ITU endorses stronger standards for ICT risk management
ITU-T (the standardization arm of the UN specialized agency for ICT - ITU) continues to intensify its work in the field of ICT security to meet today's challenges for more secure network infrastructure, services and applications. In conjunction with a recent meeting of ITU-T’s Security Study Group (Study Group 17), a workshop on “Addressing security challenges on a global scale” and an Identity Summit – both open to external experts - was organized at the end of 2010. Several new standards (ITU-T Recommendations) were approved and progress made in several important areas, in accordance with the request of attendees for ITU-T to accelerate its work in the field of security.
Study Group 17 is responsible for studies relating to security, including cybersecurity, countering spam and identity management. Over 70 standards (ITU-T Recommendations) focusing on security have been published. These standards represent a major achievement reflecting the needs of business in establishing risk management strategies and in the protection of consumers (for example, see ITU-T Newslog , April 2008, ITU experts enable risk management strategies with new standards).
One key reference for security standards in use today is ITU-T Recommendation X.509 for electronic authentication over public networks. X.509 is a cornerstone for designing applications related to public key infrastructure (PKI), which directly contributed to the rise of e-business. A more recent achievement of Study Group 17 is Recommendation X.805, which will give telecom network operators and enterprises the ability to provide an end-to-end architecture description from a security perspective by allowing them to pinpoint all vulnerable points in a network and mitigate them.
Some of the latest ITU-T Recommendations on security also facilitate the interconnection of security and management systems and the exchange of cybersecurity information, such as of security events and of security attack incidents. The standards specify how this information can be shared across organizations for enhanced security preparedness and broader and better risk mitigation against vulnerabilities, to allow vulnerability databases and other capabilities to be linked together, and to facilitate the comparison of security tools and service.
Current areas of study also include identity management standardization work in the area of cloud computing and virtual service platforms, where challenging security problems remain to be solved and standardized.
ANSI releases third edition of United States Standards Strategy
On 3 February, the American National Standards Institute published the United States Standards Strategy. The Strategy articulates the principles and tactics that guide how the United States develops standards and participates in the international standards-setting process. It can be downloaded from the ANSI website.
Standards Dialogue Initiated Between SAC, ANSI and NIST
On 19 January, Patrick Gallagher, NIST Director, Ji Zhengkun, Administrator of the Standardization Administration of China, and Joe Bhatia, President and CEO of ANSI, signed a Statement of Intent to begin a “Standards Dialogue.” This dialogue provides a channel to exchange standards-related information, facilitates the national efforts to develop and use international standards, and fosters enhanced public-private partnership and technical exchange between the two countries. The dialogue may also open opportunities for pre-standards collaboration. (information taken from http://gsi.nist.gov/global/index.cfm/L1-7/L2-35/A-523/).
Legal Acts in the EU in the area of technical harmonization: adopted or proposed during the last quarter
Marketing of Construction Products in Europe: new Regulation adopted by European Parliament
The consolidated text of the Regulation was adopted by the European Parliament on 18 January and by the European Council in February. The new Regulation will be soon published in Official Journal of the European Union.
Proposal for a Regulation of the European Parliament and of the Council laying down harmonized conditions for the marketing of construction products was described in the previous issue of the Regulatory Newsletter. The main objectives of the proposal include:
- To clarify the current problematic issues.
- To reduce the administrative burdens.
- To ensure free marketing of construction products.
- To remove barriers to trade.
The text of the Regulation was adopted on Communication Committee (COCOM) meeting on 25 May 2010. Finally, it was adopted by the Council on 13 September 2010 and delivered to the European Parliament. The European Parliament Internal Market Committee (IMCO) discussed the document on 22 November: it adopted 8 proposals for amendment. Member States adopted the text with some amendments on 8 December.
Approval of Proposal for Directive of the European Parliament and of the Council repealing council directives regarding metrology
European Parliament adopted the text of the Directive on the Plenary Session on 15 December 2010. The Directive was approved by the Permanent Representatives Committee (COREPER) on 18 February 2011 and by the Council on 21 February 2011.
Please refer to the previous issue of the newsletter to learn more about the goals, difficulties and other aspects related to the development of the Directive.
Textile names and labeling of textile products: update on Proposal for Regulation
Discussions with the European Parliament are under way in order to reach an agreement on the controversial topics and adopt the proposal for a Regulation in the second reading. The positions of the European Parliament and Council are different, especially in the question of country of origin marking, and labelling of leather goods. European Parliament expects negotiations with Member States representatives. Plenary meeting of the European Parliament is expected on 10 May 2011.
The Attachés meeting in February and March negotiated several proposals from HUPRES (voluntary marking of origin, etc) but a majority of Member States did not accept changes from the position adopted on 13 September last.
To learn more about the history of the proposal, its main goals and difficulties, disputes and the state of play please refer to the previous issue of the Regulatory Newsletter.
Comitology: update on proposals Read more..... .