1 / 179

ITU-T Study Group 17 Security

ITU-T Study Group 17 Security. An overview of ITU-T SG17 Heung Youl YOUM Chairman of ITU-T SG17. 22 January 2019. Contents. Mandate of ITU-T and of ITU-T Study Groups Importance of telecommunication/ICT security standardization

stash
Download Presentation

ITU-T Study Group 17 Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ITU-T Study Group 17 Security An overview of ITU-T SG17 Heung Youl YOUM Chairman of ITU-T SG17 22 January2019

  2. Contents • Mandate of ITU-T and of ITU-T Study Groups • Importance of telecommunication/ICT security standardization • ITU Plenipotentiary Conference (PP-18) actions on ICT security • World Telecommunications Standardization Assembly (WTSA-16) mandate for Study Group 17 • Study Group 17 overview • SG17 current activities • Security Coordination • Future meetings • Useful references • Backup – SG17 Security Recommendations

  3. Mandate of ITU-T and of ITU-T Study Groups • ITU-T Constitution Art. 17, Nos 104 The functions of the Telecommunication Standardization Sector shall be, bearing in mind the particular concerns of the developing countries, to fulfil the purposes of the Union relating to telecommunica­tion standardization, as stated in Article 1 of this Constitution, by studying technical, operating and tariff questionsand adopting recom­mendations on them with a view to standardizing telecommunications on a worldwide basis. • ITU Convention Art. 14 Nos 192 Telecommunication standardization study groups shallstudy questions adopted in accordance with a procedure established by the world telecommunication standardization assembly and prepare draft recommendations to be adopted in accordance with the procedure set forth in Nos. 246A to 247 of this Convention. • ITU Convention Art. 14 Nos 193 The study groups shall, […], study technical, operating and tariff questions and prepare recommendations on them with a view to standardizing telecommunications on a worldwide basis, […].

  4. Mandate of ITU-T and of ITU-T Study Groups • Importance of telecommunication/ICT security standardization • ITU Plenipotentiary Conference (PP-18) actions on ICT security • World Telecommunications Standardization Assembly (WTSA-16) mandate for Study Group 17 • Study Group 17 overview • SG17 current activities • Security Coordination • Future meetings • Useful references • Backup – SG17 Security Recommendations

  5. Why standardization for security? • National laws and regulations on security, are often very genericso as to withstand time and technological evolvement • National laws and regulations must be complimented with standards with technical, procedural and administrative (organizational) controls • Cyberspace doesn’t recognize national boundaries. Therefore security needs international standards • The development of standards in an open forum that comprises international security experts from a wide variety of environments and backgrounds provides the best possible opportunity to ensure relevant, complete and effective standards • SG17 is aplatformwhere such international security standards can be, and are being, developed

  6. Challenges of Security Standardization • Standardization is a costly process rather than a profit-generating one. It needs: • timeto develop a standard (compared to the speed of technological change and the emergence of new threats) • Competent experts with both technical, communication and negotiation skills • ((inter-)national) travels. • Esp. for developing countries: their telecom infrastructures may be at different levels of development from those of the developed countries; their ability to participate in, and contribute effectively to the security standards work may be limited by language, budget and other barriers; and their needs and priorities may be quite different.

  7. How ITU-T can help developing countries • ITU-T can help the developing countries by • fostering awareness of the work we are doing (and why we are doing it), • encouraging participation in our work, through fellowship to LDCs/LICs and electronic meeting facilities (e.g. webcasting, teleconferencing and remote participation) • most particularly, by encouraging them to articulate their concerns and priorities regarding the telecommunication/ICT security. • The members from the developed countries should not confuse their own needs with those of the developing countries, nor should they make assumptions about what the needs and priorities of the developing countries may be

  8. Challenges to SG17 • There had been too much focus on quantity (i.e. how many standards are produced) than on the quality and effectiveness of the work. • Going forward, we really need to know which standards are being used (and which are not being used), how widely they are used, and how effective they are. • The number of standards produced is irrelevant: what is important is the impact they have. • This is not going to be easy to determine but it would do much more to the ITU-T’s credibility if it could demonstrate the value and effectiveness of standards that have been developed rather than simply saying “we produced x number of standards”.

  9. Mandate of ITU-T and of ITU-T Study Groups • Importance of telecommunication/ICT security standardization • ITU Plenipotentiary Conference (PP-18) actions on ICT security • World Telecommunications Standardization Assembly (WTSA-16) mandate for Study Group 17 • Study Group 17 overview • SG17 current activities • Security Coordination • Future meetings • Useful references • Backup – SG17 Security Recommendations

  10. ITU Plenipotentiary Conference 2018 (1/2) Resolutionsrelated to security: • Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Res. 130) • instructs the Director of the Telecommunication Standardization Bureau • to address existing and future threats and vulnerabilities affecting efforts to build confidence and security in the use of ICTs, taking into account new services and emerging applications based on telecommunication/ICT networks, by developing reports or recommendations, as appropriate, … • The use of telecommunications/information and communication technologies for humanitarian assistance and for monitoring and management in emergency and disaster situations, including health-related emergencies, for early warning, prevention, mitigation and relief(Res. 136) • ITU's role in child online protection (Res. 179) • instructs the Director of the Telecommunication Standardization Bureau • to encourage the ITU‑T study groups, within the framework of their specific competencies, and considering new technological developments, to seek appropriate solutions to help governments, organizations and educators to protect children online • to promote cooperation among the ITU‑T study groups, and to liaise with the other Sectors as appropriate

  11. ITU Plenipotentiary Conference 2018 (2/2) • Combating counterfeit telecommunication/information and communication technology devices (Resolution 188) • Assisting Member States to combat and deter mobile device theft (Resolution 189) • Facilitating the Internet of Things and smart sustainable cities and communities(Resolution 197) • Creating an enabling environment for the deployment and use of information and communication technology applications (Resolution 201) New Resolutions: • ITU's role in fostering telecommunication/information and communication technology-centric innovation to support the digital economy and society (Resolution WGPL/2) • OTTs*(Resolution WGPL/3) • Encouraging the participation of small and medium enterprises in the work of the Union (Resolution COM5/3 ) * Over The Tops

  12. Mandate of ITU-T and of ITU-T Study Groups • Importance of telecommunication/ICT security standardization • ITU Plenipotentiary Conference (PP-18) actions on telecommunication/ICT security • World Telecommunications Standardization Assembly (WTSA-16) mandate for Study Group 17 • Study Group 17 overview • SG17 current activities • Security Coordination • Future meetings • Useful references • Backup – SG17 Security Recommendations

  13. ITU-T SG17 mandate established by World Telecommunication Standardization Assembly (WTSA-16) Title: Security Responsible for building confidence and security in the use of information and communication technologies (ICTs).This includes studies relating to cybersecurity, security management, countering spam and identity management. It also includes security architecture and framework, protection of personally identifiable information, and security of applications and services for the Internet of things (IoT), smart grid, smartphone, software defined networking (SDN), Internet Protocol television (IPTV), web services, social network, cloud computing, big data analytics, mobile financial system and telebiometrics. Also responsible for the application of open system communications, including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems and test specification languages in support of conformance testing to improve the quality of Recommendations.

  14. ITU-T SG17 mandate established by World Telecommunication Standardization Assembly (WTSA-16) Lead Study Group for: • Security • Identity management • Languages and description techniques • Responsible for specific E, F, X and Z series Recommendations • Responsible for 14 Questions • 12 Question approved by WTSA-16 • One Question on ITS security added at the 1st meeting of SG17 in this study period. The other Question on DLT security added at the 2nd meeting of SG17 in this study period.

  15. ITU-T SG17 Management Team (as appointed by WTSA-16) * Elected in the third SG17 meeting in this Study Period to replace Inette FUREY who retired.

  16. Mandate of ITU-T and of ITU-T Study Groups • Importance of telecommunication/ICT security standardization • ITU Plenipotentiary Conference (PP-18) actions on telecommunication/ICT security • World Telecommunications Standardization Assembly (WTSA-16) mandate for Study Group 17 • Study Group 17 overview • SG17 current activities • Security Coordination • Future meetings • Useful references • Backup – SG17 Security Recommendations

  17. ITU-T Study Group 17 Overview • General • Meets twice a year. 8 working days meeting, • At last Aug/Sept 2018 SG17 meeting there were 168 participantsfrom 37 Member States, 21 Sector Members, 4 Associates, and 2 Academia, 8 invited experts. • Results of Aug/Sept 2018 meeting: • Approval of 1 new Recommendations, Agreement of 1 new supplement, Determination of 3 Recommendations. • 19 texts consented and approved after LC • 25 new work items were added to the SG17 work programme. • Large program of work: • 78 (7+26+20+25) new work items were added to work program in this study period. • 132 new or revised Recommendations and other texts are currently under development, as of January 2019 • As of January 2019, SG17 is responsible for • 373 approved Recommendations, • 32 agreed Supplements and • 4 approved Implementer’s Guides in the E, F, X and Z series.

  18. SG17 – Mission 18/163 • Building confidence and security in the use of information and communication technologies (ICTs) is one of the top priorities of the ITU (PP-Res. 130, WSIS Action Line C5). • Strengthening the trust, authentication, and protection of personally identifiable information is a prerequisite for the development of the Information Society and for building confidence among users of ICTs. • Security of and for telecommunications and Information and Communication Technologies (ICT security) remains an area where technical security standards will be needed. • New emerging technologies such as cloud computing, smart grid, ITS, 5G, Network 2030, SDN, NFV, Big Data analytics, AI-enabled cybersecurity, QKD, and IoT, need technical, organizational, and physical measures to protect PII of individuals, as well as comprehensive countermeasures to protect children online. • New security approaches to adequately address emerging security threats should be addressed.

  19. Foundation of SG17 • Study Group 17’s work on security has achieved remarkable growth throughout past and this study period resulting in a center of excellence – a core competency in security. • Study Group 17 is the Standardization Sector’s lead study group in security; is the right place for international inter-governmental security standardization. • The work of SG17 has been maintained effectively throughout past and this study periods. • A foundation of security Recommendations has been established, collaboration arrangements with other bodies are in place, and an ongoing work program of security Questions for this study period.

  20. Study Group 17 is the Lead Study Group on:● Security● Identity management (IdM)● Languages and description techniques • A study group may be designated by WTSA or TSAG as the lead study group for ITU‑T studies forming a defined programme of work involving a number of study groups. • This lead study group is responsible for the study of the appropriate core Questions. • In addition, in consultation with the relevant study groups and in collaboration, where appropriate, with other standards bodies, the lead study group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations. * Extracted from WTSA-16 Resolution 1

  21. SG17 is “Parent” for Joint Coordination Activities (JCAs) on:● Identity management● Child online protection • A joint coordination activity (JCA) is a tool for management of the work programme of ITU-T when there is a need to address a broad subject covering the area of competence of more than one study group. A JCA may help to coordinate the planned work effort in terms of subject matter, time-frames for meetings, collocated meetings where necessary and publication goals including, where appropriate, release planning of the resulting Recommendations. • The establishment of a JCA aims mainly at improving coordination and planning. The work itself will continue to be conducted by the relevant study groups and the results are subject to the normal approval processes within each study group.A JCA may identify technical and strategic issues within the scope of its coordination role, but will not perform technical studies nor write Recommendations. A JCA may also address coordination of activities with recognized standards development organizations (SDOs) and forums, including periodic discussion of work plans and schedules of deliverables. The study groups take JCA suggestions into consideration as they carry out their work. * Extracted from Recommendation ITU-T A.1

  22. ITU-T Joint Coordination Activity on Identity Management (JCA-IdM) - revised ToR and endorsed its continuation by May 2017 TSAG meeting • Coordinates the ITU-T identity management (IdM) work. • Ensures that the ITU-T IdM work is progressed in a well-coordinated way between study groups, in particular with SG2, SG13, SG15, SG16, and SG20. • Analyzes IdM standardization items and coordinates an associated roadmap with ITU-T Q10/17. • Acts as a point of contact within ITU-T and with other SDOs/Fora on IdM in order to avoid duplication of work and assist in implementing the IdM tasks assigned by WTSA-16 Resolution 2 and in implementing GSC-17 Resolution 4 on identity management. • In carrying out the JCA-IdM’s external collaboration role, representatives from other relevant recognized SDOs/Fora and regional/national organizations may be invited to join the JCA-IdM. • Maintains IdM roadmap and landscape document/WIKI. JCA-IdM co-chairmen: Mr Abbie Barbir, Mr Hiroshi Takechi, Keundug Park

  23. IdM Coordination with other bodies ITU-T JCA-IdM ITU-T SGx 26/179

  24. ITU-T Joint Coordination Activity on Child Online Protection (JCA-COP)– designated as dormant in the first meeting of SG17 in this study period and endorsed its continuation by May 2017 TSAG meeting Purpose and objectives: • Coordinates activity on COP across ITU-T study groups, in particular Study Groups 2, 9, 13, 15, 16 and 17, and coordinates with ITU-R, ITU-D and the Council Working Group on Child Online Protection • Provides a visible contact point for COP in ITU-T • Cooperates with external bodies working in the field of COP, and enables effective two-way communication with these bodies Tasks: • Maintain a list of representatives for COP in each study group • Exchange information relevant to COP between all stakeholders; e.g. information from: • Member States on their national efforts to develop COP related technical approaches and standards • NGOs on their COP activities and on COP information repositories • GSMA on an industry perspective on COP • Promote a coordinated approach towards any identified and necessary areas of standardization • Address coordination of activity with relevant SDOs and forums, including periodic discussion of work plans and schedules of deliverables on COP (if any) JCA-COP Chairman: Vacant

  25. Coordination on Child Online Protection ITU-T JCA-COP - ITU Member States - ITU-T SGx, JCA-AHF - ITU CWG COP - ITU-R, ITU-D

  26. ITU-T SG17 Regional Group for Africa (SG17RG-AFR) • The main objective of the Regional Group will be to encourage national authorities and operators from countries in Africa to work together and better contribute to ITU-T SG17 activities in general and in particular in line with the SG17 mandate. • To encourage active participation of African administrations, regulators and operators in the work ofITU-T SG17 and to report periodically the outcomes and deliverables • To facilitate the participation of Member States and Sector Members of the African region in ITU-T meetings related to ICT security • To encourage African countries to contribute actively in developing ITU-T security Recommendations work • … • See SG17-RG-AFR web page for more informationhttps://www.itu.int/en/ITU-T/studygroups/2017-2020/17/sg17rgafr/Pages/default.aspx.

  27. ITU-T SG17 Regional Group for Africa (SG17RG-AFR) • Second meeting: Khartoum, Sudan, 27 – 28 July 2016 • Hosted by National Telecommunication Corporation (NTC) • Preceded by a three day Joint ITU/ATU Workshop on "Cybersecurity Strategy in African Countries". • Attendance: 23 participants from 10 different countries • The meeting discussed one contribution and gave feedback for improvements. • SG17RG-AFR gathering for delegates from Africa region, FRI 25 Jan 2019, 16:30 – 17:30; chaired by Mr MuatazElsadig ISHAG.

  28. ITU-T SG17 Regional Group for Arab Region (SG17RG-ARB) • SG17 March 2017 meeting supported the proposed SG17RG-ARB and the first meeting was on December 2017 in Oman. • SG17RG-ARB’s main objective is to encourage national authorities and operators from Arab states to work together and better contribute to ITU-T SG17 activities in general and in particular in line with the SG17 mandate. • To encourage active participation of Arab administrations, regulators ,operators and industries in Rapporteur's meetings, workshops and other ITU-T SG17 events, taking into consideration their limited capabilities to attend SG17 meetings in Geneva; • To encourage discussions on ICT security challenges facing by member states and identify with other stakeholders the relevant priorities of the region in the field of security; • To encourage Arab countries to contribute actively to reflect Arab region’s real problems and needs in developing ITU-T security Recommendations; • To report periodically the outcomes and deliverables of ITU-T SG17 and similar technical bodies in order to disseminate and share best practice on security matters; • To strengthen standard-making capabilities within the Arab region in accordance with WTSA Resolution 44 on "Bridging the Standardization Gap" (Rev. Hammamet 2016); • To assist Arab administrations, regulators , operators and industries on the implementation of ITU-T Recommendations; • To identify training needs on ICT security for the operators and regulatory authorities in the region and coordinate the organization of technical tutorials in the region on such topics jointly with ITU-T SG17; • To facilitate collaboration between ITU-T SG17 and the ITU Arab regional office and other regional organizations in Arab region such as Arab Computer Emergency Response Teams (Arab-CERT) in matters relating to ICT security and Arab Information and Communication Technology Organization (AICTO);

  29. ITU-T SG17 Regional Group for Arab Region (SG17RG-ARB) • SG17-RG-AFR leadership • Cochairman: • MrsWalaLatrous, Tunisia • MrBader Essalihi, Director-General of Oman CERT and Head of ITU ARCC, Oman • SG17-RG-AFR vice chairmen: • MsAboucheChehrazed, PKI engineer, ARPT, Algeria • MsManelAbdelkader, AICTO • MsAlmansouryLaial, Kuwait

  30. ITU-T SG17 Regional Group for Arab Region (SG17RG-ARB) • First meeting: Muscat, Oman, 10 December 2017 • Hosted by Oman National CERT and the ITU Arab Regional Cybersecurity Center (ITU ARCC) • The SG17RG-ARB meeting was followed by a two-day first Arab-African Interregional Standardization Forum (ISF) for Bridging the Standardization Gap with a focus on PKI for e-trust in the hyperconnected world (11 - 12 December 2017). • Attendance: 28 participants from 7 different countries • The meeting discussed issues on BSG and SG17 overview. • The meeting agreed to establish the Management Team members for this study period Bridging standardization gap (BSG) training session by TSB • See SG17-RG-ARB web page for more information: https://www.itu.int/en/ITU-T/studygroups/2017-2020/17/sg17rgarb/Pages/default.aspx • 2nd meeting (planned): Kuwait, Kuwait, 25 October 2018 • During Regional Cybersecurity Week 2018 for the Arab Region: Kuwait, 21-25 October 2018 • SG17RG-ARB gathering for delegates from Arab region, FRI 25 Jan 2019, 08:30 – 09:30; chaired by MsWala TURKI LATROUS.

  31. Participation of Governments in SG17

  32. Participation of Telecommunication Operatorsand Service Providers in SG17

  33. Participation of manufacturers, vendors, scientific or industrial organizations, Associates, and other entities dealing with telecommunication matters in SG17

  34. Participation of Universities, research establishments and Academia in SG17

  35. Hot Topics within Study Group 17 Identity management and telebiometrics Technical solution toolkit for trust Application security solutions Security management

  36. Hot Topics within Study Group 17 Biometric HW security module Entity authentication assurance Identity management and telebiometrics Smart metering security in Smart-grid for HAN Anti-spam Trust elevation protocol Cyber security CYBEX Technical solution toolkit for trust Smart-grid for HAN CMS profile Authentication using bio signals IoT security PKI Quantities + Units for physics/ chemistry/ biology/ culturology/ psychology,and secure holo/ biosphere Telebio-metric authenti-cation using anti-spoofing ITS security 5G security Mobile (phone) security SDN security Security requirementsBig Data analytics Hybrid authentic-cation and key management Security for cloud computing CaaS/NaaS/ BDaaS Risk manag. Code of practice for PII protections Application security solutions Security management De-identification processing DLT security Online analytics reference monitor for big data PII code of practice for ISM SME security manag. Security reference architecture for lifecycle mgtof e-commerce business data Security architecture for network operators Tele. Security management VoLTE security

  37. Current and candidate future topics within Study Group 17 RCS messaging anti-spam Identity management and telebiometrics Big Data & digital identity Secure Quantum Comm. Techn. aspects for IP traceback Technical solution toolkit for trust Beyond 5G security IdM for IoT PKI for IoT Secure SW update for IoT Biology-to Machine (B2M) protocol FIDO biometric authentication Security for IPv6 migration with NAT PKI for smart-grid Cyber Defense Center Big Data security + PII/PET OTT security NFV security Application security solutions Security management New VoIP security mechanism hybrid authentication andkey management mechanisms with unbalanced computational capability comm. security for adv. metering infrastructure in smart-grids Cybersecurity framework ISM for “cyber-resilient” orgs

  38. Mandate of ITU-T and of ITU-T Study Groups • Importance of telecommunication/ICT security standardization • ITU Plenipotentiary Conference (PP-18) actions on telecommunication/ICT security • World Telecommunications Standardization Assembly (WTSA-16) mandate for Study Group 17 • Study Group 17 overview • SG17 current activities • Security Coordination • Future meetings • Useful references • Backup – SG17 Security Recommendations

  39. ITU-T Study Group 17 Overview • Work organized into 4 Working Parties with 14 Questions including one Question for coordination. • 1 Correspondence Group,3 interim Rapporteur groups meetings took placesince last Aug/Sept 2018 SG17 meeting • See SG17 web page for more informationhttp://itu.int/ITU-T/go/sg17

  40. ITU-T SG17, Security Study Group 17 WP 1/17 Telecom/ICT Security WP 2/17 Cyberspace Security WP 3/17 Application Security WP 4/17 Identity Management & Authentication Q1/17 Security Coordination Q2/17 Security architecture Q4/17 Cybersecurity Q7/17 Secure application services Q9/17 Telebiometrics Q3/17 Security Management Q5/17 Countering spam Q8/17 Cloud Computing Security Q10/17 IdM Q14/17 DLT Security Q12/17 Languages + Testing Q11/17 Directory, PKI, PMI, ODP, ASN.1, OID, OSI Q6/17 Service Security Established March 2017 Established September 2017 Q13/17 ITS Security

  41. SG17 Working Party Structure • WP 1 “Telecom/ICT security” • Q2/17 Security architecture and framework • Q3/17 Telecommunication information security management • Q6/17 Security aspects of telecommunication services, networks and Internet of Things • Q13/17 Security aspects for Intelligent Transport System • WP 2 “Cyberspace security” • Q4/17 Cybersecurity • Q5/17 Countering spam by technical means • Q14/17 Security aspects for distributed ledger technologies • WP 3 “Application security” • Q7/17 Secure application services • Q8/17 Cloud computing security • Q12/17 Formal languages for telecommunication software and testing • WP 4 “Identity Management & Authentication” • Q9/17 Telebiometrics • Q10/17 Identity management architecture and mechanisms • Q11/17 Generic technologies to support secure applications • Q1/17 Telecommunication/ICT security coordination

  42. Questions/WPs in ITU-T SG17 Telecommunication/ICT security coordination Q1/17 Security aspects for Distributed Ledger Technologies Q14 Cyber security Q10 Countering spam by technical means Q9/17 Q4/17 Q5/17 Q11 Generic technologies to support secure applications Tele-biometrics Identity management architecture and mechanisms WP 2 “Cyberspace security” WP 4 “Identity Management & Authentication” Q8 Q12 Telecommunication information security management Security aspects of telecommunication services, networks and Internet of Things Secure application service Security architecture and framework Q7 Security aspects of Intelligent transport system Cloud computing security Q3 Formal languages for telecommunication software and testing Q13 Q2 Q6 WP 3 “Service and application security” WP 1 “Telecom/ICT security”

  43. Question 1/17 - Telecommunication/ICT security coordination • Security Coordination • Coordinate security matters within SG17, with ITU-T SGs, ITU-D, ITU-Rand externally with other SDOs • Maintain reference information on LSG security webpage • Lead Study Group on Security • Manage SG17 efforts as the ITU-T lead study group on security • ICT Security Standards Roadmap • Searchable database of approved ICT security standards from ITU-T, ISO/IEC, ETSI, IETF and others • Security Compendium • Catalogue of approved security-related Recommendations and security definitions extracted from approved Recommendations • ITU-T Security Manual • 6theditionwas published as a Technical Report in October 2015 • 7theditionunder development • Technical Report on the successful use of security standards

  44. Question 1/17 (cnt’d) - Telecommunication/ICT security coordination • SG17 Strategic Plan / Vision for SG17 • Internal SG17 Coordination • Security coordination session across all Questions at SG17 meetings • Regional and sub-regional coordinators for SG17 • Actions/achievements in support of WTSA, PP, WTDC Resolutions • Quality of SG17 work • Templates for Agenda of Questions; for CG Reports; and for new work items • Promotion (ITU-T security work and attract participation) • Security Workshops • Bridging the standardization gap • Regional Groups • For Africa • For Arab region • Rapporteur: Ms Wala Turki LATROUS

  45. Working Party 1/17 - Telecom/ICT security Chairman: Yutaka Miyake Vice-chairman: Mr. Vasily DOLMATOV/Mr. Gokhan EVREN Q2/17Security Architecture and Framework Q3/17 Telecommunication Information Security management Q6/17 Security aspects of telecommunication services, networks and Internet of Things Q13/17Security aspects for Intelligent Transport System

  46. Question 2/17 - Security Architecture and Framework • Responsible for general security architecture and framework for telecommunication systems • In the last study period, Q2/17 has developed four new Recommendations (X.1033, X.1037, X.1038, X.1039), and one new supplement (X.Suppl.23). • In this study period, Q2/17 has developed 2 new Recommendations and 1 new Supplement: • X.1041(voLTEsec-1), Security framework for voice-over-long-term-evolution (VoLTE) network operation • X.1040(ex X.salcm), Security reference architecture for lifecycle management of e-commerce business data • X.Sup30 (ex X.sup-sgmvno), Supplement 30 to ITU-T X-series Recommendations - ITU-T X.805 Security guidelines for mobile virtual network operators • Recommendations currently under study include: • X.sdnsec-3, Security guideline of Service Function Chain based on software defined network (to be consented at this meeting) • X.srnv, Security Requirements of Network Virtualization • X.ssc, Security Service Chain Architecture • X.SDSec, Guideline on Software-defined Security in Software-defined Networking/Network Function Virtualization Network • Relationships with ISO/IEC JTC 1 SCs 27 and 37, IEC TC 25, ISO TC 12, IETF, ATIS, ETSI, 3GPP, 3GPP2 • Co-Rapporteurs: Ms Zhiyuan HU, Heung Ryong OH

  47. Question 3/17 - Telecommunication information security management • Responsible for information security management - X.1051, X.1058 etc. • In the last study period, Q3/17 has developed one revised Recommendation (X.1051), and one new Supplement (X.Suppl.27). • New Recommendations approved and Supplement agreed in this study period • X.1058 (ex X.gpim), Code of practice for PII protection • X.Suppl-32 (ex X.sup-gpim), ITU-T X.1058 - Code of practice for personally identifiable information protection for telecommunications organizations • X.1053 (ex X.sgsm), Code of practice for information security controls based on ITU-T X.1051 for small and medium-sized telecommunication organizations • X.Suppl.13, Revision of Supplement 13 • Texts currently under study include: • X.grm, Risk management implementation guidance on the assets of telecommunication organizations accessible by global IP-based networks (to be consented at this meeting) • X.1052-rev, Organization information security management guideline • X.1054-rev, Information technology - Security techniques - Governance of information security • X.framcdc, Framework of creation and operation for a Cyber Defence Center • X.sup-myuc, Code of practice for information security control base on ITU-T X.1051 for Malaysian telecommunications organizations information and network security management (to be agreed at this meeting) • X.sup-csc, Critical security controls for telecommunication organization information and network security management in support of ITU-T X.1051 (NWIP at Aug/Sept 2018 SG17 meeting) • Close collaboration with ISO/IEC JTC 1/SC 27 • Rapporteur: Ms Miho NAGANUMA

  48. Question 6/17 - Security aspects of telecommunication services, networks and Internet of Things • Responsible for multicast security, home network security, mobile security, networked ID security, IPTV security, ubiquitous sensor network security, intelligent transport system security, and smart grid security. • In the last study period, Q6/17 has developed 2 new Recommendations (X.1198, X.1314), 2 technical corrigenda (X.1311 Cor.1, X.1314 Cor.1),and 3new supplements (X.Suppl.19, X.Suppl.24, X.Suppl.26). • In this study period, Q6/17 has developed 6 new Recommendations (X.1126, X.1127, X.1331, X.1361, X.1362) and one new Supplement (X.Suppl.26 Cor.1). • Recommendations currently under study include: • X.1042 (ex X.sdnsec-1), Security services using software-defined networking (to be approved at this meeting) • X.sgsec-3, Security guidelines for smart metering service in smart grids • X.iotsec-3, Technical framework of PII (Personally Identifiable Information) handling system in IoTenvironment (to be determined at this meeting) • X.ibc-iot, Security Requirements and Framework of Using Identity-Based Cryptography Mechanism in Internet of Things • X.nb-iot, Security Requirements and Framework for Narrow Band Internet of Things • X.secup-iot, Secure Software Update for IoTdevices (to be determined at this meeting) • X.ssp-iot, Security Requirements and Framework for IoT Service Platform • X.5Gsec-q, Security guidelines for applying quantum-safe algorithms in 5G systems • X.5Gsec-t, Security framework based on trust relationship in 5G ecosystem (NWIP at Aug/Sept 2018 SG17 meeting) • X.strvms, Security threats and requirements for video management system • X.iotsec-4, Security requirements for IoT devices and gateway (NWIP at Aug/Sept 2018 SG17 meeting) • X.ams-iot, Aggregate message authentication scheme with group authentication capability for IoT environment (NWIP at Aug/Sept 2018 SG17 meeting) • X.elf-iot, Standard format of IoT error logs for security incident operations (NWIP at Aug/Sept 2018 SG17 meeting) • X.sc-iot, Security Controls for Internet of Things (IoT) systems (NWIP at Aug/Sept 2018 SG17 meeting) • Close relationship with JCA-IMT2020 on IMT 2000 • Co-Rapporteur: Mr Jonghyun BAEK and Ms Min Zou

  49. Question 6/17 - scope Mobile Network Home Network Home Gateway Mobile security/5G security (X.1121, X.1122, X.1123, X.1124, X.1115) Home network/smart grid security (X.1111, X.1112, X.1113) Network(SDN) Open Network STB IPTV security/Multicast security(X.1191) Content Provider IoT USN Application Server IoTgateway IoTsecurity NID security (X.1171) NID tag NID Application Server NID reader

  50. Summary of agreements between ITU-T Study Groups 17 and 20 on IoT security studies • TSAG agreed mechanisms for collaboration between SG17 and SG20 • Colocation of meetings • Correspondence group/e-meetings • Joint rapporteur group meetings • Workshops and tutorials • Standardization Roadmap on Security and Privacy for IoT (IoTsec) • SG20 and SG17 maintain a document of standardization activities on Security and Privacy for IoT that outlines: • Potential topics/aspects for standardization and the time planning. • New and ongoing work items related to IoT/SCC security in SG17 and SG20. • ITU-T Recommendations relevant to IoT/SCC security.

More Related