working group 6: secure hardware and software – security by design status update september 21,...
DESCRIPTION
3 WG 6 Deliverables March 2016 – Security best practices recommendations September 2016 – Recommend voluntary attestation frameworkTRANSCRIPT
![Page 1: Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair](https://reader036.vdocuments.mx/reader036/viewer/2022082600/5a4d1b107f8b9ab05998f372/html5/thumbnails/1.jpg)
Working Group 6: Secure Hardware and Software – Security by Design
Status UpdateSeptember 21, 2015
Joel Molinoff, Co-Chair (CBS)Brian Scarpelli, Co-Chair (Telecommunications Industry Association)
![Page 2: Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair](https://reader036.vdocuments.mx/reader036/viewer/2022082600/5a4d1b107f8b9ab05998f372/html5/thumbnails/2.jpg)
2
WG 6 Objectives• Develop voluntary recommendations and best
practices to enhance the security of hardware and software in the core public communications network
• Develop voluntary mechanisms to demonstrate success of recommendations/best practices
![Page 3: Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair](https://reader036.vdocuments.mx/reader036/viewer/2022082600/5a4d1b107f8b9ab05998f372/html5/thumbnails/3.jpg)
3
WG 6 Deliverables
• March 2016 – Security best practices recommendations
• September 2016 – Recommend voluntary attestation framework
![Page 4: Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair](https://reader036.vdocuments.mx/reader036/viewer/2022082600/5a4d1b107f8b9ab05998f372/html5/thumbnails/4.jpg)
4
WG 6 Members
* Also a CSRIC member
FN LN OrgJoel Molinoff CBS* (WG 6 co-chair)Brian Scarpelli TIA* (WG 6 co-chair)Peter Allor IBMJon Amis DellJames Bean Juniper NetworksKevin Beaudry Charter*Al Bolivar Verisign*Jon Boyens NISTChris Boyer AT&T*Jamie Brown CA TechnologiesRob Covolo CenturyLink*Brian Daly AT&T (ATIS)*Mike Geller Cisco (ATIS)*Alex Gerdenitsch EchoStar*Steve Goeringer Cable LabsKazu Gomi NTT AmericaStacy Hartman CenturyLink*Franck Journoud OracleMasato Kimura NTT AmericaDarren Kress T-Mobile*Ethan Lucarelli Iridium* (Wiley Rein)
FN LN OrgJennifer Manner Echostar*Gabriel Martinez DHSRobert Mayer US Telecom Association*Heath McGinnis Verizon*Eli Dourado Mercatus Center (GMU)Angela McKay MicrosoftTomofumi Okubo Verisign*Richard Perlotto Shadow ServerJeff Greene SymantecGlen Pirrotta Comcast Cable*Kallol Ray Comcast Cable*Chris Roosenraad TWC*Michelle Rosenthal T-Mobile*Peter Ruffo ZTE USADorothy Spears-Dean NASNA*Matt Tooley NCTA*Rao Vasireddy Alcatel-Lucent (TIA)*Joe Viens TWC*Eric Wenger CiscoShinichi Yokohama NTT America
FN LN OrgSteven McKinnon FCC liaisonEmily Talaga FCC liaison
![Page 5: Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair](https://reader036.vdocuments.mx/reader036/viewer/2022082600/5a4d1b107f8b9ab05998f372/html5/thumbnails/5.jpg)
5
Background• Recognizing the advantages of building security in to
hardware and software (rather than retrofitting), FCC has urged industry to examine security by design practices for core network equipment– Examined by FCC Technological Advisory Council (TAC) in
2014
• CSRIC IV’s WG 4 Final Report, Cybersecurity Risk Management and Best Practices, provides baseline/model for approach
![Page 6: Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair](https://reader036.vdocuments.mx/reader036/viewer/2022082600/5a4d1b107f8b9ab05998f372/html5/thumbnails/6.jpg)
6
• WG 6 held a kickoff conference call on 9/16/15• Roster reflects a healthy and diverse stakeholder
community invested and interested in hardware/software security by design• WG 6 has agreed to a three-phased approach to the
development of WG 6 deliverables–WG 6 has formed a subgroup to address objectives, scope
and methodology for 1st deliverable
WG6 Status
![Page 7: Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair](https://reader036.vdocuments.mx/reader036/viewer/2022082600/5a4d1b107f8b9ab05998f372/html5/thumbnails/7.jpg)
7
WG 6 Schedule
PHASE 1: Define Objectives, Scope, & MethodologyPHASE 2: Analysis & Determine Findings
PHASE 3: Conclusions & Recommendations
: Deliverable Adopted by Full CSRIC 5
![Page 8: Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair](https://reader036.vdocuments.mx/reader036/viewer/2022082600/5a4d1b107f8b9ab05998f372/html5/thumbnails/8.jpg)
8
Next Steps• Build/finalize WG 6 membership • Continue to develop a work plan to accomplish the
CSRIC V charge, taking advantage of WG 6 members’ subject matter expertise• Seek WG 6 volunteers to lead aspects of the work
plan• Continue bi-weekly conference calls • Provide periodic status updates to Steering
Committee and Council