Committed to connecting the world

Cybersecurity Information Exchange techniques (CYBEX)


Within SG17, Q4/17 (Cybersecurity) is studying methods for (a) determining in real time the security integrity of systems and services, and (b) collecting and maintaining relevant security incident data in a form suitable for sharing among Information Assurance, and incident response communities as appropriate.

At the September 2009 SG17 meeting, several significant, if not historical, actions were taken to bring about substantially enhanced global cybersecurity. These actions included the adoption of a Cybersecurity Information Exchange Techniques (CYBEX) initiative that imports more than twenty “best of breed” standards for platforms developed over the past several years by government agencies and industry to enhance cybersecurity and infrastructure protection. These platforms provide for the structured exchange at known assurance levels of information about the measureable “security state" of systems and devices, about vulnerabilities, about incidents such as cyber attacks, and about related knowledge "heuristics." The Cybersecurity Information Exchange Techniques initiative pulls these platforms together in a coherent way to provide for:

1. “locking down” on-line systems to minimize vulnerabilities,
2. capturing incident information for subsequent analysis when harmful incidents occur,
3. exchanging threat information, including attacks and malware specifics, in a structured manner,
4. discovering and exchanging related information with appropriate degree of assurance.

As of September 2014 SG17 meeting, five years of work undertaken by the CYBEX industry experts resulted in nineteen standards. One of the innovative additions to the umbrella Cybersecurity Information Exchange specification, Recommendation ITU-T X.1500, was the first known structured ontology for Cybersecurity information exchange, produced by Japan’s NICT research centre.

The Appendix I of Recommendation ITU-T X.1500 includes latest developments in cybersecurity information exchange techniques, including threat sharing expression, attack pattern enumeration and malware description format, for example, Recommendations ITU-T X.1544 and X.1546. Additionally, Appendix I now addresses weaknesses within software with Recommendation ITU-T X.1524.

The ITU-T mission includes facilitating collaboration among Computer Incident Response Teams (CIRTs) worldwide. Many diverse CIRTs exist around the world and are in a state of rapid evolution. Q.4/17 has built a close collaborative relationship with the Forum of Incident Response and Security Teams (FIRST) organization – which has long existed as the principal global organization among Computer Emergency Response Teams (CERTs) for coordination and cooperation. Q.4/17 also maintains a compilation of discovered CIRTs and related agencies and bodies to the SG 17 website at: 

The following are some further useful links:

Meetings Contacts