A meeting of ITU-T’s Security Study Group (Study Group 17
) at the end of 2010 saw several new standards (ITU-T Recommendations) approved and progress in several important areas. Immediately prior to the main Study Group meeting a workshop, Addressing security challenges on a global scale
, open to members and non-members alike attracted 115 participants from 29 countries. Also open to external experts an Identity Summit
succeeded as a new tool to add value to technical discussions in SG17.
Some of the new ITU-T Recommendations facilitate the interconnection of security and management systems and to exchange cyber security information, such as of security events and of security attack incidents. The standards specify how this information can be shared across organizations for enhanced security preparedness and broader and better risk mitigation against vulnerabilities, to allow vulnerability databases and other capabilities to be linked together, and to facilitate the comparison of security tools and service.
In detail, Recommendation ITU-T X.1209 identifies real-life scenarios where cybersecurity information can be exchanged across organizations. The standard specifies the principal technical and organizational capabilities necessary for systems in terms of cyber security information exchange. Related new work includes draft Recommendation ITU-T X.1500 which surveys the various candidate techniques for cyber information exchange, and draft Recommendation ITU-T X.1520 which identifies the high-level requirements for enumerating common vulnerabilities.
Also during December meeting two new Recommendations were approved (X.1243 and X.1245) that counter spam and other unsolicited communications though an interactive gateway system. In addition the use and application of the extended validation certificates as put forward in new draft Recommendation ITU-T X.1261 will provide enhanced and superior security to users on the Internet with a trustworthy confirmation of the identity of the entity that controls the website or other services that the users are accessing.
Two new draft Recommendations have been matured (X.1311 and X.1312) that address the security aspects of “ubiquitous sensors in networks” – an emerging area of smart internetworked sensors and devices that are expected to increasingly permeate daily life. The new Recommendations identify the specific and typical security threats and specify appropriate security requirements. Draft Recommendation ITU-T X.1312 follows one promising approach where various security functions and security mechanisms are aggregated within a common middleware component of those sensors. Radio frequency identification (RFID) enabled devices are an early incarnation of such ubiquitous sensors where new Recommendation ITU-T X.1275 gives guidelines to vendors and service providers of RFID enabled devices how to protect the privacy of the users his/her specific personally identifiable information (PII).
Study Group 17 also saw new and ongoing security and identity management standardization work in the area of cloud computing and virtual service platforms where challenging security problems remain to be solved and standardized. Another new interesting area of standardization work seeks to define an information security management reference model for small and medium telecommunication organizations.
A series of tutorials were given at the SG17 meeting and presentations can be downloaded here
. Topics included: An update on ICANN activities relating to Security, Stability and Resiliency; Open Identity Trust Frameworks: A Market Solution to Online Identity Trust; Creating a Multilingual Communication Standard for Cross-Border ODR; X.500/LDAP as resolution system and as support provider for RFID; Cybersecurity Information Exchange techniques and their importance for emerging networks.