Enhancing Hardware and Software Security Practices

Enhancing Hardware and Software Security Practices
Slide Note
Embed
Share

Develop recommendations for enhancing security of hardware and software in public communications networks. Establish voluntary mechanisms to demonstrate success of best practices and recommendations.

  • Security
  • Hardware
  • Software
  • Best Practices
  • Communications
sard857
sard857 Follow

Uploaded on Mar 17, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Working Group 6: Secure Hardware and Software Security by Design Deliverable 2 Status Update June 22, 2016 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair (ACT | The App Association)

  2. WG 6 Objectives Develop recommendations and best practices to enhance the security of hardware and software in the core public communications network Develop voluntary mechanisms to demonstrate success of recommendations/best practices 2

  3. WG 6 Deliverables March 2016 Security best practices recommendations September 2016 Recommend voluntary attestation framework 3

  4. WG 6 Members FN LN Organization FN LN Organization FN LN Organization Kazu Gomi Leslie Krigstein CHIME CBS (Working Group 6 Co- Chair) Joel Molinoff Kimura Masato Michael O Reirdan NTT America ACT | The App Association (Working Group 6 Co-Chair) Glen Pirrotta Comcast Cable Shinichi Yokohama Brian Scarpelli Kallol Ray Franck Journoud Oracle Jon Amis Dell Steven McKinnon FCC (Working Group 6 Liaisons) Richard Perlotto Shadow Server Emily Talaga Gabriel Martinez DHS NPPD Patrick Koethe Sprint Andy Ellis Jeff Greene Symantec Akamai Alex Gerdenitsch Michael Stone Chris Roosenraad EchoStar Time Warner Cable Chris Boyer AT&T Jennifer Manner Joe Viens Brian Daly Bill Olson GSA ATIS (AT&T) (Cisco) Darren Kress T-Mobile Peter Allor IBM Mike Geller Michelle Rosenthal Ethan Lucarelli Wiley Rein (Iridium) Jamie Brown CA Technologies Robert Mayer USTelecom Association James Bean Juniper Networks Tom Soroka Steve Goeringer Cable Labs Mercatus Center at George Mason University Nadya Bartol Utilities Telecom Council Eli Dourado Rob Covolo CenturyLink Al Tomofu mi Bolivar Stacy Hartman Angela McKay Microsoft Verisign Okubo Matt Tooley NCTA Kevin Beaudry Charter Jon Boyens NIST Heath McGinnis Spears- Dean Verizon VITA/ National Association of State 911 Administrators Mike Geller Bryanna Evans Dorothy Meyers- McDonald Lisa Cisco Andrew McGee Nokia Peter Ruffo ZTE USA Rao Vasireddy Eric Wenger 4

  5. Brief Background Recognizing the advantages of building security in to hardware and software (rather than retrofitting), FCC has urged industry to examine security by design practices for core network equipment CSRIC IV s WG 4 Final Report, Cybersecurity Risk Management and Best Practices, provides baseline/model for approach Deliverable 1 approved by full CSRIC on March 16 (best practices for service providers seeking to manage cybersecurity risks associated with technology obtained from third party vendors, suppliers, and/or integrators for use in their core networks using NIST Cybersecurity Framework). 5

  6. Report 1 Findings Function & Categories Sample NIST CSF Subcategories Best Practice IDENTIFY ID.GV ID.RA ID.GV-1, ID.GV-4, ID.RA-1, ID- RA.3, ID.RA-5, ID.RA-6. PR.IP- 1, 2,3,4,6,9, 12 Governance, Risk Assessment and Risk Management. Ensure that suppliers have an organizational security policy that governs design, development, and production of the products and services. Access Controls. Ensure that suppliers limit access to (1) assets and associated facilities used to design, develop, and produce applicable solutions, and (2) the products and services, to authorized users, processes and devices and limit access to only authorized activities and transactions. PROTECT PR.AC PR.AC-1, PR.AC-2, PR.AC-3, PR.AC-4, PR.AC-5 PROTECT PR.DS Data Security. Ensure that product/service information and records (data) are managed to protect and ensure the confidentiality, integrity and availability of information. PR.DS-1, PR.DS-2, PR.DS-5, PR.DS-6, PR.DS-7 PROTECT PR.MA Maintenance. Ensure that suppliers have in place mechanisms for (1) product/service maintenance and repair and (2) secure remote maintenance. PR.MA-1,2 PROTECT PR.PT Protective Technology.Ensure that supplier s relevant information resources are sufficiently hardened. PR.PT-1, 2,3,4 DETECT DE.AE Anomalies and Event Detection. Ensure that (1) supplier has tools in place to detect anomalies and events and (2) such events are analyzed to understand attack targets and methods. DE.AE-2, 4 DETECT DE.CM Security Continuous Monitoring. Ensure that supplier information system and assets relevant to products and services are monitored to identify events and verify the effectiveness of cybersecurity measures. DE.CM-1,2,4,5,7 DETECT DE.DP Detection Processes. Ensure that suppliers have in place detection processes and procedures for identifying security events that may impact products and services. DE.DP-4 RESPOND RS.RP RS.CO Response Planning and Communications. Ensure that supplier has in place a process to remediate product/service security vulnerabilities to detected events and that responses are coordinated externally. RS.RP-1, RS.CO-4 RESPOND RS.AN RS.MI Analysis and Mitigation. Ensure that supplier is conducting analysis to ensure adequate response and support recovery activities relevant to products and services. RS.AN-1,2,3 RS.MI-1,2 Recovery Planning. Ensure that suppliers have in place recovery processes and procedures covering the products and services that can be executed and maintained to ensure the timely restoration of relevant systems and assets affected by cybersecurity events. RECOVER RC.RP RC.RP-1 6

  7. Deliverable 2: Voluntary Assurances WG 6 has aggregated existing assurance efforts connected to standards/best practices as a resource Have received/are planning presentations on existing assurance efforts connected to standards/best practices Holding bi-weekly calls Held in-person meeting on June 22 (AM) 7

  8. WG 6 Schedule PHASE 1: Define Objectives, Scope, & Methodology PHASE 2: Analysis & Determine Findings PHASE 3: Conclusions & Recommendations : Deliverable Adopted by Full CSRIC 5 8

  9. Next Steps Work to find consensus on voluntary assurances for 2nd deliverable Continue bi-weekly conference calls Provide periodic status updates to Steering Committee and Council On schedule to complete report in time for September 2016 full CSRIC meeting 9

Related


Computer Organization and Architecture

Computer Organization and Architecture

alexei
IT Support Services

IT Support Services

theodora
Overview of Computer Hardware Components and Software Functions

Overview of Computer Hardware Components and Software Functions

ainhoa
Diploma in Hardware & Networking: Upgrade Your IT Skills

Diploma in Hardware & Networking: Upgrade Your IT Skills

melia
Software Processes and Models

Software Processes and Models

fatima
Anatomy of a Computer System: Hardware Components and Functions

Anatomy of a Computer System: Hardware Components and Functions

alaiya
Computer Hardware Components

Computer Hardware Components

kasper
Software Measurement and Metrics in Software Engineering

Software Measurement and Metrics in Software Engineering

asmodeus
Software Security Principles and Practices: Enhancing Program Code Security

Software Security Principles and Practices: Enhancing Program Code Security

abcde
Overview of Fly and Trajectory Scans in Data Acquisition

Overview of Fly and Trajectory Scans in Data Acquisition

ciha
Introduction to Software Defined Radio (SDR) by Sandesh K.A.

Introduction to Software Defined Radio (SDR) by Sandesh K.A.

ziy_bre
Hardware Security and Trusted Platform Module Overview

Hardware Security and Trusted Platform Module Overview

till_ace
Secure Software Development Best Practices

Secure Software Development Best Practices

aaroc
Factors Influencing Adoption of Security Tools in Software Development

Factors Influencing Adoption of Security Tools in Software Development

thackery
Training Day & Workshops: Software and Hardware Insights by Andreas Grondoudis

Training Day & Workshops: Software and Hardware Insights by Andreas Grondoudis

mumpower_z
Enhancing Hardware and Software Security in Public Communications Networks

Enhancing Hardware and Software Security in Public Communications Networks

lena_rie
Architectural Hardware Support for Operating Systems in ECE344 Lecture

Architectural Hardware Support for Operating Systems in ECE344 Lecture

lashawnd
Insights from NATO Software Engineering Conferences and The Software Crisis of the Seventies

Insights from NATO Software Engineering Conferences and The Software Crisis of the Seventies

kush_51
Hardware-Software Codesign Course Details

Hardware-Software Codesign Course Details

shen970
Basics of Software, Hardware, and Computer Components

Basics of Software, Hardware, and Computer Components

ssav
Hardware/Software Co-design in System-Level Design and Automation

Hardware/Software Co-design in System-Level Design and Automation

sart428
The Essence of Software Development Process

The Essence of Software Development Process

katiely

More Related Content