Motivation

The issue of protocol security has received increasing attention as communications networks have evolved from physically segregated systems using specialized protocols toward systems that are more open at every level. It has become clear that protocol security must be considered at all stages: design, implementation, and deployment. Following the IETF model, there has been encouragement in the past to require a discussion of security considerations in every new protocol-related Recommendation. Going forward, it is seen as desirable to provide formal support for the work on protocol security at the Study Group level by establishing a Question concerned with the topic of security coordination within the Study Group. In keeping with this coordinating role, the Question does not itself have any responsibility for specific existing Recommendations, and is not expected to generate any Recommendations itself.

Question

Study items to be considered include, but are not limited to:

• What is the content of an appropriate policy for the consideration of protocol security in the work of the Study Group?
• What are the means to assure that such a policy is being followed in practice?
• What exceptions to the general policy are permissible in the case of specific Recommendations?
• What is the impact of security-related work in other groups on the work of protocol security within this Study Group at the policy level?
• What are the means by which technical developments in protocol security achieved in other groups may be communicated to interested Questions in this Study Group, and the reverse?

Tasks

Tasks include, but are not limited to, the following:

• In cooperation with other Questions of the Study Group, document a general policy to be followed for the consideration of protocol security at the stages of design, implementation, and deployment, for new protocol-related Recommendations and for updates to existing protocol-related Recommendations.
• In cooperation with other Questions of the Study Group, devise procedures for the enforcement of the agreed policy. These procedures may call upon the resources of this Question for their execution.
• Provide consultation to other Questions on the application of the general policy to specific Recommendations.
• Provide liaison to other groups working in the area of protocol security, for the purpose of improving the work on protocol security within the Study Group. These groups specifically include the Study Group having the lead role in security within the ITU-T and the Security Directorate within the IETF.
• Create supplements relating the security requirements received from the lead Study Group to the work on signalling protocols in this Study Group.
• Create Recommendations responding to the security requirements where these fall outside the scope of any other Question of the Study Group.

Relationships

Recommendations:

All protocol-related Recommendations created or updated by the Study Group, indirectly through policy guidance or directly through review or consultation.

Questions:

All Questions of the Study Group that are tasked with the creation or maintenance of protocol-related Recommendations.

Study Groups:

• The lead Study Group on security issues.
• Security coordinators of other Study Groups where such have been appointed.

Standardization bodies:

• The Security Directorate of the IETF.
• Security-related activities of regional standards bodies, IEEE and ISO/IEC.