| Communication System Security |
1. Lead Study Group on Communication System
Security
World Telecommunication Standardization Assembly (WTSA-2000) Resolution 1
provides for the designation of Lead Study Groups (LSGs) for ITU-T studies
forming a defined programme of work involving a number of Study Groups. LSGs are
responsible for the study of appropriate core questions. In addition, in
consultation with the relevant Study Groups and in collaboration, where
appropriate, with other standards bodies, the LSGs have the responsibility to
define and to maintain the overall framework and to coordinate, to assign
(recognizing the mandates of the Study Groups) and to prioritize the studies to
be done by the Study Groups and to ensure the preparation of Recommendations,
that are consistent, complete and timely.
Study Group 17 has been designated the LSG for Communication Systems Security (CSS).
This was confirmed by TSAG when the decision to merge SG 7 and SG 10 into a new
SG 17, with effect on 17 September 2001, was taken.
Activities of the LSG CSS may be categorized as core activities centered on
defining and maintaining overall security frameworks, and project management
activities involving the coordination, assignment and prioritization of efforts
that would lead to timely communication system security Recommendations.
Within SG 17 for the period 2001-2004 the Rapporteur for Q.10/17, has been
identified as the coordinator for LSG CSS activities.
The LSG CSS work closely with other Study Groups to identify and develop
security solutions. However, specific expertise to integrate these solutions
with the technology under development can come only from the Question carrying
out the development. It is not planned that the LSG CSS will have a role to
develop specific cryptographic algorithms, to register cryptographic algorithms
(ISO performs the registration function effectively now), or to certify security
of specific systems.
All Study Groups are requested to keep Study Group 17 informed on their work
plans regarding security so that they can be integrated into the overall
security worK programme. TSB
Circular 147 (14 February 2003) highlights the major security work efforts
taking place in ITU-T Study Groups.
The
TSB has also published in December 2003 a security manual titled "Security
in telecommunications and information technology - An overview of issues and the
deployment of existing ITU-T Recommendations for secure
telecommunications." It is electronically available at:
http://www.itu.int/itudoc/itu-t/85097.html
2. Catalogue of ITU-T Recommendations related to Communications System Security
The Catalogue of the approved
security Recommendations include those, designed for security purposes and
those, which describe or use of functions of security interest and need.
Although some of the security related Recommendations includes the phrase
"Open Systems Interconnection", much of the information contained in
them is pertinent to the establishment of security functionality in any
communicating system.
In an effort to make this information as complete as possible, it is requested
that all ITU Study Groups review these tables to correct and add to the listings
presently there.
An extract of this information is available in an ITU-T
flyer on security.
3. Compendium of ITU-T approved security definitions
A Compendium of ITU-T
Approved Security Definitions, and its addendum
have been prepared. The material in these tables was extracted from approved
ITU-T Recommendations with a view toward establishing a common understanding
(and use) of security terms within ITU-T. This listing will continue to be
developed.
In an effort to make the Compendium as complete as possible, it is requested
that all ITU Study Groups review these tables to correct, amend, delete or add
to the listings presently there. Study Groups are also urged to make use of
these definitions, as appropriate, in their ongoing work.
4. Security Workshop
ITU-T Study Group 17 organized a workshop on Security that was held 13-14 May
2002 in Seoul Korea. The workshop focused on the following subjects:
– Security Requirements and
telecommunications reliability
– Hot topics on IP-based
network security
– Security management
– Biometric authentication
– Mobile security
The presentations and related
information are available (including a link to the ITU workshops on
"Creating trust in critical network infrastructures").
5. Tutorial on writing safe and secure programs
A list of
suggestions has been prepared on how to avoid the most common pitfalls that
make software less secure or less safe than it should be. It is addressed to
software developers and covers the phases of software design, implementation,
and testing. It focuses on network application programs, but many of the
suggestions are equally valid for other kinds of software.
|
|
|
