500 likes | 518 Views
Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009. ITU Global Cybesercurity Agenda and ITU-T SG17 activities on Cybersecurity. Paolo Rosa Head, Workshops and Promotion Division Telecommunication Standardization Bureau. ITU Cybersecurity activities.
E N D
Forum on Next Generation Network Standardization • Colombo, Sri Lanka, 7-10 April 2009 ITU Global Cybesercurity Agenda and ITU-T SG17 activities on Cybersecurity Paolo Rosa Head, Workshops and Promotion Division Telecommunication Standardization Bureau
ITU Cybersecurity activities WSIS Action Line C.5Building Confidence and security in the use of ICTs http://www.itu.int/wsis/c5/index.html ITU Global Cybersecurity AgendaFramework for international cooperation in Cybersecurity ITU Cybersecurity GatewayInformation resource on Cybersecurity
Strategic direction Cybersecurity – one of the top priorities of the ITU WSIS Action Line C5, Building confidence and security in use of ICTs A fundamental role of ITU, following the World Summit on the Information Society (WSIS) and the 2006 ITU Plenipotentiary Conference is to build confidence and security in the use of ICTs. At the WSIS, world leaders and governments designated ITU to facilitate the implementation of WSIS Action Line C5, “Building confidence and security in the use of ICTs”. In this capacity, ITU is seeking consensus on a framework for international cooperation in cybersecurity to reach a common understanding of cybersecurity threats among countries at all stages of economic development.
Strategic direction II • Plenipotentiary Resolution 130 (2006), Strengthening the role of ITU in building confidence and security in the use of information and communication technologies – Instructs Director of TSB to intensify work in study groups, address threats & vulnerabilities, collaborate, and share information • Plenipotentiary Resolution 149 (2006), Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies - Instructs Council to study terminology
Strategic Direction III • WTSA-08 Resolution 50, Cybersecurity – Instructs Director of TSB to develop a plan to undertake evaluations of ITU-T “existing and evolving Recommendations, and especially signalling and communications protocol Recommendations with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment” • WTSA-08 Resolution 52, Countering and combating spam – Instructs relevant study groups “to develop, as a matter of urgency, technical Recommendations, including required definitions, on countering spam” • WTSA-08 Resolution 58, Encourage the creation of national Computer Incident Response Teams, particularly for developing countries– instructs the Director of TSB, in collaboration with the Director of BDT “to identify best practices to establish CIRTs; to identify where CIRTs are needed; to collaborate with international experts and bodies to establish national CIRTs; to provide support, as appropriate, within existing budgetary resources; to facilitate collaboration between national CIRTs, such as capacity building and exchange of information, within an appropriate framework”
Draft new ITU-T Rec.X1205Overview of Cybersecurity • Cybersecurity:collection of tools, policies, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyberspace against relevant security risks such as unauthorized access, modification, theft, disruption, or other threats • Cyberspace:the cyber environment including software, connected computing devices, computing users, applications/services, communications systems, multimedia communication, and the totality of transmitted and/or stored information connected directly or indirectly to the Internet. It includes hosting infrastructures and isolated devices
Changing nature of cyberspace Source: Presentation materials at ITU workshop on “Ubiquitous Network Societies”, April 2005.
Threats in cyberspace Inherited architecture of the Internet was not designed to optimize security • Constant evolution of the nature of cyberthreats • Low entry barriers and increasing sophistication of cybercrime • Constant evolution in protocols and algorithms • Loopholes in current legal frameworks • Introduction of Next-Generation Networks (NGN) • Convergence among ICT services and networks • Network effects – risks far greater • Possibility of anonymity on the Internet • Absence of appropriate organizational structures • Internationalization requires cross-border cooperation • Vulnerabilities of software applications
Attackers, hackers and intruders(generally users cannot be trusted) • Taxonomy of security threats • Unauthorized illegal access: insufficient security measures autent./author/unprotected passwords… • IP spoofing: assume a trusted host identity, disable host, assume attacker’s identity, access to IP addresses) • Network sniffers: read source and destination addressess, passwords,data… • Denial of Service (DoS): connectivity, network elements or applications availability • Bucket brigade attacks: messages interception/modificat. • Back door traps: placed by system developers / employees /operating system/created by virus • Masquerading: accessto the network as false legitimate personnel • Reply attacks: read authentication information from messages • Modification of messages without detection • Insider attacks: legitimate users behave in unauthorized way, needed perdiodical auditing actions, screening of personnel, hardware and software
Challenges: Policy • Lack of relevant cybercrime and anti-spam legislation • Establish where none • Base “model law” needed (which is separate ITU initiative) • Modify existing cybercrime/spam laws where needed to reflect botnet-related crime • Capacity building for regulators, police, judiciary • Training existing officials may be supplemented by co-opting or active recruitment of technical experts • Weak international cooperation and outreach • Participation in local, regional and international initiatives • Engagement of relevant government, regulators, law enforcement with peers and other stakeholders around globe • Targeted outreach to countries and stakeholders known to be particularly vulnerable to cybercrime
The Global Cybersecurity Agenda (GCA) Launched in May 2007 by the ITU’s Secretary-General, Dr. Hamadoun Touré on World Telecommunication and Information Society Day GCA a ITU framework for international cooperation aimed at proposing strategies for solutions to enhance confidence and security in the use of ICTs, built on existing national and regional initiatives, avoiding duplication and encouraging e collaboration 17 May 2007, International Herald Tribune 9 July 2007 UN Secretary-General Historic visit to ITU
Global Cybersecurity Agenda Framework for International Cooperation in Cybersecurity • The Global Cybersecurity Agenda (GCA) was created as ITU’s response to its role as sole • Facilitator for WSIS Action Line C5 • GCA is a framework for international multi-stakeholder cooperation in cybersecurity • GCA brought together a group of world renowned experts in the field of cybersecurity • and formed the High Level Experts Group (HLEG) which developed a global strategic • report available at: • http://www.itu.int/osg/csd/cybersecurity/gca/global_strategic_report/index.html • GCA is working together with its partners to develop harmonized global strategies Leveraging expertise for international consensus On a Global level, from government, international organizations to industry For a Harmonizedapproach to build synergies between initiatives Through Comprehensive strategies on all levels in 5 work areas:
ITU’s Global Cybersecurity Agenda Global Strategic Report • Legal Measures • International investigations: depending on reliable means of cooperation and effective harmonization of laws • Technical and Procedural Measures • Organizational Structures • Capacity Building • International Cooperation
Current GCA Projects Curbing Cyberthreats: IMPACT Partnership with the International Multilateral Partnership Against Cyber-Threats (IMPACT) Child Online Protection: COP The Child Online Protection (COP) initiative in partnership with organizations from around the world
Global Response Centre (GRC) Threat information aggregation and dissemination expert collaboration Training & Skill Development Security skills training for Member States Security Assurance & Research International benchmarks for Member States Collaborative research on cyber-threats. PARTNERS Centre for Policy and International Co-operation Advisory services on cybersecurity policy and regulations for Member States ITU-IMPACT Collaboration IMPACT is the physical home for the GCA, providing expertise and facilities for all ITU Member States to address global cyber-threats
Child Online Protection (COP) Internet Governance Forum Action for Global Cybersecurity An unique initiative bringing together partners from all sectors of the international community with the aim of creating a safe online experience for children everywhere. Key Objectives • Identify the main risks and vulnerabilities to children in cyberspace • Create awareness of the risks and issues through multiple channels • Develop practical tools to help governments, organizations and educators minimize risk • Share knowledgeand experience while facilitating international strategic partnerships to define and implement concrete initiatives
The High Level Segment (Council) • Held on the opening of the ITU council meetings • Participation of Ministers • Questions addressed: • Greatest cyberthreats faced worldwide • Key elements to formulate national strategies and to prevent cybercrime • Role of governments in promoting a cibersecurity culture • Highest priority activities to address current and emerging cyberthreats
ITU-T SG 17: SecurityResponsible for studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems. • Study Group 17 is the lead study group in the ITU-T for security – responsible for: • Coordination of security work • Development of core Recommendations • Most of the other study groups have responsibilities for standardizing security aspects specific to their technologies, e.g., • SG 2 for TMN security • SG 9 for IPCablecom security • SG 13 for NGN security • SG 16 for Multimedia security
ICT security standards roadmap • Part 1 contains information about organizations working on ICT security standards • Part 2 is database of existing security standards and includes ITU-T, ISO/IEC JTC 1,IETF, IEEE, ATIS, ETSI and OASIS security standards • Part 3 is a list of standards in development • Part 4 identifies future needs and proposed new standards • Part 5 includes Security Best Practices http://www.itu.int/ITU-T/studygroups/com17/ict/
Working Party 1: Network and information security • Q 1 Telecommunications systems security project • Q 2 Security architecture and framework • Q 3 Telecommunications information security management • Q 4 Cybersecurity • Q 5 Countering spam by technical means Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure 21 of 37
Working Party 2: Application security • Q 6 Security aspects of ubiquitous telecommunication services • Q 7 Secure application services • Q 8 Telebiometrics • Q 9 Service oriented architecture security Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure (cont.) 22 of 37
Working party 3: Identity management and languages • Q 10 Identity management architecture and mechanisms • Q 11 Directory services, Directory systems, and public-key/attribute certificates • Q 12 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration • Q 13 Formal languages and telecommunication software • Q 14 Testing languages, methodologies and framework • Q 15 Open Systems Interconnection (OSI) Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure (cont.) 23 of 37
Strong ramp-up on developing core security Recommendations in SG 17 • 14 approved in 2007 • 27 approved in 2008 • 56 under development for approval this study period • Subjects include: • Architecture and Frameworks Web services Directory • Identity management Risk management Cybersecurity • Incident management Mobile security Countering spam • Security management Secure applications Telebiometrics • Ubiquitous Telecommunication services SOA security • Ramping up on: Traceback Ubiquitous sensor networks • Collaboration with others on many items Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Core Security Recommendations 24 of 37
Addressing security to enhance trust and confidence of users in networks, applications and services • Balance between centralized and distributed efforts on developing security standards • Legal and regulatory aspects of cybersecurity, spam, identity/privacy • Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning • Uniform language for security terms and definitions • Effective cooperation and collaboration across the many bodies doing cybersecurity work – within the ITU and with external organizations • Keeping ICT security database up-to-date Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Challenges 25 of 37
Security coordination • ISO/IEC/ITU-T Strategic Advisory Group Security • – Oversees standardization activities in ISO, IEC and ITU-T relevant to security; provides advice and guidance relative to coordination of security work; and, in particular, identifies areas where new standardization initiatives may be warranted. • • Portal established • • Workshops conducted • Global Standards Collaboration • – ITU and participating standards organizations exchange information on the progress of standards development in the different regions and collaborate in planning future standards development to gain synergy and to reduce duplication. GSC- 13 resolutions concerning security include: • GSC-13/11 – Cybersecurity • GSC-13/04 – Identity Management • GSC-13/03 – Network aspects of identification systems • GSC-13/25 – Personally Identifiable Information Protection Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 SG 17 Security Project 1/3 (Major focus is on coordination and outreach) 26 of 37
SG 17 Security Project 2/3 (Major focus is on coordination and outreach) Cybersecurity Rapporteur group adopted a focussed action plan including outreach and collaboration with other organizations addressing cybersecurity and infrastructure protection. Basic needs: to identify and effecting lines of communication among all these organizations. Address the needs of countries with lack in resources and part of the global network cybersecurity and vulnerability mosaic. Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 • Security coordination (cont.) 27 of 37
SG 17 Security Project 4/4 • Security Compendium • Includes catalogs of approved security-related Recommendations and security definitions extracted from approved Recommendations • Security Standards Roadmap • Includes searchable database of approved ICT security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS) • ITU-T Security Manual – Assisted in its development
1. Assure the continued relevance of security standards by keeping them current with rapidly-developing telecommunications technologies and operators’ trends. (in e-commerce, e-payments, e-banking, telemedicine, fraud-monitoring, fraud-management, fraud identification, digital identity infrastructure creation, billing systems, IPTV, Video-on-demand, grid network computing, ubiquitous networks, etc.). 2. Give attention to the issue of trust between network providers and communication infrastructure vendors, in particular, in terms of communication hardware and software security. Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Security standardization strategy 29 of 37
a security enabler by providing trust in the identity of both parties to an e-transaction • a very important capability for significantly improving security and trust • 3. provides Network Operators an opportunity to increase revenues by offering advanced identity-based services • 4. ITU-T’s IdM work on global trust and interoperability of diverse IdM capabilities in telecommunications focused on leveraging and bridging existing solution Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Identity Management Overall objectives 30 of 37
First IdM Recommendations for ITU-T SG 17: • X.1250, Capabilities for global identity management trust and interoperability • X.1251, A framework for user control of digital identity • And one Supplement approved: • Supplement to X.1250-series, Overview of IdM in the context of cybersecurity • Many additional IdM Recommendations are under development (specially IdM terms and definitions) Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Recommendations in progress 31 of 37
Survey of developing countries ICT security needs • Questionnaire initiated May 2008 • Key Results • The overall level of concern about cyber security is high • There is a high level of interest in the possibility of obtaining advice and/or assistance on ICT security from the ITU • The ITU needs to do better in promoting its ICT security products • Details of analysis at: http://www.itu.int/dms_pub/itu-t/oth/0A/0D/T0A0D0000180001PDFE.pdf
Challenges Addressing security to enhance trust and confidence of users in networks, applications and services • With global cyberspace, what are the security priorities for the ITU with its government / private sector partnership? • Balance between centralized and distributed efforts on developing security standards • Legal and regulatory aspects of cybersecurity, spam, identity/privacy • Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning • Uniform definitions of cybersecurity terms and definitions • Effective cooperation and collaboration across the many bodies doing cybersecurity work – within the ITU and with external organizations • Keeping ICT security database up-to-date There is no “silver bullet” for cybersecurity
Some useful web resources • ITU Global Cybersecurity Agenda (GCA) http://www.itu.int/osg/csd/cybersecurity/gca/ • ITU-T Home page http://www.itu.int/ITU-T/ • Study Group 17 http://www.itu.int/ITU-T/studygroups/com17/index.asp e-mail: tsbsg17@itu.int • LSG on Security http://www.itu.int/ITU-T/studygroups/com17/tel-security.html • Security Roadmap http://www.itu.int/ITU-T/studygroups/com17/ict/index.html • Security Manual http://www.itu.int/publ/T-HDB-SEC.03-2006/en • Cybersecurity Portal http://www.itu.int/cybersecurity/ • Cybersecurity Gateway http://www.itu.int/cybersecurity/gateway/index.html • ITU-T Recommendations http://www.itu.int/ITU-T/publications/recs.html • ITU-T Lighthouse http://www.itu.int/ITU-T/lighthouse/index.phtml • ITU-T Workshops http://www.itu.int/ITU-T/worksem/index.html
Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Thank you! Paolo Rosa paolo.rosa@itu.int 35 of 37
ITU GCA main goals Elaboration of strategies to: • develop a model cybercrime legislation globally applicable, interoperable with existing national / regional legislative measures • create national and regional organizational structuresand policies oncybercrime • establish globally accepted minimum security criteria and accreditation schemes for software applications and systems • create a global framework forwatch, warning and incident response to ensure cross-border coordination of initiatives • create and endorse a generic and universal digital identity systemand the necessary organizational structures to ensure the recognition of digital credentials for individuals across geographical boundaries • develop a global strategy to facilitatehuman and institutional capacity-building to enhance knowledge and know-how across sectors and in all the above-mentioned areas • advice on potential framework for a global multi-stakeholder strategyforinternational cooperation, dialogue and coordinationin all the above-mentioned areas.
Initiatives ITU’s Global Cybersecurity Agenda housed in new centre in Malaysia The International Multilateral Partnership Against Cyber Threats (IMPACT) headquarters in Cyberjaya (Kuala Lumpur) to focus on strengthening network security 20 March 2009 ITU’s Telecommunication Development Bureau (BDT) will facilitate the deployment of IMPACT services, such as the Global Response Centre, which aims at providing state-of-the-art cybersecurity capabilities for ITU Member States to strengthen network security worldwide.
Recommendations under development in WP1 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure 39 of 37
ITU-T SG 17 structure Recommendations under development in WP2 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 40 of 37
Recommendations under development in WP3 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure 41 of 37
The report will consist of summary sheets for analysed top security standards • Status and summary of standards Who does the standard affect? Business benefits Technologies involved Technical implications • ITU-T SG 17 seeks comment on the work activity from the ITU-D and other standards development organizations. Specifically, your views on the following would be appreciated: • Do you agree that this work activity would be useful to organizations and/or DC/CETs planning to deploy telecommunications/ICT security systems? • Does your organization have existing information that may be related to this work activity or that may be used to progress this work? • Does your organization have contact with DC/CETs that may further elaborate on their needs and detail the information they may find most useful to capture in the activity output? • Does your organization have any suggestions to provide additional detail regarding the proposed summary sheet elements or criteria to select standards? • Would your organization be willing to assist the ITU-T SG 17 in progressing this work? • ITU-T SG 17 welcomes your consideration and your response on this matter. Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Business use of telecommunications/ICT top security standards 42 of 37
The High Level Segment: HLEG • Held on the opening of the ITU council meetings • Participation of Ministers • Questions addressed: • Greatest cyberthreats faced worldwide • Key elements to formulate national strategies and to prevent cybercrime • Role of governments in promoting a cibersecurity culture • Highest priority activities to address current and emerging cyberthreats
HLS 2008 Sessions on Cybersecurity II • Managing cyberthreats through harmonized policies and organizational structures Objective: to examine how cyberthreats can be detected and managed effectively through harmonized policies and improved organization structures. The absence of effective institutions to deal with cyber-attacks is a major issue. Some countries have established specific agencies with watch, warning and incident response capabilities. Other countries prefer to promote capacity to deal with cyber-incidents within existing law enforcement agencies. What lessons can be learned from the experience of different countries? And how can cooperation and the flow of information between national institutions be improved?
High-Level Segment (HLS) of Council 2008 Geneva, 12-13 November 2008 • Designed to provide Ministers and Councillors with an opportunity to exchange views on issues of strategic importance to the Union and on emerging trends in the sector. This year, speakers offered their perspectives on Climate Change and Cybersecurity. • Inaugurated by two Heads of State, H.E. Mr Paul Kagame, President of Rwanda, and H.E. Mr Blaise Compaoré, President of Burkina Faso, as well as by United Nations Secretary-General Mr Ban Ki-moon via video message. • Attended by some 400 participants, 21 Ministers, Ambassadors and heads of regulatory organizations and UN agencies.
HLS 2008 Sessions on Cybersecurity 1/2 • Managing cyberthreats through harmonized policies and organizational structures Objective: to examine how cyberthreats can be detected and managed effectively through harmonized policies and improved organization structures. • Addressing the technical and legal challenges related to the borderless nature of cybercrime Objective: to consider how the technical and legal challenges associated with cybercrime can best be addressed.
HLS 2008 Sessions on Cybersecurity 2/2 • Be Safe Online: A Call to Action Objective: What can be done and what should be done to protect our most valuable resource : our children? • ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity Objective: How the framework and expert proposals developed within the GCA can help countries promote cybersecurity.
HLS 2008 Sessions on Cybersecurity III • Addressing the technical and legal challenges related to the borderless nature of cybercrime Objective: to consider how the technical and legal challenges associated with cybercrime can best be addressed. Threats to cybersecurity are global in nature. Cybercriminals can strike at will, exploiting technical vulnerabilities and legal loopholes through cross-border operations that show no respect for geographical boundaries or jurisdictional borders. This makes it difficult for any single national or regional legal framework to address cyberthreats effectively. What are the major challenges countries face in fighting cybercrime? How can countries deal with these challenges?
HLS 2008 Sessions on Cybersecurity IV • Be Safe Online: A Call to Action Objective: What can be done and what should be done to protect our most valuable resource – our children? The most vulnerable Internet users online are children. In industrialized countries, as many as 60% of children and teenagers use online chatrooms regularly, and evidence suggests that as many of three-quarters of these may be willing to share personal information in exchange for online goods and services. In some countries, as many as one in five children may be targeted by a predator or paedophile each year. These trends are increasingly true in many emerging and developing countries as well.
HLS 2008 Sessions on Cybersecurity V • ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity Objective: How the framework and expert proposals developed within the GCA can help countries promote cybersecurity. There are many valuable national and regional initiatives underway to promote cybersecurity. However, the growing global cyberthreats need a global basis on which they can be addressed. On 17 May 2007, the ITU Secretary-General Dr. Hamadoun Touré launched the Global Cybersecurity Agenda (GCA) as a framework for international cooperation to promote cybersecurity and enhance confidence and security in the information society. The GCA seeks to encourage collaboration amongst all relevant partners in building confidence and security in the use of ICTs.