Introduction

Within SG 17, Q.4/17 (Cybersecurity) is studying methods for (a) determining in real time the security integrity of systems and services, and (b) collecting and maintaining relevant security incident data in a form suitable for sharing among Information Assurance, and incident response communities as appropriate.

At the September 2009 SG 17 meeting, several significant, if not historical, actions were taken to bring about substantially enhanced global cybersecurity. These actions included the adoption of a Cybersecurity Information Exchange Techniques (CYBEX) initiative that imports more than twenty “best of breed” standards for platforms developed over the past several years by government agencies and industry to enhance cybersecurity and infrastructure protection. These platforms provide for the structured exchange at known assurance levels of information about the measureable “security state" of systems and devices, about vulnerabilities, about incidents such as cyber attacks, and about related knowledge "heuristics." The Cybersecurity Information Exchange Techniques initiative pulls these platforms together in a coherent way to provide for:

• “locking down” on-line systems to minimize vulnerabilities,
• capturing incident information for subsequent analysis when harmful incidents occur,
• discovering and exchanging related information with appropriate degree of assurance.

As of September 2013 SG 17 meeting, four years of work undertaken by the CYBEX industry experts resulted in seventeen standards. One of the innovative additions to the umbrella Cybersecurity Information Exchange specification, Recommendation ITU-T X.1500, was the first known structured ontology for Cybersecurity information exchange, produced by Japan’s NICT research centre.

The ITU-T mission includes facilitating collaboration among Computer Incident Response Teams (CIRTs) worldwide. Many diverse CIRTs exist around the world and are in a state of rapid evolution. Q.4/17 has built a close collaborative relationship with the Forum of Incident Response and Security Teams (FIRST) organization – which has long existed as the principal global organization among Computer Emergency Response Teams (CERTs) for coordination and cooperation. Q.4/17 also initiated a compilation of discovered CIRTs and related agencies and bodies to the SG 17 website at: http://www.itu.int/ITU-T/studygroups/com17/nfvo/index.html

The following are some further useful links:

• Mandate for Question 4/17 (Q.4/17)
• A definition of Cybersecurity
• A presentation on CYBEX (January 2011)
• Network Forensic and Vulnerability Organizations
• Current CYBEX workplan (December 2010)
• Overview of CYBEX, published by ACM SIGCOMM Computer Communication Review (CCR)

Meetings

• Interim Rapporteur Group meetings
• Correspondence Group on the Coordination of the Cybersecurity Information Exchange Framework
• Next SG 17 meeting

Contacts

• SG 17 Secretariat: tsbsg17@itu.int
• Q.4/17 Rapporteur: Youki Kadobayashi youki-k@is.naist.jp