Committed to connecting the world

Question 1/17

Question 1/17 - Telecommunication/ICT security coordination
(Continuation of Q1/17)

Motivation

Security threats to the telecommunication and Information and Communication Technology (ICT) infrastructure are on the increase – both in frequency and in complexity. Efforts over the years to secure the infrastructure have been somewhat fragmented and reactionary and so far have failed to produce the desired level of protection against threats. This issue is complicated by the large number of organizations working on various aspects of security. This makes coordination, collaboration and cooperation difficult and challenging.

With so many of the world’s commercial transactions conducted over telecommunications links, security assurance associated with the use of this cyber infrastructure is paramount in ensuring the smooth functioning of businesses, the well-being of citizens and the effective operation of their governments. Worm, virus and other malicious code attacks have impacted millions of computers and telecommunications networks worldwide. The economic impact of such attacks has been huge. Intensive, continuous and focused efforts are essential to combat these threats.

The subject of security is vast in scope. Security can be applied to almost every aspect of telecommunication and information technology. There are various approaches to addressing security requirements. These include:

  • A bottom-up approach in which experts devise security measures to strengthen and protect a particular domain of the network using specific countermeasures and techniques such as biometrics and cryptography. While fairly common, this is a fragmented approach that often results in uneven determination and application of security measures.
  • A top-down approach, which is a high-level and strategic way of addressing security. This approach requires knowledge of the overall picture. It is generally a more difficult approach because it is harder to find experts with comprehensive knowledge of every part of the network and its security requirements than it is to find experts with detailed knowledge of one or two specific areas.
  • A combination of bottom-up and top-down approaches, with coordination effort to bring the different pieces together. This has often proved to be extremely challenging when dealing with varying interests and agendas.

In the previous study period, this Question produced many deliverables that ITU‑T considers valuable in promoting its work and its deliverables. Examples include the ICT Security Standards Roadmap, the Security Manual and the Security Compendia. This Question will continue to focus on the coordination and organization of the entire range of telecommunication/ICT security activities within ITU‑T and will continue to develop and maintain documentation to support coordination and outreach activities. A top-down approach to security will be used in collaboration and coordination with other study groups and standards development organizations (SDOs). This activity is directed at achieving a more focused effort at the projects and strategic level both internal and external to SG17.

Recommendations under responsibility of this Question as of 1 December 2012: None

Question

Study items to be considered include, but are not limited to:

  1. What are the deliverables for this Question?
  2. What are the processes, work items, work methods and timeline for the Question to achieve the deliverables?
  3. What outreach documents (roadmap, security compendia, handbooks, flyers, webpages, etc.) need to be produced and maintained by ITU?
  4. What security workshops are needed and how they can be organized?
  5. What is needed to build effective relationships with other SDOs in order to advance the work on security?
  6. What are the key milestones and success criteria?
  7. How can Sector Member and Administration interest in security work be stimulated and how can momentum be sustained?
  8. How could telecommunication/ICT security features become more attractive to the marketplace?
  9. How can the crucial importance of security and the urgent need to protect global economic interests, which depend on a robust and secure telecommunication/ICT infrastructure, best be promoted to governments and the private sector?
  10. What are the security activities under development in other ITU Study Groups and other SDOs?

Tasks

Tasks include, but are not limited to:

  1. Act as primary SG17 contact for telecommunication/ICT security coordination matters.
  2. Maintain and update the ICT Security Standards Roadmap.
  3. Maintain and update the ITU‑T Security Compendia.
  4. Assist and provide input to TSB in maintaining the Security Manual.
  5. Assist in the identification of gaps in telecommunication/ICT security standards work and promote efforts to address those gaps.
  6. Provide guidance on implementation of telecommunication/ICT security standards.
  7. Promote cooperation and collaboration between groups working on telecommunication/ICT security standards development.
  8. Review Recommendations and liaisons from other study groups and SDOs as appropriate to assess security coordination implications.
  9. Assist in efforts to ensure effective security coordination where necessary.
  10. Help direct liaisons from external groups to appropriate study groups in ITU‑T.
  11. Take ITU‑T lead in organizing and planning security workshops and seminars as appropriate.
  12. Ensure effective and efficient participation in security coordination efforts with other organizations.
  13. Achieve effective and efficient participation in security coordination efforts within SG17 to ensure the SG17 work programme reflects the current SG17 security activities and addresses the concerns of the ITU-T membership.

Relationships

Recommendations:

  •  X-series and others related to telecommunication/ICT security

Questions:

  •  ITU‑T Questions 2/17, 3/17, 4/17, 5/17, 6/17, 7/17, 8/17, 9/17, 10/17, 11/17 and 12/17

Study Groups:

  •  ITU‑T SGs 2, 5, 9, 11, 13, 15 and 16; TSAG, including relevant JCAs and FGs; ITU-R; ITU-D

Standardization bodies:

  •  ISO/IEC JTC 1/SCs; 3GPP; 3GPP-2, ATIS; CSA; ETSI; IEEE; IETF; OASIS

Other bodies:

  • European Network and Information Security Agency (ENISA); Network and Information Security Steering Group (NISSG) of the ICT Standards Board (ICTSB); Regional Asia Information Security Exchange (RAISE) Forum.