|Question I/17 - Cyber Security
(continuation of a part of Question 10/17 studied during 2001-2004)
There have been many attacks to communication systems and the number of incidents caused by worms and virus are increasing. Cyber space users are very interested in how to enhance protection level of their cyber life and how to prevent harms from various kinds of threats. Many experts in the telecommunication community need to know how to properly operate equipment for their network safety.
Numerous protection and detection mechanism have been introduced such as firewalls and intrusion detection systems (IDS), but most of them are just focusing on technical aspects. While these technical solutions are important, more consideration and discussion is needed on cyber security from the point of international standardization.
The following areas of cyber security should be studied:
- processes for distribution, sharing and disclosure of vulnerability information.
- standard procedure for incident handling operations in cyber space.
- strategy for protection of critical network infrastructure.
What Recommendations are needed for cyber security ?
This effort will be done in collaboration with the ITU-T communications systems security project, other ITU study groups interested in cyber security, standards development organizations (SDOs) such as ISO/IEC JTC 1 and IETF, and other cyber security related organizations including special incident handling organizations such as Computer Emergency Response Team Coordination Center (CERT/CC) and Forums for Incident Response Security Teams (FIRST).
Questions: G/17, H/17, J/17, K/17, L/17 and M/17
Study Groups: ITU-T SGs 2, 4, 5, 9, 11, 13, 15, 16 and SSG; ITU-R, ITU-D SG 2
Standardization bodies: ISO/IEC JTC 1/SC 27; IETF
Other bodies: FIRST, CERT/CC