Security in Telecommunications and Information Technology
An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications
Acknowledgements
This manual was prepared with the contribution of numerous authors who either contributed to the generation of the relevant ITU-T Recommendations or participated in the ITU-T Study Group meetings, Workshops and Seminars. In particular, credits should be given to the following contributors: Herb Bertine, David Chadwick, Martin Euchner, Mike Harrop, Sándor Mazgon, Stephen Mettler, Chris Radelet, Lakshmi Raman, Eric Rosenfeld, Neal Seitz, Rao Vasireddy, Tim Walker, Heung-Youl Youm, Joe Zebarth, and to the ITU/TSB counsellors.
Preface
Until relatively recently, telecommunications and information technology security has been mainly of concern to niche areas such as banking, aerospace and military applications. However, with the rapid and widespread growth in the use of data communications, particularly the Internet, security has become a concern to almost everyone.
The increased profile of ICT security may be attributed in part to widely reported incidents such as viruses, worms, hackers and threats to personal privacy. However, as computing and networking are now such an important part of daily life, the need for effective security measures to protect the computer and telecommunication systems of governments, industry, commerce, critical infrastructures and consumers is imperative. In addition, an increasing number of countries now have data protection legislation that requires compliance with demonstrated standards of data confidentiality and integrity.
It is imperative that security be a well-thought-out process at all stages, from system inception and design through implementation and deployment. In the development of standards, security must always be an element of the initial work, and not an afterthought. Failure to consider security adequately during the design phase of standards and systems development can easily result in implementation vulnerabilities. Standards committees have a vital role to play in protecting telecommunications and information technology systems by maintaining an awareness of security issues, by ensuring that security considerations are a fundamental part of specifications, and by providing guidance to assist implementers and users in the task of making communication systems and services sufficiently robust.
ITU-T has been active in the security work for telecommunications and information technology for many years. However, it has not always been easy to find out what has been covered, and where it can be found. This manual attempts to aggregate all of the available information on ITU-T’s work.
The manual is intended as a guide for technologists, middle-level management, as well as regulators, to assist in the practical implementation of security functions. Through several example applications, security issues are explained with a focus on how ITU-T Recommendations address them.
The first version of this manual, version 2003 was published in December 2003, prior to the first phase of the World Summit on the Information Society (WSIS). Encouraged by the enthusiastic reception of the ICT community worldwide and in view of the valuable proposals and feedback from the readers, we prepared a second version. The version published in October 2004 had a new structure with additional new material and some areas were expanded on. This third version, version 2006, takes into account the new structure for Study Groups and Questions as resulting from the World Telecommunication Standardization Assembly held in Florianópolis, 5-14 October 2004 (WTSA-04).
I would like to express my appreciation to the engineers of the ITU Telecommunication Standardization Bureau who, in conjunction with experts from the ITU membership, had completed most of the first version. I would also like to express my appreciation to those who have provided us with valuable proposals and to those who have contributed to the new version. My particular appreciation goes to Mr Herbert Bertine, Chairman of ITU-T Study Group 17, the leading Study Group on security, and the team of collaborators from Study Group 17 and other ITU-T Study Groups.
I trust that this manual will be a useful guide for those looking to address security issues and
I welcome feedback from readers for future editions.
Houlin Zhao
Director,
Telecommunication Standardization Bureau, ITU
Geneva, June 2006
