ITU-T Work Programme

[2022-2024] : [SG5] : [Q1/5]

[Declared patent(s)] - [Associated work] - [Publication]

Work item:

K.87

Subject/title:

Guide for the application of electromagnetic security requirements - Overview

Status:

Approved on 2022-08-13 [Issued from previous study period]

Approval process:

AAP

Type of work item:

Recommendation

Version:

Rev.

Equivalent number:

Timing:

Liaison:

Supporting members:

NTT

Summary:

General guidelines of information security management for telecommunications organizations are presented in Recommendation ITU-T X.1051, which is based on ISO/IEC 27002. In an information security management system (ISMS) based on Recommendation ITU-T X.1051, physical security is one of key issues, as shown for example in the following text presented in Recommendation ITU-T X.1051: “a site whose environment is least susceptible to damage from the environment should be selected for communication centres – where a site is chosen that is vulnerable to environmental damage, appropriate measures should be taken against known hazards including: natural disasters [see e)] and temperature extremes;” "a site whose environment is least susceptible to damage from strong electromagnetic field shall be selected for communication centres - where a site is chosen that is exposed to strong electromagnetic fields, appropriate measures should be taken to protect telecommunications equipment rooms with electromagnetic shields;" When security is managed, the threat to equipment or site should be evaluated and mitigated. The threat is related to "vulnerability" and "confidentiality" in ISMS. This Recommendation, Recommendation ITU-T K.87, outlines electromagnetic security risks of telecommunication equipment and illustrates how to assess and prevent those risks, in order to manage ISMS in accordance with Recommendation ITU-T X.1051. Major electromagnetic security risks addressed in this Recommendation are as follows: • natural electromagnetic (EM) threats (e.g., lightning); • unintentional interference (i.e., electromagnetic interference, EMI); • intentional interference (i.e., intentional electromagnetic interference, IEMI); • deliberate EM attacks via high-altitude electromagnetic pulse (HEMP); • deliberate high-power electromagnetic (HPEM) attacks; • information leakage from EM emanation (i.e., electromagnetic security, EMSEC). Mitigation methods against electromagnetic security threats are also described in this Recommendation.

Comment:

Reference(s):

[SG5-TD235-R1/GEN (2022-06)

]