ITUT Study Group 17 Security, Languages and Telecommunication Software

1
ITU-T Study Group 17Security, Languages and
Telecommunication Software

• Herbert Bertine

2
Contents

• Terms of reference
• Highlights of achievements
• Projects
• Future work
• Conclusions
• Supplemental slides

3
Terms of Reference

• Responsible for studies relating to security, the
  application of open system communications
  including networking and directory, and for
  technical languages, the method for their usage
  and other issues related to the software aspects
  of telecommunication systems.
• Lead Study Group for
• Telecommunication security
• Languages and description techniques

4
Highlights of achievements (I)

• SG 17 successfully transitioned into a core
  competency center on security averaging 114
  participants
• SG 17 examined 641 contributions and 2800 TDs
  and drew up 88 new or revised Recommendations
• 43 Recommendations currently under AAP or TAP
• 66 draft new/revised Recommendations currently
  under development for approval in the next study
  period
• 2 Lead Study Group responsibilities, 3 Focus
  Groups, 2 JCAs, and 2 Projects were very active
• Increased collaboration with SDOs (eg, joint
  texts)

5
Highlights of achievements (II)

• Lead study group for Telecommunication Security
• Close coordination with other SGs and SDOs on
  security Security Standards Roadmap developed
• Establishment of a Joint Coordination Activity on
  Identity Management (JCA-IdM)
• Lead study group for Languages and Description
  Techniques
• Progress on ITU-T languages driven by Language
  Coordination entity
• Establishment of a Joint Coordination Activity on
  Conformance and Interoperability Testing
  (JCA-CIT)
• Study Group 17 has managed Focus Groups on
• User Requirements Notation (URN)
• Security Baseline for Network Operators (SBNO)
• Identity Management (IdM)

6
Security (WP 2) Highlights (I)

• Security Architecture and Frameworks
• 4 Recs and 1 Supplement on aspects of network
  security
• Cybersecurity
• In support WTSA-04 Resolution 50
• Overview of Cybersecurity (X.1205)
• X.1206 (spyware) and X.1207 (dissemination of
  updates)
• Extended and adopted OASIS CAP for emergency
  services
• Identity Management (IdM)
• Leveraging significant deliverables from FG-IdM
• 2 Recs (X.1250, X.1251) in TAP, many under
  development
• Intense work program many collaborations
  difficult
• Countering Spam
• In support WTSA-04 Resolution 52
• 3 Recs approved, 1 in TAP, 4 under development

7
Security (WP 2) Highlights (II)

• Information Security Management
• Guidelines for telecommunications organizations
  (X.1051) with JTC1/SC27 (part of ISO/IEC
  27000-series on ISMS)
• Incident Management and Risk Management
  Guidelines
• Secure applications and services
• Security for home network, mobile communications,
  peer-to-peer communications, web services, IPTV,
  NID,
• Markup languages SAML and XACML with OASIS
• Telebiometrics
• Interworking protocol, authentication protocol,
  digital key framework, data security, safety
  aspects with ISO IEC
• Communications systems security
• In support WTSA-04 Resolution 50
• Security baseline for network operators (from
  FG-SBNO)
• Security project (see separate slide)

8
Language (WP 3) Highlights

• ASN.1 and OIDs
• New edition of ASN.1 (X.680/690-series) with
  JTC1/SC6
• New edition of Registration Authorities for OIDs
  (X.660/X.670-series) with JTC1/SC6
• ASN.1 and OID project (see separate slide)
• SDL, MSC, URN, UML
• Deliverable from FG-URN basis for Z.151 on URN
• Z.100, Z.109 on SDL, Z.111 on notations, Z.119 on
  UML, Z.120 Appendix on Application of MSC
• SDL update planned for 2009
• Updated Z.110 on FDTs and Z.140 on quality of
  Recs
• Open Distributed Processing (ODP)
• New X.906 and revised X.911 with JTC1/SC7
• Testing languages and methodologies
• New edition of TTCN (Z.160/170-series) with ETSI
• Two Supplements on interoperability testing

9
Open Systems (WP 1) Highlights

• End-to-end Multicast with QoS
• Relayed multicast and multicast transport with
  JTC1/SC6
• Directory
• New edition of X.500-series Directory
  Recommendations including widely implemented
  X.509 with JTC1/SC6
• E.115 was kept up-to-date to serve the increasing
  requirements for directory assistance service
  providers
• OSI
• Implementers Guide issued
• Internationalized Domain Names (IDN)
• In support WTSA-04 Resolution 48
• Questionnaire issued and responses analyzed
• Webpage on IDN created and maintained

10
Security Project(Major focus is on coordination
and outreach)

• Security coordination
• Within SG 17, with ITU-T SGs, with ITU-D and
  externally
• Kept TSAG, IGF, ISO/IEC/ITU-T SAG-S informed on
  security efforts
• Made presentations to workshops/seminars and to
  GSC
• Maintained reference information on the LSG on
  security webpage
• Security Compendium
• Includes catalogs of approved security-related
  Recommendations and security definitions
  extracted from approved Recommendations
• Security Standards Roadmap
• Includes searchable database of approved ICT
  security standards from ITU-T and others (e.g.,
  ISO/IEC, IETF, ETSI, IEEE, ATIS)
• ITU-T Security manual assisted in its
  development
• Survey of developing countries ICT security needs
• The overall level of concern about cyber security
  is high
• There is a high level of interest in the
  possibility of obtaining advice and/or assistance
  on ICT security from the ITU
• The ITU needs to do a better in promoting its ICT
  security products

11
ASN.1 and OID Project

• ASN.1 (Abstract Syntax Notation One)
• A formal notation that is widely used for
  describing (binary or XML-encoded) data
  transmitted by telecommunications protocols
• Project provides speakers and tutorial material
  to assist users of ASN.1 within and outside of
  the ITU
• Project maintains a freely accessible database of
  error-free, compilable ASN.1 modules contained in
  ITU-T Recommendations and some additional modules
  from ISO/IEC and IETF to facilitate accurate
  implementation of protocols
• Database http//www.itu.int/ITU-T/asn1/database
  (650 modules)
• Object identifiers (OIDs) and associated
  registration
• Many standards define objects for which
  unambiguous identification is required (e.g.,
  PKI, network management, directories, ) the OID
  tree is a hierarchical naming structure for these
  objects that is managed in a decentralized way
• Recently extended to include identifiers in any
  natural language
• Project helps people and organizations to set up
  a Registration Authority for their OIDs (25
  Member States have been helped)
• OID Repository http//www.oid-info.com (gathers
  93000 OIDs)

12
Future Work (I)

• Improving security and trust in networks is a top
  imperative for the ITU-T
• It is essential to a have a SG focused on
  security with a substantial and critical work
  program that will attract technical security
  experts needed to advance the work
• Need the right balance between centralized and
  distributed work on security with effective
  coordination
• Strengthened relationships and coordinated
  actions are needed on cybersecurity with ITU-D
  and Secretary General
• Excellent collaboration with other bodies on
  security has been established (e.g., ISO/IEC JTC
  1, OASIS, Liberty Alliance, ...) and needs to be
  strengthened and broadened
• Improved awareness is needed of SG 17 security
  material and tools (highlighted by security
  Questionnaire responses)
• SG 17 would benefit by increased participation
  from under-represented regions

13
Future Work (II)

• SG 17 proposed 16 Questions for the next study
  period, including 1 new on service oriented
  architecture security
• Associated with this work should be lead study
  group responsibilities for Security, Identity
  management, and Languages and description
  techniques
• 66 draft Recommendations are already under
  preparation for approval in the next study period
• All SG 17 leaders (except for IDN) are continuing
  their responsibilities uninterrupted during the
  interregnum period
• Security and ASN.1 OID Projects as well as
  JCA-IdM and JCA-CIT need to continue given their
  important contributions
• Breakthrough is needed for the essential security
  work on Identity, Identity management and
  Personally identifiable information
• Restructuring of WPs is essential to achieve
  stronger integration of ASN.1, OID and Directory
  with core security

14
Conclusion

• Participation to SG 17 has increased during the
  study period to maintain well above 100
  participants
• SG 17 has successfully transitioned this study
  period to security as its main focus with a core
  set of security experts
• Within security work, has significantly build-up
  participation and energy in Identity Management
• SG 17 has build strong relations with other key
  bodies working on security and initiated numerous
  collaborative efforts
• SG 17 has promoted and disseminated ITU-T
  security work (e.g., workshops, security
  roadmap) its achievements are well recognized

15
Supplemental Slides

• Management team
• Structure
• Leadership for other groups (JCAs and FGs)
• Statistics
• Workshops (with SG 17 leadership / participation)
• Acknowledgements

16
Management Team (I)
17
Management Team (II)
18
Study Group Structure

• WP 1/17, Open Systems Technology
• Multicast communications, directories,
  internationalized domain names and maintenance of
  OSI Recommendations
• WP 2/17, Telecommunication Security
• ITU-T security project, development of the
  generic security-related Recommendations
  including Identity Management (IdM) in support of
  ITU-Ts work
• WP 3/17, Languages and Telecommunication software
• ASN.1 and OID project, development of ITU-T
  formal languages, support of ITU-T activities on
  conformance and interoperablity testing (CIT)
• Joint coordination activities (JCA-IdM, JCA-CIT)
• Focus groups (FG URN, FG SBNO, FG IdM)
• all terminated

19
Leadership for SG 17-related other groups (I)

• JCA-IdM
• Co-Conveners Richard BRACKNEY, Chae-Sub LEE,
  Olivier DUBUISSON
• Represented TSAG, SGs 2, 3, 4, 5, 6, 9, 11, 12,
  13, 15, 16, 17, 19, ATIS, FIDIS, GSMA, ISO/IEC
  JTC1/SC6, ISO/IEC JTC1/SC27/WG5, ISO/IEC
  JTC1/SC17, Liberty Alliance, OECD, Eclipse
  (Higgins Project), Concordia
• JCA-CIT
• Convener Ostap MONKEWICH
• Represented SGs 4, 11, 13, 16, 17, 19

20
Leadership for SG 17-related other groups (II)

• FG URN (Established 11 2000 Terminated 04 2005)
• Chairman Daniel AMYOT
• FG SBNO (Established 10 2005 Terminated 09 2007)
• Chairman Arkadiy KREMER
• Vice-Chairman Luis Sousa CARDOSO
• FG IdM (Established 12 2006 Terminated 09 2007)
• Chairman Abbie BARBIR
• Vice-Chairman Antony NADALIN, Richard BRACKNEY

21
Focus Group URN - Key Facts

• Focus Group URN established 11 2000
• Work electronically email wiki wo
  rkshops
• Members Practitioners Researchers
  User communities
• Deliverables 5
• Language requirements and framework Z.150
• Language definition Z.151
• Use case map notation draft
• Methodological approach draft
• UML profile for URN draft
• Terminated 04 2005
• Work continues within Question 12/17

22
Focus Group SBNO - Key Facts

• FG SBNO established 10 2005
• Meetings Associated to regional
  events
• Members Network operators, Administrati
  ons, ICT companies, Academia
• Deliverables 2
• Survey on security baseline fornetwork
  operators 2006-2007
• Proposed draft Recommendation X.sbno X.Sup2 (09
  2007)
• Terminated 09 2007
• Work continues within Question 4/17

23
Focus Group IdM - Key Facts

• FG IdM established 12 2006
• Meetings 5
• face-to-face every 1,5 month
• Electronic email, wiki
• Members ITU-T and other SDO members,
  ICT experts
• Deliverables 6 reports on
• Activities completed and proposed
• Deliverables
• Identity management ecosystem and lexicon
• Identity management use cases and gap analysis
• Requirements for global interoperable identity
  management
• Identity management framework for global
  interoperability
• Terminated 09 2007
• Work continues within IdM-GSI

24
Statistics (I)

• 45 rapporteur group meetings held (stand-alone,
  during GSI events or collaborative with ISO/IEC
  JTC 1/SC 6, 7, 27 or 37)
• 641 contributions received (excluding Rapporteur
  meetings)
• 7 SG meetings held
• 5 WP 1, 2, 3 meetings held
• 2 IdM-GSI events held (rapporteur groups)
• Min/Max/Average SG participants 88/141/114

25
Statistics (II)

• 88 New/Revised Recommendations approved, plus 43
  Recommendations determined or consented
• 66 draft new/revised Recommendations currently
  under development for approval in the next study
  period
• 15 Questions assigned by WTSA-04
• 2 New Questions added during study period
• 16 Questions proposed for next period

26
Workshops (I)

• Advancing public-private partnerships for
  e-business standardsGeneva, Switzerland, 18 19
  September 2008
• Joint ITU-T and SDL Forum Society workshop on
  "ITU System Design Languages"Geneva,
  Switzerland, 15 16 September 2008
• Regional Workshop on Frameworks for Cybersecurity
  and Critical Information Infrastructure
  ProtectionBuenos Aires, Argentina, 16-18 October
  2007
• WSC - Workshop on Transit SecurityGaithersburg,
  USA, 4-5 October 2007
• Joint ITU-T SG 17, ISO/IEC JTC 1/SC 27/WG 5 and
  FIDIS Workshop on Identity Management
  StandardsLucerne, Switzerland, 30 September 2007
  
• ITU Workshop on Frameworks for National Action
  Cybersecurity and Critical Information
  Infrastructure ProtectionGeneva, 17 September
  2007
• Regional Workshop on Frameworks for Cybersecurity
  and Critical Information Infrastructure
  ProtectionHanoi, Vietnam, 28-31 August 2007
• Second Informal Workshop on Conformance and
  Interoperability TestingGeneva, 08 December 2006

27
Workshops (II)

• ITU-T Workshop on Digital Identity for
  NGNGeneva, 05 December 2006
• Telecommunication Standardization
  WorkshopMaputo, Mozambique 25-27 October 2006
• Joint ITU-T/ OASIS Workshop and Demonstration of
  Advances in ICT Standards for Public
  WarningGeneva, 19-20 October 2006
• SAM 06Kaiserslautern, Germany, 31 May - 02 June
  2006
• ITU and UNESCO Global Symposium on Promoting the
  Multilingual InternetGeneva, 9-11 May 2006
• Informal Workshop on Conformance and
  Interoperability TestingGeneva, 25 January 2006
• Workshop on New Horizons for Security
  StandardizationGeneva, 3 - 4 October 2005
• SDL'05 Forum20-23 June, 2005, Grimstad, Norway
• ITU-T Workshop on NGN in collaboration with
  IETFITU Headquarters, Geneva, 1 - 2 May 2005
• Cybersecurity Symposium IIMoscow, Russian
  Federation, 29 March 2005

28
Acknowledgements
Great thanks are due to the many people who have
contributed to the enormous success of SG 17
during this study period

• Delegates with their many contributions
• Editors in drafting texts for Recommendations
• Rapporteurs in leading work efforts
• Liaison officers in coordinating efforts with
  other bodies
• Project leaders, Focus Group leaders, JCA leaders
• Management team including Working Party chairmen
• TSB support Counsellors, Assistants and other
  staff

Best wishes to all for the next study period
29
Thank you!

• Herbert Bertine is chairman of ITU-T Study
  Group 17. He has been actively involved
  in the standards work of the ITU since 1975 and
  has held senior leadership positions since
  1980. He has devoted extensive efforts in
  facilitating cooperation with SDOs. He
  represents the ITU-T in ISO/IEC/ITU-T SAG on
  security and is the ITU-T liaison officer to
  ISO/IEC JTC 1. 
• Herb also has been active in other arenas
  dealing with ICT standards including ISO/IEC JTC
  1/SC 6 and ANSI. He was instrumental in
  developing the collaborative procedures between
  ITU-T and JTC 1 (reflected in Rec. A.23) and in
  establishing the cooperative procedures with the
  IETF.
• Herb retired in November 2007. He was Director,
  Standards at Lucent Technologies where he led
  Lucents standards efforts worldwide. He joined
  Bell Laboratories in June 1965 and spent his
  career in communication technologies. This
  included systems engineering work on modems,
  digital data systems, X.25 packet networks, open
  systems, and advanced communication systems.
  Since 1982, he had various responsibilities for
  corporate-wide standards management.
• In October 2006, Herb was awarded the American
  National Standards Institute (ANSI) Edward Lohse
  Information Technology Medal for outstanding
  technical and managerial leadership in
  establishing international information technology
  and telecommunications standards and the methods
  by which they are produced.
• Herb has a Bachelor of Electrical Engineering
  degree and a Master of Electrical Engineering
  degree from Rensselaer Polytechnic Institute. He
  is a member Eta Kappa Nu (EE Honor Society) and
  Tau Beta Pi (Engineering Honor Society) and of
  the Institute of Electrical and Electronic
  Engineers (IEEE).