forum on next generation network standardization colombo, sri lanka, 7-10 april 2009 forum on next...
TRANSCRIPT
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Paolo Rosa Head, Workshops and Promotion Division Workshops and Promotion DivisionTelecommunication Telecommunication Standardization Standardization BureauBureau
ITU Global Cybesercurity Agenda and ITU-T SG17 activities on
Cybersecurity
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU Cybersecurity activities
ITU Cybersecurity GatewayInformation resource on Cybersecurity
ITU Global Cybersecurity AgendaFramework for international cooperation in Cybersecurity
WSIS Action Line C.5Building Confidence and security in the use of ICTs http://www.itu.int/wsis/c5/index.html
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Strategic direction
WSIS Action Line C5, Building confidence and security in use of ICTs
A fundamental role of ITU, following the World Summit on the Information Society (WSIS) and the 2006 ITU Plenipotentiary Conference is to build confidence and security in the use of ICTs. At the WSIS, world leaders and governments designated ITU to facilitate the implementation of WSIS Action Line C5, “Building confidence and security in the use of ICTs”. In this capacity, ITU is seeking consensus on a framework for international cooperation in cybersecurity to reach a common understanding of cybersecurity threats among countries at all stages of economic development.
Cybersecurity – one of the top priorities of the ITU
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Plenipotentiary Resolution 130 (2006), Strengthening the role of ITU in building confidence and security in the use of information and communication technologies – Instructs Director of TSB to intensify work in study groups, address threats & vulnerabilities, collaborate, and share information
Plenipotentiary Resolution 149 (2006), Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies - Instructs Council to study terminology
Strategic direction II
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Strategic Direction III WTSA-08 Resolution 50, Cybersecurity – Instructs Director of TSB to
develop a plan to undertake evaluations of ITU-T “existing and evolving Recommendations, and especially signalling and communications protocol Recommendations with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment”
WTSA-08 Resolution 52, Countering and combating spam – Instructs relevant study groups “to develop, as a matter of urgency, technical Recommendations, including required definitions, on countering spam”
WTSA-08 Resolution 58, Encourage the creation of national Computer Incident Response Teams, particularly for developing countries – instructs the Director of TSB, in collaboration with the Director of BDT “to identify best practices to establish CIRTs; to identify where CIRTs are needed; to collaborate with international experts and bodies to establish national CIRTs; to provide support, as appropriate, within existing budgetary resources; to facilitate collaboration between national CIRTs, such as capacity building and exchange of information, within an appropriate framework”
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Cybersecurity & Cyberspace
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Draft new ITU-T Rec.X1205Overview of Cybersecurity
• Cybersecurity: collection of tools, policies, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyberspace against relevant security risks such as unauthorized access, modification, theft, disruption, or other threats
• Cyberspace: the cyber environment including software, connected computing devices, computing users, applications/services, communications systems, multimedia communication, and the totality of transmitted and/or stored information connected directly or indirectly to the Internet. It includes hosting infrastructures and isolated devices
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Changing nature of cyberspace
Source: Presentation materials at ITU workshop on “Ubiquitous Network Societies”, April 2005.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Threats in cyberspaceInherited architecture of the Internet was not designed to optimize security
• Constant evolution of the nature of cyberthreats• Low entry barriers and increasing sophistication of cybercrime• Constant evolution in protocols and algorithms• Loopholes in current legal frameworks• Introduction of Next-Generation Networks (NGN)• Convergence among ICT services and networks• Network effects – risks far greater• Possibility of anonymity on the Internet• Absence of appropriate organizational structures• Internationalization requires cross-border cooperation• Vulnerabilities of software applications
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Attackers, hackers and intruders(generally users cannot be trusted)
• Taxonomy of security threats– Unauthorized illegal access: insufficient security measures
autent./author/unprotected passwords…– IP spoofing: assume a trusted host identity, disable host, assume attacker’s
identity, access to IP addresses)– Network sniffers: read source and destination addressess, passwords,data…– Denial of Service (DoS): connectivity, network elements or applications
availability– Bucket brigade attacks: messages interception/modificat.– Back door traps: placed by system developers / employees /operating
system/created by virus – Masquerading: accessto the network as false legitimate personnel– Reply attacks: read authentication information from messages– Modification of messages without detection– Insider attacks: legitimate users behave in unauthorized way, needed
perdiodical auditing actions, screening of personnel, hardware and software
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Challenges: Policy• Lack of relevant cybercrime and anti-spam legislation
– Establish where none• Base “model law” needed (which is separate ITU initiative)
– Modify existing cybercrime/spam laws where needed to reflect botnet-related crime
• Capacity building for regulators, police, judiciary– Training existing officials may be supplemented by co-opting or active recruitment of
technical experts
• Weak international cooperation and outreach– Participation in local, regional and international initiatives– Engagement of relevant government, regulators, law enforcement with peers and
other stakeholders around globe– Targeted outreach to countries and stakeholders known to be particularly vulnerable
to cybercrime
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
The Global Cybersecurity Agenda (GCA)
17 May 2007, International Herald Tribune
9 July 2007UN Secretary-General Historic visit to ITU
GCA a ITU framework for in
ternational
cooperation aimed at proposing
strategies for solutions to enhance
confidence and security in the use of
ICTs, built on existing national and
regional initia
tives, avoiding duplication
and encouraging e collaboration
Launched in May 2007 by the ITU’s Secretary-General, Dr. Hamadoun Touré on World Telecommunication and Information Society Day
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
• The Global Cybersecurity Agenda (GCA) was created as ITU’s response
to its role as sole
Facilitator for WSIS Action Line C5• GCA is a framework for international multi-stakeholder cooperation in
cybersecurity • GCA brought together a group of world renowned experts in the field of
cybersecurity
and formed the High Level Experts Group (HLEG) which developed a
global strategic
report available at:
http://www.itu.int/osg/csd/cybersecurity/gca/global_strategic_report/
index.html • GCA is working together with its partners to develop harmonized global
strategies
Leveraging expertise for international consensus
On a Global level, from government, international organizations to industry
For a Harmonized approach to build synergies between initiatives
Through Comprehensive strategies on all levels in 5 work areas:
Global Cybersecurity AgendaGlobal Cybersecurity AgendaFramework for International Cooperation in Framework for International Cooperation in
CybersecurityCybersecurity
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU’s Global Cybersecurity Agenda Global Strategic Report
• Legal Measures• International investigations: depending
on reliable means of cooperation and effective harmonization of laws
• Technical and Procedural Measures • Organizational Structures• Capacity Building• International Cooperation
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Curbing Cyberthreats: IMPACTPartnership with the International MultilateralPartnership Against Cyber-Threats (IMPACT)
Child Online Protection: COPThe Child Online Protection (COP) initiative in partnership with organizations from around the world
Current GCA Current GCA Projects Projects
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU-IMPACT CollaborationITU-IMPACT Collaboration
PARTNERS
Global Response Centre (GRC) Threat information aggregation and dissemination expert collaboration
Training & Skill Development Security skills training for Member States
Security Assurance & Research International benchmarks for Member States Collaborative research on cyber-threats.
Centre for Policy and International Co-operation Advisory services on cybersecurity policy and regulations for Member States
IMPACT is the physical home for the GCA, providing expertise and facilities for all ITU Member States to address global cyber-threats
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
An unique initiative bringing together partners from all sectors of the international community with the aim of creating a safe online experience for children everywhere.
Key Objectives
•Identify the main risks and vulnerabilities to children in cyberspace
•Create awareness of the risks and issues through multiple channels
•Develop practical tools to help governments, organizations and educators minimize risk
•Share knowledge and experience while facilitating international strategic partnerships to define and implement concrete initiatives
Child Online Protection Child Online Protection (COP)(COP)Internet Governance ForumInternet Governance ForumAction for Global CybersecurityAction for Global Cybersecurity
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
The High Level Segment (Council)
• Held on the opening of the ITU council meetings• Participation of Ministers• Questions addressed:
– Greatest cyberthreats faced worldwide– Key elements to formulate national strategies and to
prevent cybercrime– Role of governments in promoting a cibersecurity culture– Highest priority activities to address current and emerging
cyberthreats
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17: SecurityResponsible for studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open
system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to
the software aspects of telecommunication systems.• Study Group 17 is the lead study group in the ITU-T for security –
responsible for:– Coordination of security work– Development of core Recommendations
• Most of the other study groups have responsibilities for standardizing security aspects specific to their technologies, e.g.,– SG 2 for TMN security– SG 9 for IPCablecom security– SG 13 for NGN security– SG 16 for Multimedia security
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ICT security standards roadmap
• Part 1 contains information about organizations working on ICT security standards
• Part 2 is database of existing security standards and includes ITU-T, ISO/IEC JTC 1,IETF, IEEE, ATIS, ETSI and OASIS security standards
• Part 3 is a list of standards in development• Part 4 identifies future needs and proposed new
standards• Part 5 includes Security Best Practices
http://www.itu.int/ITU-T/studygroups/com17/ict/
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17 structure
21 of 37
Working Party 1: Network and information security
• Q 1 Telecommunications systems security project
• Q 2 Security architecture and framework
• Q 3 Telecommunications information security management
• Q 4 Cybersecurity
• Q 5 Countering spam by technical means
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17 structure (cont.)
22 of 37
Working Party 2: Application security
• Q 6 Security aspects of ubiquitous telecommunication services
• Q 7 Secure application services
• Q 8 Telebiometrics
• Q 9 Service oriented architecture security
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17 structure (cont.)
23 of 37
Working party 3: Identity management and languages
• Q 10 Identity management architecture and mechanisms
• Q 11 Directory services, Directory systems, and public-key/attribute certificates
• Q 12 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration
• Q 13 Formal languages and telecommunication software
• Q 14 Testing languages, methodologies and framework
• Q 15 Open Systems Interconnection (OSI)
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Core Security Recommendations
24 of 37
Strong ramp-up on developing core security Recommendations in SG 17
• 14 approved in 2007• 27 approved in 2008• 56 under development for approval this study period
Subjects include: Architecture and Frameworks Web services Directory Identity management Risk management Cybersecurity Incident management Mobile security Countering spam Security management Secure applications Telebiometrics Ubiquitous Telecommunication services SOA security
Ramping up on: Traceback Ubiquitous sensor networks
Collaboration with others on many items
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Challenges
25 of 37
Addressing security to enhance trust and confidence of users in networks, applications and services
Balance between centralized and distributed efforts on developing security standards
Legal and regulatory aspects of cybersecurity, spam, identity/privacy
Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning
Uniform language for security terms and definitions Effective cooperation and collaboration across the many bodies
doing cybersecurity work – within the ITU and with external organizations
Keeping ICT security database up-to-date
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
26 of 37
Security coordination ISO/IEC/ITU-T Strategic Advisory Group Security– Oversees standardization activities in ISO, IEC and ITU-T relevant to security;
provides advice and guidance relative to coordination of security work; and, in particular, identifies areas where new standardization initiatives may be warranted.
• Portal established• Workshops conducted Global Standards Collaboration– ITU and participating standards organizations exchange information on the progress
of standards development in the different regions and collaborate in planning future standards development to gain synergy and to reduce duplication. GSC- 13 resolutions concerning security include:
GSC-13/11 – Cybersecurity GSC-13/04 – Identity Management GSC-13/03 – Network aspects of identification systems GSC-13/25 – Personally Identifiable Information Protection
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
SG 17 Security Project 1/3 (Major focus is on coordination and outreach)
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Security coordination (cont.)
27 of 37
Cybersecurity Rapporteur group adopted a focussed action plan including outreach and collaboration with other organizations addressing cybersecurity and infrastructure protection.
Basic needs: to identify and effecting lines of communication among all these organizations.
Address the needs of countries with lack in resources and part of the global network cybersecurity and vulnerability mosaic.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
SG 17 Security Project 2/3(Major focus is on coordination and outreach)
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Security Compendium– Includes catalogs of approved security-related
Recommendations and security definitions extracted from approved Recommendations
Security Standards Roadmap– Includes searchable database of approved ICT
security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS)
ITU-T Security Manual – Assisted in its development
SG 17 Security Project 4/4
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Security standardization strategy
29 of 37
1. Assure the continued relevance of security standards by keeping them current with rapidly-developing telecommunications technologies and operators’ trends.(in e-commerce, e-payments, e-banking, telemedicine, fraud-monitoring, fraud-management, fraud identification, digital identity infrastructure creation, billing systems, IPTV, Video-on-demand, grid network computing, ubiquitous networks, etc.). 2. Give attention to the issue of trust between network providers and communication infrastructure vendors, in particular, in terms of communication hardware and software security.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Identity Management Overall objectives
30 of 37
1. a security enabler by providing trust in the identity of both parties to an e-transaction
1. a very important capability for significantly improving security and trust
3. provides Network Operators an opportunity to increase revenues by offering advanced identity-based services
4. ITU-T’s IdM work on global trust and interoperability of diverse IdM capabilities in telecommunications focused on leveraging and bridging existing solution
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Recommendations in progress
31 of 37
First IdM Recommendations for ITU-T SG 17:
• X.1250, Capabilities for global identity management trust and interoperability
• X.1251, A framework for user control of digital identity
And one Supplement approved:
• Supplement to X.1250-series, Overview of IdM in the context of cybersecurity
Many additional IdM Recommendations are under development (specially IdM terms and definitions)
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Survey of developing countries ICT security needs
• Questionnaire initiated May 2008• Key Results
– The overall level of concern about cyber security is high
– There is a high level of interest in the possibility of obtaining advice and/or assistance on ICT security from the ITU
– The ITU needs to do better in promoting its ICT security products
• Details of analysis at:http://www.itu.int/dms_pub/itu-t/oth/0A/0D/T0A0D0000180001PDFE.pdf
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Challenges
With global cyberspace, what are the security priorities for the ITU with its government / private sector partnership? Balance between centralized and distributed efforts on developing security standards Legal and regulatory aspects of cybersecurity, spam, identity/privacy Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning Uniform definitions of cybersecurity terms and definitions Effective cooperation and collaboration across the many bodies doing cybersecurity work – within the ITU and with external organizations Keeping ICT security database up-to-date
There is no “silver bullet” for cybersecurity
Addressing security to enhance trust and confidence of users in networks, applications and services
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Some useful web resources• ITU Global Cybersecurity Agenda (GCA)
http://www.itu.int/osg/csd/cybersecurity/gca/• ITU-T Home page http://www.itu.int/ITU-T/• Study Group 17 http://www.itu.int/ITU-T/studygroups/com17/index.asp e-mail: [email protected]• LSG on Security http://www.itu.int/ITU-T/studygroups/com17/tel-security.html• Security Roadmap http://www.itu.int/ITU-T/studygroups/com17/ict/index.html• Security Manual http://www.itu.int/publ/T-HDB-SEC.03-2006/en• Cybersecurity Portal http://www.itu.int/cybersecurity/• Cybersecurity Gateway http://www.itu.int/cybersecurity/gateway/index.html• ITU-T Recommendations http://www.itu.int/ITU-T/publications/recs.html• ITU-T Lighthouse http://www.itu.int/ITU-T/lighthouse/index.phtml• ITU-T Workshops http://www.itu.int/ITU-T/worksem/index.html
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Thank you!
Paolo Rosa [email protected]
35 of 37Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ADDITIONAL SLIDES
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU GCA main goalsElaboration of strategies to:
– develop a model cybercrime legislation globally applicable, interoperable with existing national / regional legislative measures
– create national and regional organizational structures and policies on cybercrime
– establish globally accepted minimum security criteria and accreditation schemes for software applications and systems
– create a global framework for watch, warning and incident response to ensure cross-border coordination of initiatives
– create and endorse a generic and universal digital identity system and the necessary organizational structures to ensure the recognition of digital credentials for individuals across geographical boundaries
– develop a global strategy to facilitate human and institutional capacity-building to enhance knowledge and know-how across sectors and in all the above-mentioned areas
– advice on potential framework for a global multi-stakeholder strategy for international cooperation, dialogue and coordination in all the above-mentioned areas.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
InitiativesITU’s Global Cybersecurity Agenda housed in new centre in Malaysia
The International Multilateral Partnership Against Cyber Threats (IMPACT) headquarters in Cyberjaya (Kuala Lumpur) to focus on strengthening network security 20 March 2009
ITU’s Telecommunication Development Bureau (BDT) will facilitate the deployment of IMPACT services, such as the Global Response Centre, which aims at providing state-of-the-art cybersecurity capabilities for ITU Member States to strengthen network security worldwide.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17 structure
39 of 37
Recommendations under development in WP1
Guidelines on security of the individual information service for operators Architecture of external interrelations for a telecommunication network security system Information security governance framework Information security management framework for telecommunications Requirement of security information sharing framework Abnormal traffic detection and control guideline for telecommunication network Frameworks for botnet detection and response Digital evidence exchange file format Guideline on preventing malicious code spreading in a data communication network Mechanism and procedure for distributing policies for network security Framework for countering cyber attacks in SIP-based services Traceback use cases and capabilities Framework for countering IP multimedia spam Functions and interfaces for countering email spam sent by botnet Technical means for countering spam Interactive countering spam gateway system Technical means for countering VoIP spam
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
40 of 37
Functional requirements and mechanisms for secure transcodable scheme of IPTV Key management framework for secure IPTV services Algorithm selection scheme for SCP descrambling SCP interoperability scheme Security requirement and framework for multicast communication Security aspects of mobile multi-homed communications Security framework for ubiquitous sensor network USN middleware security guidelines Secure routing mechanisms for wireless sensor network SAML 2.0 XACML 2.0 Security requirements and mechanisms of peer-to-peer-based telecommunication network Management framework for one time password based authentication service Security framework for enhanced web based telecommunication services Telebiometrics issues
ITU-T SG 17 structure Recommendations under development in WP2
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17 structure
41 of 37
Baseline capabilities for enhanced global identity management trust and interoperability A framework for user control of digital identity Entity authentication assurance Extended validation certificate Common identity data model Framework architecture for interoperable identity management systems IdM terms and definitions Security guidelines for identity management systems Criteria for assessing the level of protection for personally identifiable information in identity management Guideline on protection for personally identifiable information in RFID applications Object identifier resolution system UML profile for ASN.1 Information technology reference model issues: SDL issues Message sequence chart (MSC) issues User requirements notation (URN) issues Testing and test control notation issues
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Recommendations under development in WP3
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Business use of telecommunications/ICT top security standards
42 of 37
The report will consist of summary sheets for analysed top security standards Status and summary of standards Who does the standard affect? Business benefits Technologies involved Technical implications
ITU-T SG 17 seeks comment on the work activity from the ITU-D and other standards development organizations. Specifically, your views on the following would be appreciated: Do you agree that this work activity would be useful to organizations and/or DC/CETs
planning to deploy telecommunications/ICT security systems? Does your organization have existing information that may be related to this work
activity or that may be used to progress this work? Does your organization have contact with DC/CETs that may further elaborate on their
needs and detail the information they may find most useful to capture in the activity output?
Does your organization have any suggestions to provide additional detail regarding the proposed summary sheet elements or criteria to select standards?
Would your organization be willing to assist the ITU-T SG 17 in progressing this work? ITU-T SG 17 welcomes your consideration and your response on this matter.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
The High Level Segment: HLEG
• Held on the opening of the ITU council meetings• Participation of Ministers• Questions addressed:
– Greatest cyberthreats faced worldwide– Key elements to formulate national strategies and to
prevent cybercrime– Role of governments in promoting a cibersecurity culture– Highest priority activities to address current and emerging
cyberthreats
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity II Managing cyberthreats through harmonized policies and organizational structures Objective: to examine how cyberthreats can be detected and managed effectively through harmonized policies and improved organization structures. The absence of effective institutions to deal with cyber-attacks is a major issue. Some countries have established specific agencies with watch, warning and incident response capabilities. Other countries prefer to promote capacity to deal with cyber-incidents within existing law enforcement agencies. What lessons can be learned from the experience of different countries? And how can cooperation and the flow of information between national institutions be improved?
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
– Designed to provide Ministers and Councillors with an opportunity to exchange views on issues of strategic importance to the Union and on emerging trends in the sector. This year, speakers offered their perspectives on Climate Change and Cybersecurity.
– Inaugurated by two Heads of State, H.E. Mr Paul Kagame, President of Rwanda, and H.E. Mr Blaise Compaoré, President of Burkina Faso, as well as by United Nations Secretary-General Mr Ban Ki-moon via video message.
– Attended by some 400 participants, 21 Ministers, Ambassadors and heads of regulatory organizations and UN agencies.
High-Level Segment (HLS) of Council 2008Geneva, 12-13 November 2008
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity 1/2 Managing cyberthreats through harmonized policies and organizational structures Objective: to examine how cyberthreats can be detected and managed effectively through harmonized policies and improved organization structures.
Addressing the technical and legal challenges related to the borderless nature of cybercrime Objective: to consider how the technical and legal challenges associated with cybercrime can best be addressed.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity 2/2
Be Safe Online: A Call to Action Objective: What can be done and what should be done to protect our most valuable resource : our children?
ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity Objective: How the framework and expert proposals developed within the GCA can help countries promote cybersecurity.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity III Addressing the technical and legal challenges related to the borderless nature of cybercrime Objective: to consider how the technical and legal challenges associated with cybercrime can best be addressed. Threats to cybersecurity are global in nature. Cybercriminals can strike at will, exploiting technical vulnerabilities and legal loopholes through cross-border operations that show no respect for geographical boundaries or jurisdictional borders. This makes it difficult for any single national or regional legal framework to address cyberthreats effectively. What are the major challenges countries face in fighting cybercrime? How can countries deal with these challenges?
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity IV Be Safe Online: A Call to Action Objective: What can be done and what should be done to protect our most valuable resource – our children? The most vulnerable Internet users online are children. In industrialized countries, as many as 60% of children and teenagers use online chatrooms regularly, and evidence suggests that as many of three-quarters of these may be willing to share personal information in exchange for online goods and services. In some countries, as many as one in five children may be targeted by a predator or paedophile each year. These trends are increasingly true in many emerging and developing countries as well.
Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity V ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity Objective: How the framework and expert proposals developed within the GCA can help countries promote cybersecurity. There are many valuable national and regional initiatives underway to promote cybersecurity. However, the growing global cyberthreats need a global basis on which they can be addressed. On 17 May 2007, the ITU Secretary-General Dr. Hamadoun Touré launched the Global Cybersecurity Agenda (GCA) as a framework for international cooperation to promote cybersecurity and enhance confidence and security in the information society. The GCA seeks to encourage collaboration amongst all relevant partners in building confidence and security in the use of ICTs.