Arkadiy KremerChairman ITU-T Study Group 17.ppt

1、Arkadiy Kremer Chairman ITU-T Study Group 17,Session 2: Role of Standardization in Cybersecurity,ITU Open Forum on Cybersecurity, 6 December 2008,“We have received a strong message from our members that ITU is, and will remain the worlds pre-eminent global telecommunication and ICT standards body. A

2、nd we hear also, and very clearly, that ITU should continue on its mission to connect the world, and that bringing the standardization gap, by increasing developing country participation in our work, is an essential prerequisite to achieve this goal”.Malcolm Johnson, TSB Director(Closing speech at t

3、he WTSA-08),2 of 23,ITU Open Forum on Cybersecurity, 6 December 2008,Strategic direction,WSIS Action Line C5, Building confidence and security in use of ICTs WTSA-08 Resolution 50, Cybersecurity Resolves “that ITU-T continue to evaluate existing and evolving new Recommendations, and especially signa

4、ling and telecommunication protocol Recommendations, with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment in the global information and telecommunication infrastructure”. WTSA-08 Resolution 52, Countering and

5、combating spam Instructs ITU-T study groups “to continue collaboration with the relevant organizations (e.g., IETF), in order to continue developing, as a matter of urgency, technical Recommendations with a view to exchanging best practices and disseminating information through joint workshops, trai

6、ning sessions, etc.“,3 of 23,ITU Open Forum on Cybersecurity, 6 December 2008,Strategic direction (cont.),4 of 23,Plenipotentiary Resolution 130, Strengthening the role of ITU in building confidence and security in the use of information and communication technologies Instructs Director of TSB to in

7、tensify work in study groups, address threats & vulnerabilities, collaborate, and share information Plenipotentiary Resolution 149, Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies - Instructs Council to study

8、terminology ITU Global Cybersecurity Agenda. Key work areas: Legal Measures, Technical and Procedural Measures, Organizational Structures, Capacity Building, International Cooperation. World renowned Group of High-Level Experts report to ITU Secretary General contains recommendations in each of the

9、five areas,ITU Open Forum on Cybersecurity, 6 December 2008,Coordination,5 of 23,ISO/IEC/ITU-T Strategic Advisory Group Security Oversees standardization activities in ISO, IEC and ITU-T relevant to security; provides advice and guidance relative to coordination of security work; and, in particular,

10、 identifies areas where new standardization initiatives may be warranted (portal established, workshops conducted) Global Standards Collaboration ITU and participating standards organizations exchange information on the progress of standards development in the different regions and collaborate in pl

11、anning future standards development to gain synergy and to reduce duplication. GSC-13 resolutions concerning security include Cybersecurity (13/11), Identity Management (13/04), Network aspects of identification systems (13/03), Personally Identifiable Information protection (13/25).,ITU Open Forum

12、on Cybersecurity, 6 December 2008,ITU-T security activities,6 of 23,Study Group 17 is the lead study group in the ITU-T for security responsible for: Coordination of security work Development of core Recommendations Most of the other study groups have responsibilities for standardizing security aspe

13、cts specific to their technologies (TMN security, IPCablecom security, NGN security, Multimedia security, etc.),ITU Open Forum on Cybersecurity, 6 December 2008,SG 17 Security Project,7 of 23,Security Coordination Within SG 17, with ITU-T SGs, with ITU-D and externally Kept others informed - TSAG, I

14、GF, ISO/IEC/ITU-T SAG-S Made presentations to workshops/seminars and to GSC Maintained reference information on LSG security webpage Security Compendium Includes catalogs of approved security-related Recommendations and security definitions extracted from approved Recommendations Security Standards

15、Roadmap Includes searchable database of approved ICT security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS) ITU-T Security Manual assisted in its development,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations,8 of 23,Strong ramp-up on developing

16、core security Recommendations in SG 17 14 approved in 2007 27 approved in 2008 44 under development for approval next study period Subjects include: Architecture and Frameworks Web services Directory Identity management Risk management Cybersecurity Incident management Mobile security Countering spa

17、m Security management Secure applications Telebiometrics Ubiquitous Telecommunication services SOA security Ramping up on: Multicast Traceback Ubiquitous sensor networks Collaboration with others on many items,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),9 o

18、f 23,ITU-T Recommendation X.1205 Overview of CybersecuritySummary This Recommendation provides a definition for Cybersecurity. The Recommendation provides taxonomy of security threats from an organization point of view. Cybersecurity threats and vulnerabilities including the most common hackers tool

19、s of the trade are presented. Threats are discussed at various network layers. Various Cybersecurity technologies that are available to remedy the threats are discussed including: routers, firewalls, antivirus protection, intrusion detection systems, intrusion protection systems, secure computing an

20、d audit and monitoring. Network protection principles such as defence in depth, access management with application to Cybersecurity are discussed. Risk management strategies and techniques are discussed including the value of training and education in protecting the network. Examples for securing va

21、rious network based on the discussed technologies are also discussed.,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),10 of 23,ITU-T Recommendation X.1206 A vendor-neutral framework for automatic notification of security related information and dissemination of

22、 updatesSummary This Recommendation provides a framework for automatic notification of security related information and dissemination of updates. The key point of the framework is that it is a vendor-neutral framework. Once an Asset is registered, updates on vulnerabilities information and patches o

23、r updates can be automatically made available to the users or directly to applications regarding the Asset.,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),11 of 23,Recommendation ITU-T X.1207 Guidelines for telecommunication service providers for addressing th

24、e risk of spyware and potentially unwanted softwareSummary Recommendation ITU-T X.1207 provides guidelines for telecommunication service providers (TSPs) for addressing the risks of spyware and potentially unwanted software. This Recommendation promotes best practices around principles of clear noti

25、ces and users consents and controls for TSP web hosting services. This Recommendation develops and promotes best practices to users on personal computer (PC) security, including use of anti-spyware, anti-virus, personal firewall and security software updates on client systems.,ITU Open Forum on Cybe

26、rsecurity, 6 December 2008,Core Security Recommendations (cont.),12 of 23,ITU-T Recommendation X.1231 Technical Strategies on Countering SpamSummary This Recommendation emphasizes technical strategies on countering spam, and includes general characteristics of spam and main objectives of countering

27、spam as well. Furthermore, recognizing that there is no single solution to resolve the spam problem, this Recommendation also provides a checklist to evaluate promising tools for countering Spam.,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),13 of 23,ITU-T Re

28、commendation X.1240 Technologies involved in countering email spamSummary This Recommendation specifies basic concepts, characteristics, and effects of email spam, and technologies involved in countering email spam. It also introduces the current technical solutions and related activities from vario

29、us standard development organizations and relevant organizations on countering email spam. It provides guidelines and information to the users who want to develop technical solutions on countering email spam. This Recommendation will be used as a basis for further development of technical Recommenda

30、tions on countering email spam.,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),14 of 23,ITU-T Recommendation X.1241 Technical framework for countering email spam Summary This Recommendation provides a technical framework for countering email spam. The framewor

31、k describes one recommended structure of an anti-spam Processing Domain, and defined function of major modules in it. The key point of the framework is that it establishes a mechanism to share information about email spam between different email servers. Systems follow the framework would improve ef

32、ficiency through interconnection,ITU Open Forum on Cybersecurity, 6 December 2008,Core Security Recommendations (cont.),15 of 23,Recommendation ITU-T X.1244 Overall aspects of countering spam in IP-based multimedia applications Summary This Recommendation specifies the basic concepts, characteristic

33、s, and technical issues related to countering spam in IP multimedia applications such as IP telephony, instant messaging, etc. The various types of IP multimedia application spam are categorized, and each categorized group is described according to its characteristics. This Recommendation describes

34、various spam security threats that can cause IP multimedia application spam. There are various techniques developed to control the email spam which has become a social problem. Some of those techniques can be used in countering IP multimedia application spam. This Recommendation analyzes the convent

35、ional spam countering mechanisms and discusses their applicability to countering IP multimedia application spam. This Recommendation concludes by mentioning various aspects that should be considered in countering IP multimedia application spam.,ITU Open Forum on Cybersecurity, 6 December 2008,Identi

36、ty Management,16 of 23,Networks are increasingly distributed, converged, and packet based where access to services can be based on identity contexts and roles and accessed anywhere, anytime. Security and trust of identity information in this environment is significantly more complex. Users may have

37、multiple, context dependent “identities” Network services may require different identity trust levels Identity information is distributed throughout the network Old methods of managing of identity information are inadequate, may limit services, and cause significant cybersecurity problems Consequent

38、ly, a new, robust set of secure and trusted capabilities is needed i.e IdM,ITU Open Forum on Cybersecurity, 6 December 2008,IdM is a set of capabilities that,17 of 23,Attach identity data to a person, device, or application. Facilitate the secure storage, retrieval and secure exchange of identity da

39、ta.Provide significantly better identity lifecycle management. Can allow user control of personally identifiable information (PII).,ITU Open Forum on Cybersecurity, 6 December 2008,ITU-T work on IdM,18 of 23,Managing digital identities and personally identifiable information key aspect for improving

40、 security of networks and cyberspace Effort jump started by IdM Focus Group which produced 6 substantial reports (265 pages) in 9 months JCA-IdM and IdM-GSI established by TSAG in December 2007 Main work is in SGs 17 and 13 Intense work program, difficult First IdM Recommendations determined under T

41、AP: X.1250, Capabilities for global identity management trust and interoperability X.1251, A framework for user control of digital identity Y.2720, NGN identity management framework Many additional IdM Recommendations are under development Working collaboratively with other key bodies including: ISO

42、/IEC JTC 1/SC 27, Liberty Alliance, FIDIS, OASIS,ITU Open Forum on Cybersecurity, 6 December 2008,Challenges,19 of 23,Addressing security to enhance trust and confidence of users in networks, applications and services Balance between centralized and distributed efforts on developing security standar

43、ds Legal and regulatory aspects of cybersecurity, spam, identity/privacy Address full cycle vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning Uniform definitions of cybersecurity terms and definitions Effective cooperation and collaborati

44、on across the many bodies doing cybersecurity work within the ITU and with external organizations Keeping ICT security database up-to-date,ITU Open Forum on Cybersecurity, 6 December 2008,Challenges (cont.),20 of 23,There are a number of standards in field of security of telecommunication and inform

45、ation security. But a standard is the real standard when it is used in real world applications. Business and governmental bodies need to learn more about standards from their business applications rather than from a technical point of view.Report for the next IGF on the business use of the main secu

46、rity standards Who does this standard effect? Status and summary of standard. Business benefits Technologies involved Technical implications,ITU Open Forum on Cybersecurity, 6 December 2008,Challenges (cont.),21 of 23,WTSA-08 Resolution 76, Studies related to conformance and interoperability testing

47、, assistance to developing countries, and a possible future ITU mark programmeInteroperability of international telecommunication networks was the main reason to create ITU in the year 1865Conformance testing would increase the chance of interoperability of equipment conforming to ITU standardsTechn

48、ical training and institutional capacity development for testing and certification are essential issues for countries to improve their conformity assessment processes, to promote the deployment of advanced telecommunication networks and to increase global connectivityITU-T study groups will develop

49、the necessary conformance testing Recommendations as soon as possibleITU-T Recommendations to address interoperability testing shall be progressed as quickly as possible,ITU Open Forum on Cybersecurity, 6 December 2008,Some useful web resources,22 of 23,ITU Global Cybersecurity Agenda (GCA) http:/ww

50、w.itu.int/osg/csd/cybersecurity/gca/ ITU-T Home page http:/www.itu.int/ITU-T/ Study Group 17 http:/www.itu.int/ITU-T/studygroups/com17/index.asp e-mail: tsbsg17itu.int LSG on Security http:/www.itu.int/ITU-T/studygroups/com17/tel-security.html Security Roadmap http:/www.itu.int/ITU-T/studygroups/com

51、17/ict/index.html Security Manual http:/www.itu.int/publ/T-HDB-SEC.03-2006/en Cybersecurity Portal http:/www.itu.int/cybersecurity/ Cybersecurity Gateway http:/www.itu.int/cybersecurity/gateway/index.html ITU-T Recommendations http:/www.itu.int/ITU-T/publications/recs.html ITU-T Lighthouse http:/www.itu.int/ITU-T/lighthouse/index.phtml ITU-T Workshops http:/www.itu.int/ITU-T/worksem/index.html,