Presentation is loading. Please wait.

Presentation is loading. Please wait.

Geneva, Switzerland, 15-16 September 2014 Session Chairmen’s Reports ITU Workshop on “ICT Security Standardization for Developing Countries” Geneva, Switzerland,

Published byJohn Martin Modified over 9 years ago

Similar presentations

Presentation on theme: "Geneva, Switzerland, 15-16 September 2014 Session Chairmen’s Reports ITU Workshop on “ICT Security Standardization for Developing Countries” Geneva, Switzerland,"— Presentation transcript:

1 Geneva, Switzerland, 15-16 September 2014 Session Chairmen’s Reports ITU Workshop on “ICT Security Standardization for Developing Countries” Geneva, Switzerland, 15-16 September 2014

2 Opening session conclusions Mr. Zhaoji Lin chaired the meeting and gave an opening speech which covered the following aspects: Introductory information and guidance ; Defining the steering committee; Mission/objectives of the workshop and what we expect to get out from the workshop; Introduce/overview the sessions of the workshop. Geneva, Switzerland, 15-16 September 2014 2

3 Opening Session Keynote speaker Mr. Malcolm Johnson, ITU TSB Director Thanks SG17 for organizing this WS Around 90 people registered but participation are open to all The importance of having such event Participation of people from Developing Countries to SG17 are increasing Appreciates IMPACT and ITU-D role Threats are increasing (eg. SPAM) Geneva, Switzerland, 15-16 September 2014 3

4 Opening Session Keynote speaker Mr. Arkadiy Kremer, ITU-T Study Group 17 Chairman Thanks TSB for their support Focus on challenges in ICT infrastructure development Main pillars for providing confidence & security ITU-T SG17 Standardization activities Develop an effective security strategy Developing countries participation in SG17 Geneva, Switzerland, 15-16 September 2014 4

5 Outcome of Opening Session (1) ITU-T SG 17 vice-chairman Mr. Zhaoji Lin chaired the meeting and made an opening speech which covered the following aspects: introductory information and guidance to the workshop including such as background of the workshop and facilities ; the decision of SG17 to organize this workshop and the steering team of the workshop; mission/objectives of the workshop and what we expect to get out of the workshop; information on the security standardization challenges; highlighted the sessions of the workshop; Geneva, Switzerland, 15-16 September 2014 5

6 Outcome of Opening Session (2) two keynote speeches were presented: The first keynote speaker was ITU TSB Director Mr. Malcolm Johnson whose speech mainly focused on challenges of cyber threats to the world especially in developing countries, on spam threats to developing countries and WCIT-12 efforts on encouraging Member States to cooperate to prevent spam, on efforts of ITU on dealing with these challenges, on collaboration of ITU with other SDOs on ICT security standardization activities. The second keynote speaker was ITU-T SG17 chairman Mr. Arkadiy Kremer. His speech mainly focused on challenges in ICT infrastructure development, main pillars for providing confidence & security, ITU-T SG17 Standardization activities, to develop an effective security strategy and participation of developing countries in SG17. Geneva, Switzerland, 15-16 September 2014 6

7 Conclusion of Opening Session This workshop aimed to present activities and achievements of standardization on cybersecurity, data protection, trust services and cloud computing, focused in methodology of securing ICT within critical infrastructure, heard a reaction from security industry, addressed the interests and needs of users, and encouraged collaboration between SDOs in security standardization for the special needs of developing countries. International standards are tools offering exactly technical, procedural, and administrative defense that are internationally applicable. ITU-T, specifically ITU-T SG17 made great efforts to bridge the standardization gap between the developed countries and developing countries to build the confidence and security in the use of ICTs. Geneva, Switzerland, 15-16 September 2014 7

8 Session 1 conclusions Although Zambia like most developing countries has limited capacity in addressing security challenges, reasonable progress has been achieved in putting in place the necessary institutional framework. New security approaches are required in order to enable large scale deployment of IoT systems. Geneva, Switzerland, 15-16 September 2014 8

9 Session 1 conclusions (cnt’d) SG 17 should consider organizing a special session to address security challenges related to mobile financial services. Strong collaboration between ITU and UPU on security is vital especially in areas such as secure e- mail and financial transactions. Geneva, Switzerland, 15-16 September 2014 9

10 Session 1 conclusions (cnt’d) SG17 and IEC/TC57/WG15 should cooperate and share expertise on smart-grid security. Security should be embedded in the system design in order to lower operational costs. Geneva, Switzerland, 15-16 September 2014 10

11 Session 2 conclusions To identify key topics/requirements for ICT security (through presentations) Need of stepping up “Authentication capabilities” for mobile on-line trust Use of “light weight crypto” for connected cars and ITS security Critical Infra Security – Energy sector Need for interoperability of secure enterprise mobility across providers Identity Based Attestation and Open Exchange Protocol (IBOPS) Big Data (BD) security and privacy Geneva, Switzerland, 15-16 September 2014 11

12 Session 2 conclusions Output on Objective-2(cont.) To explore the way to develop security standards in ITU-T (through the Round Table) The authentication landscape is changing rapidly, and the ID-ecosystem is also changing. A new use case (requirement) is authentication/identification on demand. The work of the FIDO Alliance and OASIS TC IBOPS is to be looked at; and collaboration is suggested. There is a need for a minimum level of security in the area of ITS and IoT environments. ISO/IEC JTC 1/SC27/WG2 is standardizing light-weight crypto and is seeking collaboration in terms of how to use such crypto. Critical infrastructures are to be looked at. There is room for cooperation and standardization between military and civil. Government need standards on electronic signatures and e-IDs. ITU-T should consider standardization cooperation with European bodies (like ENISA). Geneva, Switzerland, 15-16 September 2014 12

13 Session 2 conclusions Output on Objective-3(cont.) To explore the way to develop security standards in ITU-T (through the Round Table) ISO/IEC JTC 1/SC27 is doing work in data management and governance, and on secure data storage, also on data discovery, which are subject to standardization. Real-time security analytics for data management should be considered. ISO is doing a gap analysis on big data; there is an opportunity for collaboration with ITU-T (SG17). TC 215 has developed several health informatics standards on such as on information governance, policy management etc., and to potentially work with ITU-T. Geneva, Switzerland, 15-16 September 2014 13

14 Session 2 conclusions Output on Objective-4(cont.) Summary: Mobile security (Authentication) - FIDO Alliance and OASIS TC IBOPS Utilization of light weight crypto for ITS & IoT – ISO/IEC JTC1/SC27 and others Critical infrastructures - European bodies (like ENISA) Big Data security & PII - ISO/IEC JTC1/SC27 Health informatics - TC215 Geneva, Switzerland, 15-16 September 2014 14

15 Session 3 conclusions Make standards less complex and more applicable Create standards for the needs Collaboration is the key Standardization is very important to be in the same track Sharing known vulnerabilities and threats make significant difference Data protection becomes more important with the online services Geneva, Switzerland, 15-16 September 2014 15

16 Session 3 conclusions Operational experience and demand from the field are very important ITU-D is a great opportunity for creating widely using standards by developing countries Start a joint project with ITU-D to enhance the business use of standards Geneva, Switzerland, 15-16 September 2014 16

17 Session 3 conclusions It will be very beneficial if the experts help countries to implement the standards Encourage governments, organizastions, companies, and academia to participate Geneva, Switzerland, 15-16 September 2014 17

18 Session 4 conclusions Summary 1/3 Session 4 discussed “ICT role in critical infrastructure protection” under 3 different perspectives, as follows:  Frameworks and international collaboration: Mr Koyabe presented “Critical Information Infrastructure Protection (CIIP): Commonwealth Perspective”, with insights on a cybergovernance model adopted by those countries, and Mr McCrum presented ”Toward a partnership-based framework for establishing secure ICT infrastructure in developing countries”, with proposals on regulatory measures, ITU role and mutual recognition agreements (MRA); Geneva, Switzerland, 15-16 September 2014 18

19 Session 4 conclusions Summary 2/3 Standardization issues on CIIP: Mr. Zolotnikov presented “Critical infrastructure protection: standardization to protect critical infrastructure objects”, with some key principles of secured system development to be standardized, including industrial control systems (ICS), and Mr. Strunge presented “Security by Design in Smart Grids – A Need to Rethink ICT in Power System Controls”, including proposals on automated certificate handling, whitelists, and multiple associated parallel PKI; Geneva, Switzerland, 15-16 September 2014 19

20 Session 4 conclusions Summary 3/3 Role of ICT and sector regulators: Mr. Alsamhan presented “ICT Regulator Role on National Security and Critical Infrastructure Protection”, with Saudi Arabia experiences on CIP, national CERT deployment, and security enforcement measures, and Mr. Guimaraes presented “Critical telecommunication infrastructure protection in Brazil” with insights on legislation, methodologies and an information system under development (SIEC). These perspectives were further developed during the final discussion panel. Some aspects discussed in Session 4 could be interesting to ITU-T Qs 2/17, Q4/17, 6/17, 7/17 and 11/17. In particular, ITU-D Q3/2 was highly interested on Mr. Koyabe’s presentation. Geneva, Switzerland, 15-16 September 2014 20

21 Session 5 summary(1/3) This session consists of 5 presentations: Cloud security standardization activities in ITU-T: Huirong Tian, China : presenting major deliverables and activities of ITU-T FG on cloud computing and various existing work by ITU-T SG17 as well as SG13, especially for approved Recommendation ITU-T X.1601, security framework for cloud computing. ITU-T SG17 Identity management (IdM) Progress Report : Abbie Barbir, ITU-T Q10/17 Rapporteur : presenting mission and major coordinated activities of ITU-T SG17 Question 10 with other SDOs as well as current state, drivers for the future direction, need for better identity assurance and trust framework, future focus in the identity management area. X.509 in a changing world: Erik Andersen, Denmark : presenting ITU-T X.509, definition and role of PKI, changing environment for use of PKI such as cloud, mobile, M2M, and smart grid, future of Recommendation ITU-T X.509. Geneva, Switzerland, 15-16 September 2014 21

22 Session 5 summary(2/3) National ID management system in Korea: Daeseon Choi, Electronics and Telecommunications Research Institute, Authentication Research Section /Leader : presenting national initiative on identity management system, including issues around national identifier, online and offline identity proofing, various authentication technologies such as PKI, SSO and attribute sharing, and future direction of Korean IDM. Introduction to ISO 29003 - Identity Proofing: Patrick Curry, British Business Federation Authority (& SC27 WG5) Presenting ISO/IEC 29003 Identity Proofing such as a need and definition for identity proofing, key players around identity proofing, changing factors that needs to be considered, and role of international standard. Geneva, Switzerland, 15-16 September 2014 22

23 Session 5 summary(3/3) The session has a roundtable discussion: 6 panelist including five speakers and Frederic Gittler from Cloud Security Alliance are invited to the roundtable discussion which is devoted to identify potential future topic which SG 17 needs to consider, especially to answer the following questions. What are current major activities that other (standard) organizations are carrying out, which ITU-T SG17 needs to consider? What is your view about the gap of current standard activities of ITU-T SG17 in these areas? What is your perspectives about the future direction for ITU-T SG17 standardization activities in the areas of cloud and identity management, considering the future ICT environments, such as one supporting super-highly connected society? Geneva, Switzerland, 15-16 September 2014 23

24 Session 5 conclusions Major findings and future directions Suggested topics for future study in the cloud security area: trust models, security controls, best practices, etc. Topics carried out by CSA for SG17: Cloud security and privacy Virtualization security Governance and assurance Incident management and digital forensics, etc. Three key success factors for coordination between SOOs provided by CSA in the cloud security: Avoiding duplication/coordination, Having certification with maturity models, Ease of use and accessibility. Suggested topics for future study in the identity management area: Business and Privacy Guidelines, Interoperable Products & Services, Identity Assurance Framework & Assessors for better Identity assurance and trust frameworks Geneva, Switzerland, 15-16 September 2014 24

25 Session 5 conclusions Major findings and future directions There is a need for: updating Rec. ITU-T X.509, considering new factors and meeting new requirements in the new ICT environment such as smart grid. developing guideline/implementation guides for PKI deployment for developing countries by SG 17 and investigating national level initiatives on PKI deployment and usage, online and offline or combined identity proofing and various authentication methods as best practices for use or deployment by the developing countries. the International Standard to address the in-person proofing, which is very fundamental process for the secure e-ID system and developing it by SC27 WG 5, possibly in cooperation with ITU-T SG17. Geneva, Switzerland, 15-16 September 2014 25

26 Session 6 Security Standardization Challenges Objectives To better understand the role of ICT security standardization A set of short presentations that highlight ICT security standardization efforts in 8 international and regional bodies To explore ICT security standardization challenges An open roundtable discussion on challenges including collaboration and meeting user needs, especially those from developing countries Geneva, Switzerland, 15-16 September 2014 26

27 Session 6 Presentations International Organization for Standardization (ISO) Walter Fumy, ISO/IEC JTC 1/SC27 chairman Overview of security work in ISO; new ISO TC 292, Security; work of SC27 Internet Engineering Task Force (IETF) Kathleen Moriarty, Security Area director IETF security working groups, emerging work areas, fellowships, policy programme Geneva, Switzerland, 15-16 September 2014 27

28 Session 6 Presentations European Telecommunications Standards Institute (ETSI) Charles Brookson, ETSI TC CYBER chairman Work of TC CYBER, cyber security coordination group recommendations, ETSI security activities Cloud Security Alliance (CSA) Frederic Gittler, HP Cloud computing and mobility as a unique opportunity for developing countries Geneva, Switzerland, 15-16 September 2014 28

29 Session 6 Presentations FIRST (an international confederation of trusted computer incident response teams) Damir Rajnovic, member of board of directors Common issues when trying to implement international standards in a national environment Organization for the Advancement of structured information standards (OASIS) Carol Cosgrove-Sacks, senior advisor Securing the digital frontier – the need for robust cyber security standards Geneva, Switzerland, 15-16 September 2014 29

30 Session 6 Presentations Regional Asia Information Security Exchange Forum (RAISE Forum) Koji Nakao, co-chairman Challenges, objectives, current focus, projects International Telecommunications Union – Telecommunications Standardization Sector (ITU-T) Arkadiy Kremer, Study Group 17 chairman Strategic goals of ITU-T; SG17’s efforts in security standardization, supporting developing countries, and cooperation with other bodies Geneva, Switzerland, 15-16 September 2014 30

31 Session 6 Roundtable What do you see as the key challenges for ICT security standardization? What do you see as the benefits and challenges of cooperation and collaboration among standards setting organizations? How do you ensure standards you develop will meet the needs of users, especially those in developing countries? What is the SDO’s role in implementation of standards? Geneva, Switzerland, 15-16 September 2014 31

32 Session 6 Roundtable Results Reinforced continuing need for collaboration Establish collaboration with ETSI TC Cyber Revisit/update security standards roadmap Need for constant feedback into standardization process Bridge gap between technology and users (e.g., password problem) – make standards simple to use Geneva, Switzerland, 15-16 September 2014 32

33 Session 6 Roundtable Results Need ramp-up documents to support complex standards Employ innovative arrangements that facilitate new participants Essential to encourage/facilitate organizations in developing countries to be engaged in standards development Essential to encourage/facilitate developing countries to take the best of standards/best practices, as ICT security standards are essential to all Geneva, Switzerland, 15-16 September 2014 33

34 Provisional follow-up actions in response to key conclusions Geneva, Switzerland, 15-16 September 2014 34

35 Promote cooperation and collaboration essential to combating cybersecurity challenges (e.g. CIRTs), and recognize existing work of other SDOs Promote common policies and enforcement mechanisms recognizing the trans-border nature of cyber attacks Promote Mutual Recognition Agreements and conformance and interoperability (C&I) testing Encourage developing countries to provide their requirements to international standardization work Fast-track successful standards from other standards bodies through the ITU-T approval process to give them international status Geneva, Switzerland, 15-16 September 2014 35

36 Organise a dedicated meeting to address financial inclusion security issues Consider New ITU-T work item on Big Data security Investigate Critical Information Infrastructure Protection (CIIP) and Critical Information Protection (CIP) Evolution of ITU-T X.509:  Establish educational capacity-building project on X.509 certificates and the broader public-key infrastructure (PKI)  Ensure that the final product of X.509rev is future-proofed for the evolving scenarios and sectors of application  Liaise closely with other SDOs in particular IETF Geneva, Switzerland, 15-16 September 2014 36

37 Consider new joint ITU-UPU project: Secure e-mail, active monitoring, PostID, federated identity ecosystem, trust frameworks, two-factor authentication, secure cloud services, and joint standardization of UPU S64 postal identity management ITU-T Study Group 17 to consider the outputs and conclusions of each session Other ITU-T study groups and ITU-D Study Group 2 to be informed of the Workshop outputs and conclusions ITU-T and ITU-D to increase collaboration on capacity building on security standards Geneva, Switzerland, 15-16 September 2014 37

Download ppt "Geneva, Switzerland, 15-16 September 2014 Session Chairmen’s Reports ITU Workshop on “ICT Security Standardization for Developing Countries” Geneva, Switzerland,"

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Geneva, Switzerland, 15-16 September 2014 Introduction of ISO/IEC 29003 Identity Proofing Patrick Curry Director, British Business Federation Authority.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.
National Cybersecurity Management System

National Cybersecurity Management System
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.

DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Focus Group on Cloud Computing Olivier Colas, ITU-T FGCC Vice-Chairman Document No: GSC16-PLEN-45.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Focus Group on Cloud Computing Olivier Colas, ITU-T FGCC Vice-Chairman Document No: GSC16-PLEN-45.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,

Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,
DOCUMENT #:GSC15-CL-04 FOR:Presentation SOURCE:CCSA AGENDA ITEM:Closing Plenary, 2.3 GTSC-8 Summary Report Duo Liu GTSC-8.

DOCUMENT #:GSC15-CL-04 FOR:Presentation SOURCE:CCSA AGENDA ITEM:Closing Plenary, 2.3 GTSC-8 Summary Report Duo Liu GTSC-8.
DOCUMENT #:GSC15-PLEN-53 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.11 CONTACT(S):Emmanuel Darmois, Board Member Marylin Arndt, TC M2M chair Smart.

DOCUMENT #:GSC15-PLEN-53 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.11 CONTACT(S):Emmanuel Darmois, Board Member Marylin Arndt, TC M2M chair Smart.
INTOSAI Public Debt Working Group Updating of the Strategic Plan 2011-2016 Richard Domingue Office of the Auditor General of Canada June 14, 2010.

INTOSAI Public Debt Working Group Updating of the Strategic Plan Richard Domingue Office of the Auditor General of Canada June 14, 2010.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Similar presentations

Ads by Google