As the lead study group for security, SG17 is responsible for the study of the appropriate core Questions on security. In addition, in consultation with other relevant study groups and in collaboration, where appropriate, with other standards bodies, Study Group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations.
Standardization Activities in SG 17, ITU-T SG’s and other SDO’s
The ICT Security Standards Roadmap presents a comprehensive view of standardization activities:
The Security Compendia presents a detailed view of standardization activities outputs:
The Security Manual, Security in Telecommunications and Information Technology, is regularly updated (2012, 2009, 2006, 2004, 2003) and available in the six official languages of the Union:
- SG 17 promotes workshops and seminars on Security and publishes guidance documents and presentations.
- Security flyer
Guidance on Security
- Tutorial on writing safe and secure programs
A list of suggestions has been prepared on how to avoid the most common pitfalls that make software less secure or less safe than it should be. It is addressed to software developers and covers the phases of software design, implementation, and testing. It focuses on network application programs, but many of the suggestions are equally valid for other kinds of software.
ITU-T Study Group 17 has created a document "Security Guidance for ITU-T Recommendations" to provide guidance to authors and reviewers of ITU-T Recommendations to consistently address security considerations within their Recommendations. This document responds to WTSA-04 Resolution 50 which recognizes that converged legacy networks and IP networks are potentially more vulnerable to intrusion if adequate care is not taken in the security design and management and requires the ITU-T to evaluate existing and evolving new Recommendations, especially signalling and communications protocol Recommendations, with respect to their security considerations.
A number of workshops on security have been organized by SG17 including:
- 30 August 2011 workshop entitled "Radioactivity safety and security threats protection and telemedical support for irradiated people" was held at ITU Headquarters in Geneva, Switzerland. This workshop has demonstrated prompt response by SG17 Question 9 to the Fukushima Daiichi incident in the domains of both safety and security through the in-force telebiometrics Recommendations ITU-T X.1081 and X.1082, etc. The workshop gave a good overview of the activities in telebiometrics standardization with applicability to e-Health and telemedicines.
- Presentations and relevant information are available at http://www.itu.int/ITU-T/worksem/telebiometrics/index.html
- 6-7 December 2010 workshop entitled "Addressing security challenges on a global scale" was held at ITU Headquarters in Geneva, Switzerland. The workshop addressed the main challenges of the ICT/telecommunication security and how ITU and SDOs deal with these challenges. The workshop provided a good opportunity to overview new areas of security studies including Smart Grid and Cloud Computing.
Presentations and relevant information are available at http://www.itu.int/ITU-T/worksem/security/201012/
9-10 February 2009 workshop entitled “New challenges for telecommunication security standardizations" was held at ITU Headquarters in Geneva, Switzerland. This workshop presented telecommunication security as an essential part of the IP-based networks and IP-based services development. The workshop will also provide an opportunity for discussions on the C2 (Information and communication infrastructure) and C5 (Building confidence and security in the use of ICTs) WSIS Action Lines to learn about main development trends and practical issues in these areas.
Presentations and relevant information are available at http://www.itu.int/ITU-T/worksem/security/200902/
- 3-4 October 2005 workshop entitled "New Horizons for Security Standardization" was held at ITU Headquarters in Geneva, Switzerland. This workshop helped to further address the information and communications security issues and promote increased cooperation between organizations engaged in security standardization work. Consideration was also given to issues of adoption and implementation of security standards.
Presentations and relevant information are available at http://www.itu.int/ITU-T/worksem/security/200510/
29 March 2005 workshop entitled "Cybersecurity Symposium II" was held in Moscow (Russian Federation). The symposium highlighted the importance of Cybersecurity as an essential part of information and communication technologies (ICT). There was a discussion on international cooperation, which is increasingly becoming the decisive issue in coordination the efforts of state institutions and business for the harmonized development of normative, legal, technological and organizational aspects of an effective Cybersecurity infrastructure.
13-14 May 2002 workshop held in Seoul, Korea. The workshop focused on: Security Requirements and telecommunications reliability, Hot topics on IP-based network security, Security management, Biometric authentication and Mobile security.
Presentations and related information are available at http://www.itu.int/ITU-T/worksem/security/200205/
Cybersecurity side events at WTSA
- The ITU-T organized a side event on Cybersecurity during WTSA-08 in Johannesburg, South Africa. This side event addressed the global concern of security in information and communication technologies (ICT). It provided an overview of ITU-T cybersecurity activities and provided an opportunity for participants to express their views on ITU-T future standardization work in this area. Presentations are available at http://www.itu.int/ITU-T/wtsa-08/se/cybersecurity/
- The ITU-T organized a Cybersecurity Symposium on 4 October 2004, the day before the opening of the WTSA-04 in Florianópolis, Brazil. The symposium brought together senior experts from governments, computer emergency response teams (CERTs), network operators and equipment manufacturers to address the current state of cybersecurity and future approaches to ensuring security in cyberspace. Presentations are available at http://www.itu.int/ITU-T/worksem/cybersecurity/
Other outreach activities and presentations
ITU-T Study Group 17 participates in, and contributes to ICT security-related activities in other organizations. Presentations on the ITU-T work on telecommunication security were made to the Global Standards Collaboration meetings and to the European Telecommunications Standards Institute (ETSI) Security Workshops. Copies of the above presentation decks are available at Presentations on Security
On behalf of the ITU-T, SG 17 representatives participated in the ISO, IEC and ITU-T Strategic Advisory Group on Security (SAG-S). Related information may be found at http://www.iso.org/iso/security
Contributions and presentations on the SG 17 work were also made to the Internet Governance Forum as follows:
2008 - Hyderabad, India
2007 - Rio de Janeiro, Brazil
2006 - Athens, Greece