As networks are considered critical infrastructure, governments also have the responsibility to ensure that they remain secure. Government bodies across Asia Pacific, such as the Australian Department of Broadband, Communications and the Digital Economy, and the Infocomm Development Authority in Singapore have already set programmes in place to ensure the management of network securities within their respective borders. Similarly, service providers around the world are also working closely with government organisations to ensure best practices are in place.
One such example is leading Australian telecommunications and information services company, Telstra which has invested significant resources driving and adopting industry standards. Telstra works closely with the defence industry and organisations such as TM Forum, a global non-profit industry association focused on simplifying the complexity of running a service provider's business organisation, to develop standards and best practices which give service providers the necessary tools to build secure networks while maintaining a competitive edge in the market.
Standards for Security
Industry-wide standards are important to ensuring the consistency of network operation for service providers, and guiding suppliers towards developing solutions that ensure tighter security and reduce potential attacks. And standards done well benefit both customers and suppliers. From the customer's point of view, they reduce maintenance costs and disruption, make development easier, reduce risk and improve quality. They also ensure a broader skill base is available, leverage economies across whole systems (including ecosystems), create flexibility and prevent vendor lock-in. In addition, they provide a platform for innovation and integration, and can speed mass-market adoption, release effort to innovate afresh and prolong the life of data and systems.
But not all "standards" are created equal. Service providers and suppliers should watch for the characteristics of a good standard, which include: it is adopted and will be maintained by a not-for profit organisation; ongoing development occurs on the basis of an open decision-making procedure available to all interested parties; the standard has been published and the specification document is available for access, use, copy and distribution either freely or at a nominal charge; and the intellectual property is made irrevocably available on a royalty-free basis. TM Forum's Frameworx suite of standards meets these characteristics and is already adopted by four out of five global service providers today.
Collaboration is the Key
To help move the industry in the right direction with regard to standards, TM Forum is launching a new project, CyberOps Metrics for Security Management. As part of this collaborative project, the TM Forum has assembled a team of security subject matter experts across all the Forum's stakeholders to help determine how to turn established best practices for cyber security from the SANS Institute, the Defence Signals Directorate in Australia, and NIST into key performance indicators (KPIs), so that they can be effectively measured (via instrumentation) across the supply chain to better understand where vulnerabilities exist. In time, we expect to see contracts issued against these metrics to enforce accountability.
Sign up for Computerworld eNewsletters.