New standards on cybersecurity, cloud security, ASN.1 encoding, and emergency warning
ITU members have agreed new international standards (ITU-T Recommendations) on cybersecurity, cloud computing security and ASN.1 encoding rules for time-critical applications. These achievements come in parallel with the second edition of Common Alerting Protocol (CAP 1.2), a key standard in the dissemination of emergency warnings.
The new standards are the product of a meeting of ITU-T Study Group 17 (Security), the expert group leading ITU’s standardization work on security, identity management (IdM) and technical languages and description techniques, a field of study which also encapsulates cybersecurity, spam countermeasures and telebiometrics.
New standards approved and now freely available on the ITU-T website include the first ITU standard on cloud computing security, Rec. ITU-T X.1601; a cybersecurity risk indicator, Rec. ITU-T X.1208; and two standards, Recs. ITU-T X.1546 and X.1582, added to ITU’s Cybersecurity Information Exchange (CYBEX), a suite of standardized means to exchange the cybersecurity information demanded by Computer Incident Response Teams (CIRTS).
- ITU-T X.1601 reached first-stage approval (‘determined’) under the provisional title, “ITU-T X.1600” (reported in an earlier newslog here).
- ITU-T X.1208 describes a methodology for an organization to compute a cybersecurity indicator of risk (CSIR) based on the combination of multiple cybersecurity indicators, thereby providing an organization with a tool for the self-assessment of its capabilities over time. A CSIR will be organization-specific, in each case representing a self-determined combination and weighting of cybersecurity indicators. ITU-T X.1208 is not designed to calculate a country-level cybersecurity index, a task best accomplished by the Global Cybersecurity Index (GCI) developed by ITU’s Development Sector (ITU-D).
- The protocols improve vulnerability enumeration and malware characterization, and assured exchange of cybersecurity information.
Two important new standards reached first-stage approval (‘consent’) and are now undergoing a final review on course to their approval and publication.
Recommendation ITU-T X.696 “Information technology – ASN.1 encoding rules: Specification of Octet Encoding Rules (OER)”
Abstract Syntax Notation One (ASN.1) is a standardized notation used to describe the data structures representing messages exchanged between communicating parts. Alongside its standardized encoding rules, ASN.1 enables information exchange among heterogenous information systems.
The standardization of ASN.1 Octet Encoding Rules (OER) embodied by ITU-T X.696 responds to the financial services sector’s need for interoperability and ultra-high-speed structured information exchange, providing an effective means to gain crucial fractions of a second on the (electronic) trading floor. (Read an ITU blog piece on ASN.1 OER here.)
Recommendation ITU-T X.1303bis “Common alerting protocol (CAP 1.2)”
ITU-T X.1303bis is the second edition of CAP, a simple but general format for exchanging all-hazard emergency alerts and public warnings, disseminated simultaneously over all kinds of networks.
ITU-T X.1303 (CAP 1.1) will remain in force alongside ITU-T X.1303bis (CAP 1.2) as the two specifications are incompatible and will co-exist in the market.
More information on ITU-T Study Group 17 (Security) can be found here…