| Work group:
|
Q6/20 (Presentation Web page is available here)
|
| Title:
|
Security, privacy, trustworthiness, and identification of Internet of Things (IoT) and smart sustainable cities and communities (SSC&C)
|
| Description:
|
1 Motivation
Towards the information society, there are increases in cyber-attacks, cybercrime, and loss of credit or trust. The information and communication technology (ICT) infrastructure will evolve to provide converged services and applications by accommodating a large number of Internet of Things (IoT) sensors and IoT-related systems. Additionally, the world is experiencing an evolution of smart sustainable cities and communities (SSC&C). Many stakeholders from various industries are involved in future converged and intelligent services to be deployed in IoT and SSC&C using ICT infrastructure.
This heterogeneous environment, while it promises great advances in the way the services and applications are provisioned, and in the way systems are managed, administered, and maintained, yet comes with a very wide range of sector-specific risks and threat vectors. Implications for security, personal identifiable information (PII) protection, safety, and the overall trust of use, adoption, and proliferation of IoT and SSC&C data, devices, systems, services, applications, and platforms, could hinder the overall market development. Therefore, it is important that security, PII protection and privacy concerns are taken into account throughout the design process of products and systems to be used in IoT and SSC&C implementations. This is commonly known as safety and security by design, which emphasize that protection be built into information technologies, business practices, systems, processes, physical design, and networked infrastructure.
Various identification techniques have always been regarded as an important enabling technology for IoT and SSC&C implementation and interoperability. Both physical things (such as tagged items and products, sensing devices) and virtual things (such as computational processes, software) could have, or already have, assigned identifiers, in order to be identified and distinguished. It is important for each thing to be addressable, and identifiable.
Taking into account the variety of data, devices, systems, services and applications within heterogeneous IoT and SSC&C domains, it is essential to develop trustworthiness models that ensure all physical and virtual things involved are trusted enough to be part of IoT and SSC&C environment. Such models should be integrated within IoT and SSC&C architectures while defining the set of rules to ensure implementation of trusted IoT and SSC&C systems. The trustworthiness aspects should be substantial part of any end-to-end architectures developed for IoT and SSC&C verticals.
It is also essential to consider the security, safety, trustworthiness, interoperability for the human-oriented applications and services in IoT and SSC&C, such as digital services (e.g., electronic transaction services), metaverse, and public safety. The continuity, sustainability and robustness of those applications and services also should be considered carefully.
In addition, the adoption of emerging technologies such as blockchain, big data, quantum computing, artificial intelligence and machine learning can play an important role in developing advanced cost-effective measures and mechanisms to create such secured, safe and trustworthy environment within IoT and SSC&C domains.
All above requirements need to be carefully analysed for various IoT and SSC&C verticals that may require specific additional demands due to their nature and the underlying standards they use for IoT and SSC&C devices, systems, platforms, infrastructures, applications, and services.
2 Question
Study items include, but are not limited to:
- What are the possible risks and threats against the compromise of authenticity, confidentiality, integrity, non-repudiation, availability, and portability of IoT and SSC&C data, devices, systems, platforms, infrastructures, applications, and services?
- What is needed to identify, mitigate and counteract the security risks and threats and protect data and PII in the context of IoT and SSC&C?
- What are the technical measures capable of fulfilling the requirements of IoT and SSC&C to improve the security, safety, trustworthiness, data and PII protection?
- What requirements and identification measures may be used for improving interoperability in IoT and SSC&C when appropriate?
- How can emerging technologies and mechanisms be used to improve security, safety, trustworthiness and to protect data and PII in IoT and SSC&C, including big data, blockchain, machine learning, artificial intelligence, quantum computing, zero trust?
- How to ensure security, safety and trustworthiness of digital services (including electronic transaction services) and metaverse in IoT and SSC&C?
- What are the requirements and associated technical measures to improve the security, reliability, continuity, sustainability and robustness of IoT and SSC&C applications and services for public safety?
- Which standards development organizations (SDOs), consortia and forums would it be necessary to collaborate with to maximize synergies and harmonize existing standards?
3 Tasks
Tasks include, but are not limited to:
- Developing Recommendations, reports, guidelines, etc., as appropriate, on:
" reliability, authenticity, confidentiality, integrity, non-repudiation, and availability of IoT and SSC&C data, devices, systems, infrastructures, platforms, applications and services;
" security requirements and associated technical measures to identify and mitigate security risks and threats and to protect data and PII in the context of IoT and SSC&C;
" requirements and technical measures to improve safety and trustworthiness in IoT and SSC&C data, devices, systems, platforms, infrastructures, applications and services;
" requirements and associated identification measures (such as naming, addressing, and identity discovery) to improve interoperability in IoT and SSC&C;
" emerging technologies and mechanisms to improve security, safety, trustworthiness and to protect data and PII in IoT and SSC&C, such as big data, blockchain, machine learning, artificial intelligence, quantum computing;
" security, safety, trustworthiness and PII protection, identification of digital services (e.g., electronic transaction services) and metaverse in IoT and SSC&C;
" security, reliability, continuity, sustainability and robustness of IoT and SSC&C applications and services for public safety.
- Collaboration as appropriate in these fields within ITU and between ITU-T and SDOs, consortia and forums.
An up-to-date status of work under this Question is found in the SG20 work programme (https://www.itu.int/ITU-T/workprog/wp_search.aspx?sp=18&q=6/20).
4 Relationships
Recommendations:
- Y.4000-series and other Recommendations related to security, PII protection, safety, trust and identification
Questions:
- All Questions of ITU-T SG20
Study groups:
- ITU-T (e.g., considering their lead study group role), ITU-D and ITU-R study groups, as appropriate
- ITU-T SG2 and ITU-T SG17 on identification aspects of IoT and SSC&C, as per the mandate of each study group
- ITU-T SG17 on security, PII protection, safety and trustworthiness issues relating to IoT and SSC&C, as per the mandate of each study group
Other bodies:
- ETSI
- ENISA
- Alliance for IoT and Edge Computing Innovation (AIOTI)
- IEEE
- 3GPP
- W3C
- ISO/IEC JCT 1
- Joint IEC-ISO-ITU Smart Cities Task Force
- IETF
- Open & Agile Smart Cities (OASC)
- OASIS
- oneM2M
WSIS Action Lines:
- C5
Sustainable Development Goals:
- 11, 17
|
| Comment:
|
Continuation of Q6/20
|
|
Rapporteur:
| Mr. | Xiongwei | Jia |
|
Associate rapporteur:
| Ms. | Rana | Kamill |
|
Associate rapporteur:
| Mr. | Jun | She |
|
|
