ITU Workshop on ICT Security Standardization for Developing

ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15 -16 September 2014) ITU-T Study Group 17 Security Arkadiy Kremer ITU-T SG 17 chairman kremer@rans. ru Geneva, Switzerland, 15 -16 September 2014

Strategic Goal of ITU-T* To develop interoperable, nondiscriminatory international standards (ITU-T Recommendations) To assist in bridging the standardization gap between developed and developing countries To extend and facilitate international cooperation among international and regional standardization bodies *ITU Plenary Plenipotentiary Conference Resolution 71 Geneva, Switzerland, 15 -16 September 2014 2

ITU-T Study Group 17, Security Primary focus is to build confidence and security in the use of Information and Communication Technologies (ICTs) cybersecurity, CYBEX, cloud computing security, identity management, protection of PII, PKI and PMI, Information security management, countering spam, security architecture, security of applications, telebiometrics, Geneva, Switzerland, 15 -16 September 2014 security of services for: - the Internet of things, - smart grid, - mobile, smartphone, - IPTV, home network - web services, - social network, - mobile financial system, - transportation systems, also directory, OIDs, technical languages 3

ITU-T Study Group 17, Security § Lead Study Group in ITU-T for: Security § Identity management § Languages and description techniques With responsibilities for the study of the appropriate core Questions and to define and maintain the overall framework and to coordinate, assign and prioritize the studies with others § § Parent Study Group for two JCAs: Identity management § Child online protection Joint Coordination Activities aim mainly at improving and planning. Geneva, Switzerland, 15 -16 Septembercoordination 2014 § 4

ITU-T Study Group 17, Security § § § Meets twice a year; last meeting had 145 participants Responsible for 325 Recommendations, 20 Supplements and 3 Implementer’s Guides 76 new or revised Recommendations and other texts are under development for approval in September 2014 or later Manual on Security in Telecommunications and Information Technology provides a broad introduction to the security work of ITU-T. http: //www. itu. int/pub/T-HDB-SEC. 05 -2011 Work organized into 5 Working Parties with 12 Questions Geneva, Switzerland, 15 -16 September 2014 5

SG 17, Security WP 2/17 WP 3/17 WP 4/17 WP 5/17 Fundamental security Network and information security Id. M + Cloud computing security Application security Formal languages Q 1/17 Q 4/17 Q 8/17 Q 11/17 Telecom. /ICT security coordination Cybersecurity Cloud Computing Security Q 6/17 Ubiquitous services Directory, PKI, PMI, ASN. 1, OID, ODP, OSI Q 2/17 Q 5/17 Q 10/17 Q 7/17 Q 12/17 Security architecture & framework Countering spam Id. M Secure applications services Languages & Testing WP 1/17 Q 3/17 Information security management Q 9/17 Telebiometrics

Examples of SG 17 Standards Security Rec. ITU-T X. 509 – Public key and attribute certificate frameworks Rec. ITU-T X. 805 – Security architecture for systems providing end-to-end communications Rec. ITU-T X. 1037 – IPv 6 technical security guidelines Rec. ITU-T X. 1205 – Overview of Cybersecurity Rec. ITU-T X. 1303 bis – Common alerting protocol Rec. ITU-T X. 1500 -series – Cybersecurity Information exchange (CYBEX) Geneva, Switzerland, 15 -16 September 2014 7

Examples of SG 17 Standards Identity Management (Id. M) Rec. ITU-T X. 1252 – Baseline identity management terms and definitions Rec. ITU-T X. 1255 – Framework for discovery of identity management information Languages and description techniques Rec. ITU-T X. 660 - General procedures and top arcs of the international object identifier tree Rec. ITU-T X. 680 – Abstract Syntax Notation One Geneva, Switzerland, 15 -16 September 2014 8

Standardization Challenges § § The primary challenges are the time it takes to develop a standard (compared to the speed of technological change and the emergence of new threats) and the shortage of skilled and available resources. We must work quickly to respond to the rapidly-evolving technical and threat environment but we must also ensure that the standards we produce are given sufficient consideration and review to ensure that they are complete and effective. Geneva, Switzerland, 15 -16 September 2014 9

Coordination with other bodies ITU-T Study Group 17 Security ITU-D, ITU-R, 10/93

Examples of Collaboration With ISO/IEC JTC 1/SC 27: EAAF: ITU-T X. 1254 | ISO/IEC 29115 ISMS-T: ITU-T X. 1051 | ISO/IEC 27011 With OASIS: CAP: ITU-T X. 1303 bis | OASIS CAP v 1. 2 XACML: ITU-T X. 1144 | OASIS XACML 3. 0 With IETF: IODEF: ITU-T X. 1541 | IETF RFC 5070 RID: ITU-T X. 1580 | IETF RFC 6545 Geneva, Switzerland, 15 -16 September 2014 11

Examples of Collaboration With ISO/IEC JTC 1/SC 6: PKI: ITU-T X. 509 | ISO/IEC 9594 -8 USN: ITU-T X. 1311 | ISO/IEC 29180 OID: ITU-T X. 660 | ISO/IEC 9834 -1 ASN. 1: ITU-T X. 680 | ISO/IEC 8824 -1 With ETSI TC MTS: TTCN-3: ITU-T Z. 161 | ETSI ES 201873 -1 With ISO/IEC JTC 1/SC 37: BIO-API: ITU-T X. 1083 | ISO/IEC 24708 Geneva, Switzerland, 15 -16 September 2014 12

Collaboration Study Group 17 has a strong record of collaboration with other bodies. We are interested in extending our cooperation and collaboration with other standards bodies in security areas of common interest We welcome identification of specific topics for collaboration Geneva, Switzerland, 15 -16 September 2014 13

Developing Countries We must recognize and respect the differences in developing countries respective environments: their telecom infrastructures may be at different levels of development from those of the developed countries; their ability to participate in, and contribute directly to the security standards work may be limited by economic and other considerations; and their needs and priorities may be quite different Geneva, Switzerland, 15 -16 September 2014 14

Study Group 17 Geneva, Switzerland, 15 -16 September 2014 * Average over last 7 meetings 15

Study Group 17 Leadership Geneva, Switzerland, 15 -16 September 2014 16

Summary Study Group 17, with its strong engagement of developing countries, is pleased to collaborate on ICT security standardization with other bodies in areas of common interest for mutual benefit Geneva, Switzerland, 15 -16 September 2014 17

Reference links § § § § Webpage for ITU-T Study Group 17 • http: //itu. int/ITU-T/studygroups/com 17 Webpage on ICT security standard roadmap • http: //itu. int/ITU-T/studygroups/com 17/ict Webpage for JCA on identity management • http: //www. itu. int/en/ITU-T/jca/idm Webpage for JCA on child online protection • http: //www. itu. int/en/ITU-T/jca/COP Webpage on lead study group on security • http: //itu. int/en/ITU-T/studygroups/com 17/Pages/telesecurity. aspx Webpage on lead study group on identity management • http: //itu. int/en/ITU-T/studygroups/com 17/Pages/idm. aspx Webpage on lead study group on languages and description techniques • http: //itu. int/en/ITU-T/studygroups/com 17/Pages/ldt. aspx ITU Security Manual: Security in Telecommunications and Information Technology • http: //www. itu. int/pub/T-HDB-SEC. 05 -2011 Geneva, Switzerland, 15 -16 September 2014 18