Within SG 17, Q.4/17 (Cybersecurity) is studying methods for (a) determining in real time the security integrity of systems and services, and (b) collecting and maintaining relevant security incident data in a form suitable for sharing among Information Assurance, and incident response communities as appropriate.
At the September 2009 SG 17 meeting, several significant, if not historical, actions were taken to bring about substantially enhanced global cybersecurity. These actions included the adoption of a Cybersecurity Information Exchange Techniques (CYBEX) initiative that imports more than twenty “best of breed” standards for platforms developed over the past several years by government agencies and industry to enhance cybersecurity and infrastructure protection. These platforms provide for the structured exchange at known assurance levels of information about the measureable “security state" of systems and devices, about vulnerabilities, about incidents such as cyber attacks, and about related knowledge "heuristics." The Cybersecurity Information Exchange Techniques initiative pulls these platforms together in a coherent way to provide for:
- “locking down” on-line systems to minimize vulnerabilities,
- capturing incident information for subsequent analysis when harmful incidents occur,
- discovering and exchanging related information with some degree of assurance.
At the December 2010 SG 17 meeting, the fifteen months of initial work undertaken by the CYBEX industry experts was presented and advanced – with the adoption for ballot of several key standards. One of the innovative additions to the umbrella Cybersecurity Information Exchange specification, Recommendation ITU-T X.1500, was the first known structured ontology for Cybersecurity information exchange, produced by Japan’s NICT research centre.
The ITU-T mission includes facilitating collaboration among Computer Incident Response Teams (CIRTs) worldwide. Many diverse CIRTs exist around the world and are in a state of rapid evolution. Q.4/17 has built a close collaborative relationship with the Forum of Incident Response and Security Teams (FIRST) organization – which has long existed as the principal global organization among Computer Emergency Response Teams (CERTs) for coordination and cooperation. Q.4/17 also initiated a compilation of discovered CIRTs and related agencies and bodies to the SG 17 website at: http://www.itu.int/ITU-T/studygroups/com17/nfvo/index.html
The following are some further useful links: