Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Guidance for network operators, chief information officers, and chief information security officers on how to manage and secure their network by understanding the nature of all the devices on their network. It includes use cases that exemplify the importance of comprehensive cybersecurity and cyber hygiene practices and the correlation of applying these best practices to reduce adverse impacts to their systems’ time. The document also provides recommendations and a test plan to help understand time requirements and preclude similar scenarios from happening to their organization.
Typology: Study notes
1 / 18
Time Guidance for Network Operators,
Chief Information Officers, and
Chief Information Security Officers
The Cybersecurity and Infrastructure Security Agency (CISA) developed this document to provide time guidance for network operators, Chief Information Officers (CIOs), and Chief Information Security Officers (CISOs). The goal of this document is to inform public and private sector organizations, educational institutions, and government agencies on time resilience and security practices in enterprise networks and systems. The guidance below attempts to address gaps in available time testing practices, increasing awareness of time-related system issues and the linkage between time and cybersecurity.
Every network operator must understand time and how it affects their network(s). Accurate, synchronized time is critical to many network functions and to network security, yet many users of time services know little about the source of their time. In the United States, the principal sources of official time are the Coordinated Universal Time U.S. Naval Observatory, or UTC (USNO), and the Coordinated Universal Time National Institute of Standards and Technology, or UTC (NIST). See CISA’s additional guidance for C-Suite executives and technical practitioners.1,
U.S. Naval Observatory Master Clock
1
This document aims to provide practical guidance for the management of time in enterprise systems and testing your time resilience. The recommendations in this document are intended to be incorporated into current test plans and regular systems maintenance. These recommendations can be integrated into any organization’s master test plan, and are consistent with Executive Order 13905, Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing Services.
Today, nearly all organizations rely on accurate time to sustain their daily network operations. Accurate timestamps are critical for banking and stock transactions, communications systems, system forensics, audits, and equipment maintenance. The ability of an organization’s time infrastructure to deliver accurate and stable time while protecting the availability and integrity of time depends on the organization’s function and requirements. Regardless of which timing protocol your organization uses to receive its time—Network Time Protocol (NTP), Precision Time Portocol (PTP), or via Global Positioning System (GPS)—it is important to know the source of your time and to regularly monitor and test your time systems to ensure they are available and operating properly.
Despite the criticality of accurate and precise time, many organizations do not incorporate time hygiene basics into their routine network maintenance. What happens when your network’s timing source is lost? How would you know? Do you have a documented recovery plan should your network lose valid time? Does your organization conduct regular testing related to time system outages and recovery to understand critical dependencies? Do you have a documented process for handling leap seconds and Daylight Savings Time adjustments? The last leap second event took place December 31, 2016;^3 how did your organization prepare for this leap second adjustment and how do your systems handle leap seconds? See CISA’s Best Practices for Leap Second Event Occurring on 31 December 2016 for additional information.^4
2
The use cases below exemplify the importance of comprehensive cybersecurity and cyber hygiene practices, and the correlation of applying these best practices to reduce adverse impacts to your systems’ time. The testing recommendations listed in this document are intended to help you understand your time requirements and to preclude similar scenarios from happening to your organization.
GPS receiver firmware updates were not applied prior to, and in preparation of, the April 6, 2019, GPS Week Number Rollover event.^5 As a result, the New York City Wireless Network (NYCWiN), which controls traffic lights and other key functions within the city, was adversely impacted for 11 days in April 2019. A formal report concluded the outage could have been prevented had firmware updates been conducted in advance of the rollover event.6,
As a result of the April 6, 2019, GPS Week Number Rollover, a number of Boeing Dreamliner aircraft were grounded in China because of a malfunction with their GPS equipment. For most airlines, the rollover occurred without incident, but older devices onboard some aircraft displayed an almost 20-year date discrepancy.^8 As many as 15 flights were delayed or canceled as they awaited GPS software updates.
Your IT network has been attacked, causing financial losses and damaging the reputation of your company. Understanding how the attack took place will assist in preventing future incidents and potentially identifying the attacker. According to Federal Bureau of Investigation (FBI) cyber investigators, timestamps are a crucial artifact when performing digital forensics analysis. When comparing events, it can be difficult to determine what activity caused another when timestamps are incorrect. When investigating computer intrusions, the timing associated with malware artifacts—being written to disk or in memory—and any corresponding network traffic is critical because it can make the difference between correlating the network activity of the malicious attack and introducing ambiguity from other causes. Determination of activity related to the user versus a malicious actor is heavily dependent upon the accuracy and consistency of timestamps across data sets. While timing itself is important, it is equally important to understand the time offsets or time zones of the timestamp data. Only with accurate timestamps and properly correlated time offsets can accurate timelines of computer intrusions be retrieved.
3
The best way to manage and secure your network is to understand the nature of all the devices on your network. It is important to identify, verify, and document timing dependencies within your organization and create a timing topology (see Appendix A) to assist with identifying the devices that rely on accurate time and the level of accuracy and precision the devices need.
The following is a real-world instance that demonstrates the importance of knowing your system and keeping it updated. A recent Apple software update notice advised users to update specified devices prior to November 3, 2019, to maintain accurate GPS location and correct date and time functionality. These devices were not impacted by the April 6, 2019, GPS Week Rollover event as Apple programmed the update to occur on a date after the rollover event. This exemplifies why knowing your system is critical to your and your users’ operations; it also directly correlates to item 1.a.3 below.^9
4
5
It is imperative to know your primary time source. Do you utilize a time service— NTP, PTP, or GPS—via antenna and receiver? Many organizations utilize a GPS receiver to obtain time and distribute that time through NTP. CISA recommends using at least two or more traceable time sources with the lowest possible stratum to minimize or eliminate timing errors.
6
b
c Are all GPS receivers in compliance with the latest GPS Interface
d
All network administrators should know their users and their users’ requirements. If they do not know what users need, how can they ensure the systems timing architecture supports their requirements? In most networks, the Network Timing Protocol is sufficient, but in others it is not. For instance, some trading houses have a requirement to stamp all trades within 50 millionths of a second. To fulfill this requirement, timing must be one order of magnitude more accurate to ensure the timestamp never exceeds the threshold. If these same firms trade with the European Union (EU), they will need to meet the EU’s much more stringent timing requirements. All of this will become more important as businesses adopt distributed ledgers.
a Do your users have regulatory requirements for time on their system
b
c Have you published a level of service for timing on your network? 7
a
b
c Follow guidance provided by the manufacturer for maintenance and
d
8
a Have processes in place to validate your internal and external time
b
c Incorporate battery tests and replacement schedules as part of your
d
e Test time intervals annually, and before and after a known time
9
a
b
c
a
b
c
10
(^1) U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency. Fact Sheet on “Time” for
C-Suite. https://ics-cert.us-cert.gov/sites/default/files/documents/Corporate_Leadership_Resilient_Timing_Overview- CISA_Fact_Sheet_508C.pdf. Accessed on February 20, 2020.
(^2) U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency. Fact Sheet on “Time” for
Technical Practitioners. https://www.us-cert.gov/sites/default/files/documents/Technical-Level_Resilient_Timing_ Overview-CISA_Fact_Sheet_508C.pdf. Accessed on February 20, 2020.
(^3) Next Leap Second Prediction: Based on current predictions, the next possible leap second date is December 31,
(^4) U.S. Department of Homeland Security, National Cybersecurity & Communications Integration Center. Fact Sheet on
“Best Practices for Leap Second Event Occurring on 31 December 2016.” https://www.us-cert.gov/sites/default/files/ documents/Best_Practices_for_Leap_Second_Event_Occurring_on_31_December_2016_S508C.pdf. Accessed on February 20, 2020.
(^5) Edward Powers. “CGSIC GPS Week Rollover Issue.” U.S. Naval Observatory. September 26, 2017. https://www.gps.
gov/cgsic/meetings/2017/powers.pdf. Accessed on April 24, 2020.
(^6) Colin Wood. “NYC works to reboot wireless network after GPS update crashed it.” StateScoop. April 12, 2019. https://
statescoop.com/nyc-works-to-reboot-wireless-network-after-gps-update-crashed-it/. Accessed on February 20, 2020.
(^7) Gartner. “A Report for the City of New York: NYCWiN Incident Assessment.” April 30, 2019. https://www1.nyc.gov/
assets/home/downloads/pdf/office-of-the-mayor/nycwin-incident-assessment.pdf. Accessed on February 20, 2020.
(^8) Joanna Bailey. “Multiple Boeing 787’s Get Grounded In China Due To GPS Issue.” Simple Flying. April 8, 2019. https://
simpleflying.com/boeing-787-china-grounding/. Accessed on February 20, 2020.
(^9) Apple. “Update your iPhone or iPad software if you’re experiencing issues with location, date, and time.” https://
support.apple.com/en-us/HT210239. Accessed on February 20, 2020.
(^10) U.S. Department of Homeland Security. Fact Sheet on “Best Practices for Improved Robustness of Time and
Frequency Sources in Fixed Locations.” January 6, 2015. https://www.dhs.gov/sites/default/files/publications/GPS- PNT-Best-Practices-Time-Frequency-Sources-Fixed-Locations-508.pdf. Accessed on February 20, 2020.
(^11) U.S. Department of Homeland Security, National Cybersecurity & Communications Integration Center. Fact Sheet
on “Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure.” https://www.us-cert.gov/sites/default/files/documents/Improving_the_Operation_and_Development_ of_Global_Positioning_System_%28GPS%29_Equipment_Used_by_Critical_Infrastructure_S508C.pdf. Accessed on February 20, 2020.
11
(1) U.S. Department of Homeland Security, National Cybersecurity & Communications Integration Center. Fact Sheet on “Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure.” https://www.us-cert.gov/sites/default/files/documents/Improving_the_Operation_and_ Development_of_Global_Positioning_System_%28GPS%29_Equipment_Used_by_Critical_Infrastructure_S508C.pdf. Accessed on February 20, 2020.
(2) National Coordination Office for Space-Based Positioning, Navigation, and Timing. “Interface Control Documents.” November 12, 2019. https://www.gps.gov/technical/icwg/. Accessed on February 20, 2020.
(3) U.S. Department of Homeland Security. Fact Sheet on “Best Practices for Improved Robustness of Time and Frequency Sources in Fixed Locations.” January 6, 2015. https://www.dhs.gov/sites/default/files/publications/GPS- PNT-Best-Practices-Time-Frequency-Sources-Fixed-Locations-508.pdf. Accessed on February 20, 2020.
(4) U.S. Department of Homeland Security, National Cybersecurity & Communications Integration Center. Fact Sheet on “Best Practices for Leap Second Event Occurring on 31 December 2016.” https://www.us-cert.gov/sites/ default/files/documents/Best_Practices_for_Leap_Second_Event_Occurring_on_31_December_2016_S508C.pdf. Accessed on February 20, 2020.
(5) Internet Engineering Task Force (IETF). “Network Time Protocol Best Current Practices.” July 2019. https://www. rfc-editor.org/rfc/pdfrfc/rfc8633.txt.pdf. Accessed on February 20, 2020.
(6) Executive Order 13905, Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing Services, signed February 12, 2020. https://www.federalregister.gov/ documents/2020/02/18/2020-03337/strengthening-national-resilience-through-responsible-use-of-positioning- navigation-and-timing. Accessed on April 13, 2020.
12
Because your mission or business service requires accurate time to successfully operate, it is critical to understand and identify your organization’s time dependencies and requirements. This can best be accomplished by maintaining an awareness of all the devices on your network via network topology diagrams.
The network topologies illustrated in figure 1 below provide examples of how your organization can document its timing dependencies.
Main Office User Office
GPS Receiver
Stratum 1 NTP Server
Stratum 2 NTP Server
End User UTC (USNO) ~10-100ms
Timing Signals
NTP Packets
Internet (NTP Packets)
UTC (NIST)
NIST NTP Server
Wide Area Network
Local NTP Server
Time User/Client
End User UTC (NIST)
Example Topology 1 Example Topology 2
Figure 1: Topology Examples
Example Topology 1 shows GPS and UTC as primary timing sources. The topology shows the timing information from either source propagating through the network to an end user device via three devices: a GPS receiver and two NTP servers. All three devices, to include the primary sources, should be documented as time dependencies of the end user device.
Example Topology 2 shows a time user/client receiving timing information from NIST.
13
Accuracy – the degree of conformity of a measured or calculated value to its definition, related to the offset from an ideal value.* Coordinated Universal Time (UTC) – the international atomic time scale that serves as the basis for timekeeping for most of the world. UTC is a 24-hour timekeeping system. The hours, minutes, and seconds expressed by UTC represent the time-of-day at the Earth’s prime meridian (00 longitude) located near Greenwich, England. UTC is the ultimate standard for time-of-day, time interval, and frequency measures. Clocks synchronized to UTC display the same hour, minute, and second all over the world (and remain within one second of UT1). Oscillators synchronized to UTC generate signals that serve as reference standards for time interval and frequency.* Global Positioning System (GPS) – is a U.S.-owned utility that provides users with positioning, navigation, and timing (PNT) services.** GPS Time – the Global Positioning System (GPS) is a constellation of satellites each carrying multiple atomic clocks. The time on each satellite is derived by steering the on-board atomic clocks to the time scale at the GPS Master Control Station, which is monitored and compared to UTC (USNO). Since GPS time does not adjust for leap seconds, it is ahead of UTC (USNO) by the integer number of leap seconds that have occurred since January 6, 1980, plus or minus a small number of nanoseconds. However, the time offset from UTC is contained in the GPS broadcast message and is usually applied automatically by GPS receivers.*** Holdover – performance of an oscillator in the event of loss of synchronization. (Definition developed by PNT Working Group) Leap Second – a second added to Coordinated Universal Time (UTC) to make it agree with astronomical time to within 0.9 second. UTC is an atomic time scale, based on the performance of atomic clocks. Astronomical time is based on the rotational rate of the Earth. Since atomic clocks are more stable than the rate at which the Earth rotates, leap seconds are needed to keep the two time scales in agreement.* Network Time Protocol (NTP) – a standard protocol used to send a time code over packet-switched networks, such as the public internet. The Network Time Protocol (NTP) was created at the University of Delaware, and is defined by the RFC-1305 document. The NTP packet includes three 64-bit timestamps and contains the time in UTC seconds since January 1, 1900, with a resolution of 233 picoseconds. The NTP format is supported by the NIST Internet Time Service.* NIST Time – UTC (NIST) is the coordinated universal time scale maintained at NIST. The UTC (NIST) time scale comprises an ensemble of cesium beam and hydrogen maser atomic clocks, which are regularly calibrated by the NIST primary frequency standard. The number of clocks in the time scale varies, but is typically around 10. The outputs of the clocks are combined into a single signal by using a weighted average. The most stable clocks are assigned the most weight. The clocks in the UTC (NIST) time scale also contribute to the International Atomic Time (TAI) and Coordinated Universal Time (UTC). UTC (NIST) serves as a national standard for frequency, time interval, and time-of-day. It is distributed through the NIST time and frequency services and continuously compared to the time and frequency standards located around the world.*** Oscillator – an electronic device used to generate an oscillating signal. The oscillation is based on a periodic event that repeats at a constant rate. The device that controls this event is called a resonator. The resonator needs an energy source so it can sustain oscillation. Taken together, the energy source and resonator form an oscillator. Although many simple types of oscillators (both mechanical and electronic) exist, the two types of oscillators primary used for time and frequency measurements are quartz oscillators and atomic oscillators.* Precision – the ability of a device to produce, repeatedly and without adjustments, the same value or result, given the same input conditions and operating in the same environment.*
14
Precision Time Protocol (PTP) – a standard protocol defined by the IEEE-1588 standard for sending time over packet- switched networks. The Precision Time Protocol (PTP) can potentially obtain much lower uncertainties than the Network Time Protocol (NTP), often less than 1 μs. However, unlike NTP, PTP is generally not implemented over the public internet. Instead, it is typically used over private or local area networks where path delays can be better measured and estimated. The grandmaster clock is the time reference for all other clocks in a PTP system. The other clocks are designated as ordinary clocks, which have a single PTP port, and boundary clocks, which have multiple network connections and can bridge synchronization from one network segment to another.***
Resilience – the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions; includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. (Presidential Policy Directive 21)
Stability – an inherent characteristic of an oscillator that determines how well it can produce the same frequency over a given time interval. Stability does not indicate whether the frequency is right or wrong, but only whether it stays the same.*
Stratum Clock – a clock in a telecommunications system or network that is assigned a number that indicates its quality and position in the timing hierarchy. The highest quality clocks, called stratum 1 clocks, have a frequency offset of 1 x 10-11 or less, which means that they can keep time to within about one microsecond per day. Only stratum 1 clocks may operate independently; other clocks are synchronized directly or indirectly to a stratum 1 clock.*
System architecture – fundamental concepts or properties of a system in its environment embodied in its elements, relationships, and in the principles of its design and evolution. (NIST SP 800-160)
Time interval – the elapsed time between two events. Time interval is usually measured in small fractions of a second, such as milliseconds, microseconds, or nanoseconds.*
Traceability – the property of a measurement result whereby the result can be related to a reference through a documented unbroken chain of calibrations, each contributing to the measurement uncertainty.*
Two-way time transfer – a measurement technique used to compare two clocks or oscillators at remote locations. The two-way method involves signals that travel both ways between the two clocks or oscillators that are being compared.*
United States Naval Observatory (USNO) – established in 1830, USNO is one of the oldest scientific agencies in the United States. The USNO determines and distributes the timing and astronomical data required for accurate navigation and fundamental astronomy. It maintains a UTC time scale that is typically within 20 nanoseconds of UTC (NIST). Both NIST and the USNO can be considered official sources of time and frequency in the United States.*
USNO Time – the USNO maintains the U.S. Department of Defense reference for time and time interval. USNO has an ensemble of atomic clocks, which is used to derive a time scale called UTC (USNO). The clocks in the ensemble contribute to International Atomic Time (TAI) and Coordinated Universal Time (UTC). UTC (USNO) and UTC (NIST) are kept in very close agreement, typically to within 20 nanoseconds, and both can be considered official sources for time in the United States.***
15
JUNE