| Description:
|
1 Motivation
ITU Resolution 188 (Rev. Bucharest, 2022) of the Plenipotentiary Conference, recognizing the adverse impact of counterfeit telecommunication/ICT devices on governments, manufacturers, vendors and consumers and aware that tampering with telecommunication/ICT devices may diminish the effectiveness of solutions adopted by the countries to address counterfeiting, invites Member States to take all necessary measures to combat counterfeit telecommunication/ICT devices. Any unique and persistent identifiers could allow the recognition of genuine products. Additionally, special attention should be given to consider the potential growth of counterfeit IoT devices and the concern this may pose.
At the same time, Resolution 96 (Hammamet, 2016) of World Telecommunication Standardization Assembly recognizes that counterfeit and tampered telecommunication/ICT devices negatively impact on security and privacy for users and impose adverse impact on governments, manufacturers, vendors, operators and consumers such as the loss of revenues, erosion of brand value/intellectual property rights and reputation and network disruptions.
Moreover, ITU Resolution 189 (Rev. Bucharest, 2022) of the Plenipotentiary Conference, on the combat of mobile devices theft, recognizing that device theft can have a negative impact on users' data and on their sense of security and confidence in the use of information and communication technologies (ICTs), resolves to explore and encourage the development of ways and means to continue to combat and deter mobile device theft, and invites Member States to adopt the necessary actions to prevent, discover and control tampering and replication of mobile ICT device identifiers.
Resolution 97 (Rev. Geneva, 2022) of World Telecommunication Standardization Assembly recognizes that the theft of user-owned mobile devices may lead to the criminal use of telecommunication/ICT services and applications, resulting in economic losses for the lawful owner and user; indicates the necessity to identify existing and future technological measures, both software and hardware, to mitigate the consequences of the use of stolen mobile devices.
The work of this Question is mainly focused on the development of Recommendations and Technical Reports on combating counterfeit and tampered telecommunication/ICT device and software. The growing usage of telecommunication/ICT device in people's daily lives in recent years resulted in increased problems related to the sale, circulation, and use of counterfeit device in most markets as well as their adverse consequences for manufacturers, users, and governments.
A considerable number of telecommunication/ICT device have been found to be counterfeit and have created concerns about national security, performance, quality of service delivery and revenue losses for all stakeholders. This has led to calls by ITU Member States, particularly those in developing countries to address the issue, especially the negative effects and to study any positive impact of measures taken.
In addition, the demand for services, resulting in the increased production and availability of telecommunication/ICT device has also seen the rise of stolen device. Some of these devices are returned to the market after they have been tampered with and their identity modified, hence bypassing blocked list identity solutions implemented by Governments and mobile network operators. Consequently, most countries around the world are not only engaged in combating counterfeit telecommunication/ICT device, but also have put in place measures against theft of telecommunication/ICT device and some of them to tackle stolen device with modified identities from reactivating on networks and to effectively manage the situation.
Also, in general, the telecommunication/ICT user is unaware of the vulnerabilities that are included on counterfeit devices or can be present with the counterfeit or tampered ICT software. There are some examples:
(i) The tampering with stolen mobile device software in order to achieve unauthorized access to the user data with consequent impacts.
(ii) Counterfeit/tampered network devices (such as routers or switches) that has backdoors access to the user network, allowing data theft and consequent revenue loss.
(iii) Counterfeit/tampered software on ICT device that allow unauthorized access to the content provider data by non-subscribers.
Therefore, it is critical to raise the awareness of all stakeholders regarding this topic.
This Question intends to explore relevant possibilities to combat stolen and counterfeit or tampered telecommunication/ICT devices and software and, in particular, its relations to products supply chain identity management, traceability, security, privacy and trust of people and networks. Cooperation among ITU T study groups, between ITU-T and ITU-D as well as with external bodies outside the ITU (in particular with SDOs), will be required to gather a complete information and understanding on the subject including the organization of seminar/workshops in collaboration with stakeholders. Coordination among relevant organizations is also necessary to fulfil these tasks.
This Question will maintain the ITU-T Q.5050-Q.5069 series and ITU-T TR-CF.
2 Question
Study items to be considered include, but are not limited to:
- What Technical Reports and guidelines are needed to raise awareness of the problem of counterfeiting of ICT device, ICT software tampering, ICT data misappropriation and the dangers they pose?
- Are the current unique device identifier mechanisms sufficient for combating counterfeit, tampered and stolen telecommunication/ICT device?
- Can conformity, interoperability testing and assessment schemes be used to combat counterfeit and tampered telecommunication/ICT device and its software?
- What technologies and solutions may be used as a tool for combating counterfeit, tampered and stolen telecommunication/ICT device and its software?
- What unique device identifier frameworks are appropriate to combat counterfeit and stolen telecommunication/ICT device with their identity modified?
- What new categories of telecommunication/ICT devices must be considered for counterfeit and what appropriate unique device identifier should be considered for each category?
- What are the adverse impacts to the stakeholders due to the use of counterfeit telecommunications/ICT devices or devices with tampered or counterfeit software, and consequent data misappropriation?
- What kind of Recommendations, Supplements, Technical Reports and guidelines should be developed to combat and provide solutions to address ICT counterfeiting, tampering, modification and/or duplication of unique device identifiers?
- What kind of Recommendations, Technical Reports and Guidelines should be developed to mitigate ICT data misappropriation, in special the user data contained on ICT devices and content delivered by ICT service providers?
- What kind of Recommendations, Supplements, Technical Reports and guidelines should be developed to assist ITU Members, in cooperation with ITU-D Sector, on combating counterfeit and mitigate the use of stolen ICT device?
- What kind of Recommendations, Supplements, Technical Reports and guidelines should be developed to assist ITU Members, in cooperation with ITU-D Sector, on combating counterfeit or tampered telecommunication/ICT software, theft misappropriation and the concerns they pose?
- What ITU Recommendations, Supplements, Technical Reports and guidelines are required to secure the supply chain management (from manufacturing, importation, distribution and marketing) to enhance traceability, security, privacy and trust of people, products and networks?
- What ITU Recommendations, Supplements, Technical Reports and guidelines are appropriate to combat counterfeit IoT devices and the concerns this may pose?
- In this field, what should be taken into account to provide energy savings, directly or indirectly, in ICTs or in other industries?
3 Tasks
Tasks include, but are not limited to:
- develop Recommendations, Supplements, Technical Reports and guidelines to assist ITU Members, in cooperation with ITU-D Sector, on combating counterfeit and tampered telecommunication/ICT device and its software and subsequent data misappropriation;
- develop Recommendations, Supplements, Technical Reports and guidelines on the performance and gaps of current unique device identifier mechanisms for combating counterfeit, tampered and stolen telecommunication/ICT device, based on ITU members use cases;
- develop Recommendations, Supplements, Technical Reports and guidelines to assist ITU Members, in cooperation with ITU-D Sector, on combating counterfeit IoT devices;
- develop Recommendations, Supplements, Technical reports and guidelines to address the problem of stolen telecommunication/ICT device and to assist the Member States, in cooperation with ITU-D Sector, in deploying solutions to mitigate the use of stolen device;
- develop Recommendations, Supplements, Technical Reports and guidelines to identify new categories of telecommunication/ICT devices that may benefit from combatting counterfeit, and what device identifier should be considered for each category;
- study appropriate solutions, including unique device identifier frameworks, to combat counterfeit and stolen telecommunication/ICT device with tampered or duplicated unique identifiers;
- study relevant technologies that can be used as a tool for combating counterfeit, tampered and stolen telecommunication/ICT device;
- study the adverse impacts to the stakeholders due to the use of counterfeit telecommunications/ICT devices or devices with tampered or counterfeit software, and consequent data misappropriation;
- study relevant and appropriate technologies and solutions that can be used to combat counterfeit or tampered ICT software, consequent data misappropriation and other adverse impacts;
- organise workshops and events across ITU regions in cooperation with the ITU-D Sector to promote the work of ITU-T in this field and involve stakeholders;
- study possible conformity and interoperability testing (C&I) solutions to combat counterfeiting and tampering of telecommunication/ICT device, and its software and consequent data misappropriation, taking into account the activities of the ITU-T CASC;
- study results achieved by various international standardization bodies and develop technical specifications to feed the standardization work of the Question.
An up-to-date status of work under this Question is contained in the SG11 work programme (https://www.itu.int/ITU-T/workprog/wp_search.aspx?sp=18&q=15/11).
4 Relationships
Resolutions:
- Resolutions 188, 189 of the Plenipotentiary Conference (Rev. Bucharest, 2022);
- Resolution 79 of the WTDC (Rev. Kigali, 2022);
- Resolutions 76, 97 of the WTSA (Rev. Geneva, 2022) and Resolution 96 of the WTSA (Rev. Hammamet, 2016).
Recommendations:
- ITU-T X.1127, ITU-T X.1255, ITU-T X.660, ITU-T Q.5050, ITU-T Q.5051, ITU-T Q.5052, ITU-T Q.5053
Questions:
- All Questions of ITU-T SG11, especially Questions relating to control, signalling architectures, protocols, conformance, and interoperability testing
Study Groups:
- ITU T SG2
- ITU-T SG3
- ITU-T SG5
- ITU T SG12
- ITU-T SG13
- ITU T SG17
- ITU T SG20
- ITU-T SG21
- ITU D SG1 and SG2
Other bodies:
- ETSI
- IEC
- IEEE
- IETF
- ISO/IEC JTC 1
WSIS action lines:
- C2, C5, C11
Sustainable Development Goals:
- 9
|
