security / cybersecurity

Download Security / Cybersecurity

Post on 14-Jan-2016




2 download

Embed Size (px)


Security / Cybersecurity. ITU Herbert Bertine, Chairman ITU-T Study Group 17. Submission Date: July 1, 2008. Strategic Direction. Cybersecurity – one of the top priorities of the ITU - PowerPoint PPT Presentation


  • Security / CybersecurityITU

    Herbert Bertine, Chairman ITU-T Study Group 17Submission Date: July 1, 2008


  • Strategic DirectionCybersecurity one of the top priorities of the ITUPlenipotentiary Resolution 140 (2006), ITUs role in implementing the outcomes of the World Summit on the Information Society The important moderator/facilitator role of ITU in action line C5 (building confidence and security in the use of ICTs).Plenipotentiary Resolution 149 (2006), Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies WTSA-04 Resolution 50, Cybersecurity Instructs the Director of TSB to develop a plan to undertake evaluations of ITU-T existing and evolving Recommendations, and especially signalling and communications protocol Recommendations with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deploymentWTSA-04 Resolution 51, Combating spam Instructs the Director of TSB to prepare urgently a report to the Council on relevant ITU and other international initiatives for countering spam, and to propose possible follow-up actions - DoneWTSA-04 Resolution 52, Countering spam by technical means Instructs relevant study groups to develop, as a matter of urgency, technical Recommendations, including required definitions, on countering spam

  • Highlights of current activities (1)ITU Global Cybersecurity Agenda (GCA)A Framework for international cooperation in cybersecurityITU response to its role as sole Facilitator for WSIS Action Line C5Five key work areas: Legal, Technical, Organisational, Capacity Building, International Cooperation World renowned Group of High-Level Experts (HLEG) working on global strategies GCA/HLEG met 26 June 2008 to agree upon a set of recommendations on all five work areas for presentation to ITU Secretary-GeneralISO/IEC/ITU-T Strategic Advisory Group on SecurityCoordinates security work and identifies areas where new standardization initiatives may be warranted. Portal established. Workshops conducted.Identity ManagementEffort jump started by IdM Focus Group which produced 6 substantial reports (265 pages) in 9 monthsJCA IdM and IDM-GSI established main work is in SGs 17 and 13First IdM Recommendation X.1250, Requirements for global identity management trust and interoperability - now in approval process

  • Highlights of current activities (2)Core security (SG 17)Approved 14 texts in 2007, 17 so far in 2008, 15 more for action in September 2008Summaries of Recommendations under development are available at: frameworks, cybersecurity, countering spam, home networks, mobile, web services, secure applications, ISMS, telebiometrics, etc.Work underway on additional topics including IPTV, multicast, and USN security; risk management and incident management; tracebackQuestionnaire issued to developing countries to ascertain their security needsUpdated security roadmap/database, compendia, manual; strengthened coordination Security for NGNY.2701, Security Requirements for NGN Release 1 - publishedY.2702, NGN authentication and authorization requirements determined

  • ChallengesAddressing security to enhance trust and confidence of users in networks, applications and servicesWith global cyberspace, what are the security priorities for the ITU with its government / private sector partnership?Need for top-down strategic direction to complement bottom-up, contribution-driven processBalance between centralized and distributed efforts on security standardsLegal and regulatory aspects of cybersecurity, spam, identity/privacyAddress full cycle vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning Agree uniform definitions of cybersecurity terms and definitionsMarketplace acceptance of Information Security Management System (ISMS) standards (ISO/IEC 27000-series and ITU-T X.1051) the security equivalent to ISO 9000-seriesEffective cooperation and collaboration across the many bodies doing cybersecurity workPSO help is needed in keeping security database up-to-dateInformal security experts network needs commitmentThere is no silver bullet for cybersecurity

  • Next Steps/Actions for ITU-TAll Study Groups have proposed Questions for next study periodMost study groups have Questions concerning securityQuestions are mainly evolution of existing work programSee Supplemental InformationThe World Telecommunication Standardization Assembly (WTSA) in October 2008 will make decisions on the priorities, work program (Questions) and organization of Study Groups, including security / cybersecurity workMeanwhile, the present work program continues under the current structure See Supplemental InformationE.g., Study Groups 17 and 13 will each meet in September to approve additional security RecommendationsA new edition of the ITU-T Security Manual is scheduled for October 2008

  • Proposed revision to ResolutionResolution GSC-12/19, CybersecurityAdd a new Resolves follows: 5) supply updated information on their security standards work for inclusion in the ICT Security Standards Roadmap, a database of security standards hosted by the ITU-T at:

  • Supplemental Information

    Supplemental Information

    Security activitiesITU General SecretariatTelecommunication Standardization Sector (ITU-T)Radiocommunication Sector (ITU-R)Telecommunication Development Sector (ITU-D)Useful web resources

  • Supplemental Information

    ITUGeneral SecretariatCorporate Strategy Division

  • A Framework for International Cooperation in Cybersecurity

  • Constant evolution of the nature of cyberthreatsIssues and Challenges

  • WSIS and CybersecurityStrengthening the trust framework, including information security and network security, authentication, privacy and consumer protection, is a prerequisite for the development of the Information Society and for building confidence among users of ICTs.

    WSIS Geneva Declaration of Principles, Para 35

    We reaffirm the necessity to further promote, develop and implement in cooperation with all stakeholders a global culture of cyber-security, as outlinedin UNGA Resolution 57/239 and other relevant regional frameworks.

    WSIS Tunis Agenda, Para 39Confidence and security are among the main pillars of the information society

  • ITUs Role as WSIS C5 FACILITATORAt the World Summit on the Information Society (WSIS), world leaders and governments entrusted ITU to take the leading role in coordinating international efforts on cyber-security, as the sole Facilitator of Action Line C5, Building confidence and security in the use of ICTs

    The International Telecommunication Union (ITU) provides the global perspective and expertise needed to meet the challenges, with a track record of brokering agreements between public and private interests on a level playing field ever since its inception in 1865.Third Facilitation Meeting 22-23 May 2008, ITU Headquarters, Geneva

  • A Global Strategy for ActionThe strategy for a solution must identify those existing national, regional and international initiatives, work with all relevant players to identify priorities and bring partners together with the goal of proposing global solutions to address the global challenges we face today. A framework for international multi-stakeholder cooperation in cybersecurity ITU Response to its role as sole Facilitator for WSIS Action Line C5 World renowned Group of High Level Experts (HLEG) to develop global strategies Representing main stakeholder groups working towards the same goals: Developing harmonized global strategiesITU Global Cybersecurity Agenda (GCA)

  • GCA Work AreasGCA rests on five pillars or work areas:

    Legal Measures

    Technical and Procedural Measures

    Organizational Structures

    Capacity Building

    International Cooperation

  • Elaboration of global strategies for1 the development of a model cybercrime legislation 2 the creation of appropriate national and regional organizational structures and policies on cybercrime 3 the establishment of security criteria and accreditation schemes for software applications and systems 4 the creation of a global framework for watch, warning and incident response 5 the creation and endorsement of a generic and universal digital identity system6 the facilitation of human and institutional capacity-building7 international cooperation, dialogue and coordinationHigh-Level Experts Group (GCA/HLEG)

  • Argentina Brazil Cameroon Canada China Egypt Estonia Germany Japan India Indonesia Italy Malaysia Morocco Portugal Republic of Lithuania Russian Federation Saudi Arabia South Africa Switzerland United States Ecole Polytechnique Fdrale de Lausanne (EPFL), Switzerland Information Security Institute, Australia Moscow Technical University of Communications, Russian Federation African Telecommunication Union (ATU) Asia Pacific Economic Cooperation Telecommunications (APECTEL) Commonwealth Telecommunications Organisations (CTO) Council of Europe Department of Economic and Social Affairs (DESA) European Information and Network Security Agency (ENISA) International Criminal Police Organization (Interpol) Organisation for Economic Co-operation and Development (OECD) Organisation International de la Francophonie Society for the Policing of Cybersp


View more >