage service provider(s) to notify the
Communications Access Co-ordinator under subsection 314A(3) of the Telecommunications Act 1997 (Cth) of
the carrier(s) or provider(s) intention to implement the proposed change described in this document and any
attachments; and
3. certify that the statements in this document and any attachments are true, complete and correct to the best of
my know ledge and belief, and made in good faith.
Signed Jenny Citizen
Position Chief Security Of ficer
Date 01/01/2021
Notification of Proposed Change to a Telecommunications System or Telecommunications Service
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Section 2
Contacts
1. Primary Contact
Name Joe Citizen
Position Chief Information Security Officer
Email [email protected]
Primary telephone 03 1234 5678
Secondary telephone 0412 345 678
2. Secondary Contact
Name John Citizen
Position Network Operations Manager
Email [email protected]
Primary telephone 03 1234 5677
Secondary telephone 0412 345 677
Notification of Proposed Change to a Telecommunications System or Telecommunications Service
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Section 3
Details of proposed change
3.1 Description of proposed change
3.1.1 Describe the proposed change.
Carrier Netw ork plans to upgrade its Security Information Event Monitoring (SIEM) platform to meet a revised threat
assessment. The SIEM platform w ill aggregate a number of netw ork control heads alerting and monitoring output in order
to accurately and reliably ensure confidentiality availability and integrity conditions across the enterprise.
3.1.2 Describe the timeline to implement the proposed change, including any key dates or
sensitivities.
Carrier Netw ork plans to complete its detailed design by 30 June 2021. The Enterprise Security Risk Control board has
decided that the organisation cannot carry unmitigated risk beyond this date due to the market rollout of additional retail
services offerings
3.1.3 Explain the reasons for implementing the proposed change.
Follow ing the market evaluation of additional application services the Enterprise Security Risk Control board updated its
Enterprise Threat Vector Analysis to include the expanded service offering. This analysis has nec essitated a platform
upgrade to the Carrier Netw ork SIEM service.
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
3.2 Assets involved in the proposed change
3.2.1 List all non-data assets involved in the proposed change.
Non-data assets include hardware, software, services and facilities.
Note: add additional rowsusing the + button located at the end of the last row
Name Type Vendor(s) Description Functions
Log Management Platform
Software PLINK The PLINK service architecture includes hardware, software and multiple log management platforms from which the SIEM console is fed.
Critical SIEM event management functions
3.2.2 List all data assets involved in the proposed change
Data assets include things like customers’ personally identifiable information (PII), billing records and system configuration details.
Note: add additional rows using the + button located at the end of the last row
Name Description Physical location Related non-data assets Who has access?
Who can grant access?
Personally identifiable information
Carrier Network personally Identifiable Information (PII) including IMEI, IMSI.
All PII will remain within Carrier Network’s Australia data centres.
Nil All access (privileged and generic users) are managed through Carrier Network’s Access Management platform. All users including remote users are Carrier Network employees.
Access is only granted after all user training and awareness training and background checks have been completed.
Customer Billing records
Carrier Network customer billing
All PII information will remain within Carrie
Nil All access (privileged and generic users) are managed
Access is only granted after all user training and awareness
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Data assets include things like customers’ personally identifiable information (PII), billing records and system configuration details.
Note: add additional rows using the + button located at the end of the last row
records includingPII.
network’s Australia datacentres
through Carrier Network’s Access Management platform.All users including remote users are Carrier Network employees.
training and backgroundchecks have been completed
PrivilegedAccess toCore or RANassets
The Carrier NetworkSIEM “PLINK” is theenterprise securityinformation event monitoring platform. It monitors and alerts on anomalous activities and access to all RAN and Core assets
The SIEM’s physicalpresence is in operationacross Carrier Networksthree dedicated data centres in Victoria, Queensland and Western Australia. Its operational taps exist throughout all of Carrier Networks information system elements.
The SIEM is a logicalamalgam of networksensors gates, chokepoints and Virtualised inspection points. The logical system is an essential asset.
Access to the PLINK SIEM isstrictly controlled and monitored
The CIO of her delegate arethe only roles able to grantaccess to the PLINK system
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
3.3 Third parties
3.3.1 List all new and existing third parties involved in the proposed change
Note: add additional rows using the + button located at the end of the last row
NameABN or D-U-N-S Number
Functions being providedAccessible assets, systems, services and facilities
Access boundaries Locations
PLINK 12345-678910 PLINK Australia has been engaged to provide the management platform but is not engaged in the deployment of the platform
All preconfigured access points and standard user accounts will be decommissioned and Carrier Network designed roles and access provisions will be enabled
PLINK Australia Pty Ltd will not have any access to the new system.
Australia, Sydney NSW
Notification of Proposed Change to a Telecommunications System or Telecommunications Service
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Section 4
Risks and Controls
Note: you may submit previously prepared document (for example, a risk assessment consistent with ISO
27005:2018 or NIST SP 800-30 Rev 1) as a substitute for completing Section 4.
4.1 Risks of the proposed change
4.1.1 List all risks to the confidentiality of communications carrier on, and information
contained within, networks and facilities used by the carrier or provider.
R1. Signif icant PII data loss condition resulting from ineffective logging and alerting configuration w ithin SIEM
platform
R2. An APT (Advanced Persistent Threat actor) gains access to the Carrier Netw ork Core netw ork to intercept the
communications of a specif ic individual resulting from ineffective logging and alerting configuration w ithin SIEM
platform
R3. An APT gains access to the Carrier Netw ork Core netw ork to intercept the communications of a specif ic class of
individuals resulting from ineffective logging and alerting configuration w ithin SIEM platform
R4. An APT gains access to the Carrier Netw ork Core netw ork to intercept the Geolocation of a specif ic class of
individuals resulting from ineffective logging and alerting configuration w ithin SIEM platform
R5. An APT gains access to the Carrier Netw ork Core netw ork to tap target data passing over the netw ork resulting
from ineffective logging and alerting configuration w ithin SIEM platform
4.1.2 List all risks to the integrity and availability of networks and facilities used by the
carrier or provider.
R6. An APT gains access to the Carrier Netw ork Core netw ork in order to affect a targeted or general availability
condition of the netw ork resulting from ineffective logging and alerting configuration w ithin SIEM platform.
R7. A malicious insider uses access to Carrier Netw ork’s Core netw ork to affect a targeted or general availability
condition of the netw ork resulting from ineffective logging and alerting configuration w ithin SIEM platform.
R8. Supply Chain (PLINK) patching inadvertently includes updates that cause a loss of integrity betw een netw ork
sensors and aggregation points resulting in a less reliable SIEM platform
R9. A loss of core netw ork integrity as a result of Supply chain threat through third level support using multiple off
shore support locations.
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
4.2 Proposed controls
4.2.1 List the specific controls that will be used to manage the risks listed at 4.1.
Note: add additional rows using the + button located at the end of the last row
Control descriptionApplicable risk(s)
Applicable asset(s) How will the control be applied?How will the effectiveness of the control be validated?
Defence in depth design architecture (See detailed Design)
- Perimeter Hardening - Operating System Hardening - Application hardening - Authentication hardening
R1,R2,R3,R4,R5,R6
Entire Core Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
Network (zone) Separation R1,R2,R3,R4,R5,R6
Carrier Network Core including Privileged domain
Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
Jump Host Hardening R1,R2,R3,R4,R5,R6
PLINK Security Domain Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Note: add additional rows using the + button located at the end of the last row
Application Whitelisting R1,R2,R3,R4,R5,R6
Entire Carrier Network environment
Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
Onshore only access R1,R2,R3,R4,R5,R6, R9
All Carrier Network Core and RAN
Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
Patch Management (24hrs for Critical updates across all environments)
R1,R2,R3,R4,R5,R6
Entire Core Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
PLINK Supply Chain Assessment (see Appendices)
R8 Carrier network core. Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
All Privileged Support Staff have an Australian Security Clearance
R7,R9 Privileged access management platform
Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Note: add additional rows using the + button located at the end of the last row
SIEM use cases are a combination of standard vendor recommended settings and specific Carrier Network developed and threat vector mapped settings
R1,R2,R3,R4,R5,R6, R7
PLINK platform Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
Comprehensive annual User training and awareness
R7,R9 All Carrier Network generic and privileged staff
Throughout the Design, implementation and maintenance lifecycle
Independent Australian cyber security assessment including active penetration testing.
Click here to describe the control.
Click here to list all risks the control is intended to reduce or eliminate. For example, R1, R2, R4.
Click or tap here to enter text.
Click here to explain how the control will be applied.
Click here to explain how the effectiveness of the control will be validated.
__________
Notification of Proposed Change to a Telecommunications System or Telecommunications Service
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
4.3 Other information
4.3.1 List any sensitive users that may be affected by the proposed change.1
This change is designed to add a layer of protection across all Carrier Netw ork assets. The netw ork fabric protects all
users including sensitive users.
4.3.2 Describe any alternative changes that were considered and outline why they were
not chosen.
Carrier Netw ork considered developing its ow n SIEM platform rather than purchase a COTS product how ever it w as
deemed more expensive, less reliable and prone to failure than market leaders. For more information see Appendices
4.3.3 Provide any further information that will assist the Communications Access Co-
ordinator to consider the proposed change.
Carrier Netw ork has chosen to treat signif icant threat to the netw ork by deploying best practice applications and
methodologies in its SIEM. The platform w ill enhance Carrier Netw orks ability to demonstrate effective control and
competent supervision over its environment.
1 ‘Sensitive users’ include, but are not limited to, carriers, carriage service providers, MVNOs, governments, critical
service providers, universities, science and research organisations, large healthcare providers (or their suppliers and
business partners), f inancial and other large commercial entities. ‘Critical services’ include, but are not limited to, pow er, w ater, health, banking, transportation and emergency services.
Notification of Proposed Change to a Telecommunications System or Telecommunications Service
CONTACT US | 1300 27 25 24 | [email protected] | CISC.gov.au April 2022
Section 5
Attachments
List all attachments to this submission.
It is strongly recommended that carriers and providers provide copies of any relevant internal risk
assessments and internal policies, standards, etc., referenced anyw here in this form.
Allow ed file types are PDF, JPG, JPEG, PNG and XLSX
PDF and XLSX files can be up to 10 MB; all other attachments can be up to 5 MB.
You may make multiple submissions if you need to submit more than 5 attachments (including this form).
Attachment A Carrier Network Enterprise Threat Vector Analysis
Attachment B Carrier Network Tender Request SIEM platform
Attachment C PLINK Detailed architecture
Attachment D PLINK deployment program
Attachment E Carrier Network Supply Chain Assessment: PLINK
Attachment F Enterprise Security Risk Management Plan