Subscribe

ITU seeks cybersecurity standards

By Rodney Weidemann, ITWeb Contributor
Johannesburg, 06 Oct 2004

The International Telecommunication Union (ITU) is intensifying its work on standards for securing information and communications technologies, following a meeting of cybersecurity experts in Florian'opolis, Brazil on Monday.

Attendees at the conference agreed that multilateral international cooperation is needed to increase awareness and information sharing among stakeholders.

According to keynote speaker Frank Quick, senior VP of technology corporate research and development at Qualcomm, it is unwise to assume that the lack of attacks on today`s mobile networks means they are less susceptible.

"Cellular devices, in particular, are becoming general-purpose computing platforms, with high-speed processors, many megabytes of memory and complete file systems, with newer devices able to download and store executable programs," he says.

"The increasing prevalence of Internet connectivity in wireless networks opens these devices to the same avenues of attack as currently available for non-mobile Internet hosts."

A successful attack on a mobile network has the potential to be damaging given that the mobile phone subscribers worldwide far outnumber PC users, with ITU figures showing there were 593 million PCs worldwide (9.97 per 100 people), compared with 1.34 billion mobile phones, or 21.91 per 100 people.

Quick says that device manufacturers and operators need to react to these emerging threats by providing trusted execution environments, authentication of downloaded executables, and over-the-air configuration management.

"Operators also need to react, by installing firewalls, including ingress filtering for all mobile-originated packets, and by developing methods for disabling devices that have been compromised," he says.

Fellow keynote speaker Charles Brookson, head of technology and standards at the UK`s Department of Trade and Industry, welcomed ITU`s examination of this topic, saying the move to an IP infrastructure will lead to even greater challenges.

"Commercial security has up to now been mostly concerned with preventing fraud, and the protection of information," says Brookson.

"Standards are now being created that deal with aspects such as denial-of-service, emergency response, prioritisation of services and lawful interception, but these standards have to balance the rights to privacy while remaining effective."

Other speakers at the conference highlighted the need to build in security at the development stage rather than as a 'bolt on` after problems arise.

ITU deputy secretary-general Roberto Blois says he genuinely believes it is possible to support an increasingly diverse and open communication infrastructure safely and without compromising the data exchanged on it.

"Part of the answer lies in developing sufficiently robust specifications that security threats to any area of the communications infrastructure can be countered."

Related stories:
Cyber security liability seen increasing
Feds release `Top 20` cybersecurity holes
Cyber-attack fears stir security officers
UUNET Mobile Office offers roaming access to mission-critical data

Share