A September meeting of the ITU’s security standards group saw progress in key areas including identity management and a cybersecurity information exchange. The meeting - of ITU-T’s Study Group 17 saw record attendance signalling the importance attached to ITU’s cybersecurity work in the global ICT community.
A key achievement was the establishment of a Cybersecurity Information Exchange which enables a global communications infrastructure for cybersecurity. The framework imports best-of-breed standards from government agencies and industry. Experts say that it promotes better interoperobility including convergence on a common set of open standards.
Malcolm Johnson, Director of the Telecommunication Standardization Bureau (TSB), ITU: “It is essential that cybersecurity and telecoms infrastructure protection communities worldwide are able to exchange information on network digital forensics and vulnerabilities. The Framework will, for the first time, provide for this exchange globally.”
Without progressing on this Exchange, experts say there is a risk that no coherent common specifications will emerge, with different countries unable to communicate cybersecurity information to each other.
The Cybersecurity Information Exchange focuses on platforms that capture and exchange information about the security state of systems and devices, vulnerabilities, incidents such as cyber attacks, and related knowledge heuristics. It pulls these platforms together to facilitate their global interoperability and use. It does so in a framework that allows for continual evolution to accommodate the significant activities and specification evolution occurring in numerous cybersecurity forums.
Global organization of incident/emergency computer response teams – FIRST contributed its vulnerability enumeration standard to the framework. An agreement was reached to hold joint workshops and ITU and FIRST will work together to implement the first comprehensive web-based directory of cybersecurity organizations and centers worldwide.
The recent meeting of ITU-T’s Study Group 17 also saw approval of a core global identity management (IdM) standard – Recommendation ITU-T X.1250. The agreement signals the start of work on implementation protocols for essential capabilities like trust mechanisms and identity assurance interoperability.
Arkadiy Kremer, Chairman of Study Group 17, said: “Global acceptance of identity management solutions is paramount. The agreement that we have reached here signals an important milestone from where the world’s service providers and users can profit from international standards for IdM capabilities. Industry has put significant weight behind this activity and an IdM framework for global interoperability is emerging.”
The term IdM is understood as "management by providers of trusted attributes of an entity such as a subscriber, a device, or a provider." IdM promises to reduce the need for multiple user names and passwords for each online service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce.
ITU-T X.1250 gives the ability to enhance exchange and trust in the identities used by telecommunication/ICT networks and services. The definitions and need for identity management trust are highly context dependent and often subject to very different policies and practices in different countries. The trust capabilities include the protection and control of personally identifiable information.
Also agreed was X.1251, a framework for users of digital identity. The standard defines a framework to enhance user control and exchange of their digital identity related information. Two other important Recommendations were progressed to the first stage of approval: X.1252 and X.1275. X.1252 provides a collection of terms and definitions used in identity management (IdM) and it sets the stage for common definition for the whole industry. While, X.1275 provides guidelines and best practices regarding radio frequency identification (RFID) procedures that can be used by service providers to gain the benefits of RFID while attempting to protect personally identifiable information.
Also at the SG 17 meeting new correspondence groups designed to kickstart work in the areas of security for cloud computing, e-health and grid computing were started.