1、 ETSI TR 103 369 V1.1.1 (2016-07) CYBER; Design requirements ecosystem TECHNICAL REPORT ETSI ETSI TR 103 369 V1.1.1 (2016-07) 2 Reference DTR/CYBER-0011 Keywords cyber security, secure by default ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 9
2、3 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/
3、or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print
4、 of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at
5、https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means
6、, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. Europe
7、an Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partner
8、s. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 103 369 V1.1.1 (2016-07) 3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g3Executive summary 5g3Introduction 5g31 Scope 6g32 References 6g32.1 Normative references . 6g
9、32.2 Informative references 6g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 A “by design“ ecosystem 7g34.0 Description . 7g34.1 Availability . 7g34.1.0 Availability generally . 7g34.1.1 Public services 7g34.1.2 Specific resilience and survivability requirements .
10、7g34.1.3 Bandwidth non-discrimination 7g34.1.4 Outage reporting . 7g34.2 Emergency and public safety communication 8g34.2.0 Emergency and public safety communication generally . 8g34.2.1 Authority to many . 8g34.2.2 One to authority 8g34.2.3 Access/prioritization during emergency . 8g34.2.4 Device d
11、iscovery/disablement 8g34.3 Lawful interception 8g34.3.0 Lawful interception generally . 8g34.3.1 Signalling 9g34.3.2 Metadata analysis 9g34.3.3 Content 9g34.4 Retained data 9g34.4.0 Retained data generally . 9g34.4.1 Criminal investigative . 9g34.4.2 Civil investigative/eDiscovery 9g34.4.3 Complian
12、ce, contractual requirements and business auditing 9g34.5 Identity management 9g34.5.0 Identify management generally. 9g34.5.1 Access identity 10g34.5.2 Communicating or process party identity . 10g34.5.3 Communicating or process party blocking . 10g34.6 Cyber Security 10g34.6.0 Cyber security gener
13、ally . 10g34.6.1 Defensive measures 10g34.6.2 Structured threat information exchange 10g34.7 Personally Identifiable Information protection (Privacy) . 10g34.8 Content control . 10g34.8.0 Content control generally 10g34.8.1 Intellectual Property Rights 10g34.8.2 Societal or organization norms . 11g3
14、4.8.3 Privacy 11g34.9 Operations control 11g34.9.0 Operations control generally . 11g3ETSI ETSI TR 103 369 V1.1.1 (2016-07) 4 4.9.1 Emissions controls 11g34.9.2 Equipment characteristics . 11g34.10 Support for persons with disabilities 11g34.11 Network Management 11g34.11.0 Network management genera
15、lly . 11g34.11.1 Traffic management 12g34.11.2 Device management 12g34.11.3 Charging and Billing . 12g35 Synergies and conflicts among design requirements 12g3History 13g3ETSI ETSI TR 103 369 V1.1.1 (2016-07) 5 Intellectual Property Rights IPRs essential or potentially essential to the present docum
16、ent may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of
17、ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other I
18、PRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Cyber Security (CYBER). Modal verbs terminology In the present docum
19、ent “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct cit
20、ation. Executive summary The present document provides a high level structured ecosystem of multiple “by-design“ requirements that are related to security and may be applicable to communication and IT networks and attached devices. All such networks and devices whether for public or private infrastr
21、ucture use, are commonly subject to eleven kinds of obligations - imposed by regulation, contract, exposure to liabilities, societal expectation, or business necessity. At a more granular level, there are even more than the eleven. Those engineering and operating the networks and devices are expecte
22、d to instantiate the capabilities for these obligations “by design“. The present document is not intended to provide design details. It simply enumerates the eleven obligations as a kind of ontology and identifies where there may be synergies or conflicts among the design requirements, and provides
23、a bibliography of reference information. Introduction Communication and IT networks in their most elementary form, consist of some network attached device used to exchange or receive information from some arbitrary set of other attached devices that generally packaged as services provided to user cu
24、stomers. Whether for physical or virtual capability instantiations, some design processes occur that are governed by requirements that allow those capabilities to meet expectations. There are innumerable engineering methods, technical standards, and law that guide and govern this activity. When all
25、of this guidance and governance is distilled, there emerge a set of recurring common capabilities that embedded “by design.“ They are there for users or operators to make use of as a function of the conditions and context of the devices and services. Indeed, the term “by design“ itself has been used
26、 in recent years to describe specific capabilities - perhaps the most notable being “privacy by design“. It is also common throughout the world for public networks and devices to institute lawful inception or retained data capabilities by design. The ever growing enormous complexity of devices, soft
27、ware, and networks has resulted in exponential increases in exploited vulnerabilities that in turn has necessitated cyber security by design. When the recursive process of identifying all of these “by design“ is undertaken, it appears there are ten of them with various sub-variants that emerge. Thes
28、e are enumerated and described here together with noting the synergies or conflicts that may exist among some of them. ETSI ETSI TR 103 369 V1.1.1 (2016-07) 6 1 Scope The present document provides a high level structured ecosystem of security design requirements that may be applicable to communicati
29、on and IT networks and attached devices. It identifies where there may be synergies or conflicts among the design requirements, and provides a bibliography of reference information. 2 References 2.1 Normative references Normative references are not applicable in the present document. 2.2 Informative
30、 references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) appli
31、es. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject
32、area. i.1 Directive of the European Parliament and of the Council concerning measures with a view to achieving for a high common level of security of network and information security systems across the Union, Brussels, 18 December 2015. i.2 CPNI: “Threat Intelligence: Collecting, Analysing, Evaluati
33、ng,“ Center for the Protection of National Infrastructure. NOTE: Available at https:/www.cpni.gov.uk/Documents/Publications/2015/23-March-2015-MWR_Threat_Intelligence_whitepaper-2015.pdf. i.3 ETSI TR 103 305: “CYBER; Critical Security Controls for Effective Cyber Defence“. 3 Definitions and abbrevia
34、tions 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: by design: instantiation of an explicit technical or operational capability in a device, network or service offering 3.2 Abbreviations For the purposes of the present document, the following ab
35、breviations apply: ICT Information and Communications Technology IT Information Technology ETSI ETSI TR 103 369 V1.1.1 (2016-07) 7 4 A “by design“ ecosystem 4.0 Description It is common today for those focussing on various specialities to independently describe a development or societal need or regu
36、latory mandate as a “design for“ construct imposed on developers and operators of communication and IT infrastructures. This piecemeal approach, however, ultimately leads to the obvious questions: what exactly are all the various requirements, how are they manifested as network capabilities, and wha
37、t are the synergies or conflicts among them. The result is a kind of competition among all the “by design“ that should be harmonized in order to design and operate real world networks and associated equipment and services at reasonable cost. Cyber security is among these requirements, and threaded t
38、hrough most other “by design“ attributes. 4.1 Availability 4.1.0 Availability generally Perhaps the most basic of all “by design“ requirements is that of availability. Users of all kinds that make use of a device, network or service expect it to be functioning and available to meet their desired nee
39、ds. That desired level of availability is often effected through various diverse legal mechanisms such as combinations of service level agreements, implied warranties, or regulatory requirements. 4.1.1 Public services Some network infrastructures and services are either owned by governmental bodies
40、or designated as “public“ or “universal“ pursuant to national regulatory or treaty requirements. Such networks and services may also be regarded as essential or critical and include a wide array of financial system, public utility, or industrial control uses (i.1 and i.2). As a result, they may by g
41、overnment contract or law be deployed or subsidized so as to meet “by design,“ various availability requirements that may include, for example, underserved or rural areas. 4.1.2 Specific resilience and survivability requirements An additional subset of public or private networks and services may als
42、o be subject to specific resilience and survivability design requirements - especially during national or local emergencies. These kinds of requirements often require an array of device level designs (e.g. special aerospace or military grade components and testing), multiple redundant systems, backu
43、p, failure isolation capabilities, elimination of any single-point failure components for failsafe purposes. Such requirements may include access and prioritization for authenticated users identified in conjunction with emergency and public safety communication in clause 4.2.3. 4.1.3 Bandwidth non-d
44、iscrimination Certain infrastructures and services - particularly where anticompetitive or “bottleneck“ concerns may exist or public resources such as rights-of-way or radio spectrum - may be designated as “common carrier“ and subject to design and operational constraints such as controls on bandwid
45、th management. So-called “network neutrality“ requirements are a prominent contemporary example. 4.1.4 Outage reporting Certain infrastructures and services may be subject to outage auditing and reporting requirements that require additional capabilities by design. These services typically include p
46、ublic networks and services, or private ones that are subject to additional contractual requirements concerning availability. ETSI ETSI TR 103 369 V1.1.1 (2016-07) 8 4.2 Emergency and public safety communication 4.2.0 Emergency and public safety communication generally Emergency and public safety co
47、mmunication requirements typically enjoy the highest of “by design“ priorities. These capabilities support an array of critical national police, fire protection, and emergency management needs at all levels from local to global. 4.2.1 Authority to many During public or even individual emergencies, a
48、t local, national, or international levels, a highly important need exists to reach different arrays of individuals through any available electronic communications. Tsunami warning capabilities have become prominent several years ago as global disaster conditions unfolded. Such needs vary from that
49、breadth of users to national and city levels, down to local roadways for a wide array of circumstances that may include an impending natural disaster, a major accident, or even an abducted child or a disoriented elderly person. The design requirements include diverse structured information formats, interworking, authentication, and delivery methods including effective human interface requirements. 4.2.2 One to authority The inverse of the authority to many design requirement occurs when an individual much reach local emergency departments for medical, police, or fir
