International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Thursday, June 07, 2007

ITU has developed an online tool to keep track of crucial ICT security standards work through a single access point. The guide called the ICT Security Standards Roadmap brings together information about existing standards and work in progress by the world's key standards developers. It is a collaborative effort between ITU, the European Network and Security Information Agency (ENISA) and the Network and Information Security Steering Group (NISSG).

Thursday, June 07, 2007 9:45:14 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The ICT Applications and Cybersecurity Division Internet Multilingualization website is now available.

Thursday, June 07, 2007 6:06:00 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, May 30, 2007

An electronic version of the 2007 Cybersecurity Guide for Developing Countries is available in English. Non-finalized versions are also available in Arabic, Chinese, French, Russian and Spanish. NB: A printed copy of this publication is available on request.

The 2006 version of the guide is available in English and French.

Wednesday, May 30, 2007 9:45:28 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, May 28, 2007
A North American corporation focused on acquiring versatile and profitable companies in the IT sector "...has received an order for a turnkey DICOM archive solution [...] to be deployed within Saskatchewan's Provincial health care region. The order is significant and unprecedented as it represents the first of its kind in Canada. The [...] Image Manager is a secure, open-system software solution for transporting, storing, tracking and retrieval of digital images across an entire DICOM network.

To view the full article by On The Go Technologies Group as published by GRIDtoday on 28 May 2007, click here.

Monday, May 28, 2007 4:48:16 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, May 21, 2007

The ITU will be hosting a workshop on 17th Sepember 2007 entitled ITU Workshop on Frameworks for National Action: Cybersecurity and Critical Information Infrastructure Protection:

At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) which are globally interconnected. However, with these growing dependencies, new threats to network and information security have emerged. There is a growing misuse of electronic networks for criminal purposes or for objectives that can adversely affect the integrity of critical infrastructures within States. To address these threats and to protect these infrastructures, a coordinated national framework is required - combined with regional and international cooperation. This workshop will review several related ITU initiatives and present two case studies by expert speakers from the United States of America and the European Union on their respective approaches. Attendance at the workshop is open to all interested participants within available space. Further information is available from cybmail@itu.int.

Monday, May 21, 2007 12:02:12 PM (W. Europe Standard Time, UTC+01:00)  #     | 

This is the newly unveiled newslog for the ITU's Bureau for Telecommunication Development ICT Applications and Cybersecurity Division. More will be posted here soon.

CYB
Monday, May 21, 2007 11:22:47 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, May 04, 2007

Although the European Commission decided against imposing new legislative restrcitions on radio frequency identification (RFID) tags for now (opting for "soft legislation" instead) , a top official warned on Monday that regulations are likely if future uses of the technology don't protect fundamental privacy rights, reports ZDNet. Gerald Santucci, head of the European Commission unit whose domain includes RFID issues, said he feared that rushing to place restrictions on industries hoping to use the technology would choke its potentially valuable application in health care, business, transportation and other realms. But if regulators deem that widespread RFID use is insufficiently safe, secure and privacy-preserving, then "Mrs. Reding [European Commissioner for Information Society and Media] will have no other option but to trigger legislation," Santucci told participants at a luncheon discussion in Washington DC. By the end of 2008, the commission plans to reevaluate whether legislation is necessary. It's unclear how restrictive any potential rules would be.

Read the full story here (ZDNet). More on the European Commission Policy on RFID can be found here.

RFID, along with sensors and nanotechnology, was one of the key techological developments explored in the 2005 ITU Internet Report on The Internet of Things. An ITU New Initiatives Workshop on Ubiquitous Networks Societies was also held in the same here. Network aspects of identification systems are being studied in the context of standardization by the ITU's JCA-NID.

Friday, May 04, 2007 4:11:04 PM (W. Europe Standard Time, UTC+01:00)  #     | 

A United States House of Representatives subcommittee approved a bill on spyware this week, which recommends up to five years in prison for convicted distributors of malicious spyware.

Past versions of the Internet Spyware Prevention Act have failed to pass a vote in the United States Senate. Observers have pointed out, however, that the increasing militancy among users fed up with unwanted software intrusion may make this latest attempt more successful. And there is a lot at stake. Creating trust in the internet will ensure its future development. More on this story is available here.

The ITU is taking a leading role in cybersecurity initiatives, particularly in light of calls for global action made at the World Summit on the Information Society. More information on ITU's work in this area is available here.

Friday, May 04, 2007 3:01:37 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, May 01, 2007

According to a recent Press Realease by The Infocomm Development Authority of Singapore (IDA), Singapore is already looking into a new five-year infocomm security roadmap (2008-2012) as it embarks on the final year of the current three-year Infocomm Security Masterplan (2005-2008). The Infocomm Security Masterplan was launched on 22 February 2005 as a strategic roadmap to chart Singapore's national efforts in developing capabilities to prevent cyber-security incidents and protect the critical infrastructure from cyber-threats. According to Dr. Vivian Balakrishnan, Second Minister for Information, Communications and the Arts, Singapore "cannot afford to be complacent, especially with new and dangerous threats evolving and growing at such an alarming rate. Instead of simply taking one step forward, we need to be many steps ahead in our efforts to combat cyber threats."

Providing a glimpse of the new five-year Masterplan to be launched in 2008, Dr. Balakrishnan shared that the new infocomm security roadmap will build on Singapore's existing efforts to focus on more international collaborations to improve Singapore's ability to combat cyber threats. The collaborations will look into knowledge exchanges and regular communication between governments on cyber threat trends and protection of critical infrastructure. When launched in 2008, the new security roadmap will also secure Singapore's ultra high-speed and pervasive Next Generation National Infocomm Infrastructure (NGNII) to provide a secure and trusted environment for the creation of new value-added services such as location-based marketing, goods tracking and localised information services and the pervasive adoption of online services such as those in the area of banking, healthcare and education.

Under the current Masterplan, the government has developed various security initiatives to equip public officers with more timely information and knowledge to assess and improve on their cyber defence. This allows them to better protect, detect and respond to cyber threats. An example is the Cyber-WatchCentre which monitors cyber threats real-time and round-the-clock. By mid 2008, the centre will ensure end-to-end security for all public officers, allowing government agencies to better anticipate cyber attacks and respond to them speedily.

For more information on these inititiatives, view the IDA Press Release.

Tuesday, May 01, 2007 3:19:40 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, March 08, 2007

The first steps towards a globally harmonized approach to identity management (IdM) have been taken during a meeting of the ITU Focus Group on Identity Management (FG IdM) bringing together, for the first time, the world’s key players in the IdM space.

IdM promises to reduce the need for multiple user names and passwords for each service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce. Experts at the meeting concurred that interoperability between existing IdM solutions will provide significant benefits such as increased trust by users of on-line services as well as cybersecurity, reduction of spam and seamless "nomadic” roaming between services worldwide. Abbie Barbir, chairman of the Focus Group on Identity Management: "Our main focus is on how to achieve the common goals of the telecommunication and IdM communities. Nobody can go it alone in this space, an IdM system must have global acceptance. There was a very positive feeling at the meeting that we can achieve this and crucially we saw a great level of participation from all key players."

The meeting of the FG IdM brought together developers, software vendors, standards forums, manufacturers, telcos, solutions providers and academia from around the world to share their knowledge and coordinate their IdM efforts. Interoperability among solutions so far has been minimal. One conclusion of attendees is that cooperation is crucial and that players cannot exist in isolation.

The spirit of the meeting was that everyone will gain by providing an open mechanism that will allow different IdM solutions to communicate even as each IdM solution continues to evolve. Such a "trust metric" does not exist today experts say. Work will continue online and during Focus Group meetings in April, May, and July 2007. An analysis of what IdM is used for will be followed by a gap analysis between existing IdM frameworks now being developed by industry fora and consortiums. These gaps should be addressed before the interworking and interoperability between the various solutions can be achieved. The aim is to provide the basis for a framework which can then be conveyed to the relevant standard bodies including ITU-T Study Groups. The document will include details on the requirements for the additional functionality needed within next generation networks. ITU has a long history of innovation in this field, with key work on trusted, interoperable identity framework standards including Recommendation X.509 that today serves as the primary "public key" technical mechanism for communications security across all telecom and internet infrastructures.

See more information on the Focus Group on Identity Management (FG IdM) website.

Thursday, March 08, 2007 10:42:50 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, March 01, 2007

Kaspersky Lab, a developer of secure content management solutions, recently announced its annual report on malware and spam evolution. The report, authored by Kaspersky Lab analysts, surveys the trends of 2006 and looks at what 2007 may bring.

Malware Evolution: 2006. The report provides an overview of the most important incidents in the malware world, highlights the main trends, and examines how the situation will evolve. Particular stress is laid on the continuing increase in the number of Trojan programs, particularly those designed to steal online gaming account data; the first viruses and worms for MacOS; and Trojans for J2ME, which are designed to steal funds from mobile user accounts. The number of new malicious programs was up 41% on 2005. As for the future evolution of malicious programs, Kaspersky Lab virus analysts believe that virus writers and spammers will work ever more closely together; the number of Trojans will continue to increase; and that virus writers will be on the lookout for exploitable vulnerabilities in Vista.

Spam Evolution: 2006. Data provided by the Kaspersky Spam Lab shows that in 2006, between 70% and 80% of mail traffic on the Russian Internet was spam. The majority of spam sent to Russian users originates in Russia, the U.S.A. and China. Spammers actively used graphics in order to evade spam filters. They are also continued to send spam masquerading as personal correspondence in order to get the recipient to read the whole message and then act as the spammers intended, whether by calling a designated number or clicking on a link. The report on spam evolution also highlights how mass mailings differ from each other according to language: most Russian language spam offers education and training, and a wide range of goods ranging from busts of the Russian president to a device which will 'translate' a dog's bark. English language spam, on the other hand, tends to focus on advertising for stocks and shares, viagra and cheap software. The report also notes that spam became increasingly criminalized in 2006, with spammers actively using SMS to spread spam.

The company's analysts believe that technologies currently in use will continue to evolve in 2007, together with further development of graphical spam, and increased criminalization of mass mailings.

Read the executive summaries here: Malware Evolution: 2006 and Spam Evolution: 2006.
The full annual report can be found here.  

This news item was accessed through Russia Newswire.

Thursday, March 01, 2007 4:03:34 PM (W. Europe Standard Time, UTC+01:00)  #     | 

ITU-T Study Group 2’s February meeting saw work continue on harmonizing numbering resources for child helplines. Study Group 2 is looking at the issue following a request from Child Helpline International (CHI). CHI is a global network of telephone helplines and outreach services for children and young people.

Specifically Study Group 2 is looking at the logistics of providing a global number. It previously conducted a survey which discovered that a wide range of numbers are in use globally and that there is support in many countries for studying a more harmonized solution. A review process will be an initial assessment of all of the various options for introducing childrens’ helplines. The fundamental question is whether a single number can be deployed worldwide. Other issues include how regulators will handle migration from existing services and who pays for the services.

See the Study Group 2 website and ITU-T Newslog for further information.

Thursday, March 01, 2007 9:20:43 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, February 27, 2007

The SHA-1 algorithm, which has been widely used in many of today's mainstream security products since 1995, was significantly compromised in February 2005 by a team of researchers led by Xiaoyun Wang based at China’s Shandong University. (This team had already undertaken attacks against the MD5 and SHA: hash functions previously, prior to their attack on SHA-1).

Their success prompted calls for a replacement algorithm. The U.S. National Institute of Standards and Technology had already announced that they planned to phase out the use of SHA-1 by 2010 in favour of the SHA-2 variants. The need for a replacement algorithm has now led NIST to launch a contest to devise a successor on 27 January 2007. The competition is to begin in the fall of 2008, and continue until 2011, with full completion and approval by 2012. Contests like this one have a promising history in cryptography. Notably, the Advanced Encryption Standard (devised as a more secure replacement to the prior Data Encryption Standard) was devised through an open competition between fifteen teams of cryptographers between 1997-2000.

Tuesday, February 27, 2007 4:28:05 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, February 21, 2007

The New York Times has published an article on the early moves by European governments to implement the European Union Data Retention Directive.  The initial programs proposed by the governments of Germany and the Netherlands are more stringent than the directive requires.  The New York Times has noted that some of the people involved in this issue are concerned that these programs may represent a policy shift within Europe, which has traditionally followed a policy of protecting individuals' privacy rights.

More information can be found here.

The New York Times article can be found here.

Wednesday, February 21, 2007 4:56:30 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, February 15, 2007

This summary provides a general discussion of the amended Information Network and Privacy Protection Act (“INPPA”) of Korea. INPPA sets out the minimum procedural requirements for lawful online transmissions in Korea whereby transmissions of advertised materials against recipients’ refusal to accept are strictly prohibited. Although these rules are applicable to unsolicited commercial e-mails via the internet, they were intended to apply to all modes of telecommunication such as cellular phones, facsimiles, etc.

The Korean government has made continuing efforts since 1999 to curb the increase in spam mail and has since been monitoring the effectiveness of the implementation of additional provisions. The new law targets senders of spam mail that are commercial in nature. Consistent with its effort to protect minors from being exposed to obscene and violent materials online, the Korean government has also included a provision in the INPPA that requires senders to label those materials as such.

More information can be found here

Thursday, February 15, 2007 5:58:13 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, February 13, 2007

Ross Anderson and Tyler Moore have published their survey paper on "The Economics of Information Security: A Survey and Open Questions".

Read the full version of the paper, and the shorter version of the paper, which appeared in Science Magazine.

Their presentation at The Economics of the Software and Internet Industries conference in Toulouse, France, 19-20 January 2007, can be found here.

Tuesday, February 13, 2007 10:25:04 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, February 08, 2007

According to Mark Hall, the Director of the U.S. Defense Department's International Information Assurance Program and co-chair of the National Cyber Response Coordination Group (NCRCG), DOD is about to sign an agreement to share incident and threat information with the North Atlantic Treaty Organization's Computer Emergency Response Team (CERT).  NCRCG is the U.S. federal government's incident response coordinator.  It works to defend U.S. cyberspace by providing guidance to federal agencies and working the private sector, state governments, and other countries.  Currently, there are 26 NATO countries and Hall feels that it will be much easier for him to work with NATO rather than each of the countries bilaterally.  Hall was also recently a participant in a panel at RSA Conference 2007 that discussed "Protecting U.S. Cyberspace:  Coordinating National Response to Cyber Attacks." 

For the full article, please go here.

Thursday, February 08, 2007 4:40:19 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, February 06, 2007

The Chairman’s Report (Version for Comments) from the ITU New Initiatives Programme workshop on The Future of Voice, held January 15-16, 2007 in the ITU Headquarter, has been made available for comments on the event's web-page.

To download the document, please click here

All comments and remarks, to be reflected in the final version of the Chairman’s Report should be sent via email to SPUmail@itu.int no later than the 19th February 2007.

 

Tuesday, February 06, 2007 5:27:39 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Standards that will ease the wide spread rollout of video over IP networks took a step forward in January. IPTV architecture and requirements, two fundamentally important areas in standards work were progressed at a recent meeting of the ITU-T Focus Group on IPTV (FG IPTV). There was general consensus in the meeting that FG IPTV will successfully develop documents which will accelerate introduction of IPTV to the global market. Setting the architecture and requirements in stone allows the rest of the work to continue with greater ease.

Meeting at the Microsoft conference center, Mountain View California, at the invitation of the Alliance for Telecom Industry Standards (ATIS) the group saw a record number of contributions and experts worked often late to keep up with the workload. Nearly 90 documents were dealt with in the fields of architecture and requirements alone. Malcolm Johnson, newly elected Director of ITU’s Telecommunication Standardization Bureau said in a message he sent to the event: "The excellent cooperation between ITU-T and ATIS is an example of the spirit of cooperation that I believe now pervades in the standards world... From what I have seen there is a great deal to be satisfied by in terms of the progress that FG IPTV has achieved so far."

In opening comments, ATIS President & CEO Susan Miller shared with the 200 meeting attendees that IPTV is serving as a ''change agent" for the industry, and "as both the business case and principal driver for accelerating deployment of the next generation network. "Miller noted that for North American service providers in particular, "IPTV is a critical ingredient to bundled service offerings that encompass television services, mobile services, Internet access, and much more. We have seen in the last decade, enormous investments in broadband, and fiber deployments to the home and to the premise," said Miller. Also important a document outlining terms and definitions in the field was created.

While seemingly mundane this work is crucially important in ensuring consistency of comprehension in an area where many standards outlining different aspects of IPTV will co-exist. Further discussion is expected on whether and how to treat the issue of redistribution of content to a point past an IPTV terminal device, and, in particular, how content protection and content management functions can or should apply in a home network environment. Other issues examined and progressed were accessibility issues for people with disabilities, AV codecs and content format requirements. Output and other documents can be found here.
See also the ITU-T newslog for further information. 

The next meeting of FG IPTV will be held from 7 to 11 May 2007 in Bled, Slovenia.

Tuesday, February 06, 2007 10:01:48 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Almost 40 countries will participate in the fourth edition of Safer Internet Day (SID) which this year takes place on 6 February.

The event is organised by European Schoolnet, coordinator of Insafe, the European safer internet network. Viviane Reding, EU Commissioner for the Information Society and Media is once again patron of Safer Internet Day, as in the past two years.

The highlight of the day will once again be a worldwide blogathon, which will reach Australia on 6th February and progress westward through the day to finish up in the USA and Canada. Following the huge success encountered in 2006, this year’s blogathon goes one step further to include the voices of hundreds of youngsters.

In the framework of a competition launched in October 2006, more than 200 schools in 25 countries across the globe have been working in pairs, using technology to cross geographical borders, to create internet safety awareness material on one of three themes: e-privacy, netiquette, and power of image. On Safer Internet Day, all of the projects they have produced will be uploaded to the blogathon. The 4 prize-winning teams in the competition will be announced on 6 February when the blogathon opens to well over 100 organisations waiting on the starting block to add their postings on this year’s theme, Crossing borders.

To find out more about young people’s use of the internet and mobile phones, Insafe has been collecting data over the past two months through an online survey. Preliminary results will be made available on Safer Internet Day along with a wealth of other information tailored to the needs of not only media but also parents, teachers and youngsters in an online media room specially set up at www.saferinternet.org to mark the event.

On Safer Internet Day in the Netherlands, HRH Princess Maxima will be the special guest at an event featuring theatre, music and stories. In Slovenia, young people will showcase art projects and Slovenian national television will broadcast internet safety clips.

Across the globe, hundreds of other events will highlight the growing importance of internet safety in the lives of us all.
For further information see the following links:

Insafe
National nodes of Insafe
Safer Internet Day Blogathon
Safer Internet Programme
eTwinning (partner in the Safer Internet Day competition for schools)

Tuesday, February 06, 2007 9:43:36 AM (W. Europe Standard Time, UTC+01:00)  #     | 

In today's interconnected world of networks, threats can now originate anywhere − our collective cybersecurity depends on the security practices of every connected country, business, and citizen. The International Telecommunication Union (ITU), a specialized agency within the United Nations system, would like to draw Safer Internet Day participants' interest to a number of information resources dedicated to cybersecurity and spam.

The ITU Cybersecurity Gateway is an easy-to-use online information resource on national and international cybersecurity related initiatives worldwide. A vast number of resources and links are available and organizations are invited to join in partnership with the ITU and other stakeholders to build confidence and security in the use of information and communication technologies (ICTs).

The StopSpamAlliance is a joint initiative to gather information and resources on combating spam. This initiative was undertaken by Asia-Pacific Economic Cooperation (APEC), the EU's Contact Network of Spam Authorities (CNSA), International Telecommunication Union (ITU), the London Action Plan, Organisation for Economic Co-operation and Development (OECD) and the Seoul-Melbourne Anti-Spam group. The StopSpamAlliance.org website contains an overview about each of these organization’s activities in countering spam and related threats.

The outcome documents from the two phases of the World Summit on the Information Society (WSIS) emphasize that building confidence and security in the use of information and communication technologies (ICTs) is a necessary pillar for building a global information society. ITU has been asked to play the main facilitator role for to assist stakeholders in building confidence and security in the use of ICTs. To stress the importance of the multi-stakeholder implementation of this task, ITU has named this the Partnerships for Global Cybersecurity (PGC) initiative.

In commenting on the Safer Internet initiative, newly elected ITU Secretary-General Hamadoun Toure stressed the need for greater cooperation between regulators, government, security firms, communication service providers, and end users in dealing with the challenges to building a safe and secure information society.

The International Telecommunication Union wishes you all a very successful Safer Internet Day 2007!

Enquiries related to ITU activities in the area of cybersecurity can be directed to cybersecurity@itu.int.

 

About ITU

The International Telecommunication Union (ITU) is an international organization (specialized agency) within the United Nations System where governments and the private sector coordinate global telecommunication networks and services. Through its standards, development, and policy research activities, ITU has a long-standing track record in security for information and communication systems. There are currently more than seventy ITU recommendations focusing on security.

Tuesday, February 06, 2007 9:24:40 AM (W. Europe Standard Time, UTC+01:00)  #     |