Proposed ITU Spec Would Define Security Issues for Network Operators
GENEVA -- An ITU focus group wants to gauge network operator preparedness for security threats and assess interest in a specification for it. The project, proposed by Russia, would generate recommendations indicating network operators’ readiness and ability for “collaborative and coordinated counteraction to information security threats arising from interconnected networks,” an official working with the Security Baseline for Network Operators focus group said: “Now virtually anybody can set up as a network operator. You really don’t know who you're dealing with a lot of the time.”
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
“In the case of communication networks comprising multiple independent and loosely connected networks, the contractual relationships between individual networks (including Service Level Agreements (SLAs)) are usually non- existent,” an ITU document said: “With the exception of a few directly interconnected networks, SLA tools aiming to solve the issues of quality of service are insufficient for the provision of global network security capabilities.”
The project would try to identify standards and recommendations that could be applied to network protection and thereby promote secure interworking without endangering participants or customers, the official said. The focus group wants to define a baseline that would let network operators assess their networks and data security postures in relation to current recommendations and standards, and to determine how to use them in regard to particular issues, when to use them and how to apply them.
A number of criteria are being applied to the work, such as readiness and ability to assess where operators stand and how they interact with other entities, including operators, users and law enforcement authorities, to counter threats, an official said. The group also may considering balancing operators, users and other interests in responding to threats. Network operators’ varying circumstances will be considered, an official said: “We have a whole bunch of operators from the former Soviet states that are used to a very different environment than those in North America.” And “they do want to put in place some criteria that operators can say well, ‘if you've implemented this and we've implemented this, then we should be able to talk to each other in a reasonable way without risk'” the official said: “It’s a basis for establishing some degree of trust where some of the operators don’t have any track record when you're interconnecting.”
The focus group hopes to meet jointly with the European Telecommunications Network Operators’ Assn. and SG2, ITU-T’s lead study group for service definition, numbering and routing and telecommunication for disaster relief/early warning. The group first met in March in Moscow. The survey went out to operators at the end of Oct. The focus group is expected to make a preliminary report on responses received by a Nov. 24 deadline at the Dec. 6-15 meeting of ITU-T’s lead study group on telecommunications security, and language and description techniques (SG17). Late replies will be considered as work on the spec continues, with drafting to begin in December.