Global Standards Collaboration (GSC) 14
DOCUMENT #:
GSC14-GSC7-03
FOR:
Presentation
SOURCE:
ITU-T
AGENDA ITEM:
GTSC 4.2
CONTACT(S):
kremer@rans.ru
ITU-T Telecom Security Update
Arkadiy Kremer
ITU-T SG 17 Chairman
Geneva, 13-16 July 2009
Fostering worldwide interoperability
Telecom Security is an Essential Part
of IP-based Networks and Services
Integration of telecommunication and security
infrastructures is constantly increasing
Convergence of services where voice, data/video
and broadcasting are appearing on all types of
network platforms
Internet is a part of telecommunication
infrastructure
Next-generation business model for network
operators demands subscriber-centric data
consolidation
Fostering worldwide interoperability
2
Highlight of Current Activities
Terms and definitions alignment across members of GSC
Security Compendium includes catalogs of approved
security-related Recommendations and security definitions
extracted from approved Recommendations
Security Standards Roadmap includes searchable database
of approved ICT security standards from ITU-T and others
(e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS)
JCA-IdM (was discussed on PLEN 6.4)
JCA-CIT - a standard is the real standard if it is verified (more
in supplementary slides)
Business Use of Security Standards - a standard is the real
standard if it has the business-applications. ITU-T together with
the GSC members would like to provide a report which will
consist of summary sheets for analysed top security standards
(status and summary  who does the standard affect?  business
benefits  technologies involved  technical implications) (more
in supplementary slides)
Fostering worldwide interoperability
3
Highlight of Current Activities
Providing a Global Cybersecurity Information Exchange Framework
– X.cybief (more in supplementary slides)
Responsive to GSC-13/11, resolves 5:
promote global, consistent, and interoperable processes for
sharing incident-response related information
Large-scale effort to bring “best of breed” of security
information exchange standards into the ITU and facilitating
global interoperability and trust
for security state, vulnerabilities, incidents, threats
Facilitated by
a global security exchange identification scheme for
organizations, information identifiers, and policies
use of Extended Validation Certificates based on X.509
Providing for close working relationship with principal CIRT/CERT
organization (FIRST) and assisting developing countries to establish
CIRTs on a national basis (WTSA Res. 58)
Geneva, 13-16 July 2009
Fostering worldwide interoperability
4
Strategic Directions
Work on telecom security standardization convergence points
gaps:
Security architecture  SOA security
Network security  business infrastructure security
ICT security  information critical infrastructure security
Personal data protection  IdM
Security management  security collaboration
Security collaboration
No one organization can provide its own security without
interaction with others
Security collaboration contains measures, which pertain to the
readiness and ability of the organizations to interact with other
entities (including operators, users and law enforcement
authorities) to counter the threats
Need a framework for raising the understanding of what is
achievable
Geneva, 13-16 July 2009
Fostering worldwide interoperability
5
Strategic Directions
Essential to pessimistically evaluate threats in light of the
success we expect
Three great classes of threats:
Insider attacks
Social engineering
Organized crime’s monetization of malware and
fragility
Connecting systems is good. Sharing vulnerability is bad.
Systems must fundamentally distrust the systems with
which they interact
Minimal disclosure technology is fundamental in a
federated world.
“Need to know” Internet
Geneva, 13-16 July 2009
Fostering worldwide interoperability
6
Challenges
Keeping ahead of security needs
vulnerabilities
incidents
Getting isolated security communities to
cooperate effectively
Implementing needed identity management
platforms and trust models in the infrastructure
widespread deployment of "Extended validation
certificates" for organization/provider trust
that accommodate the diversity of parties and assurance
levels/requirements
Making security “measurable”
Geneva, 13-16 July 2009
Fostering worldwide interoperability
7
Next Steps/Actions
Proceed with the development and adoption of
the Global Cybersecurity Information Exchange
Framework
Adopt X.evcert – an Extended Validation
Certificate Framework
Get an OID identifier arc assigned for identifying
organizations, information, and policies
Work with existing and emerging new security
organizations to facilitate development and use of
a common exchange framework
Geneva, 13-16 July 2009
Fostering worldwide interoperability
8
Proposed Modification Resolution
on Cybersecurity
Modify the Cybersecurity resolution “recognizing”
section by adding a new paragraph:
Achieving most of the above requirements is highly
dependent on a global framework for the trusted
structured exchange of information concerning the
cybersecurity state of devices/systems, vulnerabilities,
incidents, and heuristics among the operators, vendors,
security organizations and agencies
Modify the Cybersecurity resolution resolves 5 section
by changing to
promote trusted global, structured, interoperable, and
measurable processes for sharing cybersecurity state,
vulnerability, and incident-response related information
through a global framework
Geneva, 13-16 July 2009
Fostering worldwide interoperability
9
Supplementary Slides
Geneva, 13-16 July 2009
Fostering worldwide interoperability
10
JCA-CIT
A standard is the real standard if it is verified
The main objectives of the JCA-CIT are to coordinate:
The collection of and making available information about testing
activities and testing methodologies
Provision of feedback on collected information as appropriate
Development of a common understanding of Conformance vs.
Interoperability testing
Development of the requirements placed on writing Recommendations
to accommodate testing
Provision of technical assistance to Rapporteurs and editors writing
Recommendations for testing and test specification
Provision of input towards the evolution of Recommendations that
define testing methodology
Dissemination of information about testing across other SDOs
Preparation of material for tutorials, workshops, conferences and
make presentation if appropriate
Promotion of the use of a common terminology and methodology of
testing
Finding working methods to co-ordinate activities and improve sharing
of results
Fostering worldwide interoperability
11
Business Use of Security Standards
A standard is the real standard if it has the business-applications.
ITU-T together with the GSC members would like to provide a report
which will consist of summary sheets for analysed top security
standards (status and summary  who does the standard affect? 
business benefits  technologies involved  technical implications)
Your comments and views on the following would be appreciated:
Do you agree that this work activity would be useful to organizations
and/or DC/CETs planning to deploy telecommunications/ICT security
systems?
Does your organization have existing information that may be related
to this work activity or that may be used to progress this work?
Does your organization have contact with DC/CETs that may further
elaborate on their needs and detail the information they may find
most useful to capture in the activity output?
Does your organization have any suggestions to provide additional
detail regarding the proposed summary sheet elements or criteria to
select standards?
Would your organization be willing to assist the ITU-T in progressing
this work?
Fostering worldwide interoperability
12
Global Cybersecurity Information
Exchange Framework
Purposes
Enable global capabilities for the structured
exchange of cybersecurity information by
identifying and incorporating existing “best of breed”
platform standards
as necessary, making the existing standards more global
and interoperable
Move beyond guidelines and facilitate the scaling
and broad implementation of core capabilities
already developed within cybersecurity
communities
Fostering worldwide interoperability
13
Global Cybersecurity Information
Exchange Framework
Cybersecurity information: structured information or
knowledge concerning
1.The “state” of equipment, software or network based
systems as related to cybersecurity, especially vulnerabilities
2.Forensics related to incidents or events
3.Heuristics and signatures gained from experienced events
4.Parties who implement cybersecurity information exchange
capabilities within the scope of this framework
5.Specifications for the exchange of cybersecurity
information, including modules, schemas, and assigned
numbers
6.The identities and trust attributes of all of the above
7.Implementation requirements, guidelines and practices
Fostering worldwide interoperability
14
Global Cybersecurity Information Exchange
Framework
Cybersecurity
Entities
Cybersecurity
Information
acquisition
(out of scope*)
Cybersecurity
Entities
 Structured information
 Identification &
discovery of
cybersecurity
information and entities
 Trusted exchange
Cybersecurity
Information
use
(out of scope*)
*Some specialized cybersecurity exchange implementations
may require application specific frameworks specifying
acquisition and use capabilities
Fostering worldwide interoperability
15
Global Cybersecurity Information Exchange
Framework – Capabilities and Context
The Framework enables exchange
capabilities for the entire Cyber
Security Ecosystem, by providing for
the dashed information exchanges
Fostering worldwide interoperability
16
Framework Capabilities Outline
Cybersecurity structured information
Identify existing standards
Bring some of them into ITU-T as X-series standards
and supplement as needed for global interoperability
Cybersecurity identification and discovery
Identify existing standards
Bring some of them into ITU-T as X-series standards
and supplement as needed for global interoperability
Cybersecurity trusted acquisition and exchange
Identify existing standards
Bring some of them into ITU-T as X-series standards
and supplement as needed for interoperability
Fostering worldwide interoperability
17