Stakeholders Develop Blueprint with an Eye Toward the Future
A big part of the blueprint will look toward the future, however, and security standards that all devices should meet.
“Once that immediate threat has kind of dissipated a little bit, how do we get ahead of the curve? How do we secure the new systems that we bring online as we implement 5G or broadband? How do we make sure that we don’t just find ourselves in the same hole three years, five years or 10 years from now?” Ihrie says.
He adds, “It’s not just who can get stuff into the market the fastest. We want those capabilities to have a certain level of security built into them. So, we’re hoping this guidance will make it easier for people buying those systems to really specify and procure more secure systems going forward.”
In the first phase of the project, Ihrie and his team have been working on assessing existing standards in this space. They’re doing this in the U.S. by working with the National Institute of Standards and Technology, and globally with organizations such as IEEE. They are also identifying common threads, as well as gaps.
“In parallel with that, we’re building a reference implementation in the test bed. If we say, ‘All right, here’s a summary of these standards, here’s some guidance for you as a procurement officer on how to pick and choose among those things. And oh, by the way, you can take a look at the test bed, and we’ll show you commercially based implementation of that working in the real world with some of the types of devices that we’re talking about,’” Ihrie says.
“I think that ability to illustrate the standards but do it in practice in a way that people can touch and feel and experiment with, and we can do research against, is a really important aspect of what we’re doing,” he says.
The second phase of the blueprint will begin in July and run for a year, dealing mostly with experimentation and validation of the security technology baseline. The third phase has not yet been defined, though Ihrie expects it will consist of more testing and training.