Page 16 - Annual-Report-201704
P. 16

Security






               Standards for Secure, Reliable
               Communications


               Information Security standards are essential to
               ensure interoperability among systems and networks,
               compliance with legislation and adequate levels of
               security. They provide a means for protecting the user
               and creating a more secure and profitable environment
               for the industrial sector.








              Cyber Security                                      data protection on smart devices, Cloud and mobile services,
              The rapid evolution and growth in the complexity of new   and a TS which will specify the standard features needed to
              systems and networks, coupled with the sophistication   use ABE as Attribute Based Access Control. Other ongoing
              of changing threats, present demanding challenges for   work in this area included a TS on identity management and
              maintaining the security of Information and Communications   naming schema protection mechanisms, which will help
              Technologies (ICT) systems and networks. Security solutions   prevent identity theft and resultant crime.
              must include a reliable and secure network infrastructure,
              but they must also protect the privacy of individuals   The most effective security is that which is built in from
              and organisations. Security standardisation, sometimes   the beginning – ‘security by design’ – rather than just
              in support of legislative actions, has a key role to play   bolted on afterwards. We therefore published a TR which
              in protecting the Internet and the communications and   provides a high-level structured ecosystem of security design
              business it carries. Our Cyber Security committee (TC CYBER)   requirements for communication and IT networks and
              is addressing many of these issues.                 attached devices.

              In 2016 we outlined the baseline security requirements for   We completed a TR on methods for exchanging cyber-threat
              Network Functions Virtualisation (NFV) and related platforms   information in a standardised and structured manner, and
              in a Technical Report (TR) on Lawful Interception (LI) and   began work on a new specification for an interface to enable
              Retained Data (RD) for NFV, and a Technical Specification (TS)   a trusted domain to perform sensitive functions coming
              on sensitive functions.                             from another domain. Work continued on the updating
                                                                  of our two-part TS on methods and protocols for security,
              We published a TR on protection measures for ICT in critical   addressing countermeasures and Threat, Vulnerability and
              infrastructures, which will form the basis of a new TS defining   Risk Analysis methods.
              metrics for the identification of critical infrastructures.
                                                                  We introduced new work on the implementation of the
              We published a four-part TR describing the technical   EU’s Network and Information Security Directive, which
              measures available to detect, prevent, respond and mitigate   was published in July 2016 with the intention of increasing
              damage from different levels of cyber attack. We also   consumer confidence and maintaining the smooth
              began work on a TR on gateway cyber defence, aimed at   functioning of the European internal market.
              increasing cyber security by improving technology standards,
              particularly technology protocols such as the Internet
              Protocol stack.                                     Smart Cards
                                                                  In 2016 our Smart Card Platform committee (TC SCP) began
              A new TS on the security aspects of LI and data retention   work on use cases and requirements for a next generation
              interfaces was published in April and then updated in   Secure Element (SE). As part of our work, we will consider
              October with the inclusion of additional specifications.  improvements to the existing physical/electrical interface,
                                                                  the logical interface and the potential definition of new
              We continued to address privacy, in response to European   interfaces for removable and non-removable SEs. New
              Commission (EC) Mandate M/530 on Privacy by Design. We   data structures capable of handling large amounts of data
              began work on a practical introductory guide to privacy. Work   in a secure way will be required, as well as an optimised
              continued on a new TS on mechanisms for privacy assurance   configuration for the Internet of Things (IoT).
              and the verification of Personally Identifiable Information
              (PII) and we completed a TR on the protection and retention   We enhanced the requirement specification for the
              of PII in mobile and Cloud services. We began new work on a   embedded UICC (eUICC) with the addition of local
              TS on the application of Attribute-Based Encryption (ABE) for   management for profiles.






        14
   11   12   13   14   15   16   17   18   19   20   21