International Telecommunication Union   ITU
عربي  |  中文  |  Espa˝ol  |  Franšais  |  Русский
 
 Advanced Search Advanced Search Site Map Contact us Print Version
 
Home : ITU-T Home : Study Groups : Study Group 17
   
Question 4/17 – Cybersecurity
(Continuation of part of Q.6/17)

Motivation

The cybersecurity landscape is constantly changing. Currently there is a strong need for securing the cyber environment for protocols, infrastructures, applications such as those providing voice, multi-media, information assurance, identity and data services, for conducting business, providing emergency based services, social networking and as the medium for connecting people and services.

Cybersecurity involves more than securing the critical infrastructure. It involves securing and protecting services, and personal information, protecting privacy and providing information assurance (IA) among interacting entities.

Cyber attacks have become a widespread problem causing a complex range of problems to users, service providers, operators and networks. Tracing cyber attacks by technical means requires development of framework and requirements for detecting, protecting against, mitigating the effects of and recovering from cyber attacks, and covering important technical issues facing network operators, enterprises, and governments. ITU-T can help to make the cyber-world a safer place by investigating the technologies for tracing cyber attacks.

Recommendations under responsibility of this Question as of 1 December 2008: X.1205, X.1206, X.1207 and X.1303.

Question

Study items to be considered include, but are not limited to:

  1. How should telecommunications network providers secure their infrastructure, maintain secure operations and use security assurance mechanisms in telecommunication networks?
  2. What are the security requirements that software, telecommunications protocols, communications systems designers and manufacturers need to consider in the design, development and sharing of best practices in the cyber environment?
  3. How should vulnerabilities information be shared efficiently to aid in the vulnerability life-cycle processes?
  4. What requirements and solutions are needed for telecommunications/ICT digital forensics, trace-back, cyber stalking and fraud?
  5. What framework for supporting telecommunications/ICT digital forensics and trace-back is needed across domains?
  6. What framework for security information sharing is needed?
  7. What are the necessary guidelines and best practices that should be considered by telecommunication providers and Internet service providers (ISPs)?
  8. How can networks be used to provide critical services in a secure fashion during national emergency?
  9. What enhancements to existing Recommendations under review or new Recommendations under development should be adopted to reduce impact on climate changes (e.g., energy savings, reduction of green house gas emissions, implementation of monitoring systems, etc.) either directly or indirectly in telecommunication/ICT or in other industries?

Tasks

Tasks include, but are not limited to:

  1. Collaborate with ITU-T study groups, IETF, OASIS, ISO/IEC JTC 1, 3GPP, 3GPP2, OMA, and other standardization bodies on cybersecurity.
  2. Work on framework for secure network operations to address how telecommunications network providers secure their infrastructure and maintain secure operations.
  3. Produce a set of Recommendations for providing security solutions for telecommunications/ICT forensics and trace-back technologies.
  4. Study and specify the security techniques and capabilities for service providers to coordinate and exchange information regarding cyber attacks.
  5. Specify how to apply a trace-back and digital forensics mechanism in the telecommunication network.
  6. Work on network security framework to address how telecommunication operators can uniformly operate various kinds of security functions.
  7. Develop guidelines and techniques to protect personal information and also to protect personally identifiable information (PII).
  8. Provide assistance to other ITU-T study groups in applying relevant cybersecurity Recommendations for specific security solutions. Review project-oriented security solutions for consistency.
  9. Develop best practices and guidelines for the sharing of vulnerabilities information and updates and patches to aid in the vulnerability life-cycle processes.
  10. Study and develop the requirements for safe software programs that can effectively deal with rogue programs like spam, virus etc.

Relationships

Recommendations: X-series, and others related to security

Questions: ITU-T Qs 1, 2, 3, 5, 6, 7, 8, 9, 12/17 and 16/13

Study groups: ITU-T SGs 2, 11, 13 and 16; ITU-D SG 2

Standardization bodies: ISO/IEC JTC 1/SC 27; IEEE, IETF; OASIS; 3GPP; 3GPP2; OMA; ETSI/TISPAN; NIST

Other bodies: OECD; FIRST; CERT/CC

 

Top - Feedback - Contact Us -  Copyright ę ITU 2009 All Rights Reserved
Contact for this page : TSB EDH
Updated : 2009-01-28