Page 14 - ETSI-WP-2017-2018.html
P. 14

Security
                                                                                                        Online
                                                                                                        Work
                                                                                                      Programme


           Standards for Secure,
           Reliable Communications
                                                                                                        Online
                                                                                                        Work
           Information Security standards are                                                         Programme
           essential to ensure interoperability
           among systems and networks,
           compliance with legislation and
           adequate levels of security. They
           provide a means for protecting the                                                           Online
                                                                                                        Work
           user and creating a more secure                                                            Programme
           and profitable environment for the
           industrial sector.


                                                                                                        Online
                                                                                                        Work
          Cyber Security                                      Identifiable Information, a TS on identity management and
                                                                                                      Programme
          The rapid evolution and growth in the complexity of new   naming schema protection mechanisms, which will identify
          systems and networks, coupled with the sophistication   means to prevent identity theft and resultant crime, and a TR
          of changing threats, present demanding challenges for   on a practical introductory guide to privacy.
          maintaining the security of Information and Communications
          Technologies (ICT) systems and networks. Security solutions   Our work on Attribute-Based Encryption (ABE) is ongoing. By
                                                                                                        Online
                                                                                                        Work
          must include a reliable and secure network infrastructure,   mid-2018 we plan to publish specifications on the application
                                                                                                      Programme
          but they must also protect the privacy of individuals   of ABE for data protection on smart devices, Cloud and
          and organisations. Security standardisation, sometimes   mobile services, and on the standard features needed to use
          in support of legislative actions, has a key role to play   ABE as Attribute Based Access Control.
          in protecting the Internet and the communications and
          business it carries. Our Cyber Security committee (TC CYBER)   We will finalise a Technical Report (TR) on the
                                                                                                        Online
          is addressing many of these issues.                 implementation of the European Union’s Network and
                                                                                                        Work
                                                              Information Security Directive, which will identify existing
                                                                                                      Programme
          Building on our previous work, we have begun developing   standards and where new standards are needed in support of
          a Technical Specification (TS) which will define metrics for   the directive, particularly in the area of critical infrastructure
          the identification of critical infrastructures, addressing   protection.
          issues such as the impact of a successful attack on a critical
          infrastructure, categorisation of the critical infrastructure,   We will also complete a new TS specifying an interface to
                                                                                                       Online
          its dependencies and interdependencies, reporting and   enable a trusted domain to perform sensitive functions
                                                                                                        Work
          registration and access control. Publication is expected   coming from another domain.      Programme
          before the end of 2017.
                                                              Work continues on the updating of our two-part TS
          We continue to address privacy, in response to European   on methods and protocols for security, addressing
          Commission (EC) standardisation request M/530 on Privacy   countermeasures and Threat, Vulnerability and Risk Analysis
          by Design, and in co-operation with the European Committee   methods and taking account of developing threats and new
                                                                                                       Online
          for Standardisation (CEN) and the European Committee for   security techniques.               Work
          Electrotechnical Standardisation (CENELEC). By the end of                                   Programme
          2017 we expect to have completed a new TS on mechanisms   Our new working group on quantum-safe cryptography,
          for privacy assurance and the verification of Personally   which brings the activities of our former Industry
                                                              Specification Group (ISG) on Quantum-Safe Cryptography
                                                              (ISG QSC), into mainstream ETSI standardisation, has begun
                                                              work on three TRs. Two will compare proposals for quantum-
                                                                                                       Online
                                                              safe key exchange schemes and signature schemes, and a
                                                                                                        Work
                                                              third will review and make recommendations on the impact
                                                                                                      Programme
                                                              of integrating quantum-safe algorithms into Virtual Private
                                                              Network technologies.
                                                              We have begun new work on middlebox security protocols,
                                                              which is expected to lead to the publication of a TS in 2018.
                                                                                                       Online
                                                                                                        Work
                                                                                                     Programme
                                                              In the spectrum area, we plan to finalise a new System
                                                              Reference document on critical infrastructure utility
                                                              operations.






   12
   9   10   11   12   13   14   15   16   17   18   19