forum on next generation network standardization colombo, sri lanka, 7-10 april 2009 forum on next...

Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009


Paolo Rosa Head, Workshops and Promotion Division Workshops and Promotion DivisionTelecommunication Telecommunication Standardization Standardization BureauBureau

ITU Global Cybesercurity Agenda and ITU-T SG17 activities on

Cybersecurity


ITU Cybersecurity activities

ITU Cybersecurity GatewayInformation resource on Cybersecurity

ITU Global Cybersecurity AgendaFramework for international cooperation in Cybersecurity

WSIS Action Line C.5Building Confidence and security in the use of ICTs http://www.itu.int/wsis/c5/index.html


Strategic direction

WSIS Action Line C5, Building confidence and security in use of ICTs

A fundamental role of ITU, following the World Summit on the Information Society (WSIS) and the 2006 ITU Plenipotentiary Conference is to build confidence and security in the use of ICTs. At the WSIS, world leaders and governments designated ITU to facilitate the implementation of WSIS Action Line C5, “Building confidence and security in the use of ICTs”. In this capacity, ITU is seeking consensus on a framework for international cooperation in cybersecurity to reach a common understanding of cybersecurity threats among countries at all stages of economic development.

Cybersecurity – one of the top priorities of the ITU


Plenipotentiary Resolution 130 (2006), Strengthening the role of ITU in building confidence and security in the use of information and communication technologies – Instructs Director of TSB to intensify work in study groups, address threats & vulnerabilities, collaborate, and share information

Plenipotentiary Resolution 149 (2006), Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies - Instructs Council to study terminology

Strategic direction II


Strategic Direction III WTSA-08 Resolution 50, Cybersecurity – Instructs Director of TSB to

develop a plan to undertake evaluations of ITU-T “existing and evolving Recommendations, and especially signalling and communications protocol Recommendations with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment”

WTSA-08 Resolution 52, Countering and combating spam – Instructs relevant study groups “to develop, as a matter of urgency, technical Recommendations, including required definitions, on countering spam”

WTSA-08 Resolution 58, Encourage the creation of national Computer Incident Response Teams, particularly for developing countries – instructs the Director of TSB, in collaboration with the Director of BDT “to identify best practices to establish CIRTs; to identify where CIRTs are needed; to collaborate with international experts and bodies to establish national CIRTs; to provide support, as appropriate, within existing budgetary resources; to facilitate collaboration between national CIRTs, such as capacity building and exchange of information, within an appropriate framework”


Cybersecurity & Cyberspace


Draft new ITU-T Rec.X1205Overview of Cybersecurity

• Cybersecurity: collection of tools, policies, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyberspace against relevant security risks such as unauthorized access, modification, theft, disruption, or other threats

• Cyberspace: the cyber environment including software, connected computing devices, computing users, applications/services, communications systems, multimedia communication, and the totality of transmitted and/or stored information connected directly or indirectly to the Internet. It includes hosting infrastructures and isolated devices


Changing nature of cyberspace

Source: Presentation materials at ITU workshop on “Ubiquitous Network Societies”, April 2005.


Threats in cyberspaceInherited architecture of the Internet was not designed to optimize security

• Constant evolution of the nature of cyberthreats• Low entry barriers and increasing sophistication of cybercrime• Constant evolution in protocols and algorithms• Loopholes in current legal frameworks• Introduction of Next-Generation Networks (NGN)• Convergence among ICT services and networks• Network effects – risks far greater• Possibility of anonymity on the Internet• Absence of appropriate organizational structures• Internationalization requires cross-border cooperation• Vulnerabilities of software applications


Attackers, hackers and intruders(generally users cannot be trusted)

• Taxonomy of security threats– Unauthorized illegal access: insufficient security measures

autent./author/unprotected passwords…– IP spoofing: assume a trusted host identity, disable host, assume attacker’s

identity, access to IP addresses)– Network sniffers: read source and destination addressess, passwords,data…– Denial of Service (DoS): connectivity, network elements or applications

availability– Bucket brigade attacks: messages interception/modificat.– Back door traps: placed by system developers / employees /operating

system/created by virus – Masquerading: accessto the network as false legitimate personnel– Reply attacks: read authentication information from messages– Modification of messages without detection– Insider attacks: legitimate users behave in unauthorized way, needed

perdiodical auditing actions, screening of personnel, hardware and software


Challenges: Policy• Lack of relevant cybercrime and anti-spam legislation

– Establish where none• Base “model law” needed (which is separate ITU initiative)

– Modify existing cybercrime/spam laws where needed to reflect botnet-related crime

• Capacity building for regulators, police, judiciary– Training existing officials may be supplemented by co-opting or active recruitment of

technical experts

• Weak international cooperation and outreach– Participation in local, regional and international initiatives– Engagement of relevant government, regulators, law enforcement with peers and

other stakeholders around globe– Targeted outreach to countries and stakeholders known to be particularly vulnerable

to cybercrime


The Global Cybersecurity Agenda (GCA)

17 May 2007, International Herald Tribune

9 July 2007UN Secretary-General Historic visit to ITU

GCA a ITU framework for in

ternational

cooperation aimed at proposing

strategies for solutions to enhance

confidence and security in the use of

ICTs, built on existing national and

regional initia

tives, avoiding duplication

and encouraging e collaboration

Launched in May 2007 by the ITU’s Secretary-General, Dr. Hamadoun Touré on World Telecommunication and Information Society Day


• The Global Cybersecurity Agenda (GCA) was created as ITU’s response

to its role as sole

Facilitator for WSIS Action Line C5• GCA is a framework for international multi-stakeholder cooperation in

cybersecurity • GCA brought together a group of world renowned experts in the field of

cybersecurity

and formed the High Level Experts Group (HLEG) which developed a

global strategic

report available at:

http://www.itu.int/osg/csd/cybersecurity/gca/global_strategic_report/

index.html • GCA is working together with its partners to develop harmonized global

strategies

Leveraging expertise for international consensus

On a Global level, from government, international organizations to industry

For a Harmonized approach to build synergies between initiatives

Through Comprehensive strategies on all levels in 5 work areas:

Global Cybersecurity AgendaGlobal Cybersecurity AgendaFramework for International Cooperation in Framework for International Cooperation in

CybersecurityCybersecurity


ITU’s Global Cybersecurity Agenda Global Strategic Report

• Legal Measures• International investigations: depending

on reliable means of cooperation and effective harmonization of laws

• Technical and Procedural Measures • Organizational Structures• Capacity Building• International Cooperation


Curbing Cyberthreats: IMPACTPartnership with the International MultilateralPartnership Against Cyber-Threats (IMPACT)

Child Online Protection: COPThe Child Online Protection (COP) initiative in partnership with organizations from around the world

Current GCA Current GCA Projects Projects


ITU-IMPACT CollaborationITU-IMPACT Collaboration

PARTNERS

Global Response Centre (GRC) Threat information aggregation and dissemination expert collaboration

Training & Skill Development Security skills training for Member States

Security Assurance & Research International benchmarks for Member States Collaborative research on cyber-threats.

Centre for Policy and International Co-operation Advisory services on cybersecurity policy and regulations for Member States

IMPACT is the physical home for the GCA, providing expertise and facilities for all ITU Member States to address global cyber-threats


An unique initiative bringing together partners from all sectors of the international community with the aim of creating a safe online experience for children everywhere.

Key Objectives

•Identify the main risks and vulnerabilities to children in cyberspace

•Create awareness of the risks and issues through multiple channels

•Develop practical tools to help governments, organizations and educators minimize risk

•Share knowledge and experience while facilitating international strategic partnerships to define and implement concrete initiatives

Child Online Protection Child Online Protection (COP)(COP)Internet Governance ForumInternet Governance ForumAction for Global CybersecurityAction for Global Cybersecurity


The High Level Segment (Council)

• Held on the opening of the ITU council meetings• Participation of Ministers• Questions addressed:

– Greatest cyberthreats faced worldwide– Key elements to formulate national strategies and to

prevent cybercrime– Role of governments in promoting a cibersecurity culture– Highest priority activities to address current and emerging

cyberthreats


ITU-T SG 17: SecurityResponsible for studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open

system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to

the software aspects of telecommunication systems.• Study Group 17 is the lead study group in the ITU-T for security –

responsible for:– Coordination of security work– Development of core Recommendations

• Most of the other study groups have responsibilities for standardizing security aspects specific to their technologies, e.g.,– SG 2 for TMN security– SG 9 for IPCablecom security– SG 13 for NGN security– SG 16 for Multimedia security


ICT security standards roadmap

• Part 1 contains information about organizations working on ICT security standards

• Part 2 is database of existing security standards and includes ITU-T, ISO/IEC JTC 1,IETF, IEEE, ATIS, ETSI and OASIS security standards

• Part 3 is a list of standards in development• Part 4 identifies future needs and proposed new

standards• Part 5 includes Security Best Practices

http://www.itu.int/ITU-T/studygroups/com17/ict/


ITU-T SG 17 structure

21 of 37

Working Party 1: Network and information security

• Q 1 Telecommunications systems security project

• Q 2 Security architecture and framework

• Q 3 Telecommunications information security management

• Q 4 Cybersecurity

• Q 5 Countering spam by technical means



ITU-T SG 17 structure (cont.)

22 of 37

Working Party 2: Application security

• Q 6 Security aspects of ubiquitous telecommunication services

• Q 7 Secure application services

• Q 8 Telebiometrics

• Q 9 Service oriented architecture security



ITU-T SG 17 structure (cont.)

23 of 37

Working party 3: Identity management and languages

• Q 10 Identity management architecture and mechanisms

• Q 11 Directory services, Directory systems, and public-key/attribute certificates

• Q 12 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration

• Q 13 Formal languages and telecommunication software

• Q 14 Testing languages, methodologies and framework

• Q 15 Open Systems Interconnection (OSI)



Core Security Recommendations

24 of 37

Strong ramp-up on developing core security Recommendations in SG 17

• 14 approved in 2007• 27 approved in 2008• 56 under development for approval this study period

Subjects include: Architecture and Frameworks Web services Directory Identity management Risk management Cybersecurity Incident management Mobile security Countering spam Security management Secure applications Telebiometrics Ubiquitous Telecommunication services SOA security

Ramping up on: Traceback Ubiquitous sensor networks

Collaboration with others on many items



Challenges

25 of 37

Addressing security to enhance trust and confidence of users in networks, applications and services

Balance between centralized and distributed efforts on developing security standards

Legal and regulatory aspects of cybersecurity, spam, identity/privacy

Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning

Uniform language for security terms and definitions Effective cooperation and collaboration across the many bodies

doing cybersecurity work – within the ITU and with external organizations

Keeping ICT security database up-to-date



26 of 37

Security coordination ISO/IEC/ITU-T Strategic Advisory Group Security– Oversees standardization activities in ISO, IEC and ITU-T relevant to security;

provides advice and guidance relative to coordination of security work; and, in particular, identifies areas where new standardization initiatives may be warranted.

• Portal established• Workshops conducted Global Standards Collaboration– ITU and participating standards organizations exchange information on the progress

of standards development in the different regions and collaborate in planning future standards development to gain synergy and to reduce duplication. GSC- 13 resolutions concerning security include:

GSC-13/11 – Cybersecurity GSC-13/04 – Identity Management GSC-13/03 – Network aspects of identification systems GSC-13/25 – Personally Identifiable Information Protection


SG 17 Security Project 1/3 (Major focus is on coordination and outreach)


Security coordination (cont.)

27 of 37

Cybersecurity Rapporteur group adopted a focussed action plan including outreach and collaboration with other organizations addressing cybersecurity and infrastructure protection.

Basic needs: to identify and effecting lines of communication among all these organizations.

Address the needs of countries with lack in resources and part of the global network cybersecurity and vulnerability mosaic.


SG 17 Security Project 2/3(Major focus is on coordination and outreach)


Security Compendium– Includes catalogs of approved security-related

Recommendations and security definitions extracted from approved Recommendations

Security Standards Roadmap– Includes searchable database of approved ICT

security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS)

ITU-T Security Manual – Assisted in its development

SG 17 Security Project 4/4


Security standardization strategy

29 of 37

1. Assure the continued relevance of security standards by keeping them current with rapidly-developing telecommunications technologies and operators’ trends.(in e-commerce, e-payments, e-banking, telemedicine, fraud-monitoring, fraud-management, fraud identification, digital identity infrastructure creation, billing systems, IPTV, Video-on-demand, grid network computing, ubiquitous networks, etc.). 2. Give attention to the issue of trust between network providers and communication infrastructure vendors, in particular, in terms of communication hardware and software security.



Identity Management Overall objectives

30 of 37

1. a security enabler by providing trust in the identity of both parties to an e-transaction

1. a very important capability for significantly improving security and trust

3. provides Network Operators an opportunity to increase revenues by offering advanced identity-based services

4. ITU-T’s IdM work on global trust and interoperability of diverse IdM capabilities in telecommunications focused on leveraging and bridging existing solution



Recommendations in progress

31 of 37

First IdM Recommendations for ITU-T SG 17:

• X.1250, Capabilities for global identity management trust and interoperability

• X.1251, A framework for user control of digital identity

And one Supplement approved:

• Supplement to X.1250-series, Overview of IdM in the context of cybersecurity

Many additional IdM Recommendations are under development (specially IdM terms and definitions)



Survey of developing countries ICT security needs

• Questionnaire initiated May 2008• Key Results

– The overall level of concern about cyber security is high

– There is a high level of interest in the possibility of obtaining advice and/or assistance on ICT security from the ITU

– The ITU needs to do better in promoting its ICT security products

• Details of analysis at:http://www.itu.int/dms_pub/itu-t/oth/0A/0D/T0A0D0000180001PDFE.pdf


Challenges

With global cyberspace, what are the security priorities for the ITU with its government / private sector partnership? Balance between centralized and distributed efforts on developing security standards Legal and regulatory aspects of cybersecurity, spam, identity/privacy Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning Uniform definitions of cybersecurity terms and definitions Effective cooperation and collaboration across the many bodies doing cybersecurity work – within the ITU and with external organizations Keeping ICT security database up-to-date

There is no “silver bullet” for cybersecurity

Addressing security to enhance trust and confidence of users in networks, applications and services


Some useful web resources• ITU Global Cybersecurity Agenda (GCA)

http://www.itu.int/osg/csd/cybersecurity/gca/• ITU-T Home page http://www.itu.int/ITU-T/• Study Group 17 http://www.itu.int/ITU-T/studygroups/com17/index.asp e-mail: [email protected]• LSG on Security http://www.itu.int/ITU-T/studygroups/com17/tel-security.html• Security Roadmap http://www.itu.int/ITU-T/studygroups/com17/ict/index.html• Security Manual http://www.itu.int/publ/T-HDB-SEC.03-2006/en• Cybersecurity Portal http://www.itu.int/cybersecurity/• Cybersecurity Gateway http://www.itu.int/cybersecurity/gateway/index.html• ITU-T Recommendations http://www.itu.int/ITU-T/publications/recs.html• ITU-T Lighthouse http://www.itu.int/ITU-T/lighthouse/index.phtml• ITU-T Workshops http://www.itu.int/ITU-T/worksem/index.html


Thank you!

Paolo Rosa [email protected]

35 of 37Forum on Next Generation Network StandardizationColombo, Sri Lanka, 7-10 April 2009


ADDITIONAL SLIDES


ITU GCA main goalsElaboration of strategies to:

– develop a model cybercrime legislation globally applicable, interoperable with existing national / regional legislative measures

– create national and regional organizational structures and policies on cybercrime

– establish globally accepted minimum security criteria and accreditation schemes for software applications and systems

– create a global framework for watch, warning and incident response to ensure cross-border coordination of initiatives

– create and endorse a generic and universal digital identity system and the necessary organizational structures to ensure the recognition of digital credentials for individuals across geographical boundaries

– develop a global strategy to facilitate human and institutional capacity-building to enhance knowledge and know-how across sectors and in all the above-mentioned areas

– advice on potential framework for a global multi-stakeholder strategy for international cooperation, dialogue and coordination in all the above-mentioned areas.


InitiativesITU’s Global Cybersecurity Agenda housed in new centre in Malaysia

The International Multilateral Partnership Against Cyber Threats (IMPACT) headquarters in Cyberjaya (Kuala Lumpur) to focus on strengthening network security 20 March 2009

ITU’s Telecommunication Development Bureau (BDT) will facilitate the deployment of IMPACT services, such as the Global Response Centre, which aims at providing state-of-the-art cybersecurity capabilities for ITU Member States to strengthen network security worldwide.



39 of 37

Recommendations under development in WP1

Guidelines on security of the individual information service for operators Architecture of external interrelations for a telecommunication network security system Information security governance framework Information security management framework for telecommunications Requirement of security information sharing framework Abnormal traffic detection and control guideline for telecommunication network Frameworks for botnet detection and response Digital evidence exchange file format Guideline on preventing malicious code spreading in a data communication network Mechanism and procedure for distributing policies for network security Framework for countering cyber attacks in SIP-based services Traceback use cases and capabilities Framework for countering IP multimedia spam Functions and interfaces for countering email spam sent by botnet Technical means for countering spam Interactive countering spam gateway system Technical means for countering VoIP spam



40 of 37

Functional requirements and mechanisms for secure transcodable scheme of IPTV Key management framework for secure IPTV services Algorithm selection scheme for SCP descrambling SCP interoperability scheme Security requirement and framework for multicast communication Security aspects of mobile multi-homed communications Security framework for ubiquitous sensor network USN middleware security guidelines Secure routing mechanisms for wireless sensor network SAML 2.0 XACML 2.0 Security requirements and mechanisms of peer-to-peer-based telecommunication network Management framework for one time password based authentication service Security framework for enhanced web based telecommunication services Telebiometrics issues

ITU-T SG 17 structure Recommendations under development in WP2




41 of 37

Baseline capabilities for enhanced global identity management trust and interoperability A framework for user control of digital identity Entity authentication assurance Extended validation certificate Common identity data model Framework architecture for interoperable identity management systems IdM terms and definitions Security guidelines for identity management systems Criteria for assessing the level of protection for personally identifiable information in identity management Guideline on protection for personally identifiable information in RFID applications Object identifier resolution system UML profile for ASN.1 Information technology reference model issues: SDL issues Message sequence chart (MSC) issues User requirements notation (URN) issues Testing and test control notation issues


Recommendations under development in WP3


Business use of telecommunications/ICT top security standards

42 of 37

The report will consist of summary sheets for analysed top security standards Status and summary of standards Who does the standard affect? Business benefits Technologies involved Technical implications

ITU-T SG 17 seeks comment on the work activity from the ITU-D and other standards development organizations. Specifically, your views on the following would be appreciated: Do you agree that this work activity would be useful to organizations and/or DC/CETs

planning to deploy telecommunications/ICT security systems? Does your organization have existing information that may be related to this work

activity or that may be used to progress this work? Does your organization have contact with DC/CETs that may further elaborate on their

needs and detail the information they may find most useful to capture in the activity output?

Does your organization have any suggestions to provide additional detail regarding the proposed summary sheet elements or criteria to select standards?

Would your organization be willing to assist the ITU-T SG 17 in progressing this work? ITU-T SG 17 welcomes your consideration and your response on this matter.



The High Level Segment: HLEG

• Held on the opening of the ITU council meetings• Participation of Ministers• Questions addressed:

– Greatest cyberthreats faced worldwide– Key elements to formulate national strategies and to

prevent cybercrime– Role of governments in promoting a cibersecurity culture– Highest priority activities to address current and emerging

cyberthreats


HLS 2008 Sessions on Cybersecurity II Managing cyberthreats through harmonized policies and organizational structures Objective: to examine how cyberthreats can be detected and managed effectively through harmonized policies and improved organization structures. The absence of effective institutions to deal with cyber-attacks is a major issue. Some countries have established specific agencies with watch, warning and incident response capabilities. Other countries prefer to promote capacity to deal with cyber-incidents within existing law enforcement agencies. What lessons can be learned from the experience of different countries? And how can cooperation and the flow of information between national institutions be improved?


– Designed to provide Ministers and Councillors with an opportunity to exchange views on issues of strategic importance to the Union and on emerging trends in the sector. This year, speakers offered their perspectives on Climate Change and Cybersecurity.

– Inaugurated by two Heads of State, H.E. Mr Paul Kagame, President of Rwanda, and H.E. Mr Blaise Compaoré, President of Burkina Faso, as well as by United Nations Secretary-General Mr Ban Ki-moon via video message.

– Attended by some 400 participants, 21 Ministers, Ambassadors and heads of regulatory organizations and UN agencies.

High-Level Segment (HLS) of Council 2008Geneva, 12-13 November 2008


HLS 2008 Sessions on Cybersecurity 1/2 Managing cyberthreats through harmonized policies and organizational structures Objective: to examine how cyberthreats can be detected and managed effectively through harmonized policies and improved organization structures.

Addressing the technical and legal challenges related to the borderless nature of cybercrime Objective: to consider how the technical and legal challenges associated with cybercrime can best be addressed.


HLS 2008 Sessions on Cybersecurity 2/2

Be Safe Online: A Call to Action Objective: What can be done and what should be done to protect our most valuable resource : our children?

ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity Objective: How the framework and expert proposals developed within the GCA can help countries promote cybersecurity.


HLS 2008 Sessions on Cybersecurity III Addressing the technical and legal challenges related to the borderless nature of cybercrime Objective: to consider how the technical and legal challenges associated with cybercrime can best be addressed. Threats to cybersecurity are global in nature. Cybercriminals can strike at will, exploiting technical vulnerabilities and legal loopholes through cross-border operations that show no respect for geographical boundaries or jurisdictional borders. This makes it difficult for any single national or regional legal framework to address cyberthreats effectively. What are the major challenges countries face in fighting cybercrime? How can countries deal with these challenges?


HLS 2008 Sessions on Cybersecurity IV Be Safe Online: A Call to Action Objective: What can be done and what should be done to protect our most valuable resource – our children? The most vulnerable Internet users online are children. In industrialized countries, as many as 60% of children and teenagers use online chatrooms regularly, and evidence suggests that as many of three-quarters of these may be willing to share personal information in exchange for online goods and services. In some countries, as many as one in five children may be targeted by a predator or paedophile each year. These trends are increasingly true in many emerging and developing countries as well.


HLS 2008 Sessions on Cybersecurity V ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity Objective: How the framework and expert proposals developed within the GCA can help countries promote cybersecurity. There are many valuable national and regional initiatives underway to promote cybersecurity. However, the growing global cyberthreats need a global basis on which they can be addressed. On 17 May 2007, the ITU Secretary-General Dr. Hamadoun Touré launched the Global Cybersecurity Agenda (GCA) as a framework for international cooperation to promote cybersecurity and enhance confidence and security in the information society. The GCA seeks to encourage collaboration amongst all relevant partners in building confidence and security in the use of ICTs.

forum on next generation network standardization colombo, sri lanka, 7-10 april 2009 forum on next...

Documents

itu slide

cybersecurity slide

sri lanka

cybersecurity cyberspace

itu workshop

evaluations of itu

cybersecurity wsis action

itu plenipotentiary