ITU's 160 anniversary

Committed to connecting the world

  •  
Girls in ICT day 2025

ITU-T work programme

[2025-2028] : [SG 17] : [WP2/17]

[Work programme]
Work group: Q6/17 (Presentation Web page is available here)
Title: Security for telecommunication services, Internet of Things (IoT), digital twin, and metaverse
Description: 1 Motivation Recommendation ITU-T X.1101 provides the security requirements and framework for multicast communication. Recommendations ITU-T X.1111, X.1112, X.1113 and X.1114 describe the security framework for home network including the device certificate profile, authentication mechanism, and authorization framework. Recommendations ITU-T X.1121, X.1122, X.1123, X.1124, and X.1125 provide a comprehensive specification on security for mobile network. Recommendations ITU-T X.1171, X.1311, and X.1312 specify the privacy framework for mobile NID services, the security framework for ubiquitous sensor networks (USN), USN middleware security guideline and security requirements for wireless sensor network routing, respectively. Recommendations ITU-T X.1191, X.1192, X.1193, X.1194, X.1195, X.1196, X.1197 and X.1198 describe a comprehensive set of requirements, mechanisms, and framework for security of IPTV services. X-series Supplements 19 and 24 provide security aspects of mobile phones. Recommendation ITU-T X.1331, X.1332, X.1333 and Supplement 26 to the X-series Recommendations describes the security aspects of smart grid. Recommendation ITU-T X.1352, X.1361, X.1362, X.1363, X.1364, X.1365, X.1366, X.1367, X.1368 and X.1369 provide IoT related security requirements, mechanisms, and frameworks. A continued effort to maintain and enhance these security Recommendations and Supplements to satisfy the needs of new technologies and services is required. The telecommunication services, networks and IoT refer to the service that allows anyone to access to any desired information in a user-friendly way, anytime and anywhere using any types of end-devices. The telecommunications industry has been experiencing an exponential growth in the area of mobile technology-based telecommunication services. Specifically, security of domain/sector-specific telecommunication services and networks, such as IoT and smart cities (including machine to machine (M2M), RFID, near field communication (NFC) and sensor network), home network, industrial control systems, smart entities (for example, smart factory, smart grid), embedded subscriber identity module (eSIM), smartphones, and IPTV networks, etc., are crucial for the further development of the industry, network operators and service providers. Standardization of the best comprehensive security solutions is vital for network operators and service providers that operate in a multi-vendor international telecommunication environment. Due to some specific characteristics of IoT environment (e.g., limited computing power and memory size of the small mobile devices, long lifecycle, customized operating systems and software), providing security and personally identifiable information (PII) protection is an especially challenging task that deserves special attention and study. A digital twin is a virtual representation of a physical object or system that is synchronized with the real-world counterpart. Security of digital twins are becoming important to address the risks, such as unauthorized access to the sensitive data, risk of taking control of physical systems, and use of digital twins to launch cyberattacks, etc. There are several controls to address the risks of digital twin, such as data encryption, access control, and vulnerability management and logging and monitoring, etc. A digital platform is a group of technologies that are used as a base upon which applications, processes or technologies are developed. A metaverse refers to a collective virtual shared space that is created by the convergence of physical and virtual reality. It's a digital universe where users can interact with computer-generated environments, objects, and other users in real-time. Key characteristics of the metaverse include virtual reality and augmented reality (AR), interactivity that users can interact with the virtual world and other users within it, persistent space that exists independently of individual users, and diverse applications. There is a need for identifying the roles and responsibilities of telecom users, operators, and service providers with regards to security and PII protection aspects in the digital twin and metaverse environment. Services and applications in digital twins and metaverse will have a profound impact for telecom users and industries including telecom service providers. The term citiverse is used to refer to metaverse for cities. Standardization for the comprehensive security solutions, best practices and guidance of applications and services based on digital twin and metaverse security and data protection technologies is critical towards achieving enhanced innovation. Recommendations and Supplements under responsibility of this Question as of 12 September 2024: X.1101, X.1111, X.1112, X.1113, X.1114, X.1121, X.1122, X.1123, X.1124, X.1125, X.1126, X.1127, X.1171, X.1191, X.1192, X.1193, X.1194, X.1195, X.1196, X.1197, X.1198, X.1311, X.1312, X.1313, X.1314, X.1331, X.1332, X.1333, X.1352, X.1353, X.1354, X.1361, X.1362, X.1363, X.1364, X.1365, X.1366, X.1367, X.1368, X.1369, X.1453, X.1454, Supplements 19, 24 and 26 to the X-series Recommendations, and Technical Reports/Papers: TR.ibc-cd, TR.ba-iot. Texts under development as of 12 September 2024: X.1355 (X.ra-iot), X.gnssa-iot, X.mt-feature, X.mt-integrity, X.sm-iot, X.sr-iiot, X.stm-dpm, X.sr-smb, Supplement X.sup-tig-iotsec, and Technical Report TR.st-iot. 2 Question Study items to be considered include, but are not limited to: - How should security aspects (e.g., security architecture and subsystems) be identified and defined in a telecommunication services, IoT, digital twin and metaverse environment (reference to metaverse also includes citiverse)? - How should threats and vulnerabilities in telecommunication services, IoT, digital twin and metaverse be identified and handled? - What are the security technologies for supporting telecommunication services, IoT, digital twin and metaverse environment? - How should secure interconnectivity between entities in telecommunication services, IoT, digital twin and metaverse environment be kept and maintained? - How should security technologies using AI/ML based technologies be studied and developed for telecommunication services, IoT, digital twin and metaverse? - What security techniques, mechanisms and protocols are needed for secure applications and services based on telecommunication services, IoT, digital twin and metaverse? - What are the global security solutions for telecommunication services, IoT (e.g. including services for smart entities such as smart cities, smart grid, smart factory, and ICS), digital twin and metaverse, which are based on telecommunication/ICT networks? - What are the best practices or guidelines for telecommunication services, IoT, digital twin and metaverse security? - What personally identifiable information (PII) protection and management mechanisms are needed for telecommunication services, IoT, digital twin and metaverse services? 3 Tasks Tasks include, but are not limited to: - Review existing Recommendations/standards of ITU-T, ISO/IEC and other standardization bodies in the area of security for home network, smart grid, smart cities, smart factory, IoT, digital twin and metaverse services. - Study further to define security aspects of telecommunication services, IoT (e.g., including services for smart entities such as smart cities, smart grid, smart factory and ICS), digital twin and metaverse which are based on telecommunication/ICT networks. - Study and identify security issues and threats in telecommunication services, IoT, digital twin and metaverse. - Study and develop security mechanisms, protocols and technologies for telecommunication services, IoT, digital twin and metaverse. - Study and develop secure interconnectivity mechanisms for telecommunication services, IoT, digital twin and metaverse environment. - Study and identify PII protection issues and threats in telecommunication services, IoT, digital twin and metaverse. - Study and develop PII protection and management mechanisms for telecommunication services, IoT, digital twin and metaverse. - Study and develop security technologies utilizing AI/ML based technologies for the telecommunication services, IoT, digital twin and metaverse. - Produce a set of Recommendations and other texts to provide comprehensive security solutions, best practices and guidance for telecommunication services, IoT, digital twin and metaverse services. An up-to-date status of work under this Question is contained in the SG17 work programme at https://www.itu.int/ITU-T/workprog/wp_search.aspx?sp=18&q=6/17. 4 Relationships Recommendations: - X-series and others related to security Questions: - All ITU-T SG17 Questions Study groups: - ITU-T SG 5 - ITU-T SG 11 - ITU-T SG 12 - ITU-T SG 13 - ITU-T SG 15 - ITU-T SG 20 - ITU-T SG 21 - JCA-IoT and SC&C - ITU-R Standardization bodies: - Internet Engineering Task Force (IETF) - IEC SEG 6 (Micro Grid), IEC SMB WG3, IEC TCs 57 and 65 - ISO/IEC JTC 1/SCs 6, 25, 27, 31 and 41 - Open Mobile Alliance (OMA) - Third Generation Partnership Project (3GPP) Other bodies: - World Wide Web Consortium (W3C) - Institute of Electrical and Electronics Engineering (IEEE) - Alliance for Telecommunications Industry Solutions (ATIS) - China Communications Standards Association (CCSA) - European Telecommunications Standards Institute (ETSI) - GSM Association (GSMA) - NFC Forum; National Institute of Standards and Technology (NIST) - Telecommunication Technology Committee (TTC) - Telecommunications Technology Association (TTA) - Universal Plug and Play (UPnP) WSIS Action Lines: - C5 Sustainable Development Goals: - 8, 9, 11
Comment: Continuation of Q6/17
Co-rapporteur: Mr.JonghyunBaek
Co-rapporteur: Mr.JunzhiYan
Associate rapporteur: Mr.GunheeLee