ITU-T Study Group 17 - Lead study group on telecommunication security (Study Period 2009-2012)

عربي | 中文 | Español | Français | Русский

Advanced Search

Home : ITU-T Home : Study Groups : Study Group 17

Study Group 17 - Security

Lead study group on telecommunication security

Study Group 17 has been designated the Lead Study Group for Telecommunication Security in accordance with World Telecommunication Standardization Assembly (WTSA-08) Resolution 2.

Activities of the LSG for Telecommunication Security include: developing and maintaining security outreach material; coordination of security-related work; and identification of needs and assignment and prioritization of work to encourage timely development of telecommunication security Recommendations.

Within SG 17, Question 1/17 is the coordinator for the LSG for telecommunication security activities. This effort is carried out closely with other study groups to identify and develop security solutions. However, specific expertise to integrate these solutions with the technology under development can come only from the Question carrying out the development.

All Study Groups are requested to keep Study Group 17 informed of their work plans regarding security so that they can be integrated into the overall security work programme.

Security Manual

In August 2006, the TSB published a third edition of the security manual entitled "Security in telecommunications and information technology - An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications." This manual includes highlights the major security work of the ITU-T Study Groups.

Security Compendium

The security compendium provides information on ITU security activities and consists of five parts

Catalogue of approved ITU-T Recommendations related to Telecommunication Security
The Catalogue of the approved Recommendations related to Telecommunication Security includes those designed for security purposes and those which describe or use of functions of security interest and need.
In an effort to make this information as up-to-date as possible, all ITU-T Study Groups are requested to review this catalogue for accuracy and completeness.
ITU-T approved security definitions
A List of ITU-T Approved Security Definitions has been prepared. The material in these tables was extracted from approved ITU-T Recommendations with a view toward establishing a common understanding (and use) of security terms within ITU-T. This listing will continue to be developed. An extract of the ITU-T approved security definitions is also available in an ITU-T flyer on security.
In an effort to make this information as complete as possible, all ITU-T Study Groups are requested to review this information for accuracy and completeness.
Summary of ITU-T Study Groups with security-related activities
Summary of Recommendations within ITU-T Study Groups under review for security considerations
Summary of Other ITU Security Activities

Security Standards Roadmap

This Roadmap is an on-line resource that provides information about existing Information and Communication Technology (ICT) security standards and work in progress in key standards development organizations. In addition to information on the ITU-T security Recommendations and related work, the Roadmap currently includes information on standards work of ISO/IEC, ATIS, ENISA, ETSI, IEEE, IETF, OASIS, 3GPP, and 3GPP2.

The Roadmap is in five parts:

Part 1: ICT Standards Development Organizations and Their Work which contains information about the Roadmap structure and about each of the listed standards organizations. Part 1 also provides links to existing security glossaries and vocabularies;
Part 2: Approved ICT Security Standards which contains a searchable database of approved security standards;
Part 3: Security standards under development;
Part 4: Future needs and proposed new security standards; and
Part 5: Best practices

Security Workshops

ITU-T Study Group 17 organized a workshop on Security that was held 13-14 May 2002 in Seoul, Korea. The workshop focused on the following subjects: Security Requirements and telecommunications reliability, Hot topics on IP-based network security, Security management, Biometric authentication and Mobile security.

The presentations and related information are available (including a link to the ITU workshops on "Creating trust in critical network infrastructures").

A second ITU-T workshop on security entitled “New Horizons for Security Standardization” took place on 3-4 October 2005. This workshop, actively supported by Study Group 17, helped to further address the information and communications security issues and promote increased cooperation between organizations engaged in security standardization work.

Presentations and related information (including the final report that was provided as input to relevant organizations) are available.

A third ITU-T workshop on security entitled “New challenges for telecommunication security standardizations will take place 9-10 February 2009. This workshop will present telecommunication security as an essential part of the IP-based networks and IP-based services development. The workshop will also provide an opportunity for discussions on the C2 (Information and communication infrastructure) and C5 (Building confidence and security in the use of ICTs) WSIS Action Lines to learn about main development trends and practical issues in these areas.

Presentations and relevant information will be available at http://www.itu.int/ITU-T/worksem/security/200902/

Cybersecurity Symposium

The ITU-T organized a Cybersecurity Symposium on 4 October 2004, the day before the opening of the WTSA-04 in Florianópolis, Brazil. The symposium brought together senior experts from governments, computer emergency response teams (CERTs), network operators and equipment manufacturers to address the current state of cybersecurity and future approaches to ensuring security in cyberspace. Details and material.

A Cybersecurity Symposium II took place in Moscow (Russian Federation) on 29 March 2005. The main objective of the symposium was to highlight the importance of Cybersecurity as an essential part of information and communication technologies (ICT). There was a discussion on international cooperation, which is increasingly becoming the decisive issue in coordinating the efforts of state institutions and business for the harmonized development of normative, legal, technological and organizational aspects of an effective Cybersecurity infrastructure. Details and material.

The ITU-T organized a side event on Cybersecurity during WTSA-08 in Johannesburg, South Africa. This side event addressed the global concern of security in information and communication technologies (ICT). It provided an overview of ITU-T cybersecurity activities and provided an opportunity for participants to express their views on ITU-T future standardization work in this area. Presentations are available at http://www.itu.int/ITU-T/wtsa-08/se/cybersecurity/index.html

Tutorial on writing safe and secure programs

A list of suggestions has been prepared on how to avoid the most common pitfalls that make software less secure or less safe than it should be. It is addressed to software developers and covers the phases of software design, implementation, and testing. It focuses on network application programs, but many of the suggestions are equally valid for other kinds of software.

Security Guidance for ITU-T Recommendations

ITU-T Study Group 17 has created a document "Security Guidance for ITU-T Recommendations" to provide guidance to authors and reviewers of ITU-T Recommendations to consistently address security considerations within their Recommendations. This document responds to WTSA-04 Resolution 50 which recognizes that converged legacy networks and IP networks are potentially more vulnerable to intrusion if adequate care is not taken in the security design and management and requires the ITU-T to evaluate existing and evolving new Recommendations, especially signalling and communications protocol Recommendations, with respect to their security considerations.

Other outreach activities and presentations

ITU-T Study Group 17 participates in, and contributes to ICT security-related activities in other organizations. Presentations on the ITU-T work on telecommunication security were made to the Global Standards Collaboration meetings (GSC 11, GSC 12 and GSC 13) in 2006, 2007 and 2008 and to the European Telecommunications Standards Institute (ETSI) Security Workshops in 2007, 2008 and 2009. Copies of the above presentation decks are available at Presentations on Security

In 2006, 2007 and 2008, on behalf of the ITU-T, SG 17 representatives participated in the ISO, IEC and ITU-T Strategic Advisory Group on Security (SAG-S). Related information may be found at http://www.iso.org/iso/security .

Contributions and presentations on the SG 17 work were also made to the Internet Governance Forum as follows:

2006 - Athens, Greece

2007 - Rio de Janeiro, Brazil

ITU-T Security Initiatives - An Update

2008 - Hyderabad, India

Cybersecurity Open Forum: Action for Global Cybersecurity