Executive Summary
Study Group 17 meeting
(8 - 17 September 2015, Geneva/Switzerland)
Participation:
160 participants (14 more than at the previous SG17 meeting, 211 pre-registered); 33 Member States, 17 Sector Members, 2 Associates, and 2 Academia participating. Several invited experts. Increased participation of Member States from of developing countries.
SG17 vice chairmen vacancies:
Meeting input and organization:
- Contributions: 77 (74 last time, stable), one contribution was withdrawn during the meeting.
- TDs: 378 (20 more than in the previous meeting). This includes 54 incoming liaison statements, and 42 outgoing liaison statements.
- Busy and productive 6th meeting of this study period having 8 working days.
- Two SG17 open, extended management team meetings were held (one late afternoon prior to the opening plenary and the other during the weekend), complemented by the SG17 security coordination meeting.
- Many parallel meetings per quarter each day. Many sessions were equipped with AdobeConnect teleconferencing to allow participation from remote.
Meeting Ouput:
The SG17 plenary meeting approved the following:
- Three new Recommendation texts announced for TAP in accordance with WTSA-12 Resolution 1, Section 9. Details are in Annex A.
- One new Amendment and one Technical Report. Details are in Annex B.
- Six draft new ITU-T Recommendations determined (TAP) in accordance with WTSA-12 Resolution 1, Section 9. Details in Annex C.
- Consent (AAP) to one draft new ITU-T Recommendations, twelve draft revised ITU-T Recommendations, and one draft Corrigendum for Last Call according to Recommendation ITU-T A.8. Details in Annex D.
- Four new work items were agreed to be added to the SG17 work programme. Details in Annex E.
- Two work items were agreed to be deleted from the work programme. Details in Annex F.
Coordination and promotion activities:
- One Joint Coordination Activity on IdM meeting under the SG17 parent-ship was held. Terms of reference for JCA-COP were renewed.
- ITU cybersecurity workshop Global Cybersecurity Challenges: Collaborating for effective enhancement of cybersecurity in developing countries (8 September 2015 afternoon) organized in collaboration with ITU-D SG2 and in parallel to SG17's and ITU-D SG2's meetings. SG17 representatives with leadership roles actively participated in the workshop: Ms Miho Naganuma (workshop moderator), Mr Mohamad Elhaj and Mr Patrick Mwesigwa (moderators of the two main sessions). The workshop produced several important insights into the cybersecurity challenges faced by developing countries as well as best practices in meeting these challenges. The workshop demonstrated the spirit of good collaboration shared by ITU-T and ITU-D, and the workshop concluded in a commitment to expand this collaboration. SG17 liaised the common report of the workshop with all regional organizations.
Correspondence Groups:
Two Correspondence Groups continued, two new CGs established, and two CGs terminated.
CG-CYBEX: Continued Correspondence Group on cybersecurity information exchange capabilities.
CG-investigate: Continued Correspondence Group on investigation for new topics for SG17 standardization, with amended ToR;
The CG will investigate any considerable topics from the results of the September 2014 ITU security workshop, and to collect and analyse the further information related to the new topics for the purpose of identifying a set of new work items for SG17 near future.
New joint (with SG20) Correspondence Group on Security and Privacy for IoT (under co-chairmanship of the SG17 and SG20 chairmen) to prepare the report to TSAG on security and privacy aspects of IoT, including scoping and focusing of that report, and finding the best process to produce that report; deadline is by the end of 2015. The CG will discuss also means for efficient and effective collaboration between SG17 and SG20 on security and privacy aspects of IoT. Ms Adriane LaPointe (US) was approved as liaison officer from SG17 to SG20.
New correspondence group on preparation for WTSA-16 (CG-WTSAprep) established for SG17 to continue preparation of the Question texts and Part I and Part II reports to WSTA-16 until March 2016.
The correspondence groups on response to ITU-D Q3/2 (CG-response, tasks completed) and on strengthening collaboration between ITU-T SG17 and ITU-D SG2 Q3/2 on security (not established) were terminated. Continued exchange of liaisons between the two Sectors appears more successful than launching a cross-Sector correspondence groups which turned out to be too difficult.
Other highlights:
- Four special sessions were held to off-load the plenaries from debates:
- on bridging the standardization gap (with F-E live interpretation). The SG17 regional group for Africa presented their activity report which was agreed;
- on new topics for SG17 standardization to continue CG-investigate with amended ToR;
- on collaboration between SG17 and SG20 on IoT security with the result of creating a new Correspondence Group on IoT Security jointly between SG17 and SG20; a liaison officer from SG17 to SG20 was nominated, and a liaison statement to SG20 and TSAG was prepared. The session provided initial suggestions towards a separation of work between SG20 and SG17 in the area of IoT security.
- on initiating preparation of SG17 for WTSA-16 and the next study period with initial suite of 12 Question texts and mandate (in four sessions). Draft Part I and Part II reports were produced and agreed as output of the meeting; the consultation and drafting process will continue through new Correspondence Group on WTSAprep until March 2016; where SG17 will agree on final Part I and Part II outputs to WTSA-16. Current findings are that SG17 wants to continue all its 12 Questions (only slight amendments were made at this meeting).
- The ICT Security Standards Roadmap and the Security Compendia were updated.
- TSB editing support (by Fatina Hamarneh, TSB Editing team) on critical draft texts was greatly appreciated in improving their quality and helped to yield good quality of decided texts. The Questions adopted the offered TSB edits. Further TSB editing assistance is necessary and will be requested for forthcoming texts in final stages.
Associated events:
Associated events below assisted in identifying new actions for the study group and leverage the collaboration with other organizations and hopefully attract new experts to the ITU-T and SG17 community.
- Mentoring programme for newcomers: Comprehensive programme through tutorials (see below), welcome, feedback session and guided tour, all attended with interest.
Tutorial presentations:
Five tutorial presentations were given at this Study Group 17 meeting and found quite some positive interest, addressing SG17 overview for newcomers, IPRs and ITU-T, IoT security overview, Introduction to Telebiometrics: Markets and Applications, Presentation of the Finnish information security cluster and cyber security companies (VTT, Codenomicon, Nixu). For the next SG17 meeting in March 2016, six of the twelve SG17 Questions were asked to present tutorials on a future-oriented vision of their domain.
Next SG17 meetings:
- MON 14 – WED 23 March 2016, Geneva, Switzerland
- Six interim Rapporteur Group meetings (some of them as virtual e-meetings) are planned until March 2016.
- 27 texts are scheduled for decision (approval, determination, consent or agreement) in March 2016.
- MON 29 August – WED 07 September 2016, Geneva, Switzerland.
Annex A
Recommendations approved (TAP – WTSA-12 Resolution 1)
The SG17 plenary meeting approved the three new Recommendation texts announced for TAP in accordance with WTSA-12 Resolution 1, Section 9.
Q | Acronym | Title | New / Revised | Editor(s) | Location of text | Equivalent e.g., ISO/ IEC | Start of work | Timing |
5/17 | X.1246 (X.tivcs) | Technologies involved in countering voice spam in telecommunication organizations | New | Xuetao Du, Tao Lou | TD 2155 | | 2011-09 | 2015-09 |
7/17 | X.1157 (X.sap-7) | Technical capabilities of fraud detection and response for services with high assurance level requirements | New | Tae Kyun Kim, Hyung-Jin Lim | TD 2133 | | 2011-09 | 2015-09 |
11/17 | X.1341 (X.cmail) | Certified mail transport and certified post office protocols | New | David Keller, Laura Prin | TD 2116 Rev.1 | | 2013-04 | 2015-09 |
Approval of the above Recommendations is reflected in TSB Circular 173 of 22 September 2015.
Annex B
Amendment approved, Technical Report agreed
The SG17 plenary meeting approved one new Amendment and one Technical Report.
Q | Acronym | Title | New / Revised | Editor(s) | Location of Text | Equivalent e.g., ISO/ IEC | Start of work | Timing |
1/17 | X.TRSM6ed | Technical Report Security in telecommunications and information technology – An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications; 6th edition | Revised | Michael Harrop | TD 2074 Rev.1 | | 2014-09 | 2015-09 |
4/17 | X.1500 Amd.8 | Overview of cybersecurity information exchange – Amendment 8 – Revised structured cybersecurity information exchange techniques | Note (1) | Youki Kadobayashi | TD 2135 | | 2015-04 | 2015-09 |
Note:
(1) Amendment 8 supersedes Amendment 7.
Annex C
Recommendations determined (TAP – WTSA-12 Resolution 1)
The SG17 plenary meeting determined (TAP) six draft new ITU-T Recommendations in accordance with WTSA-12 Resolution 1, Section 9.
Q | Acronym | Title | New / Revised | Editor(s) | Location of text | Equivalent e.g., ISO/ IEC | Start of work | Timing |
4/17 | X.1521 (X.cvss) | Common vulnerability scoring system 3.0 | Revised | Damir Rajnovic | COM 17 – R 49 (TD 2114) | | 2015-09 | 2015-09 |
5/17 | X.1247 (X.tfcmm) | Technical framework for countering mobile messaging spam | New | Feng Gao, Laifu Wang, Junjie Xia, Annan Zhu | COM 17 – R 50 (TD 2158 Rev.2) | | 2013-04 | 2015-09 |
8/17 | X.1602 (X.sfcse) | Security requirements for software as a service application environments | New | Zhaoji Lin, Ruoni Wang, Peng Zhao | COM 17 – R 52 (TD 2125 Rev.2) | | 2011-04 | 2015-09 |
8/17 | X.1642 (X.goscc) | Guidelines for the operational security of cloud computing | New | Ming Feng, Zhaoji Lin, Jun Shen, Huirong Tian, Laifu Wang | COM 17 – R 53 (TD 2124 Rev.3) | | 2012-03 | 2015-09 |
10/17 | X.1256 (X.authi) | Guidelines and framework for sharing network authentication results with service applications | New | Lijun Liu, Min Zuo | COM 17 – R 54 (TD 2047 Rev.2) | | 2009-09 | 2015-09 |
10/17 | X.1257 (X.iamt) | Identity and access management taxonomy | New | Radu Marian | COM 17 – R 55 (TD 2040 Rev.1) | | 2012-09 | 2015-09 |
Information on the Member States consultation is available in TSB Circular 174 issued 21 October 2015 with Corrigendum 1 issued 22 October 2015.
Annex D
Recommendations consented for Last Call (AAP – Recommendation ITU-T A.8)
The SG17 plenary meeting gave consent (AAP) to one draft new ITU-T Recommendations, twelve draft revised ITU-T Recommendations, and one draft Corrigendum for Last Call according to Recommendation ITU-T A.8:
Q | Acronym | Title | New / Revised | Editor(s) | Location of text | Equivalent e.g., ISO/ IEC | Start of work | Timing |
6/17 | X.1314 Cor.1 | Security requirements and framework of ubiquitous networking – Corrigendum 1 | | Zhaoji Lin | TD 2128 | | 2015-09 | 2015-09 |
7/17 | X.1155 (X.sap-5) | Guidelines on local linkable anonymous authentication for electronic services | New | Sok Joon Lee | TD 2168 Rev.2 | | 2009-09 | 2015-09 |
8/17 | X.1601rev Note (1) | Security framework for cloud computing | Revised | Nan Meng | TD 2055 Rev.1 | | 2015-04 | 2015-09 |
12/17 | Z.161 | Testing and Test Control Notation version 3: TTCN-3 core language | Revised | Dieter Hogrefe | TD 2076 | ETSI ES 201 873-1 | 2014-09 | 2015-09 |
12/17 | Z.161.1 | Testing and Test Control Notation version 3: TTCN-3 language extensions: Support of interfaces with continuous signals | Revised | Dieter Hogrefe | TD 2077 | ETSI ES 202 786 | 2014-09 | 2015-09 |
12/17 | Z.161.2 | Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support | Revised | Dieter Hogrefe | TD 2078 | ETSI ES 202 781 | 2014-09 | 2015-09 |
12/17 | Z.161.3 | Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterization | Revised | Dieter Hogrefe | TD 2079 | ETSI ES 202 784 | 2014-09 | 2015-09 |
12/17 | Z.161.4 | Testing and Test Control Notation version 3: TTCN-3 language extensions: Behaviour types | Revised | Dieter Hogrefe | TD 2080 | ETSI ES 202 785 | 2014-09 | 2015-09 |
12/17 | Z.161.5 | Testing and Test Control Notation version 3: TTCN-3 language extensions: Performance and real time testing | Revised | Dieter Hogrefe | TD 2081 | ETSI ES 202 782 | 2014-09 | 2015-09 |
12/17 | Z.165 | Testing and Test Control Notation version 3: TTCN-3 runtime interface (TRI) | Revised | Dieter Hogrefe | TD 2082 | ETSI ES 201 873-5 | 2014-09 | 2015-09 |
12/17 | Z.165.1 | Testing and Test Control Notation version 3: TTCN-3 extension package: Extended TRI | Revised | Dieter Hogrefe | TD 2083 | ETSI ES 202 789 | 2014-09 | 2015-09 |
12/17 | Z.166 | Testing and Test Control Notation version 3: TTCN-3 control interface (TCI) | Revised | Dieter Hogrefe | TD 2084 | ETSI ES 201 873-6 | 2014-09 | 2015-09 |
12/17 | Z.168 | Testing and Test Control Notation version 3: The IDL to TTCN-3 mapping | Revised | Dieter Hogrefe | TD 2085 | ETSI ES 201 873-8 | 2014-09 | 2015-09 |
12/17 | Z.169 | Testing and Test Control Notation version 3: Using XML schema with TTCN-3 | Revised | Dieter Hogrefe | TD 2086 | ETSI ES 201 873-9 | 2014-09 | 2015-09 |
Notes:
(1) Approval process was changed from TAP to AAP according to WSTA-12 Resolution 1 section 8.3 (ref TD 2142).
Annex E
New work items
The following four new work items were agreed to be added to the SG17 work programme:
Q | Acronym | Title | New/ Revised | AAP/TAP/ Agreement | Editor(s) | Document | Timing* |
3/17 | X.sup-gisb | ITU-T X.1054 – Supplement on Best practice for implementation of Rec. ITU-T X.1054 | ISO /IEC 27014 on governance of information security – Case of Burkina Faso | New | Agreement | Richard Anago, Burkina Faso; Anfana Traore, Burkina Faso | NWI template: (TD 2184 Rev.1) Base text: C-309 and C-385 | 2016-09 |
5/17 | X.tfcma | Technical framework for countering mobile in-application advertising spam | New | TAP | Hongwei Luo, China; Laifu Wang, China Telecom | NWI template: (TD 2140 Rev.2) Base text: TD 2140 Rev.2 Annex 1 | 3Q 2017 |
7/17 | X.websec-8 | Security protection guidelines for value-added services for telecommunication operator | New | AAP | Zhaoji Lin, ZTE Corporation; Lijun Liu, China Mobile; Jae Hoon Nah, ETRI | NWI template: (TD 2149 Rev.3) Base text: TD 2149 Rev.3 Annex 1 | 2017-09 |
8/17 | X.dsms | Data security requirements for the monitoring service of cloud computing | New | TAP | Zhiyuan Hu, Alcatel-Lucent Shanghai Bell; Min Shu, China; Ye Tao, China Unicom; Ni Zhang, China Unicom | NWI template: (TD 2164 Rev.2) Base text: | 2017-09 |
Notes:
* Target date for consent or determination of Recommendations or for approval of Appendices or Implementers' Guides, agreement of Supplements
Annex F
Work items discontinued
The following two work items were agreed to be deleted from the work programme.
Q | Acronym | Title | Action |
6/17 | X.msec-7 | Guidelines on the management of infected terminals in mobile networks | delete |
10/17 | X.1255sup*** | ITU-T X.1255 – Supplement on Proposed conceptual models based on ITU-T X.1255 frameworks | delete |
Notes:
*** Marked draft Supplement was for agreement.
SG17 agreed to initiate the deletion procedure for Recommendations ITU-T Z.400, ITU-T Z.600 and ITU-T Z.601, in accordance with the provisions of Resolution 1, Section 9, § 9.8.2, of WTSA (Dubai, 2012). TSB Circular 175 was sent out on 23 September 2015 for 3-months consultation among ITU-T membership.