International Telecommunication Union   ITU
عربي  |  中文  |  Espa˝ol  |  Franšais  |  Русский
 
 Advanced Search Advanced Search Site Map Contact us Print Version
 
Home : ITU-T Home : Workshops and Seminars : Security
   
 ITU-T Workshop on "Addressing security challenges on a global scale"
 Geneva, Switzerland, 6 (Afternoon) to 7 December 2010 Contact: tsbworkshops@itu.int 
Session 1: Introduction and opening comments
Arkadiy Kremer
, Chairman of ITU-T Study Group 17

Good afternoon Ladies and Gentlemen,

It is my pleasure to welcome you to this ITU-T Security Workshop “Addressing security challenges on a global space” which is focused on how the ITU and other standard-development organizations address the main challenges of information and communication security.

First of all, I would like to express our gratitude to the TSB Director Malcolm Johnson for his insightful remarks and kind words about the SG 17.

Over the last 20 years, consumers, businesses and governments around the world have moved online to conduct business, and access and share the information. This shift to the digital world has revolutionized personal interactions, education, commerce, government, healthcare, communications, science, entertainment and the arts, etc. It has delivered unprecedented efficiencies, and it will continue to yield immense benefits to our global society. However, as opportunities expand, so do the number of risks. Consumers, businesses and governments face a variety of online threats, which can undermine trust in the digital environment - the single greatest platform for commerce and sharing information. The freedom of expression and the free flow of information, ideas and knowledge are essential for today’s information society and beneficial to its development. That is why, confidence and security while using the ICT are among the main pillars of the information society. It is about secure communication between people, devices, computers, and machines interacting with each other: “always connected, any device, anywhere, anytime”.

The initial development of the ICT infrastructure architecture has been driven more by considerations of interoperability and efficiency rather than security. It is therefore the fundamental responsibility of each security expert to address strategic vulnerabilities in the ICT infrastructure, to build security as essential part of ICT infrastructure. There were a number of very interesting and important discussions on security as an essential part of the ICT infrastructure during the ITU Plenipotentiary Conference 2010. The main results are published in the amended Resolution 130 “Strengthening the role of the ITU in building confidence and security in the use of ICT” and in the new Resolution 181 “Definitions and terminology relating to building confidence and security in the use of ICT”. We need to use these two Resolutions as the strategic guidelines.

From a security standpoint, ICT continues to face continued, persistent and new and innovative challenges. Many, possibly most, attacks rely on telecommunications as the conduit.
Attacks are motivated by one or more of the following:
  • Dishonesty (e.g. theft of goods, services, identities etc);
  • Economic considerations (cyber espionage or attacks on competing interests);
  • Political/military considerations (e.g. cyber espionage and warfare);
  • Malice (e.g. disgruntled employees);
  • Rowdiness, disruptive behavior
National laws are oftentimes inadequate to protect against attacks. They are insufficient from the timing perspective (i.e. laws cannot keep up with the pace of technological change), and, since attacks are often transnational, national laws may well be inapplicable anyway. What this means is that the defenses must be largely technical, procedural and administrative i.e. those that can be addressed in standards.

The ITU-T (and the SG 17, in particular) is addressing a serious and persistent problem that is not going to dissolve. It is an accepted good practice that security should be “built-in” into products, applications and services, rather than retrofitted. In order to ensure consistency in the design and application of security countermeasures, we need standards, and those standards must be effective i.e. they must adequately address and counter the threats. The development of standards in an open forum that comprises international specialists from a wide variety of environments and backgrounds provides the best possible opportunity to ensure relevant, complete and effective standards. SG 17 provides the environment in which such standards can be, and are being, developed.

The primary challenges are the time it takes to develop a standard (compared to the speed of technological change and the emergence of new threats) and the shortage of skilled and available resources. We must work quickly to respond to the rapidly-evolving technical and threat environment but we must also ensure that the standards we produce are given sufficient consideration and review to ensure that they are complete and effective. The resource shortage problem can be addressed by:
  • Avoiding duplication of effort and competing standards;
  • Collaborating to the maximum practical extent with other SDOs and industry consortia; and
  • Ensuring that the available resources are focused on issues of the greatest potential impact and the highest priority (i.e. avoid dissipating resources on narrowly-focused topics and the development of standards that may never be used).
We must recognize and respect the differences in developing countries respective environments: their telecom infrastructures may be at different levels of development from those of the developed countries; their ability to participate in, and contribute directly to the security standards work may be limited by economic and other considerations; and their needs and priorities may be quite different. Most of the security threats we see today are directed against the technologically-developed countries and the economic giants. Although it is critical that we press ahead with developing high-priority countermeasures to the potential attacks that threaten our societies and economies, we must be careful to avoid confusing the needs and priorities of the developing countries with those of the developed states. The ITU-T can help the developing countries by fostering awareness of the work we are doing (and why we are doing it), by encouraging participation in the work particularly via the electronic communication facilities now being used (e.g. Web based meetings and teleconferencing), and, most particularly, by encouraging the members from the developing countries to articulate their concerns and priorities regarding the ICT security. The members from the developed nations should not confuse their own needs with those of the developing countries, nor should they make assumptions about what the needs and priorities of the developing countries may be.

If ITU-T is going to be generally regarded as “the place” to develop and publish security standards, it is essential to get the priorities right and to demonstrate our ability to deliver timely, relevant and effective standards. Our future credibility depends on this. There are few areas that will be particularly important in the near future for developing ICT infrastructure and building confidence and security for it. They are IP-communications and IP-services, IdM and personal digital identity, cloud computing and smart grid, information critical infrastructure protection, emergency and disaster information and relief systems and of course big multimedia information public screens. All this issues are under responsibility of the ITU in accordance with the WSIS Action Line C2 and C5. However, there is extensive work already underway on these topics at national and international levels. The ITU-T will need to identify those particular sub-areas it is best equipped to address and then demonstrate that it can lead the work in these areas and produce timely results that have the support of the other participants in this work.

For on-going credibility, we need performance measures that provide some indication of the effectiveness of our standards. In the past there has been too much focus on quantity (i.e. how many standards are produced) than on the quality and effectiveness of the work. Going forward, we really need to know which standards are being used (and which are not being used), how widely they are used, and how effective they are. This is not going to be easy to determine but it would do much more to the ITU-T’s credibility if it could demonstrate the value and effectiveness of standards that have been developed rather than simply saying “we produced X number of standards”. The number of standards produced is irrelevant: what counts is the impact they have.

During these two days we will discuss very practical issues on the ICT industry perspectives, Identity and privacy in ICT, ICT and cloud security, Creation of national ICT security infrastructure for developing countries, Global Cyber security exchange framework , Telebiometrics technology, applications, benefits and standardization, SDOs activity and collaboration in ICT security. We kindly invite all workshop participants to take part in the reception this evening. I would like to use this opportunity to thank all our distinguish speakers, panelists, session chairs, program committee members, TSB staff (and especially Judith) for their hard efforts in preparing this workshop. I would like to wish all of us a very interesting and productive discussion, new ideas and new collaboration.

Thank you very much for your attention.

 

Top - Feedback - Contact Us -  Copyright ę ITU 2010 All Rights Reserved
Contact for this page : TSB EDH
Updated : 2010-12-07