The telecommunications landscape is constantly changing, and with it, requirements for associated telecommunication/ICT security. In this cyber environment, threats and attacks to telecommunication/ICT are constantly evolving to be more sophisticated and more targeted and cause a complex range of problems to users, service providers, operators and networks. There is a strong need for developing cybersecurity frameworks and requirements – a set of recommendations including best practices to assist organizations in managing cybersecurity risks.
Cybersecurity frameworks and requirements against threats and attacks consist of a set of components, which should consist of identifying, protecting, detecting, responding, and recovering. Countering cyber-attacks by technical means needs holistic requirements for: mitigating risks, detecting and responding early to incidents, and recovering from their affects; exchanging cybersecurity information such as Cybersecurity Information Exchange techniques (CYBEX) and Structured Threat Information eXpression (STIX); and securing protocols, infrastructures and applications which are used as an integral part of our daily communications.
Artificial intelligence and machine learning are being applied more broadly across industries and applications than ever before. Technical means enabled by artificial intelligence and machine learning should improve the quality and efficiency of the technical activities against threats and attacks. Managed security services (MSS) are services that have been outsourced to a service provider. There are two aspects of managed security services: technical, managerial.
Cybersecurity technologies involve technical supports for managed security services, endpoint detection and response, intrusion prevention/detection, and identification of the source of attackers in order to protect services and personal information including Personally Identifiable Information (PII), and to provide information assurance (IA) among interacting entities.
Cybersecurity information sharing using CYBEX (cybersecurity information exchange framework) techniques and cyber threats intelligence are essential to the protection of telecommunication /ICT infrastructure and to furthering cybersecurity for the telecommunication/ICT providers.
In addition, the aggressive pace of cyber threats evolution requires a review of technical aspects to support cybersecurity procedures, technical policies and frameworks. There is a challenge to achieve a minimum level of harmonization since cybersecurity requires collaboration among all stakeholders.
In the area of cybersecurity challenges, spam has also become a widespread problem causing potential loss of revenue to Internet service providers, telecommunication operators, mobile telecommunication operators and business users around the globe. Furthermore, spam creates problems of information and telecommunication network security while being used as a vehicle for phishing and spreading viruses, worms, spyware and other forms of malware, etc. Therefore, WTSA Resolution 52 instructed the relevant study groups to continue to support ongoing work, in particular in Study Group 17, related to countering spam and accelerate their work on spam in order to address existing and future threats within the remit and expertise of the ITU-T, as appropriate. In addition, it is instructed to continue collaboration with relevant organizations, in order to continue developing, as a matter of urgency, technical Recommendations with a view to exchanging best practices and disseminating information through joint workshops and training sessions, etc., and further instructs Study Group 17 to report regularly to the Telecommunication Standardization Advisory Group on the progress of this resolution.
With the rapid expansion of mobile internet and the convergence of ICT technologies, spam threats become more challenging with new features. The main ingredients of spam have significantly evolved from traditional advertisements and fraud to convergent malicious software such as ransom and targeted attacks. The new generation of spam is also unsolicited and harasses ICT service consumers, but they do even more serious damage than traditional ones. A targeted attack often uses spear phishing, a type of social engineering, to gain access to networks through legitimate means such as email. Ransomware is a type of malicious software that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. Some malwares, especially most ransomwares, can be spread through malicious email attachments and compromised websites. With the evolution of artificial intelligence / machine learning (AI/ML) technology, some communications can be initiated by machines but not humans, such as robocalls, robot chat, automatic text messages and so on. AI/ML algorithms can also make use of personal information more accurately to find target recipients to make large-scale commercial marketing spam or even fraud spam.
With the wide deployment of IMT-2020, Internet of Things and other telecommunication/ICT technologies, spam has also gradually begun to affect the industrial systems.
Countering spam has been recognized as a global problem that requires a multifaceted, comprehensive approach. Study Group 17, as the lead study group on telecommunication security and in supporting the activities of WTSA Resolutions 52, is well-positioned to study the range of potential technical measures to counter spam as it relates to the stability and robustness of the telecommunication network. In addition, technical structure for existing and potential Recommendations on countering spam by technical means has been established to facilitate Recommendation production. Furthermore, new Recommendations should be published to counter new forms of spam.
Recommendations and Supplements under responsibility of this Question as of 3 September 2020: X.1205, X.1206, X.1207, X.1208, X.1209, X.1210, X.1211, X.1212, X.1213, X.1214, X.1215, X.1216, X.1231, X.1232, X.1240, X.1241, X.1242, X.1243, X.1244, X.1245, X.1246, X.1247, X.1248, X.1249, X.1303, X.1303bis, X.1500, X.1500.1, X.1520, X.1521, X.1524, X.1525, X.1526, X.1528, X.1528.1, X.1528.2, X.1528.3, X.1528.4, X.1541, X.1542, X.1544, X.1546, X.1550, X.1570, X.1580, X.1581, X.1582, and Supplements X.Suppl.6, X.Suppl.8, X.Suppl.9, X.Suppl.10, X.Suppl.11, X.Suppl.12, X.Suppl.14, X.Suppl.18, X.Suppl.20, X.Suppl.25 and X.Suppl.29 and Technical Report TR.usm.
Texts under development: X.1246rev, X.1247rev, X.arc-ev, X.fgati (X.1217), X.gcims, X.ics-schema , X.tf-mpc, X.rdmase (X.1218), X.tecwes, X,tfcmms, X.tsfpp, TR.cs-ml and TR.sgfdm.
 
Question

Study items to be considered in the context of telecommunication/ICT networks and systems include, but are not limited to:
a)       How should telecommunication/ICT providers secure their infrastructure, maintain secure operations and use security assurance mechanisms?
b)      What are the security requirements that software, telecommunications protocols, communications systems designers and manufacturers need to consider in the design, development and sharing of best practices in the cyber environment?
c)       How should information on vulnerability, weakness and attack measures be shared efficiently to aid in vulnerability life-cycle processes?
d)      What requirements and solutions are needed for telecommunication/ICT assurance of composable systems' resilience, security and integrity?
e)       What requirements and solutions are needed for telecommunication/ICT accountability, incident response, managed security services, cyber-attack attribution, and threat monitoring and risk communication?
f)       What mechanisms are needed for sharing cybersecurity and assurance-related information about cyber-enabled systems, including cloud-based, embedded and composable systems?
g)      How can artificial intelligence and machine learning be used to quickly identify and analyse new threats and vulnerabilities?
h)      How should telecommunication/ICT providers utilize the threat intelligence to enhance their security activities?
i)       How can networks be used to provide critical services, such as use of common alerting protocol, in a secure fashion during national emergencies?
j)       What are the set of components of cybersecurity framework that an organization can use to address risks?
k)      What are the necessary security guidelines and best practices for identifying, mitigating and reducing impact of cyber threats, including malware, distributed denial of service and social engineering?
l)       What kind of technical reports and Recommendations can be developed in support of cybersecurity procedures, technical policies and frameworks?
m)     How to understand and identify spam?
n)      What are new forms of spam in existing and future networks?
o)      What are the serious effects of spam?
p)      What are technical factors which contribute to difficulties in identifying the sources of spam?
q)      How can new technologies, services and applications, such as instant messaging, social networking, mobile application, Voice Over Long-Term Evolution (VoLTE), and Rich Communication Services (RCS), etc., lead to opportunities to create and spread spam?
r)       How can routes, sources and volumes of spam be identified to counter and combat such spam?
s)       How can the messaging security be implemented?
t)       How can the distribution of malicious software and malware through email be prevented?
u)      How can routes, sources and volumes of spam be identified and the amount of investment in facilities and other technical means be estimated to counter and combat such spam?
v)      How can a targeted attack using spear phishing be prevented?
w)     How can a ransomware distributed through email be prevented?
x)      How can AL/ML communication form of spam be identified and prevented?
y)      How to protect personal information with the adoption of AI/ML technology to avoid spam message spread?
z)       What technical work is already being undertaken within the IETF, 3GPP, GSMA, M3AAWG, in other fora, and by private sector entities to address the problem of spam?
aa)     What telecommunication network standardization work, if any, is needed to effectively counter spam as it relates to the stability and robustness of the telecommunication network?
bb)    What are the effective and efficient solutions for countering spam?
cc)     How are generic and specific requirements developed for information sharing on countering spam?
dd)    What are the best practices for countering spam?

Tasks

Tasks to be considered in the context of telecommunication / ICT networks and systems include, but are not limited to:
a)       Collaborate with ITU-T study groups, ETSI, FIRST, IETF, IEEE, ISO/IEC JTC 1, OASIS, OMA, TCG, 3GPP, 3GPP2, and other standardization bodies on cybersecurity.
b)      Work on frameworks and Recommendations to address how telecommunication/ICT providers may secure their infrastructure and maintain secure operations and exchange cybersecurity information.
c)       Produce a set of Recommendations for providing security solutions for telecommunication/ICT accountability, assurance and incident response and recovery, including technical aspects of managed security services.
d)      Study and specify the security techniques and capabilities for service providers to coordinate and exchange information regarding vulnerabilities, platforms, and cyber-attacks.
e)       Study and specify cybersecurity framework consisting of a set of components that should consist of identify, protect, detect, respond, and recover.
f)       Specify how to use artificial intelligence and machine learning, to quickly identify and analyse new threats and vulnerabilities.
g)      Specify how to apply accountability, assurance, and incident response mechanisms in telecommunication/ICT networks.
h)      Develop guidelines and techniques to protect personal information and also to protect personally identifiable information (PII) using CYBEX, STIX and TAXII techniques and related security tools.
i)       Study and develop a technical guidance to support threats management in terms of identifying source of cyber attackers.
j)       Provide assistance to other ITU-T study groups in applying relevant cybersecurity Recommendations for specific security solutions.
k)      Develop best practices and guidelines for the sharing of vulnerability information and remedies to aid in vulnerability life-cycle processes.
l)       Collaborate with other standards developing organizations (e.g., OASIS to adopt STIX and TAXII into ITU documents).
m)     Work on Recommendations and Technical reports on how to address cybersecurity challenges.
n)      Act as the lead group in ITU-T on technical means for countering spam, as spam is described by Study Group 2.
o)      Identify and examine telecommunication network security risks (at the edges and in the core network) introduced by the constantly changing nature of spam.
p)      Identify routes, sources and volumes of spam and estimate the amount of investment in facilities and other technical means to counter and combat such spam.
q)      Develop a comprehensive and up-to-date resource list of the existing technical measures for countering spam in telecommunication networks that are in use or under development.
r)       Develop new Recommendations for countering existing and emerging forms of spam.
s)       Develop a set of technical measures to support messaging security.
t)       Develop new Recommendations for preventing malicious software and malware distributed through e-mail.
u)      Develop a set of solutions to prevent targeted attacks using spear phishing through e-mail.
v)      Develop new Recommendations for preventing ransomware distributed through e-mail.
w)     Develop generic and specific requirements for information sharing on countering spam.
x)      Determine whether new Recommendations or enhancements to existing Recommendations, including methods to combat delivery of unsolicited email, malware, and other malicious contents, and combat compromised network equipment, such as Botnets, would benefit efforts to effectively counter spam as it relates to the stability and robustness of telecommunication network.
y)      Develop a set of solutions or new Recommendations for counting AI/ML communication form spams.
z)       Provide regular updates to the Telecommunication Standardization Advisory Group and to the Director of the Telecommunication Standardization Bureau to include in the annual report to Council.

An up-to-date status of work under this Question is contained in the SG17 work programme at https://www.itu.int/ITU-T/workprog/wp_search.aspx?sg=17.

Relationships

WSIS Action Lines:
C5.
Sustainable Development Goals:
–

Recommendations:
• X-series and others related to security.
Questions:
• ITU-T Qs 1/17, 2/17, 3/17, 6/17, 7/17, 8/17, 10/17, 11/17, 13/17, 14/17 and 15/17.
Study Groups:
• ITU-D SGs 1 and 2; ITU-T SGs 2, 9, 11, 13, 16 and 20.
Standardization bodies:
• European Telecommunications Standards Institute (ETSI); Institute of Electrical and Electronics Engineers (IEEE); Internet Engineering Task Force (IETF); IEC TC 57, IEC TC 292, IEC TC 65/WG10; ISO/IEC JTC 1/SC 27; National Institute of Standards and Technology (NIST); Organization for the Advancement of Structured Information Standards (OASIS); Open Mobile Alliance (OMA); Open Group; Object Management Group (OMG); Third Generation Partnership Project (3GPP); Third Generation Partnership Project 2 (3GPP2); Trusted Computing Group (TCG).
Other bodies:
•  Anti-Phishing Working Group (APWG); CERT/CC; CIRTs; European Network and Information Security Agency (ENISA); GSM Association (GSMA); Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG); Forum for Incident Response and Security Teams (FIRST); National Institute of Standards and Technology (NIST); Organization for Economic Cooperation and Development (OECD).​