ITU - Cybersecurity, Spam and Cybercrime

14 May 2012 - Joint Coordination Activity on Child Online Protection established

Mon, 14 May 2012 07:09:31 +0000

ITU has established a new Joint Coordination Activity on Child Online Protection (JCA-COP) to coordinate the COP work across ITUs sectors and Study Groups as well as cooperate with outside stakeholders engaged in COP. ITU-T Study Group 17 is the parent group to JCA-COP, and will leverage its well-developed network of ICT security stakeholders to harmonize these different elements to ensure a unified approach to the creation of global COP standards.

JCA-COP is chaired by Ashley Heineman of the National Telecommunications and Information Administration (NTIA), USA.

In keeping with its Terms of Reference, JCA-COP will coordinate the COP work already underway within ITU-T (particularly that of SGs 2, 9, 13, 15, 16 and 17), and will liaise with ITU-R, ITU-D and ITUs Council Working Group on COP.

JCA-COP seeks to study and understand the composition of the COP ecosystem as it relates to the most relevant stakeholders, and technical, legal or regulatory questions. It will act as the first point of contact for any organization interested in ITU-Ts work on COP, and will also actively pursue means of collaborating with external bodies working in the field.

JCA-COPs internal coordination mandate is thus accompanied by an external research and outreach capacity; to be carried out in a globally-inclusive manner. Cooperation and collaboration with external bodies is always crucial to ITU-Ts standardization work, and it will ensure that ITUs forthcoming COP standards are agreed, and consequently implemented, on an international basis.

More information:

      SG 17s homepage
      The brand-new JCA-COP homepage
      ITU's Child Online Protection (COP) initiative, the ITU Secretariat framework for COP activities across ITU-T, ITU-R and ITU-D.

16 March 2012 - ITU joins SDOs from China, Japan and Korea to enhance cooperation

Fri, 16 Mar 2012 08:00:07 +0000

Following the signing of a Memorandum of Understanding between ITU and the four standardisation bodies of China, Japan and Korea (CJK) last year, see press release here Malcolm Johnson, Director of the ITUs Telecommunication Standardization Bureau, led a delegation from the ITU Secretariat to the eleventh CJK Meeting (CJK-11) 14-16 March at the Seagaia Convention Centre in Miyazaki Prefecture, Japan. The Indian standards body GISFI also attended the meeting as an observer as it has requested to join the MoU.

The meeting addressed global ICT standardization questions of common interest to the regions key standards bodies: ARIB, CCSA, TTA and TTC.

In his opening speech Johnson noted that CJK governments together account for 15 per cent of the total financial contributions received by ITU from Member States, and private entities from these nations account for 20 per cent of the contributions ITU-T receives from the private sector. Moreover, CJK makes a significant number contribution to ITU meetings: 38 percent more contributions in 2011 than in 2009.

Full speech can be seen here.

CJK meetings seek to maintain and improve the commitment to mutual understanding and cooperation, and recognise the imperative of coordinated international standards for the sound progression of each of the countries ICT industries. The meeting identified the following topics as candidates for collaboration under the MoU: M2M and Dynamic Spectrum Access; Future IMT; smart grid; cloud computing and security; and the work on environment and climate change.

The Deputy Director of ITUs Radiocommunication Bureau, Fabio Leite, also participated in the meeting stressing the importance of collaboration with ITUs Radiocommunication Sector (ITU-R), in particular on M2M access networks where there is a clear need for interoperability between radio-based systems.

02 December 2011 - ITU to play leading role in UN global cybersecurity debate

Fri, 02 Dec 2011 12:56:15 +0000

ITU Secretary-General Dr Hamadoun Touré will be among the prominent global leaders taking part in a special United Nations Economic and Social Council public debate on Cybersecurity and Development.

Modern information and communications technologies (ICTs) now underpin just about all human activity, from transportation, water and power networks, to industrial processes and supply chains, emergency services, healthcare, education, food distribution chains, and financial services.

But while technology brings many benefits, this dependence has given rise to the need to protect against potential threats posed to the everyday lives of people and States alike.

Cybersecurity and cybercrime are multidimensional issues involving different disciplines, skills and technologies. Strengthening security in the information society is a shared responsibility in which all stakeholders (governments, private sector, international organizations, civil society) have vital roles to play.

What:	ECOSOC Debate on Cybersecurity and Development
When:	10:00am - 1:00pm, 9 December, 2011
Where:	ECOSOC Chamber, UN Headquarters, New York
Why:	To look at the challenges posed by ubiquitous connectivity and potential responses to mounting cyberthreats
Who:	Chair: H.E. Mr. Lazarous Kapambwe, President of ECOSOC and Permanent Representative of Zambia to the United Nations Moderator: Gary Fowlie, Head, ITU Liaison Office in New York Panellists: Dr. Hamadoun Touré, Secretary-General, International Telecommunication Union Fortunato de la Peña, Vice-Minister for Science and Technology, Philippines, and Chair, Commission on Science and Technology for Development (CSTD) - via video-link Cheri McGuire, Vice President, Global Government Affairs & Cybersecurity Policy, Symantec Mohd Noor Amin, Chairman, Management Board IMPACT Malaysia Deborah Taylor Tate, ITU Special Envoy and Laureate for Child Online Protection, United States Commissioner, Federal Communications Commission (Ret.)

For more information about the event see: www.un.org/en/ecosoc/cybersecurity/index.shtml.

27 October 2011 - Using telecommunication to transfer biometric information

Thu, 27 Oct 2011 12:52:11 +0000

ITU has approved a new protocol to relay biometric information, connecting medical practitioners with the real-time medical data of patients in remote locations. Study Group 17s Recommendation ITU-T X.1080.1 is the first in a suite of e-health and telemedicine recommendations and supports interactions between a patients local medical facility and a remote medical centre.

e-Health technologies have great potential to bridge the service provision inequalities between developed and developing nations, as well as between urban and rural communities. ITU-T X.1080.1 takes into account work in other standards bodies and recognizes and identifies data formats and interactions using Abstract Notation One (ASN.1) object identifiers (OIDs and OID-IRIs). It also provides security features in the form of Cryptographic Message Syntax (CMS), which enables both integrity and encryption.

ITU-T X.1080.1 is designed to provide wide-area communication supporting all health-related activities, where the communication can be usefully undertaken as structured messages. From this base, the X.1080 series will develop into a set of recommendations addressing physical, chemical, biological, culturological and psychological diagnoses, interventions and prescriptions. It aims to remove the need for a co-location of medical practitioners and patients, and will support both multi-party (for audit and training purposes) and one-to-one interaction.

The remaining five parts of the X.1080 series, dealing with the identification of physiological quantities and units, are being constructed in close collaboration with ISO/TC 12, and IEC/TC 25.

19 May 2011 - ITUs relationship with IMPACT continues to gain momentum

Thu, 19 May 2011 08:25:20 +0000

ITUs relationship with IMPACT continues to gain momentum, with over 130 UN Member States now part of the ITU-IMPACT coalition.

ITU-IMPACT is the first cooperative global venture to make available cybersecurity expertise and resources to enable Member States to detect, analyze and respond effectively to cyberthreats. Of particular benefit to developing countries and smaller states without the capacity and resources to develop their own sophisticated cyber response centres, the coalition also benefits technically advanced nations by providing them with a continuous global snapshot of potential and real online threats.

19 May 2011 - In line with ITU's long tradition of public-private partnership ITU has signed an MoU with Symantec

Thu, 19 May 2011 08:22:34 +0000

Under the terms of the agreement, Symantec will provide ITU with expert intelligence reports on current and future trends in ICT security, to be shared among all ITU Member States. This will facilitate awareness raising and knowledge transfer, complementing the work of ITU and strengthening its effectiveness as a global forum for governments and the private sector to build confidence and security in the use of ICTs.

19 May 2011 - UN agencies team up to make the online world safer: MoU signed between ITU and UNODC at WSIS Forum 2011

Thu, 19 May 2011 08:14:20 +0000

A Memorandum of Understanding signed between ITU and the United Nations Office on Drugs and Crime (UNODC) at this years WSIS Forum event in Geneva will see the two organizations collaborate in assisting UN Member States to mitigate the risks posed by cybercrime.

The MoU will enable ITU and UNODC to work together to make available the necessary expertise and resources to establish legal measures and legislative frameworks at the national level, for the benefit of countries worldwide. It is the first time that two organizations within the UN system have formally agreed to cooperate on a global basis on cybersecurity.

This new alliance with UNODC is a major milestone in implementing a coordinated global approach to an increasingly serious global problem. Together, our two agencies will generate powerful synergies that will help all countries fight the scourge of cybercrime and create a safer online environment for all, said ITU Secretary-General Dr Hamadoun Touré.

03 May 2011 - Framework for exchange of info on cybersecurity

Tue, 03 May 2011 14:28:22 +0000

ITU has adopted a suite of global technical standards that provide a common framework for exchanging information on cybersecurity. The suite is known as CYBEX and provides for enhancing protection for all kinds of ICT systems, equipment, and software.

CYBEX focuses on the structured exchange of cybersecurity information and provides coherent common specifications allowing different operators, systems, and security communities to communicate vital cybersecurity information to each other, enhance protection, and identify and understand attacks . CYBEX is an important element in ITUs array of standards improving confidence and security in the use of ICTs.

The first three standards of this suite of standards (known as ITU-T X.1500 Recommendations) consist of: (1) an overview of the model for trusted exchange of cybersecurity information; (2) the exchange of vulnerability information; and (3) "weighing" of vulnerabilities.

ITUs security study group (ITU-T Study Group 17) has started new work entitled continuous security monitoring using CYBEX techniques. The work will focus on the use of CYBEX standards by enterprises and network operators to enhance their individual and collective cybersecurity and reduce their risks. Experts say the complexity of existing network infrastructures, equipment, software, and services renders enterprises constantly vulnerable and subject to compromise. The work may also be applicable to cloud computing, virtualization and Smart Grid electrical power management environments.

14 April 2011 - Cloud progress comes with call for greater interoperability

Thu, 14 Apr 2011 23:28:42 +0000

ITUs Focus Group on Cloud Computing met last week with increased industry support for standards to support worldwide interoperability. Cloud security was also a key topic on the agenda of the group and especially relevant given that subscribing to a cloud model involves complete outsourcing of services and data. The meeting identified these two topics, intercloud relationships and security, as important study items for ITU-T to take forward.

The Focus Group met at the same time as Google vice president, Vint Cerf addressed US National Institute of Standards and Technology's third cloud computing workshop in Gaithersburg, US telling them that cloud interoperability and security remain serious concerns (see here).

Industry experts forming the Focus Group have completed a survey of standards organizations focusing on cloud and begun the process of identifying gaps that can be filled and where that work can be done. The meeting also saw the appointment of a new Vice-chairman: Olivier Colas, Microsoft.

Technical Specifications from the Focus Group are expected by end 2011. The group has identified 15 active organisations in Cloud Computing and established official liaisons with other SDOs including ISO, DMTF, CSA, NIST. The Focus Group has identified several work items to be developed within ITU-T including; the cloud ecosystem; security; cloud architecture; cloud networking; inter-cloud relationships; eco-friendly cloud; accessibility; cloud terminal and cloud management.

04 March 2011 - Standards need to protect children online

Fri, 04 Mar 2011 10:57:26 +0000

Standardization experts are being asked to examine security-related guidelines/standards on child online protection issues.

The recent Telecommunication Standardization Advisory Group (TSAG) meeting invited experts in ITUs security standardization group (Study Group 17) to examine issues including:

The development of interoperable standards and related recommendations to protect children online. The aim would be to develop a widely shared approach which could be promoted across the whole industry.
Evaluating what options and possibilities exist for real global coordinated and consistent action to protect children online. Attention should be given to the elaboration of those capabilities (e.g. watch and warning and incident management) that would facilitate the gathering of threats and information sharing among different players.
Identifying the commonalities that span the different industry sectors (broadcasters, Internet, mobile) with the purpose of developing Codes of Conduct, or code of practices to help ITU Member States collaborate more effectively with the private sector/industry.
Establish cooperative arrangements between government and the private sector/industry for sharing information and developing specific capabilities aimed at mitigating the risks and extending the potential of ICT usage by children.

ITUs Child Online Protection (COP) initiative was launched in November 2008 as a multi-stakeholder effort to bring together partners from all sectors of the global community to ensure a safe online experience for children everywhere.

SG17 is expected to play a major role in technical aspects on COP, given that security, cybersecurity and identity management are already now being recognized as key fields of potential interest. Several SG17 work items (in ITU parlance Questions) are relevant, and experts from membership are encouraged to contribute.

17 February 2011 - Microsoft Calls for Safer and Healthier Internet

Thu, 17 Feb 2011 13:08:29 +0000

At a keynote speech delivered at the RSA Security Conference, Scott Charney--Microsoft (MSFT) corporate vice president for Trustworthy Computing--reiterated a vision for the future of Internet security. Charney painted a picture of a collaborative approach to Internet and PC security modeled after the processes used to respond to global health epidemics.

Microsoft describes why the timing seems to be right for driving this vision forward, citing the increased use of mobile devices and cloud computing, the persistence of botnet threats, increased public awareness of online crimes, and growing public pressure for improved government cyber security policies. These factors combine to create a unique opportunity.

Full Story

17 February 2011 - International Card Fraud Gang Dismantled in Romania

Thu, 17 Feb 2011 13:02:06 +0000

An operation involving cross-border collaboration and supported by Europol has dismantled an international organized crime group based in Romania. The gang had been carrying out payment card fraud in several EU countries including Poland, Romania, Sweden and the UK.

Romanian law enforcement authorities, working in cooperation with the Europol, the European Law Enforcement Agency, arrested five members of the criminal gang after months of surveillance. The gangs activities had involved fraudulently withdrawing cash from ATM machines with illegally skimmed and counterfeit payment cards. The card holders in countries including Poland, Romania, Sweden and the UK are said to have suffered substantial losses according to a press release issued by Europol on Wednesday.

Full Story

10 February 2011 - Insecure Web apps pose serious security risks, survey finds

Thu, 10 Feb 2011 08:55:42 +0000

Insecure Web apps pose a serious security risk for organizations, and according to a new survey released today, website attacks are among the biggest concerns for companies.

The Ponemon Institute survey, commissioned by security vendors Barracuda Networks Inc. and Cenzic Inc., polled 637 IT and IT security practitioners on their views of Web application security. While 74% said Web application security is equal or more critical to other security issues, only 36% said their organization has adequate governance and policies over the use of insecure Web applications by end users across the enterprise.

Full Story

09 February 2011 - Safer Internet Day highlights need for IT security

Wed, 09 Feb 2011 14:25:42 +0000

As February 8th marks Safer Internet Day, the statistical office of the European Union (EU) has published new figures which reveal the extent to which businesses can and do benefit from security solutions when outsourcing IT departments.

The Eurostat study found that in 2010 approximately 84 per cent of web users were protected by security software, suggesting that there are still a large number of individuals and companies that could benefit from greater internet security.

Full Story

08 February 2011 - Facebook exploit toolkit dumbs down rogue app creation

Tue, 08 Feb 2011 14:34:20 +0000

Miscreants have begun selling a cut-price point and click Facebook rogue application generation tool, designed for script kiddies too clueless to code their own malicious application.

The rogue Facebook app creation tool kit is available is available at just $25, net security firm Websense reports.

The toolkit offers a means to direct surfers towards survey scams, spread malware or act as a tool in furtherance of click-fraud scams, all by following a simple set of instructions. Bogus applications generated via the tool, called Tinie Facebook Viral Application, would offer lures such as the supposed opportunity to check on who has been viewing a Facebook profile.

Full Story

10 January 2011 - New challenges in providing confidence and security in the use of ICT

Mon, 10 Jan 2011 16:22:41 +0000

A meeting of ITU-Ts Security Study Group (Study Group 17) at the end of 2010 saw several new standards (ITU-T Recommendations) approved and progress in several important areas. Immediately prior to the main Study Group meeting a workshop, Addressing security challenges on a global scale, open to members and non-members alike attracted 115 participants from 29 countries. Also open to external experts an Identity Summit succeeded as a new tool to add value to technical discussions in SG17.

Some of the new ITU-T Recommendations facilitate the interconnection of security and management systems and to exchange cyber security information, such as of security events and of security attack incidents. The standards specify how this information can be shared across organizations for enhanced security preparedness and broader and better risk mitigation against vulnerabilities, to allow vulnerability databases and other capabilities to be linked together, and to facilitate the comparison of security tools and service.

In detail, Recommendation ITU-T X.1209 identifies real-life scenarios where cybersecurity information can be exchanged across organizations. The standard specifies the principal technical and organizational capabilities necessary for systems in terms of cyber security information exchange. Related new work includes draft Recommendation ITU-T X.1500 which surveys the various candidate techniques for cyber information exchange, and draft Recommendation ITU-T X.1520 which identifies the high-level requirements for enumerating common vulnerabilities.

Also during December meeting two new Recommendations were approved (X.1243 and X.1245) that counter spam and other unsolicited communications though an interactive gateway system. In addition the use and application of the extended validation certificates as put forward in new draft Recommendation ITU-T X.1261 will provide enhanced and superior security to users on the Internet with a trustworthy confirmation of the identity of the entity that controls the website or other services that the users are accessing.

Two new draft Recommendations have been matured (X.1311 and X.1312) that address the security aspects of ubiquitous sensors in networks an emerging area of smart internetworked sensors and devices that are expected to increasingly permeate daily life. The new Recommendations identify the specific and typical security threats and specify appropriate security requirements. Draft Recommendation ITU-T X.1312 follows one promising approach where various security functions and security mechanisms are aggregated within a common middleware component of those sensors. Radio frequency identification (RFID) enabled devices are an early incarnation of such ubiquitous sensors where new Recommendation ITU-T X.1275 gives guidelines to vendors and service providers of RFID enabled devices how to protect the privacy of the users his/her specific personally identifiable information (PII).

Study Group 17 also saw new and ongoing security and identity management standardization work in the area of cloud computing and virtual service platforms where challenging security problems remain to be solved and standardized. Another new interesting area of standardization work seeks to define an information security management reference model for small and medium telecommunication organizations.

A series of tutorials were given at the SG17 meeting and presentations can be downloaded here. Topics included: An update on ICANN activities relating to Security, Stability and Resiliency; Open Identity Trust Frameworks: A Market Solution to Online Identity Trust; Creating a Multilingual Communication Standard for Cross-Border ODR; X.500/LDAP as resolution system and as support provider for RFID; Cybersecurity Information Exchange techniques and their importance for emerging networks.

20 September 2010 - Group recommends joint NATO-Russia 'cyber' war games Rules of engagement in the digital age

Mon, 20 Sep 2010 09:45:00 +0000

The North Atlantic Treaty Organization and Russia should undertake joint information-warfare exercises so the two countries can better protect critical digital infrastructure, policy wonks at an international group said.

The proposal, which was included in a32-page report released Wednesday by the EastWest Institute, would help the US and Russia achieve mutual goals in much the way that previous collaborations in the International Telecommunication Union (ITU) have, its authors argued.

Full Story

29 July 2010 - Notorious computer hacker identified and arrested, authorities say

Thu, 29 Jul 2010 08:57:20 +0000

Washington (CNN)-- A computer hacker responsible for creating and operating a massive scam that infected as many as 12 million computers worldwide has been identified and arrested, authorities said Wednesday.

The FBI said in a news statement a 23-year-old Slovene known as "Iserdo" was arrested last week for his role in a cyber scam that stole passwords from websites and financial institutions. Authorities believe the Slovenian citizen is responsible for creating and selling the Mariposa botnet.

Botnets are a network of computers infected with a malicious kind of robot software which allow remote access, often without the owner's knowledge.

Full Story

22 July 2010 - Double Honours for IMPACT at (ISC)²s Annual Asia-Pacific Information Security Leadership Achievements Program

Thu, 22 Jul 2010 12:06:35 +0000

International Multilateral Partnership Against Cyber Threats (IMPACT) received double honours from (ISC)²s fourth annual Asia-Pacific Information Security Leadership Achievements (ISLA) Program for its efforts to build capacity against cyber threats among partner countries especially in the developing nations.

Mr. Philip Victor, Director, Training, Skills Development and Outreach, IMPACT has been selected as an Honouree in the Senior Information Security Professional category and the contribution of Mr. Sivanathan Subramaniam, Manager, GRC Profressional Services, IMPACT has been recognised in the Information Security Practitioner category.

The award giving ceremony will take place at the ISLA Gala Dinner and Ceremony on the evening of 26^th July 2010, held at The Ritz-Carlton, Millenia in Singapore.

Full Story

23 June 2010 - International experts seek to identify common responses to the global challenge of cyber crime

Wed, 23 Jun 2010 16:18:24 +0000

CTO Conference, London on 17-18 June 2010 - A two-day international forum on Cybersecurity- aimed to identify, outline and set in motion effective to crimes that take place in the cyber world. The forum was organised by the Commonwealth Telecommunications Organisation (CTO) in conjunction with the UK Department of Business, Innovation and Skills (BIS) and the UK Cabinet Office of Cyber Security (OCS).

At the conference , ITU Global Cybersecurity Agenda (GCA) - A Framework for International Cooperation in Cybersecurity, Initiative was presented and very much welcomed by CTO participants.

Delivering the key note address, Rt Hon Baroness Pauline Neville-Jones, Minister of State for Security and Counter-Terrorism, spoke of her commitment to tackling the complex issues surrounding cyber security, including Cyber-crime and Cyber-espionage. She also stressed the critical importance of international cooperation by like-minded countries and the vital role of International organisations such as the UN-sponsored Internet Governance Forum, the International Telecommunications Union and the Commonwealth Telecommunications Organisation itself.

Dr Ekwow Spio-Garbrah, the Chief Executive Office of the CTO echoed these sentiments and added that the CTO is always keen to collaborate with sister agencies such as ITU in order to develop the capacity of its members to manage and develop their ICT sectors. ICT enabling governance and society brings along with it associated risks requiring innovative strategies of which Cybersecurity is a key element. That was the primary reason for the CTO to organise this forum and the number of participants and the engagement of organsiations from both public and private sectors justifies the CTO's decision to undertake the organising of such an event.

Full Story

ITU's activities on Cybersecurity can be found here.

10 May 2010 - Should there be a Geneva Convention for fighting cyberwar?

Mon, 10 May 2010 08:54:00 +0000

The term "cyberwar" has been bandied about in recent years as a catchall term for the hackers stealing credit card numbers or spreading spam, but also much more nefarious schemes such as breaking into a electricity grid. At a recent cybersecurity conference, one Microsoft security executive said we might need global rules on how to fight such threats.

Scott Charney, vice president of Microsoft's Trustworthy Computing Group, spoke at the Worldwide Cybersecurity Summit in Dallas last week and said there needs to be a distinction between cybercriminals merely stealing money and cyberwar, possibly conducted by nation-states, that is aimed at crippling a target in another country, such as a power grid or an oil pipeline. An Associated Press report on the conference, which was picked up by the Seattle Post-Intelligencer newspaper, quotes Charney as saying that international treaties designed to fight cyberwar are difficult to establish because of the murky nature of what "cyberwar" is.

The United Nations last month rejected a Russian proposal for a new cybercrime treaty, leaving in place a 2001 treaty that Russia opposes because it gives foreign governments too much leeway to pursue cybercriminals across borders.

"Lots of times, there's confusion in these treaty negotiations because of lack of clarity about which problems they're trying to solve," Charney said.

In a paper that accompanied his talk, Charney also wrote that if the concern is that countries need to brace for a cybersecurity "Pearl Harbor," that it needs to be made clear on what type of attacks governments can respond. "If the concern is an electronic Pearl Harbor, perhaps part of the response is an electronic `Geneva Convention' that protects the rights of noncombatants."

The notion of an electronic Pearl Harbor has come up before on this blog. I wrote about it after attending the RSA Conference 2010 in San Francisco in March. There a panel of cybersecurity experts warned that a cyberattack could occur that could cripple U.S. infrastructure if we're not prepared for it. Richard Clarke, a national security advisor to the previous three U.S. presidents, also proposed a cyber security treaty, but lumped together criminal cyber attacks and state-sponsored attacks.

Full Story

28 April 2010 - Fake Anti-virus Peddlers Outmaneuvering Legitimate AV

Wed, 28 Apr 2010 07:49:30 +0000

Purveyors of fake anti-virus or scareware programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google.

In a report being released today, Google said that between January 2009 and the end of January 2010, its malware detection infrastructure found some 11,000 malicious or hacked Web pages that attempted to foist fake anti-virus on visitors. The search giant discovered that as 2009 wore on, scareware peddlers dramatically increased both the number of unique strains of malware designed to install fake anti-virus as well as the frequency with which they deployed hacked or malicious sites set up to force the software on visitors.

Fake anti-virus attacks use misleading pop-ups and videos to scare users into thinking their computers are infected and offer a free download to scan for malware. The bogus scanning programs then claim to find oodles of infected files, and victims who fall for the ruse often are compelled to register the fake anti-virus software for a fee in order to make the incessant malware warnings disappear. Worse still, fake anti-virus programs frequently are bundled with other malware. Whats more, victims end up handing their credit or debit card information over to the people most likely to defraud them.

Full Story

23 April 2010 - FCC gets into cybersecurity business

Fri, 23 Apr 2010 12:11:30 +0000

Wednesday was a busy day at the [U.S.] Federal Communications Commission, with National Broadband Plan related notices on the CableCard >, Universal Service Fund >, and roaming access issues > out the door. Another interesting item was a Notice of Inquiry > on whether the agency should launch a voluntary cybersecurity certification program.

In a nutshell, the proposed program's private sector auditors or the FCC would periodically run security evaluations of various telecommunications services. Companies that passed the program's muster could then market their networks as FCC cyber security compliant.

It's not hard to make a pitch for these kind of programs, given all the cybersecurity horror stories. The agency's Notice outlines what's at stake:

"In todays interconnected world, an increasingly greater amount of the nations daily business depends on our rapidly growing broadband communications infrastructure. Banking, investment and commercial interests routinely rely on the durability and security of IP-based networks to move capital and to track goods and services around the globe. To put this development in perspective, while our nations total GDP was just over $14T last year, two banks in New York move over $7T per day in transactions. . . ."

But the open-ended questions that the FCC asks in its inquiry suggest that the Commission knows that the case for this kind of project isn't open and shut. Would the program "create a significant incentive for providers to increase the security of their systems and improve their cybersecurity practices?" the NOI asks. And it also wonders if "public knowledge of providers' cybersecurity practices would contribute to broader implementation by industry."

Another question the FCC might want to ask is, should individual government agencies coordinate this kind of activity, or should a broader cross-industry certification program be established? The probe comes in tandem with an inquiry > on the survivability of the nation's broadband networks.

Full Story

22 April 2010 - Cybersecurity Information Exchange Framework (CYBEX): Update

Thu, 22 Apr 2010 14:16:43 +0000

Aprils meeting of ITU-Ts cybersecurity group (SG 17) saw a presentation on progress on the six months of work on the Cybersecurity Information Exchange Framework (CYBEX).

CYBEX imports more than twenty best of breed standards for platforms developed over the past several years by government agencies and industry to enhance cybersecurity. These platforms capture and exchange information about the security "state" of systems and devices, about vulnerabilities, about incidents such as cyber attacks, and related knowledge "heuristics." The Framework pulls these platforms together in a coherent way to provide for 1) locking down on-line systems to minimize vulnerabilities, 2) capturing incident information for analysis when network harmful incidents occur, and 3) facilitating evidence for enforcement action if necessary.

The presentation noted a close collaborative relationship with the Forum of Incident Response and Security Teams (FIRST) - a global organization for coordination and cooperation among Computer Emergency Response Teams.

A wiki-based initial compilation of discovered CIRTs and related agencies and bodies to the SG17 website at:
http://www.itu.int/ITU-T/studygroups/com17/nfvo/index.html

See previous newslog entry for more information on CYBEX.

22 April 2010 - Addressing security challenges on a global scale: Workshop

Thu, 22 Apr 2010 14:13:19 +0000

ITU-Ts Study Group 17 will hold a workshop Addressing security challenges on a global scale in Geneva, 6 (afternoon)-7 December 2010. The event will focus on how ITU and other standards developing organizations (SDOs) address the main challenges of information and communication security.

A call for abstracts with a deadline for 15 June 2010 has been issued with suggested topics including:

   Emerging applications of PKI
   Collaboration for ICT security standardization
   Developing countries challenges
   Cloud computing: Threat or opportunity
   The cloud in the telecom space
   Identity in the cloud
   Smart grid security
   Assurance, making cybersecurity measurable
   Identity management (IdM)
   CIRTs, sharing of information
   Security awareness
   IPv6 Security
   Telebiometrics standardization
   Meeting regulatory obligations

The workshop is also expected to provide a good opportunity to overview new areas of security studies including Smart Grid and Cloud Computing.

SG 17 aims to hold a similar workshop on annual basis from now on.

22 April 2010 - ITU-T Study Group 17, work in progress and new work

Thu, 22 Apr 2010 14:06:11 +0000

The recent meeting of ITU-Ts, Study Group 17, saw record attendance with a much increased number of delegates from developing countries. The groups work programme contains more than sixty work items on topics as diverse as identity management (IdM), IPTV security, object identifiers (OID), formal languages and cybersecurity.

Among the work areas that achieved significant progress at the April meeting were directory services, IdM, and IPTV security.

The heavily deployed directory assistance protocol Recommendation ITU-T E.115 was revised at this meeting. E.115 is used for directory assistance information exchange among service providers. E.115 also gives a description of the principles and procedures to be followed in interconnecting different national computerized directory assistance services.

A key standard (ITU-T Recommendation) on IdM was approved. The Baseline IdM Terms and Definitions is considered one of the basic texts for IdM and provides a solid basis for ensuring interoperability between various emerging IdM solutions.

Other work in the IdM field continues apace with new work items proposed on an open identity trust framework; discovery of identity management information; baseline capabilities and mechanisms of identity management for mobile applications and environment and an identity management roadmap.

Also in the field, EVCert, an important tool in the fight against spam is considered likely for first stage approval (consent/determination) at the next meeting of SG 17. EVCert is a product of the CA Browser Forum and is a digital certificate based specification combined with an array of processes and protocols for significantly enhanced organization/provider trust and related transport layer encryption. Approval as an ITU standard (ITU-T Recommendation) will push EVCert forward as the principal global specification for organization/provider trust. EVcert enables special features in web browsers or other compliant programs.

In IPTV security, work progressed in several areas including a key management framework for secure IPTV services; an algorithm selection scheme for service and content protection (SCP) descrambling and a service and content protection (SCP) interoperability scheme.

New work is considered in several new areas:

    Work will start to develop a new standard outlining the basic rules necessary to build national revenue assurance protection systems. The proposal to start the work notes that last year fraud in telecommunication networks decreased revenue of telecommunication companies by 12-15 per cent.

    A new work item on reducing spam in mobile networks focusing on SMS/MMS was proposed and agreed.

    In the area of cloud computing work will progress in two new areas. Firstly the collection of security requirements and a proposed framework outlining the cloud based telecom environment. In addition security guidelines for cloud computing will be developed to help service providers deploy cloud computing.

15 April 2010 - US Cyberspace Policy Review

Thu, 15 Apr 2010 09:43:11 +0000

The US President directed a 60-day, comprehensive, clean-slate review to assess U.S. policies and structures for cybersecurity. Cybersecurity policy includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

The Presidents cybersecurity policy official should, working with departments and agencies, strengthen and integrate interagency processes to formulate and coordinate international cybersecurity-related positions. In addition, the Federal governmentcontinuing the long-term history of collaboration with the private sectorshould develop a proactive engagement plan for use with international standards bodies. This would include taking stock of current policies and coordinating the development, refinement, or reaffirmation of positions to ensure that the full range of cybersecurity-related economic, national security, public safety, and privacy interests are taken into account.

The US Cyberspace Policy Review can be found here

ITU's activities on Cybersecurity can be found here.

14 April 2010 - Congress Tackles Key Cybersecurity Initiatives

Wed, 14 Apr 2010 09:08:57 +0000

Congress, back this week from spring break, isn't wasting time tackling some key cybersecurity and IT security-related initiatives.

Within the next few weeks, Congressional committees will hold sessions to tackle some of the hottest infosec-related items, including the confirmation hearing on Army Lt. Gen. Keith Alexander to be military cyber commander, markup sessions on bills to fund cybersecurity research and development and realign the National Institute of Standards and Technology's laboratories and a hearing on combating cyber crime and identity theft.

Alexander Confirmation Hearing >

Thursday's Senate Armed Services Committee confirmation hearing comes nearly 10 months after Alexander was nominated by President Obama to be the first military cyber commander. If confirmed, he would retain his current job, director of the National Security Agency, and be promoted to full general. No one is suggesting that Alexander won't be confirmed, but concerns have been raised that having the same officer overseeing the cyber command and NSA poses potential conflicts: Should the top spy also be the general in charge of protecting the computer systems and networks employed to support the nation's warfighters?

Indeed, it's been questions about that dual role that has delayed the confirmation process. As we reported > last month, the committee sent a questionnaire to Alexander on March 6 seeking answers about how he would balance the two jobs. Though the NSA is a DoD agency, it works with civilian agencies to secure federal IT, raising additional concerns about potential military involvement in civilian matters. "They are working through some of the hard problems and that is what the reason for the delay is," James Lewis, senior fellow at the Center for International and Strategic Studies and expert on government and military cybersecurity policy, told > GovInfoSecurity.com.

Full Story

12 April 2010 - Kerry, Gillibrand Introduce Legislation To Strengthen Americas Cybersecurity Efforts

Mon, 12 Apr 2010 09:14:12 +0000

WASHINGTON, D.C. Senate Foreign Relations Committee Chairman John Kerry (D-MA) and Senator Kirsten Gillibrand (D-NY) today introduced legislation that will strengthen the ability of the United States to develop a clear and coordinated strategy for international cyberspace and cybersecurity policy. The bill will create the framework for coordinating our efforts with other countries to defend against cyberattacks that threaten our power stations, telecommunications systems and financial markets.

The International Cyberspace and Cybersecurity Coordination Act of 2010 will authorize the creation of a senior coordinator at the State Department, with the rank and status of Ambassador at Large. This person will be the principal advisor to the Secretary of State on international cyberspace and cybersecurity issues. The coordinator will provide strategic direction for United States government policy and programs aimed at addressing cyberspace and cybersecurity issues overseas. The bill will ensure the Administration develops a clear and coordinated strategy for international cyber engagement, including considering the utility of negotiating a multilateral framework that would provide internationally acceptable principles to mitigate cyberwarfare. >

"Just as the physical safety of America is under constant threat from those who would do us harm, we are also engaged in a battle over the control of information in cyberspace and need to build better defenses against potential attacks on our infrastructure," said Chairman Kerry. "We must do everything we can to forestall the possibility of cyberwarfare and create a multilateral framework that will persuade countries to cooperate on pressing cyber issues. This bill is the first step to better organize U.S. efforts to develop a coordinated strategic approach to international cyberspace and cybersecurity issues by designating a single diplomat responsible for U.S. cyber policy overseas."

Full Story

18 March 2010 - Cybercrime's bulletproof hosting exposed - Zeus botnets' tangled web

Thu, 18 Mar 2010 08:37:17 +0000

Researchers at RSA have identified the network framework that endows some of the worlds most notorious botnets with always-on connections that are virtually immune from takedowns.

At the network's heart are the servers that shepherd tens of thousands of infected PCs so they continue to send spam, spread malware, and stay updated with the latest bot software. By maintaining multiple conduits between these master control channels and the outside world, malware gangs are able to create highly redundant networks that are extremely difficult for authorities and whitehats to shut down.

"What they've worked really hard to do for themselves is build a spiderweb of connections to the outer ring if the outer ring were the internet at large," Sean Brady, manager of RSA's identity protection and verification group, told The Register. "As you start picking off threads, they work to reroute, to crawl along different threads."

Full Story

09 March 2010 - Ashleigh Hall Facebook Murder: Lessons Must Be Learned

Tue, 09 Mar 2010 13:35:53 +0000

Alan Johnson said UK and US authorities were working on ways to flag up when a convicted sex offender goes online. It follows the sentencing of Peter Chapman, 33, on Monday, to a minimum of 35 years for the kidnap and killing of Ashleigh Hall in Sedgefield in October. The sex offender contacted her via Facebook. The Lib Dems have also called for better internet monitoring.

Full Story

Find out more about ITU's Child Online Protection Initiative

03 March 2010 - UK National Theatre hack forces password reset

Wed, 03 Mar 2010 09:01:45 +0000

Some 17,000 culture vultures registered to the UK's National Theatre website need to reset their passwords after the site was hacked.

The 20 February attack hit systems storing the logins of 17,000 (or around three per cent) of the 500,000 plus registered with the site. Only email, password, name and contact information was disclosed by the hack. Motives and perpetrators remain unidentified. A spokeswoman emphasised that database systems holding credit and debit card details were not affected by the hack. The NT has sent out email alerts (copy below) to affected customers on Monday apologising for the security snafu.

Full Story

03 March 2010 - German high court says telecom, e-mail data cannot be retained

Wed, 03 Mar 2010 08:41:24 +0000

Germany's highest court on Tuesday overturned a law allowing authorities to retain data on telephone calls and e-mail traffic for help in tracking criminal networks.

A law ordering data on calls made from mobile or landline telephones and e-mail exchanges be retained for six months for possible use by criminal authorities violated Germans' constitutional right to private correspondence, the Federal Constitutional Court ruled. In its ruling, the court said the law failed to sufficiently balance the need for personal privacy against that for providing security.

The disputed instructions neither provided a sufficient level of data security, nor sufficiently limited the possible uses of the data, the court said.

Full Story

26 February 2010 - MS uses court order to take out Waledac botnet

Fri, 26 Feb 2010 09:23:51 +0000

Microsoft has won a court-issued take-down order against scores of domains associated with controlling the spam-spewing Waledac botnet.

The software giant's order allows the temporary cut-off of traffic to 277 Internet domains that form command and control nodes for the network of compromised machines. Infected (zombie) machines are programmed to regularly poll these control points for instructions and spam templates.

The .com domains, registered in China, will be sin-binned by VeriSign, at least temporarily decapitating the network. Microsoft estimates that Waledac was one of the 10 largest botnets in the US and a major distributor of spam for online (unlicensed) pharmacies, knock-off goods and other tat, as explained in a blog posting by its legal team.

"Waledac is estimated to have infected hundreds of thousands of computers around the world and, prior to this action, was believed to have the capacity to send over 1.5 billion spam emails per day. In a recent analysis, Microsoft found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more."

Full Story

23 February 2010 - Cyber attacks will 'catastrophically' spook public, warns GCHQ

Tue, 23 Feb 2010 08:52:12 +0000

A digital attack against the UK causing even minor damage would have a "catastrophic" effect on public confidence in the government, GCHQ has privately warned Whitehall.

The Cheltenham spy agency's new Cyber Security Operations Centre (CSOC) makes the prediction in a document prepared for Cabinet Office and seen by The Register. Growing reliance on the internet to deliver public services will "quickly reach a point of no return", meaning "any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being", CSOC says.

"A successful cyber attack against public services would have a catastrophic impact on public confidence in the government, even if the actual damage caused by the attack were minimal," it adds.

Full Story

19 February 2010 - Almost 2,500 firms breached in ongoing hack attack

Fri, 19 Feb 2010 09:06:59 +0000

Criminal hackers have penetrated the networks of almost 2,500 companies and government agencies in a coordinated campaign that began 18 months ago and continues to steal email passwords, login credentials, and other sensitive data to this day, a computer security company said.

The infections by a variant of the Zeus botnet began in late 2008 and have turned more than 74,000 PCs into remote spying platforms that have siphoned highly proprietary information out of at least 10 federal agencies and thousands of companies, according to research from NetWitness, a Herndon, Virginia-based network forensics firm. Many of the victims are Fortune 500 firms in the financial, energy, and high technology industries.

Full Story

17 February 2010 - Experts reboot list of 25 most dangerous coding errors

Wed, 17 Feb 2010 09:33:53 +0000

Computer experts from some 30 organizations worldwide have once again compiled a list of the 25 most dangerous programming errors along with a novel way to prevent them: by drafting contracts that hold developers responsible when bugs creep into applications.

The list for 2010 bears a striking resemblance to last year's list, which was the first time a broad cross section of the world's computer scientists reached formal agreement on the most common programming pitfalls. The effort is designed to shift attention to the underlying mistakes that allow vulnerabilities to happen in the first place.

Full Story

16 February 2010 - Scareware scams switch to social network smut lures

Tue, 16 Feb 2010 08:13:17 +0000

Scams which attempt to trick users into volunteering personal credentials in return for free pornography have moved over onto social networks.

More than nine out of ten (92 per cent) of such adult phishing scams recorded in January took place on social networking sites such as Facebook and Bebo, according to the latest monthly security report from Symantec. Once fraudsters have snaffled personal credentials, surfers are often redirected to sites punting scareware scams rather than smut.

Scareware scams more commonly rely on manipulating search engine results for search terms in the news, such as the death of an athlete practising for the luge event at the winter Olympics. These results are poisoned so that surfers looking for videos of this tragedy (as explained by Sophos here) are instead redirected to anti-virus scan scam portals, which warn of non-existent malware risks in a bid to trick users into buying worthless scamware.

Full Story

16 February 2010 - UK.gov invests £4.3m in cyber-scam crackdown team

Tue, 16 Feb 2010 08:08:03 +0000

The UK government has launched a specialist cyber-enforcement team and allocated extra funding for Trading Standards as part of a campaign designed to clamp down on online scams.

OFT figures suggest online scams claim 3 million UK marks every year and result in losses of £3.5bn. Approaches most often arrive in the form of scam emails. The government is investing £4.3m over three years in a bid to clamp down on this growing source of crime. The money will allow the training and appointment of specialist trading standards enforcers in every region of England and in Scotland and Wales and the establishment of local computer labs.

Full Story

07 December 2009 - Technology Watch Report: Biometrics and Standards

Mon, 07 Dec 2009 14:44:13 +0000

A new ITU-T Technology Watch Report titled Biometrics and Standards surveys biometric recognition as a key form of authentication made possible by powerful information and communication technologies (ICT).

Biometrics are used in forensics (e.g., for criminal investigations), government applications (more than 60 countries issue electronic passports containing biometric information) and commercial applications. The latter category includes deployments in the banking sector (secure access to ATMs, credit cards, e-Business), with other sectors gaining momentum. For instance, social-networking websites including Facebook and Picasa have integrated face recognition algorithms to make it easier to search and display all photos featuring ones friends. Biometric systems embedded in cars of a vehicle fleet can help to identify the driver, adjust seat, rear mirrors, and steering wheel to meet individual preferences.

Technologies commonly used in biometrics include recognition of fingerprints, faces, vein patterns, irises, voices and keystroke patterns.

The Report discusses the advantages of biometric authenticators over their knowledge- and possession-based counterparts, describes different physiology- and behavior-related biometric traits and how they are used in biometric systems. A choice of biometric recognition applications is highlighted, and an overview of standardization work in the field of biometrics is given.

"Biometrics and Standards" can be downloaded here.

The authors welcome your feedback on this Report and all other publications of the Technology Watch series. We invite all interested parties to submit paper proposals for future Technology Watch Reports. The Technology Watch secretariat can be contacted at tsbtechwatch@itu.int.

16 November 2009 - Fraudsters Using Bogus and Legitimate Recruitment Sites to Con Job-Hunters Into Laundering Money

Mon, 16 Nov 2009 09:52:18 +0000

Reported today on BBC:"Police chiefs are urging people looking for work during the recession to be alert to online scams that trick them into laundering money. The Serious Organised Crime Agency (Soca) says websites are currently being used to recruit 'money mules'. The 'mules are ordinary people who send and receive payments through their bank accounts to facilitate business."

Neil Schwartzman has also informed us of a related report by RSA FraudAction Research Lab based on several months of tracking various reshipping scams engineered by online fraudsters.

Full Story

08 October 2009 - Security standards group chalks two key achievements

Thu, 08 Oct 2009 09:15:24 +0000

A September meeting of the ITUs security standards group saw progress in key areas including identity management and a cybersecurity information exchange. The meeting - of ITU-Ts Study Group 17 saw record attendance signalling the importance attached to ITUs cybersecurity work in the global ICT community.

A key achievement was the establishment of a Cybersecurity Information Exchange which enables a global communications infrastructure for cybersecurity. The framework imports best-of-breed standards from government agencies and industry. Experts say that it promotes better interoperobility including convergence on a common set of open standards.

Malcolm Johnson, Director of the Telecommunication Standardization Bureau (TSB), ITU: It is essential that cybersecurity and telecoms infrastructure protection communities worldwide are able to exchange information on network digital forensics and vulnerabilities. The Framework will, for the first time, provide for this exchange globally.

Without progressing on this Exchange, experts say there is a risk that no coherent common specifications will emerge, with different countries unable to communicate cybersecurity information to each other.

The Cybersecurity Information Exchange focuses on platforms that capture and exchange information about the security state of systems and devices, vulnerabilities, incidents such as cyber attacks, and related knowledge heuristics. It pulls these platforms together to facilitate their global interoperability and use. It does so in a framework that allows for continual evolution to accommodate the significant activities and specification evolution occurring in numerous cybersecurity forums.

Global organization of incident/emergency computer response teams FIRST contributed its vulnerability enumeration standard to the framework. An agreement was reached to hold joint workshops and ITU and FIRST will work together to implement the first comprehensive web-based directory of cybersecurity organizations and centers worldwide.

The recent meeting of ITU-Ts Study Group 17 also saw approval of a core global identity management (IdM) standard Recommendation ITU-T X.1250. The agreement signals the start of work on implementation protocols for essential capabilities like trust mechanisms and identity assurance interoperability.

Arkadiy Kremer, Chairman of Study Group 17, said: Global acceptance of identity management solutions is paramount. The agreement that we have reached here signals an important milestone from where the worlds service providers and users can profit from international standards for IdM capabilities. Industry has put significant weight behind this activity and an IdM framework for global interoperability is emerging.

The term IdM is understood as "management by providers of trusted attributes of an entity such as a subscriber, a device, or a provider." IdM promises to reduce the need for multiple user names and passwords for each online service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce.

ITU-T X.1250 gives the ability to enhance exchange and trust in the identities used by telecommunication/ICT networks and services. The definitions and need for identity management trust are highly context dependent and often subject to very different policies and practices in different countries. The trust capabilities include the protection and control of personally identifiable information.

Also agreed was X.1251, a framework for users of digital identity. The standard defines a framework to enhance user control and exchange of their digital identity related information. Two other important Recommendations were progressed to the first stage of approval: X.1252 and X.1275. X.1252 provides a collection of terms and definitions used in identity management (IdM) and it sets the stage for common definition for the whole industry. While, X.1275 provides guidelines and best practices regarding radio frequency identification (RFID) procedures that can be used by service providers to gain the benefits of RFID while attempting to protect personally identifiable information.

Also at the SG 17 meeting new correspondence groups designed to kickstart work in the areas of security for cloud computing, e-health and grid computing were started.

24 September 2008 - Experts chart anti DoS and spam methodologies

Wed, 24 Sep 2008 15:18:14 +0000

Cybersecurity experts in ITU-Ts Study Group 17 are exploring available methodologies to mitigate denial of service (DoS) attacks and short message service (SMS) spam by determining the origin of electronic communications when this becomes necessary. The work will also better enable settlements for carrying traffic over IP networks, and provide consumer protection from cyber crimes such as stalking and child pornography.

Specifically the group is working on a new Recommendation ITU-T Trace back use case and capabilities (temporarily designated X.tb-ucc). The work is in its early stages and collecting use cases and methodologies from which technical needs will be determined.

Currently there are many ways to find out the origin of network traffic, but it is possible to spoof source addresses. The new work will examine the diverse R&D accomplished over the past several years in many research institutions and consider the needs for operators and users for a trusted means of determining the source of traffic.

For example, telecoms operators are keen to find trusted trace back mechanisms where phantom traffic could be costing them millions of dollars a year. SMS and VOIP (voice over IP) traffic often comes from Internet gateways, and operators may claim a right to charge the originators for delivering it. Consumers are also seeking trusted CallerID capabilities globally that constitute one form of trusted traceback.

Many companies and institutions have provided input material.

Experts anticipate that the resulting Recommendation should describe a broad array of use-cases, as well as generally support the very substantial body of existing legal, regulatory, and industry business requirements for traceback worldwide, including the protection of personal information. The implementation in individual countries is as always subject to requirements specific to national jurisdiction.

21 April 2008 - ITU experts enable risk management strategies with new standards

Mon, 21 Apr 2008 13:13:54 +0000

Six new standards enabling a more secure ICT environment have been approved by ITU. Experts say that the standards represent an important achievement reflecting the needs of business in establishing risk management strategies and the protection of consumers.

Three ITU-T Recommendations cover a definition of cybersecurity, a standardized way for vendors to supply security updates and guidelines on spyware. While the other three focus on countering the modern day plague of spam by providing a toolbox of technical measures to help consumers and service providers.

Malcolm Johnson, Director, ITU Telecommunication Standardization Bureau: In the real non-virtual world risk management is well understood and so the infrastructure has been developed to protect against theft, fraud and other kinds of attack. The virtual world should be no different. And standards can provide the backbone for this risk-management infrastructure.

Standards give businesses the systematic approach to information security that they need to keep network assets safe. The adoption of multiple proprietary approaches is, experts agree, an inherently more vulnerable approach.

Recommendations on spam are a direct response to a call from the World Telecommunication Standardization Assembly (WTSA), the quadrennial event that defines study areas for ITU-T. Members asked that ITU-T define technical measures to tackle this plague of the digital world following growing global concern at additional costs and loss of revenue to Internet service providers, telecoms operators and business users.

Herb Bertine, Chairman of ITU-Ts Study Group 17 that looks at cybersecurity: ITU-T is in a unique position given its international scope and the fact that it brings together the private sector and governments to coordinate work on standards and influence the harmonization of security practices worldwide.

The Recommendations in brief

ITU-T Rec. X.1205 establishes a definition of cybersecurity noting that this understanding is needed in order to build a foundation of knowledge that can aid securing the networks of tomorrow. Network protocols, it says, were developed in an environment of trust but today cybersecurity threats are growing. ITU-T Rec. X.1205 provides a classification of security threats from an organizations point of view. It gives a layered approach to security enabling organizations to create multiple levels of defence against threats.

ITU-T Rec. X.1206 is designed to make it easier for systems administrators to manage patches/updates from multiple software vendors. The work was driven by concerns that the number of different methodologies used to deliver software updates was becoming a headache for companies. The Rec. gives a vendor-neutral framework for automatic notification of security related information and dissemination of updates.

ITU-T Rec. X.1207 gives guidelines enabling users to identify spyware and for vendors to avoid their products being mistakenly identified as such. The Recommendation promotes best practices around principles of clear notices, and users consents and controls. Authors of the Recommendation say that it develops and promotes best practices to users on PC security, including use of anti-spyware, anti-virus, personal firewall, and security updates of software on client systems.

ITU-T Rec. X.1231 sets out the requirements for combating spam and will serve as the startpoint for all further anti-spam standardization work. It gives an overview of methodologies to counter spam and describes the general characteristics of spam whether for e-mail, SMS, VoIP or other emerging forms of spam. It also outlines key ways to counter spam, and a hierarchical model to establish an efficient and effective anti-spam strategy.

ITU-T Rec. X.1240 is aimed at end users and focusing just on e-mail spam, brings together various mature spam combating technologies in order that users can select the most appropriate.

ITU-T Rec. X.1241 promotes greater cooperation between service providers in tackling spam. In particular the document provides a framework enabling a communication methodology for alerts on identified spam.

16 October 2007 - Identity work enters new phase

Tue, 16 Oct 2007 14:55:33 +0000

Following completion of four deliverables by The Focus Group on Identity Management, ITU-T's Study Group 17 has recommended to the Telecommunication Standardization Advisory Group (TSAG) that a Global Standards Initiative on Identity Management (IdM-GSI) is established. If the December meeting of TSAG initiates the IdM-GSI and the related Joint Coordination Activity (JCA), a meeting has already been planned for January 2008 to enter into a new phase of work on IdM based on these groups and existing ITU-T studies.

The four IdM deliverables have been transferred to relevant Study Groups via Study Group 17 and also to ISO/IEC JTC 1/SC 27 for further consideration and possible development as ITU-T Recommendations and a potential common text with ISO/IEC on entity authentication assurance. Indeed work on three new ITU-T Recommendations and the ITU-T/ISO common text standard has already begun.

The term IdM is understood as "management by providers of trusted attributes of an entity such as a subscriber, a device, or a provider." IdM promises to reduce the need for multiple user names and passwords for each online service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce. A key issue for the Focus Group was to provide interoperability between existing solutions.

Herb Bertine, Chairman of Study Group 17, lead Study Group on security in ITU-T said: We are very pleased with the productivity and efficiency of the Focus Group. We now have the building blocks to enter the important next phase where the worlds service providers can profit from international standards for IdM services. Clearly identity management is an important topic and one that industry has put significant weight behind in order to turn out standards that will provide an IdM framework for global interoperability.

The deliverables were supplied to a meeting of ITU-Ts Study Group 17. Essentially IdM-GSI will be an umbrella title for IdM work that will be distributed across all Study Groups. A joint coordination activity (JCA) will ensure that there is no duplication of work, oversee strategic/planning issues and work assignments and develop a roadmap for the development of a global ID management standards. IdM-GSI will enhance harmonization, in collaboration with other bodies, among the different approaches to IdM frameworks and capabilities worldwide.

The publicly available deliverables are:

Report on Identity Management Ecosystem and Lexicon
Report on Identity Management Use Cases and Gap Analysis
Report on Requirements for Global Interoperable Identity Management
Report on Identity Management Framework for Global Interoperability

The first meeting of IdM-GSI including the JCA-IdM is planned to be held during the January 2008 NGN-GSI event in Seoul, Korea.

07 June 2007 - New online tool charts cybersecurity standards developments

Thu, 07 Jun 2007 09:42:21 +0000

Press release here.

05 April 2007 - Call for IPTV papers

Thu, 05 Apr 2007 12:46:47 +0000

Two vice chairs of ITU-Ts IPTV Focus Group will guest edit an upcoming issue of IEEE Communications Magazine. Chae-Sub Lee, of ETRI, Korea and Simon Jones, of BT, UK will edit the issue for publication February 2008.

A call for papers has been issued on the broad topic IPTV Systems, Standards and Architectures. Papers are solicited on topics including IPTV standards progress, architecture for IPTV systems, deployment challenges, performance considerations, content management and security. Articles should be tutorial in nature, further guidelines can be found here.

05 March 2007 - Online identity work will solve key security issues

Mon, 05 Mar 2007 10:16:08 +0000

The first steps towards a globally harmonized approach to identity management (IdM) have been taken during a meeting bringing together, for the first time, the worlds key players in the IdM space.

IdM promises to reduce the need for multiple user names and passwords for each service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce.

Experts at the meeting concurred that interoperability between existing IdM solutions will provide significant benefits such as increased trust by users of on-line services as well as cybersecurity, reduction of SPAM and seamless nomadic roaming between services worldwide.

Abbie Barbir, chairman of the Focus Group on Identity Management (FG IdM): Our main focus is on how to achieve the common goals of the telecommunication and IdM communities. Nobody can go it alone in this space, an IdM system must have global acceptance. There was a very positive feeling at the meeting that we can achieve this and crucially we saw a great level of participation from all key players.

The meeting of the FG IdM brought together developers, software vendors, standards forums, manufacturers, telcos, solutions providers and academia from around the world to share their knowledge and coordinate their IdM efforts. Interoperability among solutions so far has been minimal. One conclusion of attendees is that cooperation is crucial and that players cannot exist in isolation. The spirit of the meeting was that everyone will gain by providing an open mechanism that will allow different IdM solutions to communicate even as each IdM solution continues to evolve. Such a trust metric does not exist today experts say.

Work will continue online and during Focus Group meetings in April, May, and July. An analysis of what IdM is used for will be followed by a gap analysis between existing IdM frameworks now being developed by industry fora and consortiums. These gaps should be addressed before the interworking and interoperability between the various solutions can be achieved. The aim is to provide the basis for a framework which can then be conveyed to the relevant standard bodies including ITU-T Study Groups. The document will include details on the requirements for the additional functionality needed within next generation networks (NGN).

ITU-T has a long history of innovation in this field, with key work on trusted, interoperable identity framework standards including Recommendation X.509 that today serves as the primary public key technical mechanism for communications security across all telecom and internet infrastructures.

08 January 2007 - Cybersecurity defined

Mon, 08 Jan 2007 09:13:03 +0000

Study Group 17 has initiated the approval process for a standard providing an overview of cybersecurity. The work establishes a definition of cybersecurity that is wide enough in scope to cover various and sometimes inconsistent definitions.

The Recommendation (X.1205) provides a taxonomy of security threats from an organizations point of view. Cybersecurity threats and vulnerabilities including the most common hackers tools of the trade are presented. Threats are discussed at various network layers.

Various Cybersecurity technologies to remedy threats are discussed including: routers, firewalls, antivirus protection, intrusion detection systems, intrusion protection systems, secure computing and audit and monitoring. Network protection principles such as defense in depth, access management with application to Cybersecurity are also discussed. Risk management strategies and techniques are discussed including the value of training and education in protecting the network. In addition examples for securing various networks based on the discussed technologies are also discussed.

08 January 2007 - ID management group aims to bring harmony

Mon, 08 Jan 2007 09:11:55 +0000

Following ITU-Ts Workshop on Digital Identity for NGN Geneva, 5 December 2006 a decision has been made to set up a Focus Group on Identity Management (IdM) under the parentage of Study Group 17.

Digital identity refers to the online representation of a users or network elements identity and the identity of those that the user or network element interacts with. It does not mean the positive validation of a person. Information regarding device identities is becoming an increasingly valuable commodity, and as a consequence, its protection and management are vital to a healthy and inclusive digital world.

There are different approaches for representing identities and different identity management frameworks. The lack of a common view on digital identity and its management has so far resulted in incompatible applications.

The Focus Group will explore mechanisms that allow different frameworks to interoperate together. Experts said there is a need to identify current gaps in proposed solutions. For example, IdM solutions that involve the telecom network level and in general lower layers have not been addressed sufficiently, they said. The Focus Group will act as a platform for an exchange of information in order to bring about necessary harmonisation.

All standards organizations and developer forums involved in identity management worldwide, including institutes, forums, companies, experts and individuals regardless of whether ITU members or not are encouraged to participate.

The first meeting of the FG IdM is scheduled to take place at ITU Headquarters, in Geneva , from 13 to 16 February 2007.

17 November 2006 - Survey to assess security preparedness

Fri, 17 Nov 2006 15:31:27 +0000

The Focus Group on Security Baseline for Network Operators has issued a survey, results from which will be used in preparation of a new ITU-T Recommendation Security Baseline for Network Operators. Participants are asked about their level of preparedness in case of various security threats.

Once approved the Recommendation will show the readiness and ability of operators to collaborate and coordinate counteraction against security threats arising from interconnected networks.

The Security Baseline will allow network operators to assess their network and information security posture in terms of what security standards are available, which of these standards should be used to meet particular requirements, when they should be used, and how they should be applied. It will also identify security Recommendations and standards to support evaluation of operators network security and information security. Development of the first draft of the Recommendation will begin towards the end of 2006.

The online survey is aimed at network and service providers a deadline of 24 November 2006 has been set for responses.

17 November 2006 - ITU-T Hosts Digital ID Event

Fri, 17 Nov 2006 08:15:35 +0000

ITU-T will hold a Workshop on Digital Identity for NGN Geneva , 05 December 2006.

In the last few years, the need for digital identity has risen as a strong driving force behind network architecture design, service provisioning, and content handling, billing and charging. Digital identity is expected to be a powerful tool for users to access unlimited digital resources via a limited number of trusted relationships, and for providers to offer these resources across the different layers of communication systems, administrative domains and even legal boundaries. However, the lack of a common view on digital identity across these different layers has so far resulted in independently developed and therefore often inconsistent identity management frameworks as well as incompatible applications.

Key challenges towards the development of a more consistent approach are to tackle the conflicting requirements of privacy, identification and security. This workshop, a Joint ITU-T/EU IST Daidalos Project Workshop, intends to investigate different approaches, analyze gaps in todays standards, identify future challenges and find common goals which will provide direction to the work currently being undertaken in the different projects and standards development organizations (SDOs).

07 November 2006 - ITU Will Host Broadband Europe Conference, December

Tue, 07 Nov 2006 08:18:59 +0000

ITU-T will host the annual Broadband Europe conference 11-14 Dec 2006.

BBEurope is an annual event which was initiated by the FP6-BREAD-project (broadband for all in Europe : a multi-disciplinary approach), part of the "BroadBand for All"-strategic objective of the European Commission.

Peter Van Daele, Project Leader BREAD: The concept of Broadband For All refers to a situation in which broadband is not only available to every citizen, but is actually used by all of them. In that respect it is a more demanding concept than the traditional universal service obligation in telephony, which merely stipulates the availability, at certain conditions, of a given service. The usage of information and communication technologies via broadband infrastructures by all citizens is a policy objective because it is considered to be a key component of transforming Europe into a knowledge-based society, thus enhancing economic growth and increasing employment.

The BREAD project has amongst its objectives to develop a holistic vision encompassing technical, as well as economical and regulatory aspects. Another important aspect is of identifying roadblocks on European, national/regional level and share visions and best practices on national level to EU level.

BBEurope brings together on an international level all the BroadBand players, researchers, service providers, content providers, operators, manufacturers, policy makers, standardisation bodies, professional organisations.

A diverse agenda will cover topics including NGN, IPTV, wireless access, powerline, security, QoS, and broadband in rural areas. The event will conclude with a panel discussion titled: Future Perspectives in Broadband. A full preliminary programme is available from the events website, with the call for papers ending November 10 when a programme committee will make a final selection of the papers.

05 June 2006 - Vote for the most influential standards work from ITU-T

Mon, 05 Jun 2006 07:05:08 +0000

As part of celebrations for the 50^th anniversary of ITU-T, you are invited to vote for the most influential standards work from ITU-T.

ITU work is behind many of the worlds most prevalent information and communications technologies. Choose here from our shortlist which you think has best shaped the ICT world of today, or feel free to suggest your own idea.

11 May 2006 - Standards for Single Sign-On Given Consent at ITU-T Meeting

Thu, 11 May 2006 07:44:29 +0000

The Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML) authored by OASIS (Organization for the Advancement of Structured Information Standards) have been consented as internationally recognised ITU-T Recommendations. The announcement is the first result of the formal relationship between the standardization sector of ITU and OASIS.

The standards (ITU-T Recommendations X.1141 (SAML) and X.1142 (XACML)) address the concern of how to allow safe single sign-on, a system that enables a user to authenticate once and gain access to the resources of multiple software systems. While solutions existed in this space, all were proprietary, and therefore not addressing the problem on a global level.

SAML and XACML are designed to control access to devices and applications on a network. The need for standards in this area has become more of an issue as business networks increasingly use the public Internet.

SAML addresses authentication and provides a mechanism for transferring authentication and authorization decisions between cooperating entities, XACML leverages this information to determine access to resources by focusing on the mechanism for arriving at those authorization decisions.

An additional feature of SAML is that it allows organizations to communicate information without any change to their own internal security architectures.

25 January 2006 - ICT Security Standards Roadmap

Wed, 25 Jan 2006 16:16:44 +0000

This ICT Security Standards Roadmap has been developed to assist in the development of security standards by bringing together information about existing standards and current standards work in key standards development organizations.

In addition to aiding the process of standards development, the Roadmap will provide information that will help potential users of security standards, and other standards stakeholders, gain an understanding of what standards are available or under development as well as the key organizations that are working on these standards.

The Roadmap is in four parts:

Part 1: ICT Standards Development Organizations and Their Work

Part 1 contains information about the Roadmap structure and about each of the listed standards organizations, their structure and the security standards work being undertaken. In addition it contains information on terminology by providing links to existing security glossaries and vocabularies.
Part 2: Approved ICT Security Standards

Part 2 contains a summary catalogue of approved standards.
Part 3: Security standards under development

Part 3 is structured with the same taxonomy as Part 2 but contains work in progress, rather than standards that have already been approved and published. Part 3 will also contain information on inter-relationships between groups undertaking the work and on potential overlaps between existing projects.
Part 4: Future needs and proposed new security standards

Part 4 is intended to capture possible future areas of security standards work where gaps or needs have been identified as well as areas where proposals have been made for specific new standards work.

It is important to note that the Roadmap is a work-in-progress. It is intended that it be developed and enhanced to include other standards organizations as well as a broader representation of the work from organizations already included. It is hoped that standards organizations whose work is not represented in this version of the Roadmap will provide information to ITU-T about their work so that it may be included in future editions.

In the near future provision will be made to allow each organization to manage its own data within the Roadmap. This will enable more timely updating of the information.

More on the ICT Security Standards Roadmap

15 September 2005 - World's Standards Leaders Meet in France

Thu, 15 Sep 2005 08:01:36 +0000

Leaders from the leading national and regional telecommunications and radio standards organizations and a delegation from ITU consisting of both high-level secretariat staff and Study Group chairs met 28 August - 2 September, at The Tenth Global Standards Collaboration meeting (GSC-10).

The mission of the GSC is to exchange information between participating standards organizations to facilitate collaboration and to support the process of global telecommunication standardization in the ITU. The event was hosted by ETSI in Sophia Antipolis, France.

Participants at GSC-10 included the Australian Communications Industry Forum (ACIF), Association of Radio Industries and Businesses (ARIB) of Japan, the European Telecommunications Standards Institute (ETSI), the Alliance for Telecommunications Industry Solutions (ATIS) and Telecommunications Industry Association (TIA) from the US, the China Communications Standards Association (CCSA), the Telecommunication Technology Committee (TTC) of Japan, the Telecommunications Technology Association (TTA) of Korea, the ICT Standards Advisory Council of Canada (ISACC), and the International Telecommunication Union (ITU).

Guests and observers included representatives from the American National Standards Institute (ANSI), the Asia Pacific Telecommunity (APT), the Open Mobile Alliance (OMA) and: the Sector Board 4 of International Electrotechnical Commission (IEC).

Specific resolutions on the following topics were agreed at the meeting:

Next-Generation Networks
Mapping Standards for "Systems Beyond IMT 2000"
Cybersecurity
Home Networking
Emergency Communications
Broadband Services in Rural and Remote Areas
Open Standards
Facilitating Liaison in relation to Measurement Methodologies for Assessing Human Exposure to RF Energy
Wireless access including RLANs, Ad-Hoc Networking and Broadband Wireless Access
Supporting Automotive Crash Notification ("ACN") by Public Wireless Communications Networks
Radio Microphones and Cordless Audio Devices
RFID Systems, Services and Networking
Public Protection & Disaster Relief
Ultra Wide Band
Intellectual Property Rights Policies
User Interest Working Group

Other areas discussed were:

Location-based Services
Internet Protocol over Wireless
Software defined radio & Cognitive radio
Digital Broadcasting including mobile multimedia applications
Satellite services

ITU maintains a repository of documents relating to this and all past GSC meetings.

09 September 2005 - APT Meeting Looks at Spam

Fri, 09 Sep 2005 12:07:36 +0000

The recent Asia Pacific Telecommunity (APT) Symposium on Network Security and SPAM presented background information, detailed the current situation, new developments and steps ahead on network security and fighting spam in the Asia-Pacific region.

TSB presented highlights of ITU-T work on security, also detailing the level of participation of the AP region in Study Group 17, the ITU-T group that looks at security issues. Mr Jianyong Chen (ITU-T SG 17 Vice Chair from China ) also attended the event and made a detailed presentation on current SG 17 work. He also chaired two sessions. In addition TSB presented the results of the ITU WSIS Thematic Meeting on Cybersecurity held in Geneva , 28 June 1 July 2005.

The meeting was organized in three full-day sessions and was attended by some 70 representatives from the Asia-Pacific area. The first day was dedicated to cybersecurity, the second to countering spam, and the third to cooperation initiatives. The complete set of presentations at the meeting can be downloaded here.

The meeting invited AP countries to step-up their capability building initiatives and encouraged APT to increase its collaboration on network security and spam with international organizations working in the area, ITU-T in particular.

24 August 2005 - Security for IP Media Reviewed

Wed, 24 Aug 2005 07:33:13 +0000

A suite of ten new standards that provide security for IP media communications such as VoIP or videoconferencing got an update at the last meeting of ITU-Ts Study Group 16.

The security framework outlined in the H.235 series of ITU-T Recommendations provides the protocols necessary for these media to be authorised and routed. Equipment using these standards can deliver connectivity without compromising security.

With the help of the Recommendations, users communicating through IP media are authenticated and authorized so that their communications are protected against various security threats. Real-time multimedia encryption adds a further layer of security, protecting against call interception. The security countermeasures are designed to thwart service fraud, avoid service misuse and detect malicious message tampering. H.235 also gives the ability to provide a greater level of security using public key infrastructure (PKI) certificates.

Additionally, two new security profiles were added to provide [H.235.8] key exchange using the secure real-time transport protocol (SRTP) in H.323 networks and [H.235.9] to allow discovery of security gateways in the signalling path between communicating H.323 entities, in order to preserve signalling integrity and privacy.

24 August 2005 - Firewall Traversal Problem Solved

Wed, 24 Aug 2005 07:31:10 +0000

Standards that may accelerate the adoption of VoIP in corporate environments and resolve an issue that has slowed down the adoption of videoconferencing have been completed by ITU-T.

The standards from ITU-Ts multimedia Study Group (Study Group 16) provide a robust and easy to implement solution that will allow any H.323 based system communicating on an IP network to more easily communicate across the boundary imposed by NAT or firewalls (FW).

Videoconferencing and VoIP have long been plagued with problems when trying to work across network address translation (NAT) and firewall boundaries. Despite previous attempts to address the issue, no standardized way of dealing with the problem has emerged until now.

Without the ITU solution many network managers and operators have found that the only way to allow inbound VoIP calls in a firewall-protected environment is to leave a permanent hole from the outside world, open a range of port numbers for VoIP use, or locate devices outside of the firewall. Clearly, these solutions violate even the most basic security policies.

Recommendation H.460.18 enables H.323 devices to exchange signalling and establish calls, even when they are placed inside a private network behind NAT/FW devices. These extensions, when used together with Recommendation H.460.19, which defines NAT/FW traversal for media, enable upgraded H.323 endpoints to traverse NAT/FW installations with no additional equipment on the customer premises. Alternatively, the H.460.18 and H.460.19 functionality may be implemented in a proxy server, so that unmodified H.323 endpoints can also benefit from it.

Work on the related Recommendation H.248.37 was also finished at the Study Group meeting. Session border controllers (SBCs) are becoming an important part of the Internet infrastructure, and some SBCs are being split into media gateway controller (MGC) and media gateway (MG) components. One important function of a SBC is to perform network address and port translation (NAPT). H.248.37 allows the MGC to instruct a MG to latch to an address provided by an incoming Internet Protocol (IP) application data stream, rather than the address provided by the call/bearer control. This enables the MG to open a pinhole for data flow, and hence allow connections to be established.

As well as these ITU-T Recommendations, Study Group 16 will shortly publish two technical papers on the topic: The Requirements for Network Address Translator and Firewall Traversal of H.323 Multimedia Systems and Firewall and NAT traversal Problems in H.323 Systems.

22 June 2005 - Technical Tutorials Given at Recent ITU-T Meeting

Wed, 22 Jun 2005 10:25:50 +0000

Two technical sessions were given at the last meeting of Study Group 5 in Geneva . Study Group 5 is the ITU-T group that looks at protection against electromagnetic environment effects. Technical sessions are tutorials on a specific subject that aim to provide background for the preparation of new standards (ITU-T Recommendations) on these topics.

The first session was on security, and was presented by William Radasky, Chairman of IEC SC 77C (high power transient phenomena). Radaskys lectures dealt with electromagnetic threats such as high power electromagnetic phenomena and its effect on systems and mitigation methods. This will help SG5 prepare recommendations to protect telecommunication systems against malicious man-made high power transient phenomena. Radasky also detailed IECs work which will help ITU-T experts avoid duplication of their work.

The second session was on home networking and was in collaboration with Study Group 9. The SG 9 contribution was in the areas of architecture, transport technology, security, quality of service and management of home networks. SG 5s contributions were in the areas of electromagnetic compatibility (EMC), electromagnetic security and electromagnetic emission issues in the home environment.

22 June 2005 - Workshop on "New Horizons for Security Standardization"

Wed, 22 Jun 2005 07:36:05 +0000

Workshop on "New Horizons for Security Standardization"
Geneva, 3 - 4 October 2005

Introduction

An ITU-T workshop - New Horizons for Security Standardization - will take place at ITU Headquarters, in Geneva, 3 - 4 October 2005, prior to a meeting of Study Group 17.

Objectives

The overall objectives of the workshop are to help address information and communications security issues and promote increased cooperation between organizations engaged in security standardization work. Consideration will also be given to issues of adoption and implementation of security standards. In particular, the workshop will:

seek to find out from stakeholders (e.g., network operators, system developers, users etc.) what are their primary security concerns/issues?
determine where ITU-T and other standards development organizations (SDOs) can most effectively play a role in helping address the issues (i.e., which issues are amenable to a standards solution?);
identify which SDOs are working on these issues or are best equipped to do so; and
agree on next steps for security standardization.

More

12 May 2005 - Cybersecurity II Confirmed

Thu, 12 May 2005 17:39:20 +0000

Following the success of the Cybersecurity Symposium held in Florianópolis, Brazil, October 2004, ITU has decided to hold another event.

Cybersecurity Symposium II will be held on the first day of the Russian Association for Networks and Services (RANS) conference - Security and Trust for Infocommunication Networks Deployment, Moscow.

The symposium will highlight the importance of cybersecurity as an essential part of information and communication technologies (ICT). There will be discussion on international cooperation, which is increasingly becoming the decisive issue in coordinating the efforts of state institutions and business for the harmonized development of normative, legal, technological and organizational aspects of an effective cybersecurity infrastructure. Additionally there will be a review of the necessary standards development.

ITU - Cybersecurity, Spam and Cybercrime

14 May 2012 - Joint Coordination Activity on Child Online Protection established

16 March 2012 - ITU joins SDOs from China, Japan and Korea to enhance cooperation

02 December 2011 - ITU to play leading role in UN global cybersecurity debate

27 October 2011 - Using telecommunication to transfer biometric information

19 May 2011 - ITUs relationship with IMPACT continues to gain momentum

19 May 2011 - In line with ITU's long tradition of public-private partnership ITU has signed an MoU with Symantec

19 May 2011 - UN agencies team up to make the online world safer: MoU signed between ITU and UNODC at WSIS Forum 2011

03 May 2011 - Framework for exchange of info on cybersecurity

14 April 2011 - Cloud progress comes with call for greater interoperability

04 March 2011 - Standards need to protect children online

17 February 2011 - Microsoft Calls for Safer and Healthier Internet

17 February 2011 - International Card Fraud Gang Dismantled in Romania

10 February 2011 - Insecure Web apps pose serious security risks, survey finds

09 February 2011 - Safer Internet Day highlights need for IT security

08 February 2011 - Facebook exploit toolkit dumbs down rogue app creation

10 January 2011 - New challenges in providing confidence and security in the use of ICT

20 September 2010 - Group recommends joint NATO-Russia 'cyber' war games Rules of engagement in the digital age

29 July 2010 - Notorious computer hacker identified and arrested, authorities say

22 July 2010 - Double Honours for IMPACT at (ISC)²s Annual Asia-Pacific Information Security Leadership Achievements Program

23 June 2010 - International experts seek to identify common responses to the global challenge of cyber crime

10 May 2010 - Should there be a Geneva Convention for fighting cyberwar?

28 April 2010 - Fake Anti-virus Peddlers Outmaneuvering Legitimate AV

23 April 2010 - FCC gets into cybersecurity business

22 April 2010 - Cybersecurity Information Exchange Framework (CYBEX): Update

22 April 2010 - Addressing security challenges on a global scale: Workshop

22 April 2010 - ITU-T Study Group 17, work in progress and new work

15 April 2010 - US Cyberspace Policy Review

14 April 2010 - Congress Tackles Key Cybersecurity Initiatives

12 April 2010 - Kerry, Gillibrand Introduce Legislation To Strengthen Americas Cybersecurity Efforts

18 March 2010 - Cybercrime's bulletproof hosting exposed - Zeus botnets' tangled web

09 March 2010 - Ashleigh Hall Facebook Murder: Lessons Must Be Learned

03 March 2010 - UK National Theatre hack forces password reset

03 March 2010 - German high court says telecom, e-mail data cannot be retained

26 February 2010 - MS uses court order to take out Waledac botnet

23 February 2010 - Cyber attacks will 'catastrophically' spook public, warns GCHQ

19 February 2010 - Almost 2,500 firms breached in ongoing hack attack

17 February 2010 - Experts reboot list of 25 most dangerous coding errors

16 February 2010 - Scareware scams switch to social network smut lures

16 February 2010 - UK.gov invests £4.3m in cyber-scam crackdown team

07 December 2009 - Technology Watch Report: Biometrics and Standards

16 November 2009 - Fraudsters Using Bogus and Legitimate Recruitment Sites to Con Job-Hunters Into Laundering Money

08 October 2009 - Security standards group chalks two key achievements

24 September 2008 - Experts chart anti DoS and spam methodologies

21 April 2008 - ITU experts enable risk management strategies with new standards

16 October 2007 - Identity work enters new phase

07 June 2007 - New online tool charts cybersecurity standards developments

05 April 2007 - Call for IPTV papers

05 March 2007 - Online identity work will solve key security issues

08 January 2007 - Cybersecurity defined

08 January 2007 - ID management group aims to bring harmony

17 November 2006 - Survey to assess security preparedness

17 November 2006 - ITU-T Hosts Digital ID Event

07 November 2006 - ITU Will Host Broadband Europe Conference, December

05 June 2006 - Vote for the most influential standards work from ITU-T

11 May 2006 - Standards for Single Sign-On Given Consent at ITU-T Meeting

25 January 2006 - ICT Security Standards Roadmap

15 September 2005 - World's Standards Leaders Meet in France

09 September 2005 - APT Meeting Looks at Spam

24 August 2005 - Security for IP Media Reviewed

24 August 2005 - Firewall Traversal Problem Solved

22 June 2005 - Technical Tutorials Given at Recent ITU-T Meeting

22 June 2005 - Workshop on "New Horizons for Security Standardization"

12 May 2005 - Cybersecurity II Confirmed

19 May 2011 - ITUs relationship with IMPACT continues to gain momentum

22 July 2010 - Double Honours for IMPACT at (ISC)²s Annual Asia-Pacific Information Security Leadership Achievements Program

12 April 2010 - Kerry, Gillibrand Introduce Legislation To Strengthen Americas Cybersecurity Efforts