ICE 9: Security Mechanisms

ICE 9: Security Mechanisms

ICE 9 will focus on the required security mechanisms associated with the delivery of a 9‑1‑1 call to a PSAP as defined within the latest version of NENA-STA-010. All core functional elements have a role to play in the security of a well-designed NG9‑1‑1 system and each will be tested to the extent possible during the event. End-to-end voice and multimedia call and session interoperability test scenarios shall be used to test the following elements:

·        PSAP Credentialing & Identity Management

·        Authentication, Authorization, and Data Rights Management

·        Privacy & Integrity Protection such as Transport Layer Security (TLS), Internet Protocol Security (IPSec), and Encryption

If time permits, the following activities will also be performed:

·        Table-top exercises for solution providers and cybersecurity professionals to collaborate on how to improve the tools and technology used to support secure NG9‑1‑1 environments.

·        A cybersecurity threat modeling exercise that includes analysis of current NG9‑1‑1 attack vectors and test scenarios that reflect current malware exploit patterns.

More information on ICE:

  • Delaine Arnold – NENA ICE Testing Coordination Manager - 727.312.3230
  • Roger Hixson – NENA Technical Issues Director - 202.618.4405

 

Planning Committee

·        Alex Kreilein – (RapidDeploy) Chair

·        Brian Beckwith – (Cyber Business Analytics) Vice Chair

 

Chris Flynn

Aculab

Jason Wellonen

Atos Public Safety

Jay Malin

AGENT511

Steve Helme

Comtech

Stephen O’Connor

NG9‑1‑1 Consultant

Steven McDowall

Carbyne, Inc

Jeff Wheeler

Data Technical Services

Mike Tedder

Emergent Communications

Brian Beckwith

Cyber Business Analytics

James Kinney

INdigital Telecom

Joshua Annis

EXACOM

Michael Smith

Equature/DSS

Lisa Henderson

GeoComm

Jeff Knighton

Hamilton Innovations

Simon Smith

NICE Public Safety

Mark Prest

MobileTec International

Rob Plaza

Revcord

Edmond Vea

NGA 911 Corporation

Brian Knueppel

Oracle

Giles Ferland

Solacom

John Zaharychuk

TriTech

Simon Farrow

Stancil

Patrick Voigt

Synergem

Christian Militeau

West Safety Services

Tom Dong

Verint

Alice Johnson

Zetron

Jason Horning

ICE Steering Committee Vice-Chair

Bill Mertka

ICE Steering Committee Chair

 

Charter

 

ICE 9 primarily focuses on the encryption and authorization control mechanisms used to implement end-to-end security of NG9‑1‑1 voice, video, and text calls. As a baseline this will involve testing interoperability of security-related interfaces for i3 solution components implemented according to NENA i3 and NG-SEC standards. As security for IP-based NG9‑1‑1 environments is a concern that touches all aspects of NG9‑1‑1 technology the scope of the event is expected to be the largest and most significant yet.

 

The Planning Committee has identified 4 areas for testing NG9‑1‑1 security functions:

 

·        Layer 1 - Test end-to-end delivery of voice, video, and text emergency calls using i3 and NGSEC-compliant security protocols in place and digital certificates issued by a designated PSAP Credentialing Agency (PCA) as a certificate authority.

·        Layer 2 – Test the mechanisms for identification or handling of calls that do not have the appropriate security policies in place or present a potential security threat.

·        Layer 3 – Test injection of malware in end-to-end media calls and validate that such media interchanges are rejected.

·        Layer 4 – Test NG9‑1‑1 platform interactions with malware injection tools (e.g. Kali, Metasploit)

Due to the cybersecurity emphasis of Layers 2, 3, and 4, the Planning Committee has appointed a sub-committee to identify and advise on the relevant and current attack vectors and risks for today’s NG9‑1‑1 environments. The ICE 9 Threat Modeling subcommittee’s objectives will include a threat modeling exercise that will provide critical input to the development of test scenarios used in ICE 9.

 

The planning process for ICE 9 will include development of a test plan, documentation and guidance material for participants, data collection and reporting, and coordination of event logistics.

 

Goals

 

Plan and execute an event that:

1.      Attracts and encourages the widest possible participation of vendors that have products in the focus area (even those outside of the traditional 9‑1‑1 marketplace).

2.      Allows all participating vendors to test all valid architectures and configurations requested.

3.      Delivers relevant feedback on standards to the appropriate NENA Technical Committee(s) and may identify gaps in existing standards work.

4.      Allows vendors to better understand the interoperability between their implementations and products developed by other vendors.

5.      Allows for the gathering of relevant results data that will be reported to the NENA Technical Committees, to other SDOs, and, at a high level, to all interested parties, all in formats appropriate to the audience in question.

6.      Produces key findings and recommendations that help to improve the overall security posture for NG9‑1‑1 environments.