1、 International Telecommunication Union ITU-T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Johannesburg, 21-30 October 2008 Resolution 50 Cybersecurity FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency
2、 in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to
3、 standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. ITU 2009 All rights reserved. No part
4、 of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. WTSA-08 Resolution 50 1 RESOLUTION 50 Cybersecurity (Florianpolis, 2004; Johannesburg, 2008) The World Telecommunication Standardization Assembly (Johannesburg, 2008), considering a) the cru
5、cial importance of the information and communication technologies (ICT) infrastructure to practically all forms of social and economic activity; b) that the legacy public switched telephone network (PSTN) has a level of inherent security properties because of its hierarchical structure and built-in
6、management systems; c) that IP networks provide reduced separation between user components and network components if adequate care is not taken in the security design and management; d) that the converged legacy networks and IP networks are therefore potentially more vulnerable to intrusion if adequ
7、ate care is not taken in the security design and management of such networks; e) that the type and number of cyberincidents, including attacks from worms, viruses, malicious intrusions and thrill-seeker intrusions are on the increase, considering further a) that Recommendation ITU-T X.1205 “Overview
8、 of Cybersecurity“ provides a definition, a description of technologies, and network protection principles; b) that Recommendation ITU-T X.805 provides a systematic framework for identifying security vulnerabilities that, together with many new security-related deliverables from ITU and other organi
9、zations, can assist in risk assessment and in the development of mechanisms to mitigate risks; c) that the ITU Telecommunication Standardization Sector (ITU-T) and the Joint Technical Committee for Information Technology (JTC 1) of the International Organization for Standardization (ISO) and the Int
10、ernational Electrotechnical Commission (IEC) already have a significant body of published materials and ongoing work that is directly relevant to this topic, which needs to be taken into account, recognizing a) the relevant outcomes of the World Summit on the Information Society (WSIS) identified IT
11、U as the facilitator and moderator for Action Line C5 (Building confidence and security in the use of ICTs); b) the resolves paragraph of Resolution 130 (Rev. Antalya, 2006) of the Plenipotentiary Conference on strengthening the role of ITU in building confidence and security in the use of informati
12、on and communication technologies, and the instruction to intensify work within the ITU study groups; c) that Programme 3 adopted by the World Telecommunication Development Conference (Doha, 2006) (WTDC-06) includes cybersecurity as one of its priority activities, and that Question 22/1 of the ITU T
13、elecommunication Development Sector (ITU-D) addresses the issue of securing information and communication networks through the identification of best practices for developing a culture of cybersecurity; d) that the ITU Global Cybersecurity Agenda (GCA) promotes international cooperation aimed at pro
14、posing strategies for solutions to enhance confidence and security in the use of ICTs, 2 WTSA-08 Resolution 50 recognizing further a) that new cyberattacks such as phishing, pharming, botnets, distributed denials of service, etc., are emerging and having serious impacts; b) that the source of attack
15、 for spoofed IP addresses needs to be identifiable, noting a) the vigorous activity and interest in the development of security standards and Recommendations in ITU-T Study Group 17 and in other standardization bodies, including the Global Standards Collaboration (GSC) group; b) that there is a need
16、 for national, regional and international strategies and initiatives to be harmonized to the extent possible, in order to avoid duplication and to optimize the use of resources; c) that cooperation and collaboration among organizations addressing security issues can promote progress and contribute t
17、o building and maintaining a culture of cybersecurity, resolves 1 that ITU-T continue to evaluate existing and evolving new Recommendations, and especially signalling and telecommunication protocol Recommendations, with respect to their robustness of design and potential for exploitation by maliciou
18、s parties to interfere destructively with their deployment in the global information and telecommunication infrastructure; 2 that ITU-T continue to raise awareness, within its area of operation and influence, of the need to defend information and telecommunication systems against the threat of cyber
19、attack, and continue to promote cooperation among appropriate international and regional organizations in order to enhance exchange of technical information in the field of information and telecommunication network security; 3 that ITU-T should work closely with ITU-D, particularly in the context of
20、 Question 22/1; 4 that ITU-T Recommendations, including X.805 and X.1205, ISO/IEC products/standards and other relevant deliverables from other organizations, be used as a framework for assessing networks and protocols for security vulnerabilities and to share experiences; 5 that concerned parties a
21、re invited to work together to develop standards and guidelines in order to protect against cyberattacks such as botnet, etc., and facilitate tracing the source of an attack; 6 that global, consistent and interoperable processes for sharing incident-response related information should be promoted; 7
22、 that ITU-T study groups continue to provide regular updates to the Telecommunication Standardization Advisory Group on progress in evaluating existing and evolving new Recommendations; 8 that ITU-T study groups continue to liaise with other bodies active in this field, such as ISO/IEC JTC1, the Org
23、anisation for Economic Co-operation and Development (OECD), the Asia-Pacific Economic Cooperation Telecommunication and Information Working Group (APEC-TEL) and the Internet Engineering Task Force (IETF), instructs the Director of the Telecommunication Standardization Bureau 1 to prepare, in buildin
24、g upon the information base associated with the ICT Security Standards Roadmap and the ITU-D efforts on cybersecurity, and with the assistance of other relevant organizations, an inventory of national, regional and international initiatives and activities to promote, to the maximum extent possible,
25、the worldwide harmonization of strategies and approaches in this critically important area; WTSA-08 Resolution 50 3 2 to report annually to the ITU Council, as specified in Resolution 130 (Rev. Antalya, 2006), on progress achieved in the actions outlined above, further instructs the Director of the
26、Telecommunication Standardization Bureau 1 to continue to follow up WSIS cybersecurity activities, in cooperation with relevant stakeholders, as a way to share information on national, regional and international and non-discriminatory cybersecurity-related initiatives globally; 2 to continue to coop
27、erate with the Secretary-Generals initiative on cybersecurity, and with the Telecommunication Development Bureau in relation to any item concerning cybersecurity in accordance with WTDC Resolution 45 (Doha, 2006), and to ensure coordination among these different activities, invites Member States, Sector Members and Associates, as appropriate to participate actively in the implementation of this resolution and the associated actions.
