(Continuation of Q.4/17) Motivation
Security threats to the telecommunications infrastructure are on the increase
– both in frequency and in complexity. Efforts over the years to secure the
infrastructure have been somewhat fragmented and reactionary and so far have
failed to produce the desired level of protection against threats. This issue is
complicated by the large number of organizations working on various aspects of
security. This makes coordination and cooperation difficult and challenging.
With so many of the world’s commercial transactions conducted over
telecommunications links, security assurance associated with the use of this
cyber infrastructure is paramount in ensuring the smooth functioning of
businesses, the well being of citizens and the effective operation of their
governments. Worm, virus and other malicious code attacks have impacted millions
of computers and telecommunications networks worldwide. The economic impact of
such attacks has been huge. Intensive, continuous and focused efforts are
essential to combat these threats.
The subject of security is vast in scope. Security can be applied to almost
every aspect of telecommunication and information technology. There are various
approaches to addressing security requirements. These include:
- A bottom-up approach in which experts devise security measures to
strengthen and protect a particular domain of the network using specific
countermeasures and techniques such as biometrics and cryptography. While fairly
common, this is a fragmented approach that often results uneven determination
and application of security measures.
- A top-down approach, which is a high-level and strategic way of addressing
security. This approach requires knowledge of the overall picture. It is
generally a more difficult approach because it is harder to find experts with
comprehensive knowledge of every part of the network and its security
requirements, than it is to find experts with detailed knowledge of one or two
specific areas.
- A combination of bottom-up and top-down approaches, with coordination effort
to bring the different pieces together. This has often proved to be extremely
challenging when dealing with varying interests and agendas.
In the previous study period, this Question produced many deliverables that
ITU-T considers valuable in promoting its work and its deliverables. Examples
include the Security Standards Roadmap, the Security Manual and the Security
Compendium. This Question will continue to focus on the coordination and
organization of the entire range of telecommunications security activities
within ITU-T and will continue to develop and maintain documentation to support
coordination and outreach activities. A top-down approach to security will be
used in collaboration with other study groups and standards development
organizations (SDOs). This project is directed at achieving a more focused
effort at the project and strategic level.
Recommendations under responsibility of this Question as of 1 December 2008:
None
Question
Study items to be considered include, but are not limited to:
- What are the deliverables for the telecommunications systems security
project?
- What are the processes, work items, work methods and timeline for the project
to achieve the deliverables?
- What outreach documents (roadmap, security compendia, handbooks, etc) need to
be produced and maintained by ITU?
- What security workshops are needed and how they can be organized?
- What is needed to build effective relationships with other SDOs in order to
advance the work on security?
- What are the key milestones and success criteria?
- How can Sector Member and Administration interest in security work be
stimulated and how can momentum be sustained?
- How could security features become more attractive to the marketplace?
- How can the crucial importance of telecommunications security and the urgent
need to protect global economic interests, which depend on a robust and secure
telecommunications infrastructure, best be promoted to governments and the
private sector?
Tasks
Tasks include, but are not limited to:
- Act as primary SG 17 contact for security coordination matters.
- Maintain and update the Security Standards Roadmap.
- Review the ITU-T security compendia and handbooks to determine whether they
should be maintained as separate publications or integrated with roadmap or
other publications. Implement decisions following review.
- Assist and provide input to TSB in maintaining the security manual.
- Assist in the identification of gaps in telecommunications security standards
work and promote efforts to address those gaps.
- Promote cooperation and collaboration between groups working on
telecommunications security standards development.
- Review Recommendations and liaisons from other study groups and SDOs as
appropriate to assess security coordination implications. Assist in efforts to
ensure effective security coordination where necessary.
- Help direct liaisons from external groups to appropriate study groups in ITU.
- Take ITU lead in organizing and planning security workshops and seminars as
appropriate.
- Coordinate input on the use and application of security Recommendations and
provide reports to SG 17.
- Ensure effective and efficient participation in security coordination efforts
with other organizations (e.g., ITU-T representation at the ISO/IEC/ITU-T
Strategic Advisory Group on Security).
Relationships
Recommendations:
X-series, and others related to telecommunications security
Questions:
ITU-T Qs 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 and 12/17
Study groups:
ITU-T SGs 2, 9, 11, 13 and 16; ITU-R; ITU-D
Standardization bodies:
ISO/IEC JTC 1/SCs 6, 27 and 37; ATIS; ETSI; IETF; IEEE; OASIS
Other bodies:
European Network and Information Security Agency (ENISA); Network and
Information Security Steering Group (NISSG) of the ICT Standards Board (ICTSB);
Regional Asia Information Security Exchange (RAISE) Forum |