|(Continuation of Q4/17) |
The telecommunications landscape is constantly changing, and with it, requirements for associated telecommunication/ICT security. In this cyber environment, there is a strong need for securing protocols, infrastructures, and applications which are used as an integral part of our daily communications.
Cybersecurity involves securing and protecting services, personal information, protecting Personally Identifiable Information, and providing information assurance (IA) among interacting entities.
Cyber attacks continue to be widespread; they cause a complex range of problems to users, service providers, operators and networks. Countering cyber attacks by technical means requires development of frameworks and requirements for: detecting and protecting against cyber attacks; mitigating and recovering from their effects; and exchanging cybersecurity information.
Recommendations and Supplements under responsibility of this Question as of 1 December 2012: X.1205, X.1206, X.1207, X.1209, X.1303, X.1500, X.1500.1, X.1520, X.1521, X.1524, X.1528, X.1528.1, X.1528.2, X.1528.2, X.1528.3, X.1528.4, X.1541, X.1570, X.1580, X.1581, X.Suppl.8, X.Suppl.9, and X.Suppl.10.
Texts under development: X.1526 (X.oval), X.1544 (X.capec), X.abnot, X.bots, X.cce, X.cee, X.cee.1, X.cee.2, X.cee.3, X.cee.4, X.cee.5, X.csi, X.csmc, X.cwss, X.cybex-beep, X.cybex-tp, X.eipwa, X.maec, X.oval, X.sisnego, and X.trm.
Study items to be considered include, but are not limited to:
How should telecommunication/ICT providers secure their infrastructure, maintain secure operations and use security assurance mechanisms in telecommunication/ICT networks?
What are the security requirements that software, telecommunications protocols, communications systems designers and manufacturers need to consider in the design, development and sharing of best practices in the cyber environment?
How should vulnerability information be shared efficiently to aid in the vulnerability life-cycle processes?
What requirements and solutions are needed for telecommunication/ICT accountability, incident response, and threat monitoring and risk communication?
What framework for supporting telecommunication/ICT accountability and incident response is needed across domain boundaries?
What mechanisms are needed for sharing security information?
What are the necessary security guidelines and best practices that should be considered by service providers?
How can networks be used to provide critical services, such as use of common alerting protocol, in a secure fashion during national emergencies?
What are the necessary security guidelines and best practices for reducing impact of malware?
What enhancements to existing Recommendations under review or new Recommendations under development should be adopted to reduce impact on climate changes (e.g., energy savings, reduction of greenhouse gas emissions, implementation of monitoring systems) either directly or indirectly in telecommunication/ICT or in other industries?
Tasks include, but are not limited to:
- Collaborate with ITU‑T study groups, ETSI, FIRST, IETF, IEEE, ISO/IEC JTC 1, OASIS, OMA, TCG, 3GPP, 3GPP2, and other standardization bodies on cybersecurity.
Work on frameworks and Recommendations to address how telecommunication/ICT providers may secure their infrastructure and maintain secure operations, and exchange cybersecurity information.
Produce a set of Recommendations for providing security solutions for telecommunication/ICT accountability and incident response.
Study and specify the security techniques and capabilities for service providers to coordinate and exchange information regarding vulnerabilities, platforms, cyber attacks, etc.
Specify how to apply accountability and incident response mechanisms in telecommunication/ICT networks.
Develop guidelines and techniques to protect personal information and also to protect personally identifiable information (PII) using CYBEX techniques.
Provide assistance to other ITU‑T study groups in applying relevant cybersecurity Recommendations for specific security solutions.
Develop best practices and guidelines for the sharing of vulnerability information and updates and patches to aid in vulnerability life-cycle processes.
ITU‑T Questions 1/17, 2/17, 3/17, 5/17, 6/17, 7/17, 8/17, 9/17, 10/17, 11/17, 7/11 and 8/13