Committed to connecting the world

Question 4/17

​Cybersecurity

(Continuation of Q4/17)

Motivation

The telecommunications landscape is constantly changing, and with it, requirements for associated telecommunication/ICT security. In this cyber environment, threats and attacks to telecommunication/ICT are constantly evolving to be more sophisticated and more dedicated and cause a complex range of problems to users, service providers, operators and networks. There is a strong need for developing cybersecurity frameworks and requirements– a set of recommendations including best practices to assist organizations in managing cybersecurity risks.
ybersecurity frameworks and requirements against threats and attacks consist of a set of components, which should consist of identify, protect, detect, respond, and recover. Countering cyber attacks by technical means requires requirements for: mitigating and recovering from their effects; exchanging cybersecurity information; and securing protocols, infrastructures and applications which are used as an integral part of our daily communications.
Artificial intelligence and machine learning are being applied more broadly across industries and applications than ever before. Technical means enabled by artificial intelligence and machine learning should improve the quality and efficiency of the technical activities against threats and attacks.
SG17 needs to be proactive and prompt in studying emerging areas in order to secure new emerging telecommunication/ICT based services and applications. Incubation function enables SG17 to introduce new work items in an efficient manner in the emerging areas.
Cybersecurity involves securing and protecting services, personal information, protecting Personally Identifiable Information, and providing information assurance (IA) among interacting entities.
Cybersecurity information sharing using CYBEX (cybersecurity information exchange framework) techniques and cyber threats intelligence are essential to the protection of telecommunication /ICT infrastructure and to furthering cybersecurity for the telecommunication/ICT providers.
Recommendations and Supplements under responsibility of this Question as of 19 September 2018: X.1205, X.1206, X.1207, X.1208, X.1209, X.1210, X.1211, X.1212, X.1213, X.1214, X.1303, X.1303bis, X.1500, X.1500.1, X.1520, X.1521, X.1524, X.1525, X.1526, X.1528, X.1528.1, X.1528.2, X.1528.3, X.1528.4, X.1541, X.1544, X.1546, X.1550, X.1570, X.1580, X.1581, X.1582, and Supplements X.Suppl.8, X.Suppl.9, X.Suppl.10, X.Suppl.18, and X.Suppl.20.
Texts under development: X.1215 (X.ucstix), X.fgati and X.gcpie
 

Question

Study items to be considered in the context of telecommunication/ICT networks and systems include, but are not limited to:
a)       How should telecommunication/ICT providers secure their infrastructure, maintain secure operations and use security assurance mechanisms?
b)      What are the security requirements that software, telecommunications protocols, communications systems designers and manufacturers need to consider in the design, development and sharing of best practices in the cyber environment?
c)       How should information on vulnerability, weakness and attack measures be shared efficiently to aid in the vulnerability life-cycle processes?
d)      What requirements and solutions are needed for telecommunication/ICT assurance of composable systems' resilience, security and integrity?
e)       What requirements and solutions are needed for telecommunication/ICT accountability, incident response, and threat monitoring and risk communication?
f)       What mechanisms are needed for sharing cybersecurity and assurance-related information about cyber-enabled systems, including cloud-based, embedded and composable systems?
g)      How should SG17 study new emerging areas to protect global telecommunication/ICT infrastructures from the threats and challenges of the evolving cybersecurity landscape including new emerging services and applications?
h)      How can artificial intelligence and machine learning be used to quickly identify and analyze new threats and vulnerabilities?
i)        How should telecommunication/ICT providers utilize the threat intelligence to enhance their security activities?
j)        How can networks be used to provide critical services, such as use of common alerting protocol, in a secure fashion during national emergencies?
k)      What is a set of components of cybersecurity framework that an organization can use to address risks?
l)        What are the necessary security guidelines and best practices for identifying, mitigating and reducing impact of cyber threats, including malware, distributed denial of service and social engineering?
m)    What enhancements to existing Recommendations under review or new Recommendations under development should be adopted to reduce impact on climate changes (e.g., energy savings, reduction of greenhouse gas emissions, implementation of monitoring systems) either directly or indirectly in telecommunication/ICT or in other industries?

Tasks

Tasks to be considered in the context of telecommunication / ICT networks and systems include, but are not limited to:
a)       Collaborate with ITU-T study groups, ETSI, FIRST, IETF, IEEE, ISO/IEC JTC 1, OASIS, OMA, TCG, 3GPP, 3GPP2, and other standardization bodies on cybersecurity.
b)      Work on frameworks and Recommendations to address how telecommunication/ICT providers may secure their infrastructure and maintain secure operations, and exchange cybersecurity information.
c)       Produce a set of Recommendations for providing security solutions for telecommunication/ICT accountability, assurance and incident response and recovery.
d)      Study and specify the security techniques and capabilities for service providers to coordinate and exchange information regarding vulnerabilities, platforms and cyber attacks.
e)       Study and specify cybersecurity framework consisting of a set of components that should consist of identify, protect, detect, respond and recover.
f)       Specify how to use artificial intelligence and machine learning, to quickly identify and analyze new threats and vulnerabilities.
g)      Specify how to apply accountability, assurance and incident response mechanisms in telecommunication/ICT networks.
h)      Develop guidelines and techniques to protect personal information and also to protect personally identifiable information (PII) using CYBEX techniques and related security tools.
i)        Provide assistance to other ITU-T study groups in applying relevant cybersecurity Recommendations for specific security solutions.
j)        Develop best practices and guidelines for the sharing of vulnerability information and remedies to aid in vulnerability life-cycle processes.
k)      Collaborate with all other Questions in ITU-T SG17 to coordinate incubation function.
l)        Incorporate incubation function to address the new emerging areas in ITU-T SG17.
Relationships

Relationships

Recommendations:
• X-series and others related to security.
Questions:
• ITU-T Qs 1/17, 2/17, 3/17, 5/17, 6/17, 7/17, 8/17, 9/17, 10/17 and 11/17.
Study Groups:
• ITU-D SG2 (Q3/2); ITU-T SGs 2, 9, 11, 13 (Q7/13), 16 and 20.
Standardization bodies:
• European Telecommunications Standards Institute (ETSI); Institute of Electrical and Electronics Engineers (IEEE); Internet Engineering Task Force (IETF); IEC TC 57, IEC TC 292, IEC TC 65/WG10; ISO/IEC JTC 1/SC 27; National Institute of Standards and Technology (NIST); Organization for the Advancement of Structured Information Standards (OASIS); Open Mobile Alliance (OMA); Open Group; Object Management Group (OMG); Third Generation Partnership Project (3GPP); Third Generation Partnership Project 2 (3GPP2); Trusted Computing Group (TCG)..
Other bodies:
•  Anti-Phishing Working Group (APWG); CERT/CC; CIRTs; European Network and Information Security Agency (ENISA); GSM Association (GSMA); Forum for Incident Response and Security Teams (FIRST); Organization for Economic Cooperation and Development (OECD).​