ETSI TS 103 961 V1.1.1 (2023-12)

TECHNICAL SPECIFICATION
CYBER;
Optical Network and Device Security;
Security provisions for the management of
Optical Network devices and services

2 ETSI TS 103 961 V1.1.1 (2023-12)

Reference
DTS/CYBER-0086
Keywords
cybersecurity, optical, optical network device,
security requirements
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
and/or governmental
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2023.
All rights reserved.
ETSI
3 ETSI TS 103 961 V1.1.1 (2023-12)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
Introduction . 4
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 6
3 Definition of terms, symbols and abbreviations . 7
3.1 Terms . 7
3.2 Symbols . 8
3.3 Abbreviations . 8
4 Overview of security of management function in Optical Networks (ONs) . 8
4.1 General . 8
4.2 Network management functional model . 10
4.3 Network management specificities . 10
4.4 Service control specificitie s . 10
4.5 Network analysis specificities . 10
5 Identification and authentication of ON management entities . 10
6 Confidentiality and integrity protection of ON management protocols . 11
7 Secure storage of management data . 11
7.1 General provisions . 11
7.2 Access control . 12
7.3 Logging requirements . 12
Annex A (normative): Cryptographic provisions for ON security . 14
A.1 Crypto-agility . 14
A.2 Quantum safe . 14
A.3 Use of passwords . 14
A.4 Security parameter negotiation . 14
Annex B (informative): Lifecycle management . 16
Annex C (informative): Bibliography . 17
History . 18

ETSI
4 ETSI TS 103 961 V1.1.1 (2023-12)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its

Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Cyber Security (CYBER).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
The Optical Network Device Security (ONDS) suite of documents is developed as an interlinked collection, shown in
figure 1.
ETSI
5 ETSI TS 103 961 V1.1.1 (2023-12)

Figure 1: Document structure for Optical Network Device Security
Each of ETSI TS 103 962 [4], ETSI TS 103 963 [5] and ETSI TS 103 961 (the present document) expand upon the
requirements identified in the common catalogue of ETSI TS 103 924 [1]. In the definition of detailed provisions
ETSI TS 103 962 [4] acts as the master document with each of ETSI TS 103 963 [5] and the present document
identifying further specializations.
To drive the evaluation and test of the ONDS suite a common Test Suite Structure and Test Purposes definition is
proposed to be given in ETSI TS 103 993 [i.13], and from that will be derived a specification of the evaluation
assessments to be applied for the present document, is to be given in the form of a partial protection profile in ETSI
TS 103 996 [i.14].
NOTE: All of the documents identified in figure 1 act together to fully define the requirements, test and
evaluation for placing an ONDS device on the market.

ETSI
6 ETSI TS 103 961 V1.1.1 (2023-12)
1 Scope
The present document defines security measures for the management of Optical Network devices and services as
defined in ETSI TS 103 962 [4] and ETSI TS 103 963 [5].
The present document extends the provisions identified in the Catalogue of Requirements for Optical Network and
Device Security from ETSI TS 103 924 [1].
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 103 924: "Optical Network and Device Security; Catalogue of Requirements".
[2] Recommendation ITU-T G.7710: "Common equipment management function requirements".
[3] Recommendation ITU-T M.3700: "Common management services - Object
management - Protocol neutral requirements and analysis".
[4] ETSI TS 103 962: "CYBER; Optical Network and Device Security; Security provisions in Optical
Access Network Devices".
[5] ETSI TS 103 963: "CYBER; Optical Network and Device Security; Security provisions in
transport network devices".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] IETF STD0062: "Simple Network Management Protocol".
NOTE: The RFCs cited for STD0062 are listed in the bibliography.
[i.2] Recommendations ITU-T M series: "Telecommunication management, including TMN and
network maintenance".
[i.3] IETF RFC 5440: "Path Computation Element (PCE) Communication Protocol (PCEP)".
[i.4] IETF RFC 6241: "Network Configuration Protocol (NETCONF)".
ETSI
7 ETSI TS 103 961 V1.1.1 (2023-12)
[i.5] ETSI TS 102 165-2: "CYBER; Methods and protocols; Part 2: Protocol Framework Definition;
Security Counter Measures".
NOTE: An update to the work item above is in development but the latest draft is publicly available.
[i.6] Trusting Computing Group: "TCG Roots of Trust Specification (draft)".
[i.7] ETSI EG 203 310: "CYBER; Quantum Computing Impact on security of ICT Systems;
Recommendations on Business Continuity and Algorithm Selection".
[i.8] FIPS PUB 202: "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions".
[i.9] NIST SP 800-171: "Protecting Controlled Unclassified Information in Nonfederal Systems and
Organizations".
[i.10] ETSI TR 103 838: "Cyber Security; Guide to Coordinated Vulnerability Disclosure".
[i.11] Recommendation ITU-T X.200: "Information technology - Open Systems Interconnection - Basic
Reference Model: The basic model".
[i.12] ETSI TS 103 486: "CYBER; Identity Management and Discovery for IoT".
NOTE: This reference is in development in ETSI TC CYBER.
[i.13] ETSI TS 103 993: "Cyber Security (CYBER); ONDS; Test Suite Structure and Test Purposes".
[i.14] ETSI TS 103 996: "Cyber Security (CYBER); ONDS; Protection profile - Test cases".
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
canonical identifier: structured identifier that is globally unique
crypto-agile: able to change or replace the existing suite of cryptographic algorithms or parameters with ease and
without the rest of the infrastructure being significantly affected
delegated trust: trust arising where an entity A is unable to evaluate the appropriate level of trust for a relationship
with another entity B, entity A chooses to delegate the decision to another entity C, which by having a direct
relationship to entity B is in a position to make such a decision
NOTE 1: For delegated trust there is a precondition that there is a direct trust relationship from entity A to entity C.
NOTE 2: In this form of delegated trust entity C is aware of the relationship between entity A and entity B.
direct trust: trust decision by an entity A to trust entity B without any other party being involved
root identity: canonical identifier of the device that is attested to in the root identity certificate of the device
root of trust: component of a system that provides physical and cryptographic guarantees of securely providing
processing and storage functions in a system
semantic identifier: formal representation of a property of an entity that describes one of the functions of the entity
EXAMPLE: In the sentence "Aristotle, the author of Politics, established the Lyceum" semantic identification
means to identify Aristotle as a person (author is a person) and Politics as a written work of
political philosophy (the Lyceum is an example of writing on political philosophy).
transitive trust: trust decision by an entity A to trust entity B because entity C asserts the trustworthiness of B
NOTE: Transitive trust differs from simple delegated trust (see above) as entity C does not know of the
relationship between entity A and entity B.
ETSI
8 ETSI TS 103 961 V1.1.1 (2023-12)
trust domain: collection of entities between which there is either direct, delegated or transitive trust
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAT Authority Attribute Tree
AES Advanced Encryption System
CTR CounTeR
NOTE: Mode of operation of a cryptographic algorithm.
ECDSA Elliptic Curve Digital Signature Algorithm
EMS Element Management System
FALCON Fast Fourier Lattice-based Compact Signatures over NTRU
FCAPS Fault Configuration Accounting Performance Security
NOTE: Or Fault management.
GCM Gallios Counter Mode
NOTE: Mode of operation of a cryptographic algorithm.
HSM Hardware Security Module
NMS Network Management System
NTRU Nth degree Truncated polynomial Ring Units
O&M Operations and Management
OID Object IDentifier
ON Optical Network
OND Optical Network Device
ONDS Optical Network Device Security
OSI Open Systems Interconnection
PCEP Path Computation Element communication Protocol
PKC Public Key Cryptography
PKI Public Key Infrastructure
RSA Rivest Shamir Adleman
RtS Root of trust for Storage
SNMP Simple Network Management Protocol
TPM Trusted Platfom Module
4 Overview of security of management function in
Optical Networks (ONs)
4.1 General
As stated in ETSI TS 103 924 [1] the provisions for securing the management of the optical network should follow
existing best practice for securing management data and protocols. The present document defines an abstract profile of
existing best practice with specific mappings in informative annexes.
ETSI
9 ETSI TS 103 961 V1.1.1 (2023-12)
The network management manager manages and controls devices on optical networks, supports unified management,
and offers control of networks. Thus, the network manager integrates functions including network management, service
control, and network analysis. It is an enablement system for network resource pooling, network connection automation
and self-optimization, and O&M automation. The Recommendation ITU-T M.3700 [3] series of Recommendations
define the management functions applicable in the Network Management System-Element Management System
(NMS-EMS) interface which includes object management, state management, notification management, performance
management and fault management. More specifically, the common equipment management function requirements for
an optical network are specified in Recommendation ITU-T G.7710 [2] The security requirements of the management
plane are further defined in Recommendation ITU-T M.3016.0 [i.2], which in turn references Recommendation
ITU-T M.3400 [i.2] for definition of the security management functions.
The overall approach for the security of managed objects of the ON is that the models of least persistence and least
privilege shall apply (see NIST SP 800-171 [i.9]). Each managed object shall create an explicit security association with
its managing entity where the security association shall give assurance of the following:
• the identity of participants in the security associatio
...