ITU-T Study Group 17 - Security
Work to build confidence and security in the use of information and communication technologies (ICTs) continues to intensify in a bid to facilitate more secure network infrastructure, services and applications. Over 170 standards (ITU-T Recommendations and Supplements) focusing on security have been published.
ITU-T Study Group 17 (SG17) coordinates security-related work across all ITU-T Study Groups. Often working in cooperation with other standards development organizations (SDOs) and various ICT industry consortia, SG17 deals with a broad range of standardization issues.
To give a few examples, SG17 is currently working on cybersecurity; security management; security architectures and frameworks; countering spam; identity management; the protection of personally identifiable information; and the security of applications and services for the Internet of Things (IoT), smart grid, smartphones, software defined networking (SDN), web services, big data analytics, social networks, cloud computing, mobile financial systems, IPTV and telebiometrics.
One key reference for security standards in use today is Recommendation ITU-T X.509 for electronic authentication over public networks. ITU-T X.509, a cornerstone in designing applications relating to public key infrastructure (PKI), is used in a wide range of applications; from securing the connection between a browser and a server on the web, to providing digital signatures that enable e-commerce transactions to be conducted with the same confidence as in a traditional system. Without wide acceptance of the standard, the rise of e-business would have been impossible.
Cybersecurity remains high on SG17's agenda. Additionally, SG17 is coordinating security standardization work covering combating counterfeit and mobile device theft, IMT-2020, cloud based event data technology, e-health, open identity trust framework, Radio Frequency Identification (RFID), and Child Online Protection.
ITU-T's Cybersecurity Information Exchange (CYBEX) offers tools to ensure rapid, internationally-coordinated responses to cyber threats. The ITU-T X.1500 CYBEX ensemble of techniques is a collection of best-of-breed standards from government agencies and industry. It presents a standardized means to exchange the cybersecurity information demanded by Computer Incident Response Teams (CIRTS), and is an essential tool to prevent the contagion of cyberattacks from nation to nation.
Another achievement of SG17 is Recommendation ITU-T X.805 which gives telecom network operators and enterprises the ability to provide an end-to-end architecture description from a security perspective. In ITU-T X.805, telecom network operators, manufacturers and governments have defined specifications that alter the way companies look at their networks. The Recommendation allows operators to pinpoint all vulnerable points in a network and mitigate them.
Another highlight of SG17 is Recommendation ITU-T X.1254, Entity authentication assurance framework, which defines four levels of entity authentication assurance and the criteria and threats for each of the four levels. The Recommendation enables the secure exchange of data across parties and reduces fraud, identity theft and the ability of hackers to compromise organizations.
SG17 is also the place to study technical languages and description techniques. An example is the formal language Abstract Syntax Notation One (ASN.1), an important component for protocol specification or systems design. ASN.1 plays a central role in today's networks. ASN.1 is used, for example, in the signalling system (SS7) for most telephone calls, package tracking, credit card verification and digital certificates, and in many of the most-used software programs.