Enhancing Hardware and Software Security in Public Communications Networks

This presentation highlights the objectives, deliverables, and members of Working Group 6 focused on improving the security of hardware and software in public communications networks. The group aims to develop best practices, recommendations, and voluntary mechanisms to enhance overall security. Members include industry leaders and liaisons from various organizations working towards building security into core networks.

• Hardware security
• Software security
• Public communications
• Working Group 6
• Cybersecurity

lena_rie Follow

Uploaded on Sep 25, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Working Group 6: Secure Hardware and Software Security by Design Presentation of Final Report (Deliverable 2) March 16, 2016 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair (ACT | The App Association)

2. WG 6 Objectives Develop recommendations and best practices to enhance the security of hardware and software in the core public communications network Develop voluntary mechanisms to demonstrate success of recommendations/best practices 2

3. WG 6 Deliverables March 2016 Security best practices recommendations September 2016 Recommend voluntary attestation framework 3

4. WG 6 Members FN LN Organization FN LN Organization FN LN Organization Kazu Gomi Leslie Krigstein CHIME CBS (Working Group 6 Co- Chair) Joel Molinoff Kimura Masato Michael O Reirdan NTT America ACT | The App Association (Working Group 6 Co-Chair) Glen Pirrotta Comcast Cable Shinichi Yokohama Brian Scarpelli Kallol Ray Franck Journoud Oracle Jon Amis Dell Steven McKinnon FCC (Working Group 6 Liaisons) Richard Perlotto Shadow Server Emily Talaga Gabriel Martinez DHS NPPD Patrick Koethe Sprint Andy Ellis Jeff Greene Symantec Akamai Alex Gerdenitsch Michael Stone Chris Roosenraad EchoStar Time Warner Cable Chris Boyer AT&T Jennifer Manner Joe Viens Brian Daly Bill Olson GSA ATIS (AT&T) (Cisco) Darren Kress T-Mobile Peter Allor IBM Mike Geller Michelle Rosenthal Ethan Lucarelli Wiley Rein (Iridium) Jamie Brown CA Technologies Robert Mayer USTelecom Association James Bean Juniper Networks Tom Soroka Steve Goeringer Cable Labs Mercatus Center at George Mason University Nadya Bartol Utilities Telecom Council Eli Dourado Rob Covolo CenturyLink Al Tomofu mi Bolivar Stacy Hartman Angela McKay Microsoft Verisign Okubo Matt Tooley NCTA Kevin Beaudry Charter Jon Boyens NIST Heath McGinnis Spears- Dean Verizon VITA/ National Association of State 911 Administrators Mike Geller Bryanna Evans Dorothy Meyers- McDonald Lisa Cisco Andrew McGee Nokia Peter Ruffo ZTE USA Rao Vasireddy Eric Wenger 4

5. Background The core network 5

6. Background Recognizing the advantages of building security in to hardware and software (rather than retrofitting), FCC has urged industry to examine security by design practices for core network equipment WG 6 s first deliverable contained recommendations of voluntary best practices for successfully incorporating security-by-design principles in the core communications network 6

7. WG 6 Deliverable #2 In addition to its first deliverable, WG 6 was tasked with: Examining and reviewing the best ways to provide assurances to the FCC and the public that recommended security capabilities are being implemented by network equipment vendors; and Recommend voluntary mechanisms that provide assurances to the FCC and the public that the security practices are being applied. 7

8. Methodology To develop these recommended approaches to assurances, CSRIC undertook a methodical surveying of the landscape as well as a detailed consultation with industry experts. 8

9. Findings No single, pre-defined attestation methodology that suitably meets the needs of companies applying the Working Group s best practices recommendations. WG 6 provides detail on a number of prominent attestation approaches and whether those documents can be used for a self-assessment, third party certification, or both. 9

10. Findings Security-by-design & supply chain risk management programs may be appropriately considered, among other topics, at yearly in- person meetings that were contemplated as part of CSRIC IV, Working Group 4 s recommendations issued in March, 2015. 10

11. Findings CSRIC recommends against implementing any new or additional regulations to address conformity to a particular supply chain risk assessment mechanism, or any type of written attestation to the same. In person meetings will continue to foster the public-private sector collaboration encouraged in past CSRIC reports. 11

12. WG 6 Schedule PHASE 1: Define Objectives, Scope, & Methodology PHASE 2: Analysis & Determine Findings PHASE 3: Conclusions & Recommendations : Deliverable Adopted by Full CSRIC 5 12

13. Thank You! 13