| Description:
|
1 Motivation
Distributed ledger technologies (DLT) enable the operation and use of distributed ledgers. Data in distributed ledgers is controlled by multiple parties.
As a specific distributed database technology, DLT are inherently resistant to modification of the data - once recorded, the data in a ledger record cannot be altered retroactively.
DLT has become one of the disruptive technologies with great potential to change our economy, culture, and society. DLT enables innovative financial/non-financial decentralized applications that eliminate the need for third party intermediaries. DLT will introduce new data management infrastructure that will accelerate a services revolution in industries (for example, banking and finance, government, healthcare, and super logistics) based on telecommunications.
DLT will have a profound impact for telecom users and industries including telecom service providers.
There is a need for identifying the roles and responsibilities of telecom users, operators, and service providers with regards to security aspects in the DLT environment.
Safeguards to provide security for DLT itself and for applications and services related to DLT (e.g., DLT applications for the financial, energy, and supply chain sectors) are worth studying.
Standardization of the best comprehensive security solutions is vital for DLT that has many use cases for every sector including telecom industry. Due to some specific characteristics of DLT, providing security becomes an especially challenging task that deserves study.
Recommendations under responsibility of this Question as of 12 September 2024: X.1400, X.1401, X.1402, X.1403, X.1404, X.1405, X.1406, X.1407, X.1408, X.1409, X.1410, X.1412 and TR.qs-dlt.
Texts under development as of 12 September 2024: X.1400rev, X.dlt-ccs-fr, X.dlt-dgi, X.dlt-share, X.qsdlt-ca, X.sc-dlt, X.sg-dcs, X.sr-di, X.sr-dpts, and Technical Reports TR.dw-lsaf, TR.gscim-dlt.
2 Question
Study items to be considered include, but are not limited to:
- How should security aspects (e.g., architecture and subsystems) be identified and defined based on the foundations (terms and definitions, concepts, taxonomy, and use cases) in a DLT environment?
- How should threats and vulnerabilities in DLT and its associated applications and services be handled?
- What are the security requirements for mitigating the threats in a DLT environment?
- What are security technologies to protect DLT itself and to support applications and services based on DLT?
- How should secure interconnectivity between entities in a DLT environment be kept and maintained?
- What security techniques, mechanisms and protocols are needed for DLT and its associated applications and services?
- What are globally agreeable security solutions for DLT and its associated applications and services, which are based on telecommunication/ICT networks?
- What are best practices or guidelines of security for DLT and its associated applications and services?
- What PII (Personally Identifiable Information) protection and information security management are needed for applications and services based on DLT?
- How can DLT be used to support security?
- How can the DLT security be assessed, evaluated, and assured?
- Which stakeholders should SG17 collaborate with?
3 Tasks
Tasks include, but are not limited to:
- Perform a gap analysis on ongoing security relevant work in other organizations for distributed ledger technologies.
- Study further to define security aspects of applications and services based on DLT, which are based on telecommunication/ICT networks.
- Study foundations such as terms and definitions, concepts, taxonomy, and use cases, which are related to security and PII protection in DLT networks.
- Study and identify security issues and threats in DLT and its associated applications and services.
- Study and develop security mechanisms, protocols and technologies for DLT and its associated applications and services.
- Study and develop secure interconnectivity mechanisms for DLT and its associated applications and services.
- Study and identify PII protection issues and threats in applications and services based on DLT.
- Study and develop information management system for entities providing applications and services based on DLT.
- Study and develop guidance on DLT usage to support security.
- Study and develop guidance for assessment, evaluation, and assurance on DLT security.
- Produce a set of Recommendations to provide comprehensive security solutions for DLT based applications and services.
An up-to-date status of work under this Question is contained in the SG17 work programme at https://www.itu.int/ITU-T/workprog/wp_search.aspx?sp=18&q=14/17.
4 Relationships
Recommendations:
- X-series and others related to security
Questions:
- All ITU-T SG17 Questions
Study groups:
- ITU-T SG 2
- ITU-T SG 3
- ITU-T SG 5
- ITU-T SG 11
- ITU-T SG 13
- ITU-T SG 20
- ITU-T SG 21
Standardization bodies:
- ISO TC 307
- ISO/IEC JTC 1/SC 27
Other bodies:
- GSMA
- W3C
- IEEE
- UNECE (UN Economic Commission for Europe)
- FIGI
- ATIS
- CCSA
- TIA
- TTA
- TTC
WSIS Action Lines:
- C5
Sustainable Development Goals:
- 8, 9, 11
|
