Committed to connecting the world

Advanced Search

Sep24-summary

Executive Summary
Meeting of ITU-T SG17 'Security', Geneva, 2 – 6 September 2024

Hot topics of this meeting (summarizing both input & output)

Prepare SG17 for WTSA-24/next Study Period and planned interregnum work
AI security
Digital twin and metaverse security
Quantum based security, Post Quantum Cryptography
5G/6G security
IoT security
Cloud/edge/big data security

1 Meeting Output (meeting statistics see Annex E below)

SG17 agreed to its Mandate, scope and Question texts for next study period
SG17 opening plenary approved revised Q1/17 title and text after TSAG endorsement
Output standards (37, see Annex A):

TAP approval (9): Details are in Annex A a).
TAP not approved (2): Details are in Annex A b).
TAP determined (5): 5 new Recommendations. Details are in Annex A c).
AAP consented (15): 6 new and 9 Amendments for AAP Last Call. Details are in Annex A d).
Agreed (8): 3 new Supplements, 1 new Technical Report and 4 SG17 documents. Details are in Annex A e).

New work items (10, see Annex B).
New registration authority for the United Republic of Tanzania:
{joint-iso-itu-t(2) country(16) tz(834)}
SG17 Correspondence Groups active in the interregnum period:

CG-RES (Correspondence Group on SG17 Restructuring): New, ToR in Annex of TD2253.
CG-secapa (Correspondence Group on Security Capability and Architecture): continued, Revised ToR in TD2443.
CG-COP (Child online protection): continued, Revised ToR in TD2512.
CG-AIsec (Correspondence group on AI security): continued, revised ToR in TD2287R4.

2 Future SG17 meetings

1^st SG17 meeting in 2025-2028 Study Period planned for 7-17 April 2025 (9 working days)

ITU mini workshop on security and privacy for digital twin and metaverse (TD2270)

Interim RGMs

8 Questions plan to hold the following 14 RGMs in the interregnum period before 1^st SG17 meeting in new Study Period:

#	Q	Date	Place/Host	Subject/objective
1.	1/17	TBC 29 Nov 2024 12-2pm	MyWorkspace	Task force for AI mapping and Roadmap
2.	1/17	TBC 3-5 Dec 2024 12-3:30pm with 30+ lunch break	MyWorkspace	Q1 incubation to cover AI mapping and Roadmap as first priority and other potential contributions (existing or draft new work items) Objective to have at least a first RGM before Christmas
3.	1/17	15 January 2025 /Soonchunhyang University	Hybrid (Virtual + Seoul)	To progress all work items in Q1
4.	1/17	TBC 21-23 Jan 2025 12-3:30pm with 30+ lunch break	MyWorkspace	Q1 incubation to cover AI mapping and Roadmap as first priority and other potential contributions (existing or draft new work items)
5.	1/17	TBC 18-20 Feb 2025 12-3:30pm with 30+ lunch break	MyWorkspace	Q1 incubation to cover AI mapping and Roadmap as first priority and other potential contributions (existing or draft new work items)
6.	1/17	TBC 4-6 Mar 2025 12-3:30pm with 30+ lunch break	MyWorkspace	Q1 incubation to cover AI mapping and Roadmap as first priority and other potential contributions (existing or draft new work items)
7.	3/17	19 Nov 2024 11:00-12:00	MyWorkspace	X.1058-rev
8.	3/17	26-27 Nov 2024 10:00-12:00	MyWorkspace	Sup-cdc, X.gsm-cdc, X.1060-rev and X.cdc-csirt
9.	8/17	TBC Feb 2025	MyWorkspace	All the work of Q8/17
10.	10/17	6 Dec 2024	Paris, France / OSIA	All the work of Q10/17
11.	11/17	7 – 11 Oct 2024	Stockholm, Sweden	Generic technologies (such as Directory, PKI, formal languages, object identifiers) to support secure applications.
12.	13/17	TBC, 7-8/8-9 Jan 2025	tbd	All the work of Q13/17
13.	14/17	10-11 Feb 2025	MyWorkspace	All the work of Q14/17
14.	15/17	TBC, Jan-Feb 2025, 4 hours x 2days	MyWorkspace	to finalize X.sec_QKD_profr and X.sec_QKDNi for consent. to discuss contributions addressed to improve ongoing work items. to consider proposal to start new work items. Any other items for consideration

Annex A
Actions taken on Recommendations, and other texts at SG17 closing plenary on 6 September 2024

a) TAP Recommendations approved (WTSA-20 Resolution 1)

#	Q/17	Acronym	Title	New / Revised	Base text	Equivalent e.g., ISO/IEC	Timing
1.	Q2/17	X.1818 (ex X.5Gsec-ctrl)^{Note 3}	Security controls for operation and maintenance of IMT-2020/5G network systems	New	TD1827		2023-09
2.	Q2/17	X.1819 (ex X.5Gsec-netec)	Security capabilities of network layer for IMT-2020/5G edge computing	New	TD2461		2024-03
3.	Q2/17	X.1820 (ex X.5Gsec-srocvs)	Security Requirements for Operation of IMT-2020/5G Core Network to Support Vertical Services	New	TD2343		2024-03
4.	Q4/17	X.1237 (ex X.tsfpp)	Technical security framework for personally identifiable information protection while countering mobile messaging spam	New	TD2354		2024-03
5.	Q6/17	X.1353 (ex X.ztd-iot)^{Note 1}	Blockchain-based Security Methodology for Zero-Touch Deployment of Massive IoT	New	R63		2024-03
6.	Q6/17	X.1354 (ex X.sc-iot)	Security controls for IoT systems	New	TD2409		2024-03
7.	Q7/17	X.1471 (ex X.websec-7)^{Note 2}	Reference monitor for online analytics services	New	TD2397		2024-03
8.	Q10/17	X.1283 (ex X.gpwd)	Threat Analysis and guidelines for securing password and password-less authentication solutions	New	R66		2024-03
9.	Q13/17	X.1384 (ex X.itssec-5)	Security requirements and guidelines for vehicular edge computing	New	TD2362		2024-03

Note 1: TAP determined at SG17 Aug/Sep 2022 meeting, TAP re-determined at SG17 Feb/Mar 2023 meeting, TAP approval deferred by SG17 Aug/Sep 2023 meeting, TAP re-determined again at SG17 Feb/Mar 2024 meeting.

Note 2: TAP determined at SG17 Feb/Mar 2023 meeting, TAP approval deferred by SG17 Aug/Sep 2023 meeting, TAP re-determined at SG17 Feb/Mar 2024 meeting.

Note 3: TAP determined at SG17 Aug/Sep 2023 meeting, TAP approval deferred by SG17 Feb/Mar 2024 meeting.

b) TAP Recommendations not approved (WTSA-20 Resolution 1)

#	Q/17	Acronym	Title	New / Revised	Base text	Equivalent e.g., ISO/IEC	Timing
1.	Q4/17	X.1221 (ex X.stie)	Structured Threat Information Expression (STIE)	New	TD2375		2023-09
2.	Q4/17	X.1222 (ex X.taeii)	Trusted Automated Exchange of Intelligence Information (TAEII)	New	TD2376		2023-09

c) TAP Recommendations determined (WTSA-20 Resolution 1)

#	Q/17	Acronym	Title	New / Revised	Base text	Equivalent e.g., ISO/IEC	Timing
1.	Q6/17	X.1355 (X.ra-iot)	Security risk analysis framework for Internet of Things (IoT) devices	New	TD2381		2024-09
2.	Q7/17	X.1456 (X.sgdfs-us)	Security guidelines for digital financial service (DFS) applications based on unstructured supplementary service data (USSD) and subscriber identification module tool kit (STK)	New	TD2394		2024-09
3.	Q8/17	X.1648 (X.gecds)	Guidelines on edge computing data security	New	TD2369		2024-09
4.	Q10/17	X.1284 (X.afotak)	Authentication framework based on one-time authentication key using distributed ledger technology	New	TD2380		2024-09
5.	Q13/17	X.1385 (X.evtol-sec)	Security requirements and guidelines for telecommunications in an urban air mobility (UAM) environment	New	TD2363		2024-09

d) AAP Recommendations consented (Recommendation ITU-T A.8)

#	Q/17	Acronym	Title	New / Revised	Base text	Equivalent e.g., ISO/IEC	Timing
1.	Q7/17	X.2012 (X.smdtsc)	Security measure for digital twin system of smart cities	New	TD2445		2024-09
2.	Q8/17	X.1600 (X.sa-ec)	Security architecture of edge cloud	New	TD2364		2024-09
3.	Q8/17	X.1647 (X.sg-scmr)	Security guidelines for selecting computing methods and resources from Cloud Service Providers	New	TD2370		2024-09
4.	Q11/17	X.500 Amd.1	The Directory: Overview of concepts, models and services	-	TD2345	ISO/IEC 9594-1	2024-09
5.	Q11/17	X.501 Amd.2	The Directory: Models	-	TD2346	ISO/IEC 9594-2	2024-09
6.	Q11/17	X.509 Amd.1	The Directory: Public-key and attribute certificate frameworks	-	TD2352	ISO/IEC 9594-8	2024-09
7.	Q11/17	X.511 Amd.1	The Directory - Directory abstract service	-	TD2347	ISO/IEC 9594-3	2024-09
8.	Q11/17	X.518 Amd.1	The Directory - Distributed operations	-	TD2348	ISO/IEC 9594-4	2024-09
9.	Q11/17	X.519 Amd.1	The Directory - Directory protocol	-	TD2349	ISO/IEC 9594-5	2024-09
10.	Q11/17	X.520 Amd.1	The Directory - Selected attribute types	-	TD2350 (A.5 TD2355)	ISO/IEC 9594-6	2024-09
11.	Q11/17	X.521 Amd.1	The Directory - Selected object classes	-	TD2351	ISO/IEC 9594-7	2024-09
12.	Q11/17	X.525 Amd.1	The Directory - Replication	-	TD2353	ISO/IEC 9594-9	2024-09
13.	Q11/17	X.508 (ex X.pki-em)	The Directory: Key management and public-key infrastructure establishment and maintenance	New	TD2310 (A.5 TD2356)	ISO/IEC 9594-12	2024-09
14.	Q15/17	X.1716 (X.sec_QKDN_AA)	Authentication and authorization in quantum key distribution networks (QKDN)	New	TD2475		2024-09
15.	Q15/17	X.1717 (X.sec_QKDN_CM)	Security requirements and measures for quantum key distribution networks (QKDN) - control and management	New	TD2474		2024-09

e) Non-normative texts (Technical Report, Supplement, Implementers' Guide, etc) agreed

#	Q/17	Acronym	Title	New / Revised	Base text	Equivalent e.g., ISO/IEC	Timing
1.	Q1/17	Security Compendium	ICT Security Compendium	Rev.	TD2341		2024-09
2.	Q1/17	Security Manual	Security Manual	Rev.	TD2308		2024-09
3.	Q1/17	Security standards roadmap	ICT Security standards roadmap	Rev.	TD2497		2024-09
4.	Q1/17	SG17 implementation of WTSA-20 Res	SG17 activities and achievements in support of the most recent Resolutions of the WTSA	Rev.	TD2294		2024-09
5.	Q2/17	TR.5Gsec-bsf	Technical Report: Guidelines of built-in security framework for telecommunications network	New	TD1975		2024-09
6.	Q10/17	X.Suppl.41 (X.sup-ekyc-dfs)	Supplement to ITU-T X.1254: e-KYC use cases in digital financial services	New	TD2439		2024-09
7.	Q10/17	X.Suppl.42 (X.sup-sat-dfs)	Supplement to ITU-T X.1254: Implementation of secure authentication technologies for digital financial services	New	TD2426		2024-09
8.	Q13/17	X.Suppl.43 (X.sup-cv2x-sec)	Supplement to ITU-T X.1813: Security deployment scenarios for cellular vehicle -to-everything (C-V2X) services supporting ultra-reliable and low latency communication (URLLC)	New	TD2408		2024-09

Annex B
New work items

The following new work items were agreed to be added to the SG17 Work Programme:

#	Q#	WI abbreviation	Title	Doc #
1.	2/17	X.5Gsec-FMSC*	Security requirements and guidelines for fixed, mobile and satellite convergence of IMT-2020 networks and beyond	TD2361
2.	2/17	TR.sa-ran**	Technical Report on “Security Attacks in Radio Access Networks"	TD2479
3.	2/17	TR.IMT2030-sec-con**	Technical Report on “Security Consideration for IMT-2030 Networks"	TD2469
4.	6/17	X.stm-dpm*	Security for things across metaverses in aspects of data processing and management	TD2466
5.	6/17	X.sr-smb*	Security requirements for industrial IoT data of smart manufacturing using blockchain	TD2415
6.	7/17	TR.dpama**	Technical Report on “Landscape analysis for data protection of avatars in metaverse applications"	TD2433
7.	8/17	X.sreai-ec*	Security requirements of delivering edge AI on edge computing	TD2365
8.	10/17	X.vctp*	Verifiable credential-based trust propagation framework in the decentralized identity	TD2453
9.	10/17	X.oicc*	OpenID Connect Core 1.0 – Errata Set 2	TD2451
10.	14/17	X.sr-di*	Security requirements for DLT-based invoices	TD2418

Note: * marked items are for approval by TAP; ** marked items are for approval by agreement; Items without any mark are for approval by AAP.

Annex C
Work items discontinued

Question	Acronym	Title
None

Annex D
SG17 meeting Statistics

Participants (TD2154R1)

	Participants	# of Countries	# of Member States	# of Sector Members	# of SG17 Associates	# of Academia	# of Invited Experts
Announced	388	56	50	34	3	8	5
Final	302	47	40	31	2	6	6

Meeting input and organization

Table of SG17 statistics of this and some past meetings

	2024-09**	2024-03	2023-09	2023-03	2022-09	2022-05*
C	154	187	153	119	104	101
LS/i	147	89	60	70	55	72
LS/o	28	41	25	23	20	20
TD	361	520	415	394	342	331

Note ** 1-week meeting * fully virtual meeting

Contributions: 154 –high record for this 1-week meeting, DDP: 98%.

APT 137 (89%) (= China 64 + Korea 51 + India 12 + Japan 6 + Malaysia 2+ Singapore 1+ Australia 1)
EUR 8 (5%) (=UK 7 + Denmark 1)
Americas 6 (4%) (= US 3 + Brazil 3)
AFR 1 (=Mali 1)
RCC 1 (= Russia 1)
ARAB 1 (=Palestine 1)

LSi/o (matrix in TD2173) (past meetings: 89/41, 60/25 61/22, 55/21, 72/21)

Incoming 187 – New record
Outgoing 28

TDs: 361