Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Forum on Next Generation Network Standardization Colombo, Sri Lanka,

Similar presentations


Presentation on theme: "Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Forum on Next Generation Network Standardization Colombo, Sri Lanka,"— Presentation transcript:

1 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Paolo Rosa Workshops and Promotion Division Head, Workshops and Promotion DivisionTelecommunicationStandardizationBureau ITU Global Cybesercurity Agenda and ITU-T SG17 activities on Cybersecurity

2 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU Cybersecurity activities ITU Cybersecurity Gateway ITU Cybersecurity Gateway Information resource on Cybersecurity ITU Global Cybersecurity Agenda ITU Global Cybersecurity Agenda Framework for international cooperation in Cybersecurity WSIS Action Line C.5 WSIS Action Line C.5 Building Confidence and security in the use of ICTs http://www.itu.int/wsis/c5/index.html http://www.itu.int/wsis/c5/index.html

3 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Strategic direction WSIS Action Line C5, Building confidence and security in use of ICTs A fundamental role of ITU, following the World Summit on the Information Society (WSIS) and the 2006 ITU Plenipotentiary Conference is to build confidence and security in the use of ICTs. At the WSIS, world leaders and governments designated ITU to facilitate the implementation of WSIS Action Line C5, Building confidence and security in the use of ICTs. In this capacity, ITU is seeking consensus on a framework for international cooperation in cybersecurity to reach a common understanding of cybersecurity threats among countries at all stages of economic development. Cybersecurity – one of the top priorities of the ITU

4 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Plenipotentiary Resolution 130 (2006), Strengthening the role of ITU in building confidence and security in the use of information and communication technologies – Instructs Director of TSB to intensify work in study groups, address threats & vulnerabilities, collaborate, and share information Plenipotentiary Resolution 149 (2006), Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies - Instructs Council to study terminology Strategic direction II

5 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Strategic Direction III WTSA-08 Resolution 50, Cybersecurity – Instructs Director of TSB to develop a plan to undertake evaluations of ITU-T existing and evolving Recommendations, and especially signalling and communications protocol Recommendations with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment WTSA-08 Resolution 52, Countering and combating spam – Instructs relevant study groups to develop, as a matter of urgency, technical Recommendations, including required definitions, on countering spam WTSA-08 Resolution 58, Encourage the creation of national Computer Incident Response Teams, particularly for developing countries – instructs the Director of TSB, in collaboration with the Director of BDT to identify best practices to establish CIRTs; to identify where CIRTs are needed; to collaborate with international experts and bodies to establish national CIRTs; to provide support, as appropriate, within existing budgetary resources; to facilitate collaboration between national CIRTs, such as capacity building and exchange of information, within an appropriate framework

6 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Cybersecurity & Cyberspace

7 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Draft new ITU-T Rec.X1205 Overview of Cybersecurity Cybersecurity: collection of tools, policies, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyberspace against relevant security risks such as unauthorized access, modification, theft, disruption, or other threats Cyberspace: the cyber environment including software, connected computing devices, computing users, applications/services, communications systems, multimedia communication, and the totality of transmitted and/or stored information connected directly or indirectly to the Internet. It includes hosting infrastructures and isolated devices

8 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Changing nature of cyberspace Source: Presentation materials at ITU workshop on Ubiquitous Network Societies, April 2005.

9 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Threats in cyberspace Inherited architecture of the Internet was not designed to optimize security Constant evolution of the nature of cyberthreats Low entry barriers and increasing sophistication of cybercrime Constant evolution in protocols and algorithms Loopholes in current legal frameworks Introduction of Next-Generation Networks (NGN) Convergence among ICT services and networks Network effects – risks far greater Possibility of anonymity on the Internet Absence of appropriate organizational structures Internationalization requires cross-border cooperation Vulnerabilities of software applications

10 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Attackers, hackers and intruders (generally users cannot be trusted) Taxonomy of security threats – Unauthorized illegal access: insufficient security measures autent./author/unprotected passwords… – IP spoofing: assume a trusted host identity, disable host, assume attackers identity, access to IP addresses) – Network sniffers: read source and destination addressess, passwords,data… – Denial of Service (DoS): connectivity, network elements or applications availability – Bucket brigade attacks: messages interception/modificat. – Back door traps: placed by system developers / employees /operating system/created by virus – Masquerading: accessto the network as false legitimate personnel – Reply attacks: read authentication information from messages – Modification of messages without detection – Insider attacks: legitimate users behave in unauthorized way, needed perdiodical auditing actions, screening of personnel, hardware and software

11 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Challenges: Policy Lack of relevant cybercrime and anti-spam legislation – Establish where none Base model law needed (which is separate ITU initiative) – Modify existing cybercrime/spam laws where needed to reflect botnet- related crime Capacity building for regulators, police, judiciary – Training existing officials may be supplemented by co-opting or active recruitment of technical experts Weak international cooperation and outreach – Participation in local, regional and international initiatives – Engagement of relevant government, regulators, law enforcement with peers and other stakeholders around globe – Targeted outreach to countries and stakeholders known to be particularly vulnerable to cybercrime

12 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 The Global Cybersecurity Agenda (GCA) 17 May 2007, International Herald Tribune 9 July 2007 UN Secretary-General Historic visit to ITU GCA a ITU framework for international cooperation aimed at proposing strategies for solutions to enhance confidence and security in the use of ICTs, built on existing national and regional initiatives, avoiding duplication and encouraging e collaboration Launched in May 2007 by the ITUs Secretary-General, Dr. Hamadoun Touré on World Telecommunication and Information Society Day

13 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 The Global Cybersecurity Agenda (GCA) was created as ITUs response to its role as sole Facilitator for WSIS Action Line C5 GCA is a framework for international multi-stakeholder cooperation in cybersecurity GCA brought together a group of world renowned experts in the field of cybersecurity and formed the High Level Experts Group (HLEG) which developed a global strategic report available at: http://www.itu.int/osg/csd/cybersecurity/gca/global_strategic_report/index.html GCA is working together with its partners to develop harmonized global strategies Leveraging expertise for international consensus On a Global level, from government, international organizations to industry For a Harmonized approach to build synergies between initiatives Through Comprehensive strategies on all levels in 5 work areas: Global Cybersecurity Agenda Framework for International Cooperation in Cybersecurity

14 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITUs Global Cybersecurity Agenda Global Strategic Report Legal Measures International investigations: depending on reliable means of cooperation and effective harmonization of laws Technical and Procedural Measures Organizational Structures Capacity Building International Cooperation

15 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Curbing Cyberthreats: IMPACT Partnership with the International Multilateral Partnership Against Cyber-Threats (IMPACT) Child Online Protection: COP The Child Online Protection (COP) initiative in partnership with organizations from around the world Current GCA Projects

16 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-IMPACT Collaboration PARTNERS Global Response Centre (GRC) Threat information aggregation and dissemination expert collaboration Global Response Centre (GRC) Threat information aggregation and dissemination expert collaboration Training & Skill Development Security skills training for Member States Training & Skill Development Security skills training for Member States Security Assurance & Research International benchmarks for Member States Collaborative research on cyber-threats. Security Assurance & Research International benchmarks for Member States Collaborative research on cyber-threats. Centre for Policy and International Co-operation Advisory services on cybersecurity policy and regulations for Member States Centre for Policy and International Co-operation Advisory services on cybersecurity policy and regulations for Member States IMPACT is the physical home for the GCA, providing expertise and facilities for all ITU Member States to address global cyber-threats

17 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 An unique initiative bringing together partners from all sectors of the international community with the aim of creating a safe online experience for children everywhere. Key Objectives Identify the main risks and vulnerabilities to children in cyberspace Create awareness of the risks and issues through multiple channels Develop practical tools to help governments, organizations and educators minimize risk Share knowledge and experience while facilitating international strategic partnerships to define and implement concrete initiatives Child Online Protection (COP) Internet Governance Forum Action for Global Cybersecurity

18 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 The High Level Segment (Council) Held on the opening of the ITU council meetings Participation of Ministers Questions addressed: – Greatest cyberthreats faced worldwide – Key elements to formulate national strategies and to prevent cybercrime – Role of governments in promoting a cibersecurity culture – Highest priority activities to address current and emerging cyberthreats

19 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17: Security Responsible for studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems. Study Group 17 is the lead study group in the ITU-T for security – responsible for: – Coordination of security work – Development of core Recommendations Most of the other study groups have responsibilities for standardizing security aspects specific to their technologies, e.g., – SG 2 for TMN security – SG 9 for IPCablecom security – SG 13 for NGN security – SG 16 for Multimedia security

20 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ICT security standards roadmap Part 1 contains information about organizations working on ICT security standards Part 2 is database of existing security standards and includes ITU-T, ISO/IEC JTC 1,IETF, IEEE, ATIS, ETSI and OASIS security standards Part 3 is a list of standards in development Part 4 identifies future needs and proposed new standards Part 5 includes Security Best Practices http://www.itu.int/ITU-T/studygroups/com17/ict/

21 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure 21 of 37 Working Party 1: Network and information security Q 1 Telecommunications systems security project Q 2 Security architecture and framework Q 3 Telecommunications information security management Q 4 Cybersecurity Q 5 Countering spam by technical means Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

22 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure (cont.) 22 of 37 Working Party 2: Application security Q 6 Security aspects of ubiquitous telecommunication services Q 7 Secure application services Q 8 Telebiometrics Q 9 Service oriented architecture security Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

23 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure (cont.) 23 of 37 Working party 3: Identity management and languages Q 10 Identity management architecture and mechanisms Q 11 Directory services, Directory systems, and public-key/attribute certificates Q 12 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration Q 13 Formal languages and telecommunication software Q 14 Testing languages, methodologies and framework Q 15 Open Systems Interconnection (OSI) Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

24 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Core Security Recommendations 24 of 37 Strong ramp-up on developing core security Recommendations in SG 17 14 approved in 2007 27 approved in 2008 56 under development for approval this study period Subjects include: Architecture and Frameworks Web services Directory Identity management Risk management Cybersecurity Incident management Mobile security Countering spam Security management Secure applications Telebiometrics Ubiquitous Telecommunication services SOA security Ramping up on: Traceback Ubiquitous sensor networks Collaboration with others on many items Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

25 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Challenges 25 of 37 Addressing security to enhance trust and confidence of users in networks, applications and services Balance between centralized and distributed efforts on developing security standards Legal and regulatory aspects of cybersecurity, spam, identity/privacy Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning Uniform language for security terms and definitions Effective cooperation and collaboration across the many bodies doing cybersecurity work – within the ITU and with external organizations Keeping ICT security database up-to-date Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

26 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 26 of 37 Security coordination ISO/IEC/ITU-T Strategic Advisory Group Security – Oversees standardization activities in ISO, IEC and ITU-T relevant to security; provides advice and guidance relative to coordination of security work; and, in particular, identifies areas where new standardization initiatives may be warranted. Portal established Workshops conducted Global Standards Collaboration – ITU and participating standards organizations exchange information on the progress of standards development in the different regions and collaborate in planning future standards development to gain synergy and to reduce duplication. GSC- 13 resolutions concerning security include: GSC-13/11 – Cybersecurity GSC-13/04 – Identity Management GSC-13/03 – Network aspects of identification systems GSC-13/25 – Personally Identifiable Information Protection Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 SG 17 Security Project 1/3 (Major focus is on coordination and outreach)

27 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Security coordination (cont.) 27 of 37 Cybersecurity Rapporteur group adopted a focussed action plan including outreach and collaboration with other organizations addressing cybersecurity and infrastructure protection. Basic needs: to identify and effecting lines of communication among all these organizations. Address the needs of countries with lack in resources and part of the global network cybersecurity and vulnerability mosaic. Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 SG 17 Security Project 2/3 (Major focus is on coordination and outreach)

28 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Security Compendium – Includes catalogs of approved security-related Recommendations and security definitions extracted from approved Recommendations Security Standards Roadmap – Includes searchable database of approved ICT security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS) ITU-T Security Manual – Assisted in its development SG 17 Security Project 4/4

29 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Security standardization strategy 29 of 37 1. Assure the continued relevance of security standards by keeping them current with rapidly-developing telecommunications technologies and operators trends. (in e-commerce, e-payments, e-banking, telemedicine, fraud-monitoring, fraud- management, fraud identification, digital identity infrastructure creation, billing systems, IPTV, Video-on-demand, grid network computing, ubiquitous networks, etc.). 2. Give attention to the issue of trust between network providers and communication infrastructure vendors, in particular, in terms of communication hardware and software security. Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

30 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Identity Management Overall objectives 30 of 37 1.a security enabler by providing trust in the identity of both parties to an e-transaction 1.a very important capability for significantly improving security and trust 3. provides Network Operators an opportunity to increase revenues by offering advanced identity-based services 4. ITU-Ts IdM work on global trust and interoperability of diverse IdM capabilities in telecommunications focused on leveraging and bridging existing solution Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

31 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Recommendations in progress 31 of 37 First IdM Recommendations for ITU-T SG 17: X.1250, Capabilities for global identity management trust and interoperability X.1251, A framework for user control of digital identity And one Supplement approved: Supplement to X.1250-series, Overview of IdM in the context of cybersecurity Many additional IdM Recommendations are under development (specially IdM terms and definitions) Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

32 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Survey of developing countries ICT security needs Questionnaire initiated May 2008 Key Results – The overall level of concern about cyber security is high – There is a high level of interest in the possibility of obtaining advice and/or assistance on ICT security from the ITU – The ITU needs to do better in promoting its ICT security products Details of analysis at: http://www.itu.int/dms_pub/itu-t/oth/0A/0D/T0A0D0000180001PDFE.pdf

33 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Challenges With global cyberspace, what are the security priorities for the ITU with its government / private sector partnership? Balance between centralized and distributed efforts on developing security standards Legal and regulatory aspects of cybersecurity, spam, identity/privacy Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning Uniform definitions of cybersecurity terms and definitions Effective cooperation and collaboration across the many bodies doing cybersecurity work – within the ITU and with external organizations Keeping ICT security database up-to-date There is no silver bullet for cybersecurity Addressing security to enhance trust and confidence of users in networks, applications and services

34 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Some useful web resources ITU Global Cybersecurity Agenda (GCA) http://www.itu.int/osg/csd/cybersecurity/gca/ http://www.itu.int/osg/csd/cybersecurity/gca/ ITU-T Home page http://www.itu.int/ITU-T/http://www.itu.int/ITU-T/ Study Group 17 http://www.itu.int/ITU-T/studygroups/com17/index.asphttp://www.itu.int/ITU-T/studygroups/com17/index.asp e-mail: tsbsg17@itu.inttsbsg17@itu.int LSG on Security http://www.itu.int/ITU-T/studygroups/com17/tel-security.htmlhttp://www.itu.int/ITU-T/studygroups/com17/tel-security.html Security Roadmap http://www.itu.int/ITU-T/studygroups/com17/ict/index.htmlhttp://www.itu.int/ITU-T/studygroups/com17/ict/index.html Security Manual http://www.itu.int/publ/T-HDB-SEC.03-2006/enhttp://www.itu.int/publ/T-HDB-SEC.03-2006/en Cybersecurity Portal http://www.itu.int/cybersecurity/http://www.itu.int/cybersecurity/ Cybersecurity Gateway http://www.itu.int/cybersecurity/gateway/index.htmlhttp://www.itu.int/cybersecurity/gateway/index.html ITU-T Recommendations http://www.itu.int/ITU-T/publications/recs.htmlhttp://www.itu.int/ITU-T/publications/recs.html ITU-T Lighthouse http://www.itu.int/ITU-T/lighthouse/index.phtmlhttp://www.itu.int/ITU-T/lighthouse/index.phtml ITU-T Workshops http://www.itu.int/ITU-T/worksem/index.htmlhttp://www.itu.int/ITU-T/worksem/index.html

35 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Thank you! Paolo Rosa paolo.rosa@itu.int 35 of 37 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

36 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ADDITIONAL SLIDES

37 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU GCA main goals Elaboration of strategies to: – develop a model cybercrime legislation globally applicable, interoperable with existing national / regional legislative measures – create national and regional organizational structures and policies on cybercrime – establish globally accepted minimum security criteria and accreditation schemes for software applications and systems – create a global framework for watch, warning and incident response to ensure cross-border coordination of initiatives – create and endorse a generic and universal digital identity system and the necessary organizational structures to ensure the recognition of digital credentials for individuals across geographical boundaries – develop a global strategy to facilitate human and institutional capacity- building to enhance knowledge and know-how across sectors and in all the above-mentioned areas – advice on potential framework for a global multi-stakeholder strategy for international cooperation, dialogue and coordination in all the above- mentioned areas.

38 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Initiatives ITUs Global Cybersecurity Agenda housed in new centre in Malaysia The International Multilateral Partnership Against Cyber Threats (IMPACT) headquarters in Cyberjaya (Kuala Lumpur) to focus on strengthening network security 20 March 2009 ITUs Telecommunication Development Bureau (BDT) will facilitate the deployment of IMPACT services, such as the Global Response Centre, which aims at providing state-of-the- art cybersecurity capabilities for ITU Member States to strengthen network security worldwide.

39 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure 39 of 37 Recommendations under development in WP1 Guidelines on security of the individual information service for operators Architecture of external interrelations for a telecommunication network security system Information security governance framework Information security management framework for telecommunications Requirement of security information sharing framework Abnormal traffic detection and control guideline for telecommunication network Frameworks for botnet detection and response Digital evidence exchange file format Guideline on preventing malicious code spreading in a data communication network Mechanism and procedure for distributing policies for network security Framework for countering cyber attacks in SIP-based services Traceback use cases and capabilities Framework for countering IP multimedia spam Functions and interfaces for countering email spam sent by botnet Technical means for countering spam Interactive countering spam gateway system Technical means for countering VoIP spam Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

40 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 40 of 37 Functional requirements and mechanisms for secure transcodable scheme of IPTV Key management framework for secure IPTV services Algorithm selection scheme for SCP descrambling SCP interoperability scheme Security requirement and framework for multicast communication Security aspects of mobile multi-homed communications Security framework for ubiquitous sensor network USN middleware security guidelines Secure routing mechanisms for wireless sensor network SAML 2.0 XACML 2.0 Security requirements and mechanisms of peer-to-peer-based telecommunication network Management framework for one time password based authentication service Security framework for enhanced web based telecommunication services Telebiometrics issues ITU-T SG 17 structure Recommendations under development in WP2 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

41 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 ITU-T SG 17 structure 41 of 37 Baseline capabilities for enhanced global identity management trust and interoperability A framework for user control of digital identity Entity authentication assurance Extended validation certificate Common identity data model Framework architecture for interoperable identity management systems IdM terms and definitions Security guidelines for identity management systems Criteria for assessing the level of protection for personally identifiable information in identity management Guideline on protection for personally identifiable information in RFID applications Object identifier resolution system UML profile for ASN.1 Information technology reference model issues: SDL issues Message sequence chart (MSC) issues User requirements notation (URN) issues Testing and test control notation issues Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Recommendations under development in WP3

42 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Business use of telecommunications/ICT top security standards 42 of 37 The report will consist of summary sheets for analysed top security standards Status and summary of standards Who does the standard affect? Business benefits Technologies involved Technical implications ITU-T SG 17 seeks comment on the work activity from the ITU-D and other standards development organizations. Specifically, your views on the following would be appreciated: Do you agree that this work activity would be useful to organizations and/or DC/CETs planning to deploy telecommunications/ICT security systems? Does your organization have existing information that may be related to this work activity or that may be used to progress this work? Does your organization have contact with DC/CETs that may further elaborate on their needs and detail the information they may find most useful to capture in the activity output? Does your organization have any suggestions to provide additional detail regarding the proposed summary sheet elements or criteria to select standards? Would your organization be willing to assist the ITU-T SG 17 in progressing this work? ITU-T SG 17 welcomes your consideration and your response on this matter. Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009

43 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 The High Level Segment: HLEG Held on the opening of the ITU council meetings Participation of Ministers Questions addressed: – Greatest cyberthreats faced worldwide – Key elements to formulate national strategies and to prevent cybercrime – Role of governments in promoting a cibersecurity culture – Highest priority activities to address current and emerging cyberthreats

44 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 HLS 2008 Sessions on Cybersecurity II Managing cyberthreats through harmonized policies and organizational structures Objective: to examine how cyberthreats can be detected and managed effectively through harmonized policies and improved organization structures. The absence of effective institutions to deal with cyber-attacks is a major issue. Some countries have established specific agencies with watch, warning and incident response capabilities. Other countries prefer to promote capacity to deal with cyber-incidents within existing law enforcement agencies. What lessons can be learned from the experience of different countries? And how can cooperation and the flow of information between national institutions be improved?

45 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 – Designed to provide Ministers and Councillors with an opportunity to exchange views on issues of strategic importance to the Union and on emerging trends in the sector. This year, speakers offered their perspectives on Climate Change and Cybersecurity. – Inaugurated by two Heads of State, H.E. Mr Paul Kagame, President of Rwanda, and H.E. Mr Blaise Compaoré, President of Burkina Faso, as well as by United Nations Secretary-General Mr Ban Ki-moon via video message. – Attended by some 400 participants, 21 Ministers, Ambassadors and heads of regulatory organizations and UN agencies. High-Level Segment (HLS) of Council 2008 Geneva, 12-13 November 2008

46 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 HLS 2008 Sessions on Cybersecurity 1/2 Managing cyberthreats through harmonized policies and organizational structures Objective: to examine how cyberthreats can be detected and managed effectively through harmonized policies and improved organization structures. Addressing the technical and legal challenges related to the borderless nature of cybercrime Objective: to consider how the technical and legal challenges associated with cybercrime can best be addressed.

47 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 HLS 2008 Sessions on Cybersecurity 2/2 Be Safe Online: A Call to Action Objective: What can be done and what should be done to protect our most valuable resource : our children? ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity Objective: How the framework and expert proposals developed within the GCA can help countries promote cybersecurity.

48 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 HLS 2008 Sessions on Cybersecurity III Addressing the technical and legal challenges related to the borderless nature of cybercrime Objective: to consider how the technical and legal challenges associated with cybercrime can best be addressed. Threats to cybersecurity are global in nature. Cybercriminals can strike at will, exploiting technical vulnerabilities and legal loopholes through cross-border operations that show no respect for geographical boundaries or jurisdictional borders. This makes it difficult for any single national or regional legal framework to address cyberthreats effectively. What are the major challenges countries face in fighting cybercrime? How can countries deal with these challenges?

49 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 HLS 2008 Sessions on Cybersecurity IV Be Safe Online: A Call to Action Objective: What can be done and what should be done to protect our most valuable resource – our children? The most vulnerable Internet users online are children. In industrialized countries, as many as 60% of children and teenagers use online chatrooms regularly, and evidence suggests that as many of three-quarters of these may be willing to share personal information in exchange for online goods and services. In some countries, as many as one in five children may be targeted by a predator or paedophile each year. These trends are increasingly true in many emerging and developing countries as well.

50 Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 HLS 2008 Sessions on Cybersecurity V ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity Objective: How the framework and expert proposals developed within the GCA can help countries promote cybersecurity. There are many valuable national and regional initiatives underway to promote cybersecurity. However, the growing global cyberthreats need a global basis on which they can be addressed. On 17 May 2007, the ITU Secretary-General Dr. Hamadoun Touré launched the Global Cybersecurity Agenda (GCA) as a framework for international cooperation to promote cybersecurity and enhance confidence and security in the information society. The GCA seeks to encourage collaboration amongst all relevant partners in building confidence and security in the use of ICTs.


Download ppt "Forum on Next Generation Network Standardization Colombo, Sri Lanka, 7-10 April 2009 Forum on Next Generation Network Standardization Colombo, Sri Lanka,"

Similar presentations


Ads by Google