Creating Trust in Critical Network Infrastructures: Korean Case Study
Introduction to Critical Network Infrastructures
-
Upload
hall-jarvis -
Category
Documents
-
view
32 -
download
3
description
Transcript of Introduction to Critical Network Infrastructures
![Page 1: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/1.jpg)
Introduction to Critical Network Introduction to Critical Network InfrastructuresInfrastructures
2002. 5. 202002. 5. 20
Kijoon ChaeKijoon ChaeEwha Womans UniversityEwha Womans University
![Page 2: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/2.jpg)
2
ContentsContents
Background
Objective
What is CNI?
Network Trends and Vulnerabilities
Current Problems for CNI
Solutions for Security Problems
Other Areas Impacting Infrastructures
Suggestions and Conclusion
![Page 3: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/3.jpg)
3
(4.2)(4.2)(25.3)(25.3)
(181.2)
(157.5)
(171.4)
(Unit(Unit : millions, %): millions, %)
Europe30.12%
Asia/Pacific28.04%
US & Canada35.19%
Middle-East0.91%
Africa0.81%
Latin-America4.93%
(4.6)
527.57544.2
160.0
276.0
407.1
1998 년 1999 년 2000 년 2001 년 2002 년 2 월
(Source: NUA)(Source: NUA)
Worldwide Internet UsersWorldwide Internet Users
![Page 4: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/4.jpg)
4
0
1
2
3
4
5
6
Germany England Netherlands Italy Japan Korea
Germany 105,344 288,191 1,384,361 3,738,732 4,658,764 5,254,281
England 95,151 196,753 807,487 2,506,589 2,977,535 3,295,442
Netherlands 40,000 65,000 160,000 530,000 643,638 702,854
Italy 21,658 45,819 93,279 437,322 569,143 594,452
Japan 33,739 58,549 124,573 234,294 417,013 473,539
Korea 8,045 26,166 207,023 517,354 454,799 465,323
1997 1998 1999 2000 2001.6 2002.1
Number of Domains (Upper 6 countries)Number of Domains (Upper 6 countries)
(Source: KRNIC)(Source: KRNIC)
![Page 5: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/5.jpg)
5
Why is the Internet vulnerable? Why is the Internet vulnerable?
Millions of entry points world-wide
Tens of thousands of interconnected networks
Open systemsculture
Ease of use ofintruder tools
![Page 6: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/6.jpg)
6
What is a Security Vulnerability?What is a Security Vulnerability?
Security Vulnerability : flaw or weakness in a system’s design, implementation or operation that could be exploited to violate the system’s security (RFC 2828)
Threat: action or event to do harm to security
Vulnerability + Threat Risk
![Page 7: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/7.jpg)
7
Protocol VulnerabilitiesProtocol Vulnerabilities
Standards bodies have accepted protocols with serious vulnerabilities.
Security depends on the whole protocol. Protocol vulnerabilities last a long time. Threats change over time. Implicit assumptions are often violated. Application layer protocols also have security vulnerabilities. Inattention to security issues creates vulnerable protocols.
(Source: Dr. Greg Shannon at Lucent Technologies
ITU-T Workshop on Security, Seoul, 13-14 May 2002)
![Page 8: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/8.jpg)
8
ObjectiveObjective
The great variety of vulnerabilities and threats exist on the network.
Most IT-based network infrastructures are not secure. International cooperation is needed to secure CNIs.
Identify the explicit significance of the CNIs Provide possible solutions to resolve CNI security
problems Find methods to collaborate and cooperate among
countries
![Page 9: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/9.jpg)
9
What isWhat is CNI?CNI?
Logical aspect A public or private network that carries information
relevant to national security and safety or information
of high financial value
Physical aspect The whole network or a part of the network that
exchanges information of high significance
![Page 10: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/10.jpg)
10
Network Trends: Internet Network Trends: Internet
The twenty-first century is the era of the Internet.
Internet has been helpful to combine techniques of traditional industry and info-communication.
![Page 11: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/11.jpg)
11
Inefficient communications
High cost and low transmission speeds to end-users
“Bottleneck” impediments to the construction of high-speed
networks
Unfair network access policies
Inefficient network extension
Excessive waiting times
Service with no guarantee of the bandwidth between end
users and QoS for a real-time service
Poor of security provision
Need to develop Next-Generation Internet (NGI)
ProblemsProblems of Internet of Internet
![Page 12: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/12.jpg)
12
Hierarchical Architecture of Internet Hierarchical Architecture of Internet
ISP Network
CarrierNetwork
Backb
on
eNetw
ork
Acces
sNetw
orkData Network
(F/R, X.25)
Optical Network
PSTN/ISDN CATV
LeasedLine
LAN
F/R X.25
PSTN ISDN CableModem
Headend
May cause May cause “Bottlenecks”“Bottlenecks”
![Page 13: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/13.jpg)
13
Next Generation InternetNext Generation Internet
Resolve today’s Internet problems
Adjust to changes in demand as society becomes more information-oriented
Present potential solutions to the problems of network congestion, service delay, lack of addresses, expensive charges, etc.
Support multimedia and mobile services of a high speed and performance with guaranteed qualities
![Page 14: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/14.jpg)
14
NGI (United States)NGI (United States)
![Page 15: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/15.jpg)
15
NGI (Canada: NGI (Canada: CANARIE)CANARIE)
![Page 16: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/16.jpg)
16
Hierarchical Architecture of NGIHierarchical Architecture of NGI
Next Generation Internet Network(High-Speed Network)
TAPAPAN-SG
TAP
TEN-155
TAP vBNS
Star-TAP
CA*net2
TAP
APAN-JP
TAP
NAP NAP
Regional ISP ARegional ISP B
Regional ISP C
Giga-POP Giga-POP
CampusNetwork
CustomerNetwork
CustomerNetwork
Backbone(High-Speed Network)
![Page 17: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/17.jpg)
17
SecuritySecurity of Internet / NGI of Internet / NGI
Security services are applied to individual systems, networks of a particular nation.
Necessary to apply security system at the intermediate access point
Interoperability among individual security systems should be provided.
Secure network techniques should be introduced.
![Page 18: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/18.jpg)
18
Mobile CommunicationMobile Communication
Anywhere, anytime, anyplace communication systems Next-generation mobile systems foresee the convergence of mobile,
fixed and IP networks towards future high-speed services. International Trends of Mobile Systems
Evolved from the 1st generation to the 2nd generation (2G) • From analogue to digital system• Provide better quality and higher capacity at a lower cost• 2G (CDMA, GSM, TDMA)
2.5G system• HDR, GPRS, EDGE
The 3rd generation (3G) system• Called IMT-2000 or FPLMTS• Integrated applications and services
o multimedia messaging, infotainment, location-based services, etc,.• cdma2000, W-CDMA
The 4th generation (4G) system• Various internetworking and integrating technologies • IP and high-speed packet wireless transmission• Provide mobile multimedia services over tens of Mbps at low cost
![Page 19: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/19.jpg)
19
From 2G to 3G mobile systemsFrom 2G to 3G mobile systems
CDMA
GSM
TDMA
HDR
GPRS
EDGE
Cdma2000 1x
cdma2000
W-CDMA
2G 2001-2002
2000-2001
2002-2003
2003-2005
384 kbps
1.8-2.4 mbps
115 kbps
2 mbps?
2 mbps?
EDGE: Enhanced Data GSM EnvironmentGPRS: General Packet Radio ServiceHDR: High Data RateCdma2000 1x: Code Division Multiple Access 2000
CDMA
GSM
TDMA
HDR
GPRS
EDGE
Cdma2000 1x
cdma2000
W-CDMA
2G 2001-2002
2000-2001
2002-2003
2003-2005
384 kbps
1.8-2.4 mbps
115 kbps
2 mbps?
2 mbps?
EDGE: Enhanced Data GSM EnvironmentGPRS: General Packet Radio ServiceHDR: High Data RateCdma2000 1x: Code Division Multiple Access 2000
Source:Source: ITU IMT-2000 and Beyond Study Group. ITU IMT-2000 and Beyond Study Group.
![Page 20: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/20.jpg)
20
Mobile Communication TechnologiesMobile Communication Technologies
Migrate mobile traffic onto an all-IP network
IP is scalable and can tolerate a variety of radio protocols. Translate into enhanced data transmission services for
Internet-enabled devices Stimulate the innovation of diversified services for
consumers More flexible for application development than current
networks Support a wide array of access technologies
• 802.11b, W-CDMA, Bluetooth, HyperLAN, etc.
![Page 21: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/21.jpg)
21
Mobile and fixed-line users worldwideMobile and fixed-line users worldwide
By the end of 2001, almost one in every six of the world’s inhabitants had a mobile phone. During 2002, mobile subscribers will overtake the number of fixed lines worldwide.
0
200
400
600
800
1,000
1,200
1992 1993 1994 1995 1996 1997 1998 1999 2000 2001
World MobileSubscribers(millions)
World's Fixed Lines(millions)
Source:Source: ITU World Telecommunication Indicators Database. ITU World Telecommunication Indicators Database.
![Page 22: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/22.jpg)
22
Vulnerability on Mobile SystemsVulnerability on Mobile Systems
Data stores and data transmissions are becoming increasingly vulnerable to interception, hacking and viruses.
The main vulnerabilities occur at the translation point between the wireless protocols and the wireline (fixed) protocols.
Strong authentication procedures are required to prevent security breaches. WAP (Wireless Application Protocol) 2.0 protocol
• Ericsson, Motorola, Nokia, and Unetworkired Planet organized WAP Forum.• Employs WTLS (Wireless Transport Layer Security)
I-mode • Developed by NTT DoCoMo • Employs SSL communication just between I-mode gateway and server
![Page 23: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/23.jpg)
23
WAP Protocol StackWAP Protocol Stack
HTMLJavaScript
HTTP
TLS - SSL
TCP/IPUDP/IP
WML Script•Virtual Machine•Standard Library
WAPContent
Type
WML Microbrowser
WTA Interface
Application Layer ( WAE )
Session Layer ( WSP )
Transaction Layer ( WTP )
Security Layer ( WTLS )
Transport Layer ( WDP )
Bearers
GSM IS-136 CDMA PHS CDPD IMT-2000 UMTS Etc.
Other Services&
Application
Source : WAP Forum, http://www.wapforum.org
![Page 24: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/24.jpg)
24
WTLS Protocol StackWTLS Protocol Stack
Transaction Protocol ( WTP ) or Applications
Hand ShakeProtocol
AlertProtocol
ApplicationProtocol
Change CipherSpec Protocol
Record Protocol
Datagram Protocol ( WDP / UDP )
Bearer Networks
WTLS
Source : WAP Forum, http://www.wapforum.org
![Page 25: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/25.jpg)
25
Vulnerability of Wireless Internet ServiceVulnerability of Wireless Internet Service
WML
WML-Script
WTAI
TCP/IPUDP/IP
Etc.
Client
WML Decks With WML- Script
Web Server
CGIScript.
Etc.
Content
WSP / WTP HTTP
Data Transfer
WML Encoder
WML Script Compiler
Protocol Adapters
WAP Gateway
DataDataExposureExposure
End–to–end communication is not secure !!!
Attacker
![Page 26: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/26.jpg)
26
Transaction SecurityTransaction Security
In relation to transaction security, the privacy firm Meconomy makes the following
recommendations:
1. The use of an open platform for devices, in order to enable users to apply their own privacy and security technologies
1. Separation of personal identifiers from transactional data, to increase privacy and security.
1. Use of data collected for a transaction should be limited to the specific transaction in question.
![Page 27: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/27.jpg)
27
Satellite Communication ServiceSatellite Communication Service
Fixed Fixed Satellite ServiceSatellite Service
(FSS)(FSS)
Broadcasting Broadcasting Satellite ServiceSatellite Service
(BSS)(BSS)
Mobile Mobile Satellite ServiceSatellite Service
(MSS)(MSS)
Local Local Satellite ServiceSatellite Service
(EUTELSAT, PANAMSAT)(EUTELSAT, PANAMSAT)
International International Satellite ServiceSatellite Service
(INTELSAT, INMARSAT)(INTELSAT, INMARSAT)
National National Satellite ServiceSatellite Service(KOREASAT, BS)(KOREASAT, BS)
![Page 28: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/28.jpg)
28
Satellite Communication ServicesSatellite Communication Services
Low-speed data communication Long-distance telephone transmission International TV broadcasting services
High-speed data communicationSatellite ISDN serviceSatellite mobile communicationHigh quality of broadcastingLow costs
Traditional ServicesTraditional ServicesTraditional ServicesTraditional Services
Enhanced ServicesEnhanced ServicesEnhanced ServicesEnhanced Services
![Page 29: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/29.jpg)
29
1,000km above the groundCommunication anywhere in the worldMobile Internete.g. Iridium, Globalstar, INMARSAT’s IOC plan
36,000km above the ground 270msec delayInternational callsBroadcasting servicesTrans-ocean, land, aeronaut communicatione.g. INTELSAT
Types of Satellite CommunicationTypes of Satellite Communication
Geostationary SatelliteGeostationary SatelliteGeostationary SatelliteGeostationary Satellite
LEO-SatelliteLEO-SatelliteLEO-SatelliteLEO-Satellite
![Page 30: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/30.jpg)
30
Echo resulting from Echo resulting from physical distance ! physical distance !
Abuse Abuse confidential data ! confidential data !
Difficult to repair! Difficult to repair!
Intentional Intentional communication communication
jamming ! jamming !
VulnerabilityVulnerability
Vulnerabilities on Satellite CommunicationVulnerabilities on Satellite Communication
![Page 31: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/31.jpg)
31
Current Problems associated withCurrent Problems associated with CNICNI
As networks become more global, more and more people have access to critical data.
Networks involved in CNI are vulnerable to many dangerous threats: Physical damages on the infrastructure by natural factors or
unintentional troublese.g. Natural disaster, power outage, network failure, etc.
Security factors in network systems operating the infrastructure e.g. Unauthorized access, intrusions, network disruptions,
malicious software, etc. Attacks through weak points in network components such as
operating systems, routers, switches, name servers, etc.
Developing policies and technologies to resolve the problems and enhance confidence for CNI is required.
![Page 32: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/32.jpg)
32
Power AttackPower Attack
Virtual Server
Remote Backup System
Server
UPS
PowerCrash
Virtual Power Supply
Power
![Page 33: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/33.jpg)
33
Number of Incidents ReportedNumber of Incidents Reported
1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001
3,734
52,658
21,756
9,859
1322,1342,5732,4122,3401,334773252 4066
year
incidents
Source : CERT (http://www.cert.org/)
![Page 34: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/34.jpg)
34
Solutions for Security ProblemsSolutions for Security Problems
Reasons for CNI security to become a significant issue
data protection, economic dependency, national security, e-commerce, etc.
Need for international cooperation for CNI security Resolving CNI security problems is an urgent priority. Grades of security capability vary greatly between different
networks. No common policy or system to guarantee reliability Since IT industries evolve very fast, CNIs cannot be secured
indefinitely using existing security tools. Major types of policy
Providing systematic legal solutions Awareness-raising regarding the necessity of CNI security
![Page 35: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/35.jpg)
35
Security Schemes & Policies for CNI(1/2)Security Schemes & Policies for CNI(1/2)
Building a theoretical framework for understanding and predicting the nature of the CNI securities and
their effects as a whole
Developing the capability to model and simulate in real time the behavior of the CNI by developing an
architecture and related enabling technologies
Developing a set of quantitative metrics for measuring the scale of impacts of CNI disruptions
Developing new technologies and techniques to contain, mitigate, and defend against the effects of
CNI disruptions
![Page 36: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/36.jpg)
36
Security Schemes & Policies for CNI(2/2)Security Schemes & Policies for CNI(2/2)
Developing capabilities to adequately and realistically test new methodologies, techniques, andtechnologies.
Defining a set of tasks for further work on specific CNI policy issues that could be analyzed using tools and methodologies.
Developing the ability to characterize and incorporate new critical infrastructures into the models and methodologies as such infrastructures develop.
![Page 37: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/37.jpg)
37
Security ServicesSecurity Services
A B
Interruption
AVAILABILITY
Masquerade
A BX
AUTHENTICATION
Revocation
A BX
Non - REPUDIATION
INTEGRITY
Modification
AX
B
CONFIDENTIALITY
Interception
B
X
A
![Page 38: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/38.jpg)
38
ABILITY
CONFIDENTIALITY
INTEGRITY
AUTHENTICATION
NON -REPUDIATION
AVAL
Security ServicesSecurity Services
![Page 39: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/39.jpg)
39
Network Security ModelNetwork Security Model
TrustedThird party
(e.g. arbiter, distributerof secret information)
Principal Principal
Message Message
Secretinformation
Secretinformation
Security-relatedtransformation
Security-relatedtransformation
Opponent
Informationchannel
![Page 40: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/40.jpg)
40
Cooperation Mechanisms for CNICooperation Mechanisms for CNI
Scopes of CNI concerns
National scope Concern the main security or government network in a
particular nation Considered impossible to ensure the security of important
data or strategic functions of a nation on the public Internet A separate network is required.
US Govnet Independent government administrative network that is planned
to be a private voice and data network based on the IP protocol But, with no connectivity to commercial or public networks Must perform functions with no risk of penetration or disruption
from users on other networks
![Page 41: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/41.jpg)
41
Cooperation Mechanisms for CNICooperation Mechanisms for CNI
International scope Mainly focus on trade and financial networks
over the world SWIFT
Global data communication systemOperate for the exchange financial information among
international banks for many years
EDI (Electronic Data Interchange) Allow the easy processing of customs documents in
the trading world
![Page 42: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/42.jpg)
42
Cooperation Mechanisms for CNICooperation Mechanisms for CNI
Need of international cooperation for CNI Security problems of International network increase. Although a network of a particular nation may provide a high
degree of reliability or security, the security of total networks may still depend on lower level’s interconnected networks.
In spite of the fact that cooperation for CNI security on the international level is regarded as essential, few of the existing international CNI security systems have been standardized.
International standard organizations, such as ITU, could play an important role in standardizing policies and technologies for CNI security.
![Page 43: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/43.jpg)
43
Cooperation Mechanisms for CNICooperation Mechanisms for CNI
International cooperation for CNI security OECD (Organization for Economic Co-operation and Development)
Security guidelines recommend a policy that limits its member from individual data distribution processes when a particular member is not equipped with a security system at the “same” level as that of other members.
EU Cooperate with US to improve the security of critical infrastructures, Made all possible research efforts on CERTs (Computer Emergency
Response Teams)
EC Cooperate with G8, OECD, UN, etc.
Global Business Dialogue on E-Commerce / Global Internet Project Forums for discussion about security problems between private sector
players with regard to e-commerce
![Page 44: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/44.jpg)
44
Other Areas Impacting InfrastructureOther Areas Impacting Infrastructure
Possible constructive steps to protect CNI from other networks:
Complete separation of CNI from other network areas US Govnet, CIA, Pentagon, Korean Military Networks Advantage : maximize the security of critical data Disadvantage : limitation to user access depending on the
location and situation
Heightened security for other network areas related to CNI CNI co-exists with the Internet or is interconnected with other
networks for optimal data access. Impossible to set up separate networks for every CNI Ensure further security by applying security policies and
technologies at access point level or end-to-end level
![Page 45: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/45.jpg)
45
Suggested Principles to Enhance Trust in CNISuggested Principles to Enhance Trust in CNI
Establish detailed standards to distinguish between CNIs and non-CNIs
Classify CNI infrastructures, analyzing those CNI systems in operation in order to understand their status and to assign them to a particular category
Analyse the vulnerable aspects in CNIs by category and prepare possible steps to enhance security for each category
Legislate an internationally certified warranty policy for CNI security and establish a specific standard for the security being applied for particular CNIs in order to guarantee a certain lever of service for users
![Page 46: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/46.jpg)
46
Suggestions for Possible Role by the ITUSuggestions for Possible Role by the ITU
Establish security management standards at the international level in order to apply general security principles for CNI
Establish standards for security policies and technologies in order to guarantee the reliable and efficient operation of networks, both for independent and interconnected CNIs
Identify examples of CNI best practice
![Page 47: Introduction to Critical Network Infrastructures](https://reader035.fdocuments.us/reader035/viewer/2022062720/568134f5550346895d9c3d1d/html5/thumbnails/47.jpg)
47
ConclusionConclusion
CNI is a public or private network that carries information relevant to national security and safety or information of high financial value.
Roughly classified into two categories: Completely independent and separate Connected to other networks
There is a lack of awareness of CNIs, a lack of investment in CNI security and a lack of standardization.
It is urgent that common security issues be analyzed, and solutions be developed through international support and cooperation.