ITU‑T Study Group 17: Security
(Study Period 2025 - 2028)
ITU‑T Study Group 17 is responsible for developing international standards to enhance confidence, security and trust in the use of telecommunications/ICTs, in the context of an ever-growing attack surface and confronted with an unbalanced threat landscape.
While providing security by ICTs and ensuring security for ICTs are both major study areas for ITU‑T Study Group 17, it is recognized that the other ITU‑T study groups may study security aspects within their mandates.
The increase of compliance requirements and the ongoing coordination between ITU‑T Study Group 17 and the other ITU‑T study groups, as well as other standards-development organizations, require a comprehensive and transformative approach to consider the following areas.
Security model, framework, architecture and lifecycle: this includes studies of cybersecurity, wholistic security approaches spanning development, deployment and operation phases, managed security services and security automation. In particular, it delves into both security models, such as zero trust for network infrastructure, and, at the same time, supply chain security, especially concerning software.
Cybersecurity and service: this includes adapting to the evolving threat landscape (targeted attacks and ransomware); understanding the characteristics of emerging malware types; addressing and managing cybersecurity incidents; identifying security requirements and core cybersecurity solutions; exchanging threat intelligence; combating spam; endpoint detection and response; and developing new simulation and prediction capabilities. It also includes services and their organizations, such as the development of cybersecurity centres, incident response teams and managed security services.
Security management: this includes information-security management, identity solutions and management, authentication mechanisms and telebiometrics, all stimulated by new and emerging security technologies.
It also includes studying appropriate technical standardization solutions for child online protection.
End-device, edge, network, cloud and application security: this addresses security in the context of end-devices, edge, networks, cloud, applications and services, which is of paramount importance. It considers aspects of endpoint security; smart devices and Internet of Things (IoT) devices; networks ranging from IMT-2020/5G and beyond and IMT-2030/6G; and intelligent transport system security, which extends to vehicle-to-vehicle (V2X) communication and autonomous driving. Additionally, it also considers multifaceted approaches of security for smart cities and communities, verticals including smart grid, smart factory and digital health, industrial control systems (ICS), terrestrial-satellite and satellite-satellite network convergence, the radio navigation satellite service (RNSS), the automatic identification system (AIS), software‑defined networking (SDN), network function virtualization (NFV), Internet Protocol television (IPTV), web services, over-the-top (OTT), metaverse, digital twin technology, cloud computing, in-network computing, big data analytics and digital financial services (DFS).
Data protection techniques: in the pursuit of building confidence, security and trust in the use of telecommunications/ICTs, ITU‑T Study Group 17 is deeply involved in safeguarding sensitive data, including protecting personally identifiable information (PII). This involves various technical and operational aspects of data protection using federated learning, synthetic data generation, differential privacy and data masking, to ensure confidentiality, integrity and availability of PII.
New and emerging security technologies: this includes studying how artificial intelligence (AI) can bolster security measures, how secure AI systems and AI-based applications can be achieved in support of telecommunications/ICTs, how to counteract the growing threat landscape fuelled by AI advances, including addressing unintended consequences of generative AI, quantum-based security, including quantum key distribution (QKD) and the use of post-quantum cryptography (PQC) algorithms. It also examines security considerations related to distributed ledger technology (DLT), and also the utilization of cryptographic schemes and protocols, such as homomorphic algorithms, zero-knowledge proofs, and secure multi-party computation (MPC).
Open systems interconnection (OSI) and technical languages: ITU‑T Study Group 17 is also responsible for the application of OSI, which includes managing directories and object identifiers, such as public key infrastructure (PKI) and distributed PKI (DPKI). It extends to addressing technical languages such as Abstract Syntax Notation One (ASN.1) and the use of JavaScript Object Notation (JSON). Ensuring proper methods for their application and addressing software-related issues in telecommunication systems is a key focus. Additionally, it encompasses enhancing ITU‑T Recommendations in support of conformance testing.
Lead Study Group Roles
Recommendations under the SG17 responsibility
