Terams of Reference

1. Motivation

Cyber attacks continue to grow and become widespread; they cause a broad range of security problems to users, Internet Service Providers, Network Operators and Network itself. Countering cyber attacks by technical means requires development of frameworks and specifications of security for preventing, detecting and responding to cyber attacks; mitigating and recovering from their effects/damages; and exchanging security information. As the ICT environment is ever changing, security requirements shall reflect these changes in ICT environment. To this end, it is necessary to secure protocols, infrastructures, applications/services, etc. which are used as an integral part of our daily life. Information security shall play an important role as securing ICT services, protecting ICT infrastructures, ensuring privacy of individuals by protecting personal information, and providing information assurance (IA) among related interesting entities. Thus, security is a prerequisite to providing ICT services, especially service using cloud computing smartphones, and smart grid technologies. There is a strong need for global security standards fulfilling regional security requirements for emerging ICT areas such as smartphone, cloud computing, and smart grid. To meet this need, the ITU-T successfully accomplished its two Focus Group activities on cloud computing and smart gird and decided to establish a JCA on Cloud Computing and a joint JCA on Smart Grid/Home Networking to coordinate activities across relevant Study Groups in the ITU-T. Considering the above background and current situation, there is a strong reason why we need to establish the Working Group on Information Security in line with the principles of CJK IT standards meeting in order to coordinate activities and collaborate with each other in the process of development of the global, local/regional standards. g

2. Tasks

Tasks include, but are not limited to:

a. Share knowledge and exchange information

Provide a platform for sharing of knowledge, and exchange ideas and dialogues on information security strategy, policies, regulations, and practices, including but not limited to their development, implementation, changes, and any lessons learnt that could be beneficial to the CJK region;
Provide a platform for sharing of knowledge, exchange of ideas and dialogues on information security standards related issues, challenges, and directions, in particular, relating to the adoption, deployment, and implementation of ICT security standards;
Hold a workshop on information security standards for outreach activities, if necessary.

b. Identify requirements and study subjects

Mainly focus works on emerging security/privacy issues in cloud computing, smart grid, and smartphone, but not limited to.
Identify potential common study subjects and draft & submit jointly common proposals for ITU-T standards development, if necessary.
Support that the security-related standardization activities among CJK adequately reflect the requirements of the market constituents;

c. Develop solutions

Develop security/privacy solutions on identified study subjects based on requirements;
Support others to develop their local information security standards, if necessary.

d. Coordinate among CJK members and ITU

Coordinate activities across CJK for global standardization activities of ITU-T.
Provide a mechanism for coordination to follow-up regional requirements on Information Security standards issues among CJK.

3. Relationships

a. Study Groups in the ITU-T:

ITU-T SGs 2, 9, 11, 13, 15, 16 and 17; TSAG; JCA-Cloud, JCA-SG&HN

b. Standardization bodies:

ISO/IEC JTC 1/SCs; ATIS; ETSI; IETF; IEEE; OASIS; 3GPP; OMA; GISFI; etc.

c. Internal coordination in CJK IT standards meeting:

WG on UNIOT, WG on IMT, any other future activities

d. Other bodies:

Regional Asia Information Security Exchange (RAISE) Forum; European Network and Information Security Agency (ENISA)