>> Study Group 17
: Security, languages and telecommunication software
Question 4/17 - Communications Systems Security Project
(Continuation of Question G/17)
Security threats on the telecommunications infrastructure are on the increase – both in frequency and in complexity. Efforts over the years to secure the infrastructure have been somewhat fragmented and reactionary and so far have failed to produce the desired level of protection against threats. This issue is complicated by the large number of organizations working on various aspects of security, making coordination and cooperation difficult and challenging.
With so much of the world’s commercial transactions conducted over telecommunications links, security assurance associated with the use of this cyber infrastructure is paramount in ensuring the smooth functioning of businesses, the well being of citizens and the effective operation of their governments. Worm and virus attacks such as the Blaster worm and Code Red have impacted millions of computers and communications networks worldwide. The economic impact of such attacks has been huge with reported losses in the billions of dollars. Thus far, the progress in combating threats has been slow and more focused and intensive efforts are urgently required.
The subject of Security is vast in scope and topics. Security can be applied almost in every aspect of telecommunication and information technology. The approach to specify security requirements can be one of bottom-up or one of top-down:
- Bottom-up approach is where area experts devise security measures to strengthen and protect their particular
domain of the network, i.e. biometrics, cryptography, etc. This is the most widely adopted way but it is fragmented
as to how security is being studied in various organizations.
- Top-down approach is the high-level and strategic way of looking at security. It requires knowledge of the
overall picture. It is also the more difficult approach because it is harder to find experts with detailed
knowledge of every part of the network and thus its security requirements than area experts with particular
knowledge of one or two specific areas.
- Another alternative is a combination of bottom-up and top-down approaches, with coordination effort to bring
the different pieces together. This has often proved to be extremely challenging with varying interests and
This Question is dedicated to the vision setting and the coordination and organization of the entire range of communications security activities within ITU-T. A top-down approach to the Security question will be used with collaboration with other Study Groups and other SDOs. This project is directed towards achieving a more focused effort at the project and strategic level.
a. What are the deliverables for the Communications Systems Security Project?
b. What are the processes, work items, work methods and timeline for the project to achieve the deliverables?
c. What Security Compendia and handbooks need to be produced and maintained by ITU?
d. What Security workshops are needed?
e. What is needed to build effective relationships with other SDOs in order to advance the work on security?
f. What are the key milestones and success criteria?
g. How can Sector Member and Administration interest be stimulated and momentum be sustained on security work?
h. How could security features become more attractive to the marketplace?
i. How to articulate clearly the crucial interest to governments and the urgent need to protect global economic interests, which depend on a robust and secure telecommunications infrastructure?
a. Act as lead group on all communications security project-level issues for ITU-T.
b. Develop and maintain a Project Roadmap – to provide a vision and a detailed plan that determines the level and scope of the security domain for study. The Roadmap shall identify all related components and their inter-relationships, participating organizations and roles. Distinction needs to be made between new systems/networks and existing systems/networks. Real network applications need to be identified for security specification and standardization within the existing and established ITU-T collaborative frameworks with ISO/IEC JTC 1, IETF and others as required by the end of the next study period.
c. Maintain and publish the ITU-T Security Compendia and Handbooks.
d. Assist and provide input to TSB in maintaining Security Manual;
e. Identify gaps in communications security standards work and promote efforts to address those gaps.
f. Propose new Recommendations and modifications to existing Recommendations (if needed) and the resources and time needed to accomplish the harmonization.
g. Promote cooperation and collaboration between groups working on communications security standards development;
h. Review Recommendations and liaisons from other study groups and SDOs as appropriate.
i. Help direct liaisons from external groups to appropriate SGs in ITU;
j. Take ITU lead in organizing and planning Security Workshops and Seminars as appropriate.
Recommendations: X-series, and others related to Security
Questions: 2/17, 5/17, 6/17, 7/17, 8/17 and 9/17
Study Groups: ITU-T SGs 2, 4, 9, 11, 13, 16; ITU-R; ITU-D
Standardization bodies: ISO/IEC JTC 1/SCs 6 and 27; ATIS; ETSI; IETF