working group 6: secure hardware and software – security by design status update september 21,...
DESCRIPTION
3 WG 6 Deliverables March 2016 – Security best practices recommendations September 2016 – Recommend voluntary attestation frameworkTRANSCRIPT
Working Group 6: Secure Hardware and Software – Security by Design
Status UpdateSeptember 21, 2015
Joel Molinoff, Co-Chair (CBS)Brian Scarpelli, Co-Chair (Telecommunications Industry Association)
2
WG 6 Objectives• Develop voluntary recommendations and best
practices to enhance the security of hardware and software in the core public communications network
• Develop voluntary mechanisms to demonstrate success of recommendations/best practices
3
WG 6 Deliverables
• March 2016 – Security best practices recommendations
• September 2016 – Recommend voluntary attestation framework
4
WG 6 Members
* Also a CSRIC member
FN LN OrgJoel Molinoff CBS* (WG 6 co-chair)Brian Scarpelli TIA* (WG 6 co-chair)Peter Allor IBMJon Amis DellJames Bean Juniper NetworksKevin Beaudry Charter*Al Bolivar Verisign*Jon Boyens NISTChris Boyer AT&T*Jamie Brown CA TechnologiesRob Covolo CenturyLink*Brian Daly AT&T (ATIS)*Mike Geller Cisco (ATIS)*Alex Gerdenitsch EchoStar*Steve Goeringer Cable LabsKazu Gomi NTT AmericaStacy Hartman CenturyLink*Franck Journoud OracleMasato Kimura NTT AmericaDarren Kress T-Mobile*Ethan Lucarelli Iridium* (Wiley Rein)
FN LN OrgJennifer Manner Echostar*Gabriel Martinez DHSRobert Mayer US Telecom Association*Heath McGinnis Verizon*Eli Dourado Mercatus Center (GMU)Angela McKay MicrosoftTomofumi Okubo Verisign*Richard Perlotto Shadow ServerJeff Greene SymantecGlen Pirrotta Comcast Cable*Kallol Ray Comcast Cable*Chris Roosenraad TWC*Michelle Rosenthal T-Mobile*Peter Ruffo ZTE USADorothy Spears-Dean NASNA*Matt Tooley NCTA*Rao Vasireddy Alcatel-Lucent (TIA)*Joe Viens TWC*Eric Wenger CiscoShinichi Yokohama NTT America
FN LN OrgSteven McKinnon FCC liaisonEmily Talaga FCC liaison
5
Background• Recognizing the advantages of building security in to
hardware and software (rather than retrofitting), FCC has urged industry to examine security by design practices for core network equipment– Examined by FCC Technological Advisory Council (TAC) in
2014
• CSRIC IV’s WG 4 Final Report, Cybersecurity Risk Management and Best Practices, provides baseline/model for approach
6
• WG 6 held a kickoff conference call on 9/16/15• Roster reflects a healthy and diverse stakeholder
community invested and interested in hardware/software security by design• WG 6 has agreed to a three-phased approach to the
development of WG 6 deliverables–WG 6 has formed a subgroup to address objectives, scope
and methodology for 1st deliverable
WG6 Status
7
WG 6 Schedule
PHASE 1: Define Objectives, Scope, & MethodologyPHASE 2: Analysis & Determine Findings
PHASE 3: Conclusions & Recommendations
: Deliverable Adopted by Full CSRIC 5
8
Next Steps• Build/finalize WG 6 membership • Continue to develop a work plan to accomplish the
CSRIC V charge, taking advantage of WG 6 members’ subject matter expertise• Seek WG 6 volunteers to lead aspects of the work
plan• Continue bi-weekly conference calls • Provide periodic status updates to Steering
Committee and Council