International Telecommunication Union   ITU
Site Map Contact us Print Version
 Tuesday, 26 June 2007

An ITU commissioned study on a Generic National Framework for Critical Information Infrastructure Protection is now available.

The objective was to outline a possible simple framework that could be of potential interest to developing countries who wished to establish a national Critical Information Infrastructure Protection (CIIP) programme. The framework is modeled after the Swiss Reporting and Analysis Center for Information Assurance (MELANI). The author, Manuel Suter, is from the Crisis and Risk Network (CRN), Center for Security Studies (CSS), ETH Zurich, Switzerland, who produce the International CIIP Handbook: An Inventory and Analysis of National Protection Policies.

The Center for Security Studies previously produced a study for ITU entitled A Comparative Analysis of Cybersecurity Initiatives Worldwide.

This paper has been submitted to ITU-D Study Group Question 22/1: Securing information and communication networks: best practices for developing a culture of cybersecurity for their consideration.

The views expressed in the study are those of the author and do not necessarily reflect the opinions of the ITU or of its membership.

Tuesday, 26 June 2007 20:14:42 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 21 June 2007

A new paper: Terrorism in Cyberspace - Myth or reality? has been posted by cybercrime expert Judge Stein Schjolberg on his website

Thursday, 21 June 2007 22:17:39 (W. Europe Standard Time, UTC+01:00)  #     | 

28-31 Aug 2007 The ITU, in collaboration with the Viet Nam Ministry of Posts and Telematics and with support from the government of Australia, will be hosting a workshop 28-31 August 2007 entitled Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection in Hanoi, Viet Nam.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants is available on the event website. Further information is available from

Thursday, 21 June 2007 08:33:04 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 07 June 2007

ITU has developed an online tool to keep track of crucial ICT security standards work through a single access point. The guide called the ICT Security Standards Roadmap brings together information about existing standards and work in progress by the world's key standards developers. It is a collaborative effort between ITU, the European Network and Security Information Agency (ENISA) and the Network and Information Security Steering Group (NISSG).

Thursday, 07 June 2007 09:45:14 (W. Europe Standard Time, UTC+01:00)  #     | 

The ICT Applications and Cybersecurity Division Internet Multilingualization website is now available.

Thursday, 07 June 2007 06:06:00 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 30 May 2007

An electronic version of the 2007 Cybersecurity Guide for Developing Countries is available in English. Non-finalized versions are also available in Arabic, Chinese, French, Russian and Spanish. NB: A printed copy of this publication is available on request.

The 2006 version of the guide is available in English and French.

Wednesday, 30 May 2007 09:45:28 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 28 May 2007
A North American corporation focused on acquiring versatile and profitable companies in the IT sector "...has received an order for a turnkey DICOM archive solution [...] to be deployed within Saskatchewan's Provincial health care region. The order is significant and unprecedented as it represents the first of its kind in Canada. The [...] Image Manager is a secure, open-system software solution for transporting, storing, tracking and retrieval of digital images across an entire DICOM network.

To view the full article by On The Go Technologies Group as published by GRIDtoday on 28 May 2007, click here.

Monday, 28 May 2007 16:48:16 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 21 May 2007

The ITU will be hosting a workshop on 17th Sepember 2007 entitled ITU Workshop on Frameworks for National Action: Cybersecurity and Critical Information Infrastructure Protection:

At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) which are globally interconnected. However, with these growing dependencies, new threats to network and information security have emerged. There is a growing misuse of electronic networks for criminal purposes or for objectives that can adversely affect the integrity of critical infrastructures within States. To address these threats and to protect these infrastructures, a coordinated national framework is required - combined with regional and international cooperation. This workshop will review several related ITU initiatives and present two case studies by expert speakers from the United States of America and the European Union on their respective approaches. Attendance at the workshop is open to all interested participants within available space. Further information is available from

Monday, 21 May 2007 12:02:12 (W. Europe Standard Time, UTC+01:00)  #     | 

This is the newly unveiled newslog for the ITU's Bureau for Telecommunication Development ICT Applications and Cybersecurity Division. More will be posted here soon.

Monday, 21 May 2007 11:22:47 (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, 04 May 2007

Although the European Commission decided against imposing new legislative restrcitions on radio frequency identification (RFID) tags for now (opting for "soft legislation" instead) , a top official warned on Monday that regulations are likely if future uses of the technology don't protect fundamental privacy rights, reports ZDNet. Gerald Santucci, head of the European Commission unit whose domain includes RFID issues, said he feared that rushing to place restrictions on industries hoping to use the technology would choke its potentially valuable application in health care, business, transportation and other realms. But if regulators deem that widespread RFID use is insufficiently safe, secure and privacy-preserving, then "Mrs. Reding [European Commissioner for Information Society and Media] will have no other option but to trigger legislation," Santucci told participants at a luncheon discussion in Washington DC. By the end of 2008, the commission plans to reevaluate whether legislation is necessary. It's unclear how restrictive any potential rules would be.

Read the full story here (ZDNet). More on the European Commission Policy on RFID can be found here.

RFID, along with sensors and nanotechnology, was one of the key techological developments explored in the 2005 ITU Internet Report on The Internet of Things. An ITU New Initiatives Workshop on Ubiquitous Networks Societies was also held in the same here. Network aspects of identification systems are being studied in the context of standardization by the ITU's JCA-NID.

Friday, 04 May 2007 16:11:04 (W. Europe Standard Time, UTC+01:00)  #     | 

A United States House of Representatives subcommittee approved a bill on spyware this week, which recommends up to five years in prison for convicted distributors of malicious spyware.

Past versions of the Internet Spyware Prevention Act have failed to pass a vote in the United States Senate. Observers have pointed out, however, that the increasing militancy among users fed up with unwanted software intrusion may make this latest attempt more successful. And there is a lot at stake. Creating trust in the internet will ensure its future development. More on this story is available here.

The ITU is taking a leading role in cybersecurity initiatives, particularly in light of calls for global action made at the World Summit on the Information Society. More information on ITU's work in this area is available here.

Friday, 04 May 2007 15:01:37 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 01 May 2007

According to a recent Press Realease by The Infocomm Development Authority of Singapore (IDA), Singapore is already looking into a new five-year infocomm security roadmap (2008-2012) as it embarks on the final year of the current three-year Infocomm Security Masterplan (2005-2008). The Infocomm Security Masterplan was launched on 22 February 2005 as a strategic roadmap to chart Singapore's national efforts in developing capabilities to prevent cyber-security incidents and protect the critical infrastructure from cyber-threats. According to Dr. Vivian Balakrishnan, Second Minister for Information, Communications and the Arts, Singapore "cannot afford to be complacent, especially with new and dangerous threats evolving and growing at such an alarming rate. Instead of simply taking one step forward, we need to be many steps ahead in our efforts to combat cyber threats."

Providing a glimpse of the new five-year Masterplan to be launched in 2008, Dr. Balakrishnan shared that the new infocomm security roadmap will build on Singapore's existing efforts to focus on more international collaborations to improve Singapore's ability to combat cyber threats. The collaborations will look into knowledge exchanges and regular communication between governments on cyber threat trends and protection of critical infrastructure. When launched in 2008, the new security roadmap will also secure Singapore's ultra high-speed and pervasive Next Generation National Infocomm Infrastructure (NGNII) to provide a secure and trusted environment for the creation of new value-added services such as location-based marketing, goods tracking and localised information services and the pervasive adoption of online services such as those in the area of banking, healthcare and education.

Under the current Masterplan, the government has developed various security initiatives to equip public officers with more timely information and knowledge to assess and improve on their cyber defence. This allows them to better protect, detect and respond to cyber threats. An example is the Cyber-WatchCentre which monitors cyber threats real-time and round-the-clock. By mid 2008, the centre will ensure end-to-end security for all public officers, allowing government agencies to better anticipate cyber attacks and respond to them speedily.

For more information on these inititiatives, view the IDA Press Release.

Tuesday, 01 May 2007 15:19:40 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 08 March 2007

The first steps towards a globally harmonized approach to identity management (IdM) have been taken during a meeting of the ITU Focus Group on Identity Management (FG IdM) bringing together, for the first time, the world’s key players in the IdM space.

IdM promises to reduce the need for multiple user names and passwords for each service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce. Experts at the meeting concurred that interoperability between existing IdM solutions will provide significant benefits such as increased trust by users of on-line services as well as cybersecurity, reduction of spam and seamless "nomadic” roaming between services worldwide. Abbie Barbir, chairman of the Focus Group on Identity Management: "Our main focus is on how to achieve the common goals of the telecommunication and IdM communities. Nobody can go it alone in this space, an IdM system must have global acceptance. There was a very positive feeling at the meeting that we can achieve this and crucially we saw a great level of participation from all key players."

The meeting of the FG IdM brought together developers, software vendors, standards forums, manufacturers, telcos, solutions providers and academia from around the world to share their knowledge and coordinate their IdM efforts. Interoperability among solutions so far has been minimal. One conclusion of attendees is that cooperation is crucial and that players cannot exist in isolation.

The spirit of the meeting was that everyone will gain by providing an open mechanism that will allow different IdM solutions to communicate even as each IdM solution continues to evolve. Such a "trust metric" does not exist today experts say. Work will continue online and during Focus Group meetings in April, May, and July 2007. An analysis of what IdM is used for will be followed by a gap analysis between existing IdM frameworks now being developed by industry fora and consortiums. These gaps should be addressed before the interworking and interoperability between the various solutions can be achieved. The aim is to provide the basis for a framework which can then be conveyed to the relevant standard bodies including ITU-T Study Groups. The document will include details on the requirements for the additional functionality needed within next generation networks. ITU has a long history of innovation in this field, with key work on trusted, interoperable identity framework standards including Recommendation X.509 that today serves as the primary "public key" technical mechanism for communications security across all telecom and internet infrastructures.

See more information on the Focus Group on Identity Management (FG IdM) website.

Thursday, 08 March 2007 10:42:50 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 01 March 2007

Kaspersky Lab, a developer of secure content management solutions, recently announced its annual report on malware and spam evolution. The report, authored by Kaspersky Lab analysts, surveys the trends of 2006 and looks at what 2007 may bring.

Malware Evolution: 2006. The report provides an overview of the most important incidents in the malware world, highlights the main trends, and examines how the situation will evolve. Particular stress is laid on the continuing increase in the number of Trojan programs, particularly those designed to steal online gaming account data; the first viruses and worms for MacOS; and Trojans for J2ME, which are designed to steal funds from mobile user accounts. The number of new malicious programs was up 41% on 2005. As for the future evolution of malicious programs, Kaspersky Lab virus analysts believe that virus writers and spammers will work ever more closely together; the number of Trojans will continue to increase; and that virus writers will be on the lookout for exploitable vulnerabilities in Vista.

Spam Evolution: 2006. Data provided by the Kaspersky Spam Lab shows that in 2006, between 70% and 80% of mail traffic on the Russian Internet was spam. The majority of spam sent to Russian users originates in Russia, the U.S.A. and China. Spammers actively used graphics in order to evade spam filters. They are also continued to send spam masquerading as personal correspondence in order to get the recipient to read the whole message and then act as the spammers intended, whether by calling a designated number or clicking on a link. The report on spam evolution also highlights how mass mailings differ from each other according to language: most Russian language spam offers education and training, and a wide range of goods ranging from busts of the Russian president to a device which will 'translate' a dog's bark. English language spam, on the other hand, tends to focus on advertising for stocks and shares, viagra and cheap software. The report also notes that spam became increasingly criminalized in 2006, with spammers actively using SMS to spread spam.

The company's analysts believe that technologies currently in use will continue to evolve in 2007, together with further development of graphical spam, and increased criminalization of mass mailings.

Read the executive summaries here: Malware Evolution: 2006 and Spam Evolution: 2006.
The full annual report can be found here.  

This news item was accessed through Russia Newswire.

Thursday, 01 March 2007 16:03:34 (W. Europe Standard Time, UTC+01:00)  #     | 

ITU-T Study Group 2’s February meeting saw work continue on harmonizing numbering resources for child helplines. Study Group 2 is looking at the issue following a request from Child Helpline International (CHI). CHI is a global network of telephone helplines and outreach services for children and young people.

Specifically Study Group 2 is looking at the logistics of providing a global number. It previously conducted a survey which discovered that a wide range of numbers are in use globally and that there is support in many countries for studying a more harmonized solution. A review process will be an initial assessment of all of the various options for introducing childrens’ helplines. The fundamental question is whether a single number can be deployed worldwide. Other issues include how regulators will handle migration from existing services and who pays for the services.

See the Study Group 2 website and ITU-T Newslog for further information.

Thursday, 01 March 2007 09:20:43 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 27 February 2007

The SHA-1 algorithm, which has been widely used in many of today's mainstream security products since 1995, was significantly compromised in February 2005 by a team of researchers led by Xiaoyun Wang based at China’s Shandong University. (This team had already undertaken attacks against the MD5 and SHA: hash functions previously, prior to their attack on SHA-1).

Their success prompted calls for a replacement algorithm. The U.S. National Institute of Standards and Technology had already announced that they planned to phase out the use of SHA-1 by 2010 in favour of the SHA-2 variants. The need for a replacement algorithm has now led NIST to launch a contest to devise a successor on 27 January 2007. The competition is to begin in the fall of 2008, and continue until 2011, with full completion and approval by 2012. Contests like this one have a promising history in cryptography. Notably, the Advanced Encryption Standard (devised as a more secure replacement to the prior Data Encryption Standard) was devised through an open competition between fifteen teams of cryptographers between 1997-2000.

Tuesday, 27 February 2007 16:28:05 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 21 February 2007

The New York Times has published an article on the early moves by European governments to implement the European Union Data Retention Directive.  The initial programs proposed by the governments of Germany and the Netherlands are more stringent than the directive requires.  The New York Times has noted that some of the people involved in this issue are concerned that these programs may represent a policy shift within Europe, which has traditionally followed a policy of protecting individuals' privacy rights.

More information can be found here.

The New York Times article can be found here.

Wednesday, 21 February 2007 16:56:30 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 15 February 2007

This summary provides a general discussion of the amended Information Network and Privacy Protection Act (“INPPA”) of Korea. INPPA sets out the minimum procedural requirements for lawful online transmissions in Korea whereby transmissions of advertised materials against recipients’ refusal to accept are strictly prohibited. Although these rules are applicable to unsolicited commercial e-mails via the internet, they were intended to apply to all modes of telecommunication such as cellular phones, facsimiles, etc.

The Korean government has made continuing efforts since 1999 to curb the increase in spam mail and has since been monitoring the effectiveness of the implementation of additional provisions. The new law targets senders of spam mail that are commercial in nature. Consistent with its effort to protect minors from being exposed to obscene and violent materials online, the Korean government has also included a provision in the INPPA that requires senders to label those materials as such.

More information can be found here

Thursday, 15 February 2007 17:58:13 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 13 February 2007

Ross Anderson and Tyler Moore have published their survey paper on "The Economics of Information Security: A Survey and Open Questions".

Read the full version of the paper, and the shorter version of the paper, which appeared in Science Magazine.

Their presentation at The Economics of the Software and Internet Industries conference in Toulouse, France, 19-20 January 2007, can be found here.

Tuesday, 13 February 2007 10:25:04 (W. Europe Standard Time, UTC+01:00)  #     |