International body adopts network security standard

The International Organization for Standardization (ISO) approved last month a comprehensive model that identifies critical requirements to ensure end-to-end network security.

Specifically, the global standards group formally adopted ISO/IEC 18028-2, which defines a standard security architecture and provides a systematic approach to support the planning, design and implementation of information technology networks.

The standard is based on X.805, a framework Bell Labs created several years ago. The International Telecommunication Union (ITU), another standards body, adopted it before ISO.

Rati Thanawala, vice president of Bell Labs’ network planning, performance and economic analysis division, said the new ISO standard provides a consistent methodology for assessing end-to-end network security. She said it also provides a common language among IT network managers, administrators, engineers and security officers to address security with the emergence of new technologies and convergence of networks.

The standard also allows government and private-sector officials to perform cost-benefit analyses and better business continuity planning, Thanawala said.

“If you did have a disaster in communications, what is the impact of that?” she asked. “What is going to happen? It’s coming at a good time right now because right now is a very critical time for looking at security of communications networks.”

Bell Labs created the X.805 standard to ensure end-to-end interoperability and security for communications networks. Previously, it was an area driven by implementing devices, such as firewalls, here and there rather than looking at the issue holistically.

Thanawala said a working group was established about four years ago within ITU to address that issue, and it was then that Bell Labs created the X.805 architecture framework. For example, she said, there are not an infinite number of threats in a communications network, but only five.

“The five threats are how you can destroy information, corrupt information, remove information, disclose information or interrupt information,” she said. “There isn’t a sixth threat. Prior to taking a systemic approach to this, people thought there were an infinite number of threats to networks. But when you really get good subject-matter experts to sit down and start thinking about it, they said there are only five threats.”

Similarly, Thanawala said, there are only eight dimensions of security that must be addressed to prevent the exploitation of vulnerabilities. They include privacy, availability, integrity, communications flow, confidentiality, nonrepudiation, authentication and access control.

There are three security layers – infrastructure, services and applications – and three security planes – management, control and end-user – that represent the types of activities that take place on a network.

“So, basically there are five threats, eight dimensions, three security layers and three planes, and that’s a 72-cell matrix,” Thanawala said. “And that is the entire way of looking at security of any communications network. It could be the Internet. It could be the enterprise system. It could a sole operator.”

She said the standard is critical because communications is vital to many other infrastructures, such as banking and finance, transportation, and power.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group