International body adopts network security standard

The International Organization for Standardization (ISO) approved last month a comprehensive model that identifies critical requirements to ensure end-to-end network security.

Specifically, the global standards group formally adopted ISO/IEC 18028-2, which defines a standard security architecture and provides a systematic approach to support the planning, design and implementation of information technology networks.

The standard is based on X.805, a framework Bell Labs created several years ago. The International Telecommunication Union (ITU), another standards body, adopted it before ISO.

Rati Thanawala, vice president of Bell Labs’ network planning, performance and economic analysis division, said the new ISO standard provides a consistent methodology for assessing end-to-end network security. She said it also provides a common language among IT network managers, administrators, engineers and security officers to address security with the emergence of new technologies and convergence of networks.

The standard also allows government and private-sector officials to perform cost-benefit analyses and better business continuity planning, Thanawala said.

“If you did have a disaster in communications, what is the impact of that?” she asked. “What is going to happen? It’s coming at a good time right now because right now is a very critical time for looking at security of communications networks.”

Bell Labs created the X.805 standard to ensure end-to-end interoperability and security for communications networks. Previously, it was an area driven by implementing devices, such as firewalls, here and there rather than looking at the issue holistically.

Thanawala said a working group was established about four years ago within ITU to address that issue, and it was then that Bell Labs created the X.805 architecture framework. For example, she said, there are not an infinite number of threats in a communications network, but only five.

“The five threats are how you can destroy information, corrupt information, remove information, disclose information or interrupt information,” she said. “There isn’t a sixth threat. Prior to taking a systemic approach to this, people thought there were an infinite number of threats to networks. But when you really get good subject-matter experts to sit down and start thinking about it, they said there are only five threats.”

Similarly, Thanawala said, there are only eight dimensions of security that must be addressed to prevent the exploitation of vulnerabilities. They include privacy, availability, integrity, communications flow, confidentiality, nonrepudiation, authentication and access control.

There are three security layers – infrastructure, services and applications – and three security planes – management, control and end-user – that represent the types of activities that take place on a network.

“So, basically there are five threats, eight dimensions, three security layers and three planes, and that’s a 72-cell matrix,” Thanawala said. “And that is the entire way of looking at security of any communications network. It could be the Internet. It could be the enterprise system. It could a sole operator.”

She said the standard is critical because communications is vital to many other infrastructures, such as banking and finance, transportation, and power.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.