IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

C Q R C Q R

Some Remarks

Karl F. RauscherChair, IEEE CQR Advisory Board

Bell Labs FellowExecutive Director, Bell Labs

Network Reliability & Security Office, Alcatel-Lucent

Some Remarks

Karl F. RauscherChair, IEEE CQR Advisory Board

Bell Labs FellowExecutive Director, Bell Labs

Network Reliability & Security Office, Alcatel-Lucent

Ft. Myers, Florida, USA

16 May 2007

Ft. Myers, Florida, USA

16 May 2007

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Questions you may be asking . . .

What is the IEEE CQR?

What is the purpose of CQR?

How do I become a member of CQR?

How do I get more involved in CQR?

What is the value of CQR?

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Questions you may be asking . . .What is the IEEE CQR? - a professional

society

What is the purpose of CQR? - to build YOU up

How do I become a member of CQR? - you already are

How do I get more involved in CQR? - ICC, GLOBECOM, workshops, journals,

something new . . .

What is the value of CQR? - networking, peer review, special workshops, coaching

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Step back in time to the 2001 CQR International Workshop

Issue discussed in a facilitated discussion:

What is the complete list of things that can cause outages in emerging data networks?

Background: took a while to learn circuit switched business . . . would be nice to have a faster learning curve.

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

A Running Jump onto a New S-Curve

CostCost

Rel

iab

ilit

yR

elia

bil

ity

Circuit-SwitchedCircuit-Switched

Packet-SwitchedPacket-Switched

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

A Running Jump onto a New S-Curve

CostCost

Rel

iab

ilit

yR

elia

bil

ity

Circuit-SwitchedCircuit-Switched

Packet-SwitchedPacket-Switched

Historic Historic Insights Insights

NonNon-Historic -Historic Insights Insights + +

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Proceedings from the 2001 CQR International Workshop

IEEE CQROutline of Packet Switched Network Vulnerabilities Hardware, FirmwareSoftwareProtocolsInteroperability Human Performance and ProceduresPhysical EnvironmentNetwork Design and PlanningNetwork Congestion / Traffic EngineeringPowerRapid Pace of Growth, Change, ComplexityMalicious Attacks, Security Disasters

IEEE CQROutline of Packet Switched Network Vulnerabilities Hardware, FirmwareSoftwareProtocolsInteroperability Human Performance and ProceduresPhysical EnvironmentNetwork Design and PlanningNetwork Congestion / Traffic EngineeringPowerRapid Pace of Growth, Change, ComplexityMalicious Attacks, Security Disasters

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Different sides of an equation

Vulnerability A characteristic of any aspect of the communications infrastructure that renders it, or some portion of it, susceptible to damage or compromise

Threat Anything with the potential to damage or compromise the communications infrastructure or some portion of it

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Some Characteristics of Ts and Vs

Vulnerabilities (intrinsic) finite fixed and well known only way threats can impact 

Threats ~ infinite in number knowledge value is fleeting each has permutations

•

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Do you want to be responsible for this?

“Terrorism depends on surprise.”

“Failure of imagination.”

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

The Forces

+ + +IEEE CQR

Outline of Packet Switched Network Vulnerabilities

Hardware, Firmware Software Protocols Interoperability Human Performance and Procedures Physical Environment Network Design and Planning Network Congestion / Traffic Engineering Power Rapid Pace of Growth, Change, Complexity Malicious Attacks, Security Disasters

IEEE CQROutline of Packet Switched Network Vulnerabilities

Hardware, Firmware Software Protocols Interoperability Human Performance and Procedures Physical Environment Network Design and Planning Network Congestion / Traffic Engineering Power Rapid Pace of Growth, Change, Complexity Malicious Attacks, Security Disasters

Vulnerabilities (intrinsic) finite fixed and well known

only way threats can impact

Threats ~ infinite in number knowledge value is fleeting each has permutations

•

CostCost

Rel

iab

ility

Rel

iab

ility

CircuitCircuit--SwitchedSwitched

PacketPacket--SwitchedSwitched

The need. The knowledge. The physics. The expecation.

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

8-Ingredient Framework

. . .

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Intrinsic Vulnerabilities

Packet-SwitchedPacket-Switched

VULNERABILITY

unpredictable variation extremes in loadcorruptioninterceptionemulationencapsulation of malicious contentauthentication (mis-authenticaton)insufficient inventory of critical componentsencryption (prevents observablity)

VULNERABILITY

unpredictable variation extremes in loadcorruptioninterceptionemulationencapsulation of malicious contentauthentication (mis-authenticaton)insufficient inventory of critical componentsencryption (prevents observablity)

VULNERABILITY

accessibleexposed to elementsdependence on other infrastrucurescontaminate-ablesubject to surveillancecontinuously being alteredidentifiableremotely managednon-compliance with established protocols and procedures

VULNERABILITY

accessibleexposed to elementsdependence on other infrastrucurescontaminate-ablesubject to surveillancecontinuously being alteredidentifiableremotely managednon-compliance with established protocols and procedures

VULNERABILITY

uncontrolled fuel combustionfuel contaminationfuel dependencybattery combustionbattery limitationsbattery durationmaintenance dependencyrequire manual operationpower limitationsfrequency limitationssusceptibility to spikesphysical destruction

VULNERABILITY

uncontrolled fuel combustionfuel contaminationfuel dependencybattery combustionbattery limitationsbattery durationmaintenance dependencyrequire manual operationpower limitationsfrequency limitationssusceptibility to spikesphysical destruction

VULNERABILITY

Lack of ASPR (agreements, standards, policies, regulations)Conflicting ASPROutdated ASPRUnimplemented ASPR (complete or partial)Interpretation of ASPR (mis- or multi-)Inability to implement ASPREnforcement limitationsBoundary limitationsPace of development Information leakage from ASPR processesInflexible regulationExcessive regulationPredictable behavior due to ASPRASPR dependence on misinformed guidanceASPR ability to stress vulnerabilitiesASPR ability to infuse vulnerabilitiesInappropriate interest influence in ASPR

VULNERABILITY

Lack of ASPR (agreements, standards, policies, regulations)Conflicting ASPROutdated ASPRUnimplemented ASPR (complete or partial)Interpretation of ASPR (mis- or multi-)Inability to implement ASPREnforcement limitationsBoundary limitationsPace of development Information leakage from ASPR processesInflexible regulationExcessive regulationPredictable behavior due to ASPRASPR dependence on misinformed guidanceASPR ability to stress vulnerabilitiesASPR ability to infuse vulnerabilitiesInappropriate interest influence in ASPR

VULNERABILITY

physical (limitations, fatigue)cognitive (distractibility, forgetfulness, ability to deceive, confusion)ethical (divided loyalties, greed, malicious intent)user environment (user interface, job function, corporate culture)human-user environment interaction

VULNERABILITY

physical (limitations, fatigue)cognitive (distractibility, forgetfulness, ability to deceive, confusion)ethical (divided loyalties, greed, malicious intent)user environment (user interface, job function, corporate culture)human-user environment interaction

VULNERABILITY

capacity limitspoints or modes of failurepoints of concentration (congestion)complexity dependence on synchronizationinterconnection (interoperability, interdependence, conflict)uniqueness of mated pairsneed for upgrades and new technologyautomated control (*via software)accessibility (air, space or metallic or fiber)border crossing exposures

VULNERABILITY

capacity limitspoints or modes of failurepoints of concentration (congestion)complexity dependence on synchronizationinterconnection (interoperability, interdependence, conflict)uniqueness of mated pairsneed for upgrades and new technologyautomated control (*via software)accessibility (air, space or metallic or fiber)border crossing exposures

VULNERABILITY

chemical (corrosive gas, humidity, temperature, contamination)electric (conductive microfiber particles – carbon bombs) radiological contaminationphysical (shock, vibration, strains, torque)electromagnetic energy (EMI, EMC, ESD, RF, EMP, HEMP, IR)environment (temperature, humidity, dust, sunlight, flooding)life cycle (sparing, equipment replacement, ability to repair, aging)logical (design error, access to, self test, self shut off)

VULNERABILITY

chemical (corrosive gas, humidity, temperature, contamination)electric (conductive microfiber particles – carbon bombs) radiological contaminationphysical (shock, vibration, strains, torque)electromagnetic energy (EMI, EMC, ESD, RF, EMP, HEMP, IR)environment (temperature, humidity, dust, sunlight, flooding)life cycle (sparing, equipment replacement, ability to repair, aging)logical (design error, access to, self test, self shut off)

VULNERABILITY

ability to control (render a system in an undesirable state, e.g., confused, busy)

accessibility during development (including unsegregated networks)

accessible distribution channels (interception)

accessibility of rootkit to control kernal/coredeveloper loyalties errors in coding logiccomplexity of programsdiscoverability of intelligence (reverse engineer, exploitable code disclosure)

mutability of deployed code (patches)

VULNERABILITY

ability to control (render a system in an undesirable state, e.g., confused, busy)

accessibility during development (including unsegregated networks)

accessible distribution channels (interception)

accessibility of rootkit to control kernal/coredeveloper loyalties errors in coding logiccomplexity of programsdiscoverability of intelligence (reverse engineer, exploitable code disclosure)

mutability of deployed code (patches)

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

Use of 8 Ingredient Model

Format of Key Findings in Section 3

Title

Concise statement of observation Impact**

Associated ingredients*

Power

Environment

Software

Hardware

Payload

Network

Human

Policy

*

**statements in red indicate a negative impact; statements in blue indicate a positive impact

Robustness - service types:

Enhanced Basic Emergency (112) Priority

Ava

ilab

ility

*

CrisisCrisis

*Overall availability is inversely related to network traffic volume

Time

Normal Normal/Recovery /Recovery

99

11

887766

5544

3322

1010

44 55

1010 9988776644 55

1010

GoodGood

WWIRELESS IRELESS EEMERGENCY MERGENCY RRESPONSE ESPONSE TTEAMEAM

2004 Annual Report

2004 Annual Report

IEEECOMMUNICATIONS SOCIETY

Karl Rauscher

October 17, 2006

- stay engaged - contribute (ICC, Globecom, International workshops, special workshops, journals, your own idea, …)- step up to more responsibilities

‘Take Aways’