Arkadiy Kremer Chairman ITU-T Study Group 17 Session 2: Role of Standardization in Cybersecurity.

Slides:



Advertisements
Similar presentations
GSC: Standardization Advancing Global Communications ITU-T Status Report on standardization of Networked RFID P.A. Probst/Chairman of ITU-T SG16 SOURCE:ITU-T.
Advertisements

Arkadiy Kremer Chairman ITU-T Study Group 17 Session 5: SDOs security standardization, implementation and evaluation strategy ITU-T Workshop on "New challenges.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Cloud computing security related works in ITU-T SG17
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.
Security Controls – What Works
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Lima, Peru, 10 December 2013 Overview of ITU-T Activities on Human Exposure to Electromagnetic Fields (EMFs) Mike Wood, General Manager, Telstra EME Management.
Overview of ITU-T Study Group 5 “Environment and Climate Change” Cristina Bueti, Adviser, ITU.
DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.
Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.
DOCUMENT #:GSC15-PLEN-48 FOR:Presentation SOURCE: ATIS AGENDA ITEM: PLEN 6.10 CONTACT(S): James McEachern
DOCUMENT #:GSC15-CL-04 FOR:Presentation SOURCE:CCSA AGENDA ITEM:Closing Plenary, 2.3 GTSC-8 Summary Report Duo Liu GTSC-8.
WTSA 2012 World Telecommunications Standardization Assembly Debriefing, Durban 2013 WTSA-12 Action Plan for Africa By Dr. Sherif Guinena Advisor to NTRA.
International Telecommunication Union Preparation for WTSA-08 Malcolm Johnson Director, TSB International Telecommunication Union ASTAP March 2007.
TTA activity for countering BOTNET attack and tracing cyber attacks 14 July, 2008 Heung-youl Youm TTA, Korea DOCUMENT #:GSC13-GTSC6-07 FOR:Presentation.
DOCUMENT #: GSC15-GTSC8-06 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC8; 4.2 CONTACT(S): Art Reilly ATIS Cybersecurity.
Africa's involvement in ITU-T Including Quality Aspects
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.
Geneva, 24 May nd Consultation Meeting on Action Line C8 “Cultural Diversity and Identity, Linguistic Diversity and Local Content ” ITU Work on Internationalized.
International Telecommunication Union Eighth Global Standards Collaboration (GSC) Meeting - Ottawa, Canada, 27 April-1 May 2003 Security Standardization.
Yangon, Myanmar, November 2013 Setting up a National Standardization Secretariat (NSS) Vijay Mauree, Programme Coordinator ITU ITU Regional Workshop.
ITU Regional Standardization Forum for Americas (Washington D.C., United States, 21 September 2015) Conformance and Interoperability Activities in CITEL.
Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” ​ Marco Carugi.
ITU Overview Empowering global ICT development Malcolm Johnson DOCUMENT #:GSC13-XXXX-nn FOR:Presentation SOURCE:ITU AGENDA ITEM:Opening Plenary, 4.6 CONTACT(S):Malcolm.
Guidelines for establishing a National Standardization Secretariat (NSS) for ITU-T Xiaoya Yang Head, WTSA Programmes Division ITU-TSB
1 International Telecommunication Union ITU CHALLENGES AND RESPONSES (Fabio Bigi – TSB Deputy Director) (
Durban, South Africa, 8 July 2013 Outcome of WTSA-12 on spam Xiaoya Yang, Head, WTSA Programmes Division ITU-TSB ITU Workshop on “Countering.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
25/11/2015 ITU-T NGN - Progress and Plans Brian Moore Lucent Technologies Chairman of ITU-T Study Group 13 1GSC-9, Seoul SOURCE:ITU-T TITLE:ITU-T NGN -
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BUSINESS USE OF TELECOMUNICATION SECURITY STANDARDS PROJECT Patrick Mwesigwa, Director/Technology.
AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering
International Telecommunication Union Accra, Ghana, June 2009 AN AFRICAN VIEW ON THE OUTCOMES OF WTSA-08 Joshua Peprah Director, Regulatory Administration,
ITU-T SG16 and JCA-IoT activities
Setting up a National Standardization Secretariat (NSS) Vijay Mauree, Programme Coordinator ITU Joint ITU-AICTO Regional Standardization Forum for Arab.
Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.
Fostering worldwide interoperabilityGeneva, July 2009 IdM and Identification Systems Arkadiy Kremer ITU-T SG 17 Chairman Global Standards Collaboration.
International Telecommunication Union Accra, Ghana, June 2009 Telecommunication Security Standardization in ITU-T SG 17 Georges Sebek, ITU/TSB ITU.
ITU Regional Standardization Forum for Americas (Washington D.C., United States, 21 September 2015) Guidelines for Establishing a National Standardization.
BDT, Havana 8-9 February, 2011 World Telecommunication Development Conference May to 4 June 2010, Hyderabad, India Programme 1 Resolution 47 Riccardo.
Jeju Island, Korea, 13 – 16 May 2013Identity Management and Identification Systems GSC17-PLEN-43 ITU-T IDENTITY MANAGEMENT UPDATE Bilel Jamoussi, Chief,
Fostering worldwide interoperabilityGeneva, July 2009 ITU-T Telecom Security Update Arkadiy Kremer ITU-T SG 17 Chairman Global Standards Collaboration.
ITU - Empowering global ICT development Malcolm Johnson DOCUMENT #:GSC13-PLEN-44 FOR:Presentation SOURCE:ITU AGENDA ITEM:Opening Plenary, 4.6 CONTACT(S):Malcolm.
World Telecommunication Standardization Assembly (WTSA-08) DOCUMENT #:GSC13-GTSC6-10 FOR:Presentation SOURCE:ITU AGENDA ITEM:GTSC, 8.1 CONTACT(S):Malcolm.
ITU-T Activities in Bridging The Standardization Gap Vijay Mauree Programme Coordinator, TSB ITU ITU Regional Standardization Forum for Asia-Pacific (Jakarta,
World Telecommunication Standardization Assembly (WTSA-08) DOCUMENT #:GSC13-XXXX-nn FOR:Presentation or Information SOURCE:ITU AGENDA ITEM:GTSC, 8.1 CONTACT(S):Malcolm.
National Standardization Secretariat ITU Regional Standardization Forum for Africa and SG5RG-ARF and SG5RG-AFR Meetings Livingstone, Zambia March.
ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016.
ITU-T SG17 Q.2 Security Architecture and Framework An overview for newcomers Patrick Mwesigwa Q.2/17 Rapporteur 15 March 2016.
Inter-American Telecommunication Commission
Inter-American Telecommunication Commission
Preparation for World Telecommunication Standardization Assembly 2016
WTSA-12 Resolutions addressing security
WTSA-12 Resolutions addressing security
HIS Smart Grid – Summary (1)
Statistics Governance and Quality Assurance: the Experience of FAO
ITU Overview Empowering global ICT development Malcolm Johnson
Good Morning 1/17/2019.
ITU-T Study Group 17 Security
Martin Euchner, Advisor, ITU-T Study Group 17
Reinhard Scholl, GTSC-7 Chairman
Initiatives of TSB to implement WTSA-08 Resolutions
Malcolm Johnson, Director, Telecommunication Standardization Bureau
ITU-T activity in ICT security
ITU Update since GSC-13 Global Standards Collaboration (GSC) 14
Recent Standardization Activities on Cloud Computing
Conformance and Interoperability Activities in CITEL PCC.I
Presentation transcript:

Arkadiy Kremer Chairman ITU-T Study Group 17 Session 2: Role of Standardization in Cybersecurity

ITU Open Forum on Cybersecurity, 6 December 2008 “We have received a strong message from our members that ITU is, and will remain the world’s pre-eminent global telecommunication and ICT standards body. And we hear also, and very clearly, that ITU should continue on its mission to connect the world, and that bringing the standardization gap, by increasing developing country participation in our work, is an essential prerequisite to achieve this goal”. Malcolm Johnson, TSB Director (Closing speech at the WTSA-08) 2 of 23

ITU Open Forum on Cybersecurity, 6 December 2008 Strategic direction  WSIS Action Line C5, Building confidence and security in use of ICTs  WTSA-08 Resolution 50, Cybersecurity – Resolves “that ITU-T continue to evaluate existing and evolving new Recommendations, and especially signaling and telecommunication protocol Recommendations, with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment in the global information and telecommunication infrastructure”.  WTSA-08 Resolution 52, Countering and combating spam – Instructs ITU-T study groups “to continue collaboration with the relevant organizations (e.g., IETF), in order to continue developing, as a matter of urgency, technical Recommendations with a view to exchanging best practices and disseminating information through joint workshops, training sessions, etc.“ 3 of 23

ITU Open Forum on Cybersecurity, 6 December 2008 Strategic direction (cont.) 4 of 23  Plenipotentiary Resolution 130, Strengthening the role of ITU in building confidence and security in the use of information and communication technologies – Instructs Director of TSB to intensify work in study groups, address threats & vulnerabilities, collaborate, and share information  Plenipotentiary Resolution 149, Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies - Instructs Council to study terminology  ITU Global Cybersecurity Agenda. Key work areas: Legal Measures, Technical and Procedural Measures, Organizational Structures, Capacity Building, International Cooperation. World renowned Group of High-Level Experts report to ITU Secretary General contains recommendations in each of the five areas

ITU Open Forum on Cybersecurity, 6 December 2008 Coordination 5 of 23  ISO/IEC/ITU-T Strategic Advisory Group Security Oversees standardization activities in ISO, IEC and ITU-T relevant to security; provides advice and guidance relative to coordination of security work; and, in particular, identifies areas where new standardization initiatives may be warranted (portal established, workshops conducted)  Global Standards Collaboration ITU and participating standards organizations exchange information on the progress of standards development in the different regions and collaborate in planning future standards development to gain synergy and to reduce duplication. GSC-13 resolutions concerning security include Cybersecurity (13/11), Identity Management (13/04), Network aspects of identification systems (13/03), Personally Identifiable Information protection (13/25).

ITU Open Forum on Cybersecurity, 6 December 2008 ITU-T security activities 6 of 23  Study Group 17 is the lead study group in the ITU-T for security – responsible for: Coordination of security work Development of core Recommendations  Most of the other study groups have responsibilities for standardizing security aspects specific to their technologies (TMN security, IPCablecom security, NGN security, Multimedia security, etc.)

ITU Open Forum on Cybersecurity, 6 December 2008 SG 17 Security Project 7 of 23  Security Coordination Within SG 17, with ITU-T SGs, with ITU-D and externally Kept others informed - TSAG, IGF, ISO/IEC/ITU-T SAG-S… Made presentations to workshops/seminars and to GSC Maintained reference information on LSG security webpage  Security Compendium Includes catalogs of approved security-related Recommendations and security definitions extracted from approved Recommendations  Security Standards Roadmap Includes searchable database of approved ICT security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS)  ITU-T Security Manual – assisted in its development

ITU Open Forum on Cybersecurity, 6 December 2008 Core Security Recommendations 8 of 23  Strong ramp-up on developing core security Recommendations in SG approved in approved in under development for approval next study period  Subjects include:  Architecture and Frameworks  Web services  Directory  Identity management  Risk management  Cybersecurity  Incident management  Mobile security  Countering spam  Security management  Secure applications  Telebiometrics  Ubiquitous Telecommunication services  SOA security  Ramping up on:  Multicast  Traceback  Ubiquitous sensor networks  Collaboration with others on many items

ITU Open Forum on Cybersecurity, 6 December 2008 Core Security Recommendations (cont.) 9 of 23 ITU-T Recommendation X.1205 Overview of Cybersecurity Summary This Recommendation provides a definition for Cybersecurity. The Recommendation provides taxonomy of security threats from an organization point of view. Cybersecurity threats and vulnerabilities including the most common hacker’s tools of the trade are presented. Threats are discussed at various network layers. Various Cybersecurity technologies that are available to remedy the threats are discussed including: routers, firewalls, antivirus protection, intrusion detection systems, intrusion protection systems, secure computing and audit and monitoring. Network protection principles such as defence in depth, access management with application to Cybersecurity are discussed. Risk management strategies and techniques are discussed including the value of training and education in protecting the network. Examples for securing various network based on the discussed technologies are also discussed.

ITU Open Forum on Cybersecurity, 6 December 2008 Core Security Recommendations (cont.) 10 of 23 ITU-T Recommendation X.1206 A vendor-neutral framework for automatic notification of security related information and dissemination of updates Summary This Recommendation provides a framework for automatic notification of security related information and dissemination of updates. The key point of the framework is that it is a vendor- neutral framework. Once an Asset is registered, updates on vulnerabilities information and patches or updates can be automatically made available to the users or directly to applications regarding the Asset.

ITU Open Forum on Cybersecurity, 6 December 2008 Core Security Recommendations (cont.) 11 of 23 Recommendation ITU-T X.1207 Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted software Summary Recommendation ITU-T X.1207 provides guidelines for telecommunication service providers (TSPs) for addressing the risks of spyware and potentially unwanted software. This Recommendation promotes best practices around principles of clear notices and user's consents and controls for TSP web hosting services. This Recommendation develops and promotes best practices to users on personal computer (PC) security, including use of anti-spyware, anti- virus, personal firewall and security software updates on client systems.

ITU Open Forum on Cybersecurity, 6 December 2008 Core Security Recommendations (cont.) 12 of 23 ITU-T Recommendation X.1231 Technical Strategies on Countering Spam Summary This Recommendation emphasizes technical strategies on countering spam, and includes general characteristics of spam and main objectives of countering spam as well. Furthermore, recognizing that there is no single solution to resolve the spam problem, this Recommendation also provides a checklist to evaluate promising tools for countering Spam.

ITU Open Forum on Cybersecurity, 6 December 2008 Core Security Recommendations (cont.) 13 of 23 ITU-T Recommendation X.1240 Technologies involved in countering spam Summary This Recommendation specifies basic concepts, characteristics, and effects of spam, and technologies involved in countering spam. It also introduces the current technical solutions and related activities from various standard development organizations and relevant organizations on countering spam. It provides guidelines and information to the users who want to develop technical solutions on countering spam. This Recommendation will be used as a basis for further development of technical Recommendations on countering spam.

ITU Open Forum on Cybersecurity, 6 December 2008 Core Security Recommendations (cont.) 14 of 23 ITU-T Recommendation X.1241 Technical framework for countering spam Summary This Recommendation provides a technical framework for countering spam. The framework describes one recommended structure of an anti-spam Processing Domain, and defined function of major modules in it. The key point of the framework is that it establishes a mechanism to share information about spam between different servers. Systems follow the framework would improve efficiency through interconnection

ITU Open Forum on Cybersecurity, 6 December 2008 Core Security Recommendations (cont.) 15 of 23 Recommendation ITU-T X.1244 Overall aspects of countering spam in IP-based multimedia applications Summary This Recommendation specifies the basic concepts, characteristics, and technical issues related to countering spam in IP multimedia applications such as IP telephony, instant messaging, etc. The various types of IP multimedia application spam are categorized, and each categorized group is described according to its characteristics. This Recommendation describes various spam security threats that can cause IP multimedia application spam. There are various techniques developed to control the spam which has become a social problem. Some of those techniques can be used in countering IP multimedia application spam. This Recommendation analyzes the conventional spam countering mechanisms and discusses their applicability to countering IP multimedia application spam. This Recommendation concludes by mentioning various aspects that should be considered in countering IP multimedia application spam.

ITU Open Forum on Cybersecurity, 6 December 2008 Identity Management 16 of 23  Networks are increasingly distributed, converged, and packet based where access to services can be based on identity contexts and roles and accessed anywhere, anytime.  Security and trust of identity information in this environment is significantly more complex. Users may have multiple, context dependent “identities” Network services may require different identity trust levels Identity information is distributed throughout the network  Old methods of managing of identity information are inadequate, may limit services, and cause significant cybersecurity problems  Consequently, a new, robust set of secure and trusted capabilities is needed i.e IdM

ITU Open Forum on Cybersecurity, 6 December 2008 IdM is a set of capabilities that 17 of 23  Attach identity data to a person, device, or application.  Facilitate the secure storage, retrieval and secure exchange of identity data.  Provide significantly better identity lifecycle management.  Can allow user control of personally identifiable information (PII).

ITU Open Forum on Cybersecurity, 6 December 2008 ITU-T work on IdM 18 of 23  Managing digital identities and personally identifiable information key aspect for improving security of networks and cyberspace  Effort jump started by IdM Focus Group which produced 6 substantial reports (265 pages) in 9 months  JCA-IdM and IdM-GSI established by TSAG in December 2007 Main work is in SGs 17 and 13  Intense work program, difficult  First IdM Recommendations determined under TAP: X.1250, Capabilities for global identity management trust and interoperability X.1251, A framework for user control of digital identity Y.2720, NGN identity management framework  Many additional IdM Recommendations are under development  Working collaboratively with other key bodies including: ISO/IEC JTC 1/SC 27, Liberty Alliance, FIDIS, OASIS

ITU Open Forum on Cybersecurity, 6 December 2008 Challenges 19 of 23  Addressing security to enhance trust and confidence of users in networks, applications and services  Balance between centralized and distributed efforts on developing security standards  Legal and regulatory aspects of cybersecurity, spam, identity/privacy  Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning  Uniform definitions of cybersecurity terms and definitions  Effective cooperation and collaboration across the many bodies doing cybersecurity work – within the ITU and with external organizations  Keeping ICT security database up-to-date

ITU Open Forum on Cybersecurity, 6 December 2008 Challenges (cont.) 20 of 23  There are a number of standards in field of security of telecommunication and information security. But a standard is the real standard when it is used in real world applications. Business and governmental bodies need to learn more about standards from their business applications rather than from a technical point of view.  Report for the next IGF on the business use of the main security standards Who does this standard effect? Status and summary of standard. Business benefits Technologies involved Technical implications

ITU Open Forum on Cybersecurity, 6 December 2008 Challenges (cont.) 21 of 23 WTSA-08 Resolution 76, Studies related to conformance and interoperability testing, assistance to developing countries, and a possible future ITU mark programme  Interoperability of international telecommunication networks was the main reason to create ITU in the year 1865  Conformance testing would increase the chance of interoperability of equipment conforming to ITU standards  Technical training and institutional capacity development for testing and certification are essential issues for countries to improve their conformity assessment processes, to promote the deployment of advanced telecommunication networks and to increase global connectivity  ITU-T study groups will develop the necessary conformance testing Recommendations as soon as possible  ITU-T Recommendations to address interoperability testing shall be progressed as quickly as possible

ITU Open Forum on Cybersecurity, 6 December 2008 Some useful web resources 22 of 23 ITU Global Cybersecurity Agenda (GCA) ITU-T Home page Study Group LSG on Security Security Roadmap Security Manual Cybersecurity Portal Cybersecurity Gateway ITU-T Recommendations ITU-T Lighthouse ITU-T Workshops

ITU Open Forum on Cybersecurity, 6 December 2008 Thank you! Arkadiy Kremer 23 of 23