Working Group - Federal Communications Commission | The ...

Working Group - Federal Communications Commission | The ...

Working Group 10: Legacy Systems and Services Risk Reduction Status Update September 14, 2016 John Kimmins, Co-Chair, iconectiv Danny McPherson, Co-Chair, Verisign FCC Liaison: Steven McKinnon WG10 Objectives Working Group Description: In the Technology Transitions Order of August 2015, the Commission notes that communications are rapidly transitioning away from TDM-based technologies to new, all-IP multimedia networks. The intermingling of legacy communications technologies with advanced communications technologies introduces new threat vectors and cyber risk. Recently, this issue has gained greater attention in light of the security threats to Signaling System 7 (SS7) and its IP based version SIGTRAN, a signaling protocol supporting call setup, routing, exchange, and billing functions in communications networks by sending messages between fixed and mobile communications service providers. The scale of SS7, which is used by carriers all over the world, means that every network subscriber could be vulnerable to these security risks.

As part of a series of requests to CSRIC, the Commission asked CSRIC to examine vulnerabilities associated with the SS7 protocol and other key communications protocols (e.g., Diameter). CSRIC Working Group 10 will assess existing and potential threats and current defensive mechanisms and make recommendations to the FCC on how to overcome security challenges present in SS7 and other communications protocols used between communications networks and their impact on the transition to next generation networks. The first step is the development of a Risk Assessment and Summary Report as described herein. Deliverables: Risk Assessment by December 2016 and Risk Mitigation Strategies Summary Report and Recommendations by2 March 2017. WG10 Members John Kimmins, Co-chair (iconectiv) Danny McPherson, Co-chair (Verisign) John Marinho, Technology & Cybersecurity, CTIA Philip Linse, Director, Public Policy, CenturyLink Xiaomei Wang, Technical Lead, Verizon Wireless Kevin Briggs, Chief of Continuity Assessment and

Resilience, DHS\NCCIC Martin Dolly, ATIS Mark Easley , AT&T Nilesh Ranjan, MTS/Director Systems Design and Strategy Engineering, T-Mobile Drew Morin, Director, T-Mobile Tim Lorello, President & CEO Seculore Solutions LLC Travis Russell, Director, Oracle Kathy Blasco, Communications Assessment Lead, DHS\NCCIC Mohammad Khaled, Nokia David Nolan, Electronics Engineer, DHS John Gallagher, Sprint Kathy Whitbeck, Director, Nsight FCC Liaison: Steven McKinnon 3

WG10 Deliverables Assessment Outline September 2016 Risk Assessment Report Initial Draft - October 2016 Final Draft - December 2016 Summary Report & Recommendations March 2017 4 Expert Outreach Industry Subject Matter Experts - Outreach Silke Holtmanns, Nokia-Bell Labs Aug. 18th Karsten Nohl, SR Labs October 13th James Moran, GSMA October Summary Current Environment

Standards Global perspective Threat landscape Mitigation & Counter Measures 5 Risk Assessment Outline Overview of SS7 Background & History Application to Wireline Networks Generic Architectural Overview Relevant Standards & Protocols

Transition to New Technology Application to Mobile Network Generic Architectural Overview Relevant Standards & Protocols Transition to New Technology (e.g. DIAMETER) and interworking between SS7 and DIAMETER Reported Threats and Risks Unauthorized Access (e.g. masquerading as a Carrier) Wireline Mobility Use of commercially available interception and tracking technologies Example Use Cases Impact CI Sectors Assessment of Reported Threats and Risks Definition of Terms Targeted Assets (e.g. network nodes, network information) 6 Risk Assessment Outline (cont)

Assessment of Reported Threats and Risks (Continued) Threat Vectors & Threat Models Network Impact Services and Information Impact End-User Impact Caller ID spoofing IMSI Catchers Use of commercially available interception and tracking Prioritization/Likelihood/Scope of Threats Current Security Capabilities & Risk Mitigation Scenarios Protections, Detection & Defenses Standards & Practices Tools (e.g. SS7 Firewalls, Gateway Screening, Data Analytics, Network Assessment, Penetration Testing, Reported Security Maps/Services) Network Interconnection Carriers, Aggregators

Global Inter-Carrier Roaming Global Assessment Summary Conclusions Items to consider for Risk Mitigation Recommendations 7 Next Steps and Activities Continue documenting initial Risk Assessment draft Continue weekly conference calls SME Presentations hosted Continue to gather specific threat analysis, current practices and assess risks Leverage industry expertise & standards/forums relevant material Provide updates to Steering Committee and Council 8

Recently Viewed Presentations

  • An Introduction to P.R.o.B.E.

    An Introduction to P.R.o.B.E.

    Summarize Data by Charts Use Excel Use numerous free web resources for tabulating data Available Online Resources Online Action Research (PRBE) Training: School Counseling Program Evaluation A Series of Short Courses that introduce school counselors to the evaluation model, Program...
  • Teacher Preparation - CEEDAR

    Teacher Preparation - CEEDAR

    Teacher Preparation Family Engagement is a Curriculum Objective * * * * * * * * * * * * * Disclaimer This content was produced under U.S. Department of Education, Office of Special Education Programs, Award No. H325A120003. Bonnie...
  • ISYS205 Strategic Uses of Information Systems Fall, 2001 ...

    ISYS205 Strategic Uses of Information Systems Fall, 2001 ...

    ISYS205 Strategic Uses of Information Systems Fall, 2001 Ethical Issues in Information Systems Greg Fulton Anuja Desai Tom Schaeffer Topic #5 Internet privacy (as part of this question, consider the information captured in tracking an individual's digital "identity").
  • Metric Conversions Ladder Method Ladder Method of Converting

    Metric Conversions Ladder Method Ladder Method of Converting

    Metric Conversions Ladder Method KILO 1000 Units HECTO 100 Units DEKA 10 Units DECI 0.1 Unit CENTI 0.01 Unit MILLI 0.001 Unit Meters Liters Grams Ladder Method of Converting Metric Units How do you use the "ladder" method? 1st -...
  • New Right - Education Forum

    New Right - Education Forum

    New Right www.educationforum.co.uk What is the New Right? Aka market liberalism or neo liberalism The New Right can be seen as functionalism with a distinctly political edge NR thinkers such as Murray, Scruton, Johnson, Abbott, Wallace are pro Family, 'pro...
  • Driver's Education Practice Test

    Driver's Education Practice Test

    pull to the right, then slow and stop. ... proceed, go to next intersection, get into the proper lane, signal then turn . make your turn, but be very careful of other traffic. stop, signal your intention, then turn ......
  • Chöông 3. Gd Vaø Söï Phaùt Trieån Nhaân Caùch

    Chöông 3. Gd Vaø Söï Phaùt Trieån Nhaân Caùch

    BÀI 3. GIÁO DỤC VÀ SỰ PHÁT TRIỂN NHÂN CÁCH Mục tiêu giáo dục mầm non: Giúp trẻ em phát triển thể chất, trí tuệ, tình cảm, thẩm mỹ, hình thành những yếu tố đầu tiên của nhân cách, chuẩn...
  • Going for the 3 Increases: Increase in Health, Increase in ...

    Going for the 3 Increases: Increase in Health, Increase in ...

    Times New Roman Arial Wingdings Capsules Nutritional Guidelines Over the Years Going for the 3 Increases: Increase in Health, Increase in Happiness & Increase in Energy 1916 - Caroline Hunt Diet Five Food Groups 1930s - H.K. Stiebeling Diet 12...