[フレーム] [フレーム]

Connecting the world and beyond

Apr25-summary

Page Content

​​

Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 8-17 April 2025

1.     Hot topics of this meeting (summarizing both input & output)

–     AI security

–     digital ID and digital wallet

–     Digital twin and metaverse security

–     Quantum based security, Post Quantum Cryptography

–     IMT security

–     IoT security

–     Cloud/edge/big data security

2.     Meeting Output (meeting statistics see Annex E below)

–     ITU mini workshop on security and privacy for digital twin and metaverse (TD73/2 )

–     Output standards (38, see Annex A):

      • TAP approval (5): Details are in Annex A a).
      • TAP not approved (0): Details are in Annex A b).
      • TAP determined (10): 8 new and 2 revised Recommendations. Details are in Annex A c).
      • AAP consented (8): 7 new Recommendations for AAP Last Call. Details are in Annex A d).
      • Agreed (6): 1 new Supplement, 1 new Technical Report and 4 SG17 documents. Details are in Annex A e).

–     New work items (40, see Annex B).

–     All 4 SG17 Correspondence Groups will continue to be very active with updated new ToR:

    • CG-SECAPA (Correspondence Group on Security Capability and Architecture): continued, new ToR in TD78/P.
    • CG-COP (Child online protection): continued, new ToR in TD69/P.
    • CG-AISEC-STRAT (Correspondence group on Strategy for AI security in Telecommunication/ICTs): re-established, new ToR in TD74/P.
    • CG-RES-MODERN (Correspondence group to SG17 restructuring and modernization): re-established, new ToR in TD82/P

3.     Future SG17 meetings

  • WP/17 e-plenaries
WP date Scope
WP1/17 22 September 2025
determination of X.aas |ISO/IEC 27566-1
WP3/17 10 October 2025 determination of X.1058rev | ISO/IEC 29151
WP4/17
4-5 Septem​ber 2025
  • Determine (TAP)
    • Q8​: X.soar-cc, X.asm-cc (re-determination X.1631| ISO/IEC 27017 if needed)
    • Q14: X.sr-dpts, X.sg-dcs
  • Consent (AAP)
    • Q8: X.mbaas-cs-sec
    • Q14: X.DLT-dgi, X.dlt-share, X.1400Rev
  • Agreement:
    • Q7: TR.AISec, TR.saAIoT, TR.dpama
  • 2nd SG17 meeting in 2025-2028 Study Period: Wed 3 - Thu 11 December 2025 (7 working days)
  • 3rd SG17 meeting in 2025-2028 Study Period: Tue 2 – Wed 10 June 2026 (7 working days)
  • Workshops:
    • 11 July 2025: Challenging the status quo ofAI security
    • 5 Sept 2025: 4th X.509 Day
    • 11 Questions plan to hold the following 17 RGMs in the interregnum period before 2nd SG17 meeting:
#​
Q
Date
Place/Host Subject/objective
1.      1/17

29 Apr 2025
(13:00-15:00, CEST)

MyWorkspace
Address on definition, terminologies from SCV, CCT and other SGs, etc.
2.      1/17

15 Oct 2025 
(13:00-15:00, CEST)

MyWorkspace Progress on Q1 (All WIs)
3.      1/17 20 Nov 2025
(13:00-15:00, CET)
MyWorkspace Address on definition, terminologies from SCV, CCT and other SGs, etc. for the next SG17 meeting (Dec. 2025)
4.      2/17 25-26 September 2025 (12:00-16:00, CET)
MyWorkspace
  • prepare texts for action in the next SG17 meeting: X.5Gsec-asra, TR.sg-lmcs, TR.sd-cnc, TR.srsec
  • review all work items and identify future topics for Q2/17
5.      3/17

17-18 September 2025
(WED, THU, 10:00-12:00 CEST)

MyWorkspace
  • X.1060-rev, X.gsm-cdc, X.cirt-cdc
  • X.C2M2, X.srm-sup
6.      3/17

14 October 2025
(TUE ,10:00-12:00 CEST)

MyWorkspace X.1058-rev, X.1053-rev
7.      4/17 July or Sep 2025 (TBD)
MyWorkspace
  • X.sfdtea
  • X.nspam
  • X.icd-schemas
  • X.st-ssc
  • X.dtns
8.      7/17 15-16 July 2025
(08:30-12:30 CEST)​​
MyWorkspace Progress on AI security, etc.
9.      8/17 2-3 July 2025
(08:00-10:30 CEST) MyWorkspace Progress on WIs for action and potential new work items
10.   10/17 15 July 2025 
(13:00-15:00, CEST)
MyWorkspace All the work of Q10/17
11.   10/17 15 September 2025
(13:00-15:00, CEST)
TBD All the work of Q10/17
12.   11/17 2-6 June 2025 London (UK) Joint ISO/IEC/JTC 1/SC 6/WG 10 & Q11/17 meeting TD40R1/1
13.   13/17

9-10 July 2025 

(Hybrid) Seoul, Korea / ETRI

 

- Progress on on-going items 

- Initial discussion on new work

14.   13/17

16-17 October 2025 (tentative)

Virtual or (hybrid)
Seoul, Korea (tentative)

- Progress on on-going items

- Initial discussion on new work

15.   14/17 8-9 July 2025 

(Hybrid)
Seoul, Korea / Sejong Univ.

Progress on WIs for action and potential new work items
16.   15/17 20-22 August 20​25
(Hybrid) Tokyo, Japan / TTC​

-        Finalize for consent on X.sec_QKD_profr, X.sec_QKDNi

-        Finalize for agreement on TR.kdc_qkdn, TR.QKDN-SP

-        Progress on TR.hyb_qsafe, TR.SQKDN-SC

-        Other input contributions

17.   15/17 7-8 October 2025 (TBD) TBD

-        Finalize for consent on X.sec_QKD_profr, X.sec_QKDNi

-        Finalize for agreement on TR.kdc_qkdn, TR.QKDN-SP

-        Progress on TR.hyb_qsafe, TR.SQKDN-SC

-        Other input contributions


Annex A
Actions taken on Recommendations, and other texts at SG17 closing plenary on 17 April 2025

a)    TAP Recommendations approved (WTSA-24 Resolution 1)

#​ Q/17 Acronym Title New / Revised Base text Equivalent e.g., ISO/IEC Timing
1.        Q6/17 X.1355 (ex X.ra-iot) Security risk analysis framework for Internet of things devices New  TD18/2    
2.        Q7/17 X.1456 (ex X.sgdfs-us) Security guidelines for DFS applications based on USSD and STK New SG17-R76 (2024-09)    
3.        Q8/17 X.1648 (ex X.gecds) Guideline on edge computing data security New TD77/4    
4.        Q10/17 X.1284 (ex X.afotak) Authentication framework based on one-time authentication key using distributed ledger technology New TD18/1    
5.        Q13/17 X.1385 (ex X.evtol-sec) Security requirements and guidelines for telecommunications in an urban air mobility (UAM) environment New TD20/2    

b)    TAP Recommendations not approved (WTSA-24 Resolution 1)

None.

c)     TAP Recommendations determined (WTSA-24 Resolution 1)

# Q/17 Acronym Title New / Revised Base text Equivalent e.g., ISO/IEC Timing
1.        Q3/17 X.1062
(ex. X.shcd) Framework for Security Human Capability Development New TD68/3    
2.        Q4/17 X.1238
(ex. X.sgc-rcs) Guidelines for countering spam over rich communication service (RCS) messaging New TD29/3    
3.        Q6/17 X.1128
(ex. X.mt-feature) Security features to assess mobile terminal security New TD16/2    
4.        Q6/17 X.1129
(ex. X.mt-integrity) Security guidelines for mobile terminal integrity protection New TD15/2    
5.        Q7/17 X.1130
(ex. X.tg-fdma) Technical guidelines for fraud detection of malicious applications in mobile devices New TD50/4    
6.        Q7/17 X.1457
(ex. X.str-irs) Security threats and requirements for information recommendation service New TD35/4    
7.        Q8/17 X.1753
(ex. X.gdsml) Guidelines for data security using machine learning in big data infrastructure New TD15/4    
8.        Q8/17 X.1631rev Information security controls based on ISO/IEC 27002 for cloud services Rev. TD62/4 ISO/IEC 27017  
9.        Q8/17 X.1649
(ex.X.sgmc) Security guidelines for multi-cloud New TD16/4    
10.     Q10/17 X.1250rev Baseline capabilities for enhanced identity management and interoperability Rev. TD42/1    

 

d)    AAP Recommendations consented (Recommendation ITU-T A.8)

# Q/17 Acronym Title New / Revised Base text Equivalent e.g., ISO/IEC Timing
1.        Q2/17 X.1010
(ex. X.so-sap) Guidelines for security orchestration of service access process New TD68/2    
2.        Q4/17 X.1646
(ex. X.SecaaS) Security threats to be identified in the domain of security as a service New TD34/3    
3.        Q7/17 X.2013
(ex. X.smdtf) Security measures for digital twin federation in smart cities and communities New TD72/4    
4.        Q7/17 X.2050
(ex. X.srmpc) Security requirements for monitoring physical city assets New TD73/4    
5.        Q8/17 X.1650
(ex. X.sgsc) Security guidelines for serverless computing New TD17/4    
6.        Q10/17 X.1285
(ex.X.oicc) OpenID Connect Core 1.0 - Errata Set 2 New TD41/1 (including A.25 justification) OpenID Connect Core 1.0 - Errata Set 2  
7.        Q14/17 X.1414
(ex. X.dlt-ccs-fr) Security requirements and framework of cross-chain service for DLT systems New TD21/4    
8.        Q14/17 X.1413
(ex. X.sc-dlt) Security controls for distributed ledger technology New TD20/4    

 

e)     Non-normative texts (Technical Report, Supplement, Implementers' Guide, etc) agreed

# Q/17 Acronym Title New / Revised Base text Equivalent e.g., ISO/IEC Timing
1.        Q1/17 Security Compendium ICT Security Compendium Rev. TD30/3    
2.        Q1/17 Security standards roadmap ICT Security standards roadmap Rev. TD23/3    
3.        Q1/17 SG17 implementation of WTDC-21 Res SG17 activities and achievements in support of the most recent Resolutions of the WTDC Rev. TD51/P    
4.       

Q1/17, Q10/17,
Q11/17

LSG report to TSAG SG17 LSG activities and achievements report to TSAG 2025 New    
 
5.        Q3/17 X.sup-cdc Supplement to X.1060: X.1060 high level implementation considerations New TD57/3    
6.        Q14/17 TR.dw-lasf Technical report: A landscape analysis and security features for a digital wallet New TD10/4    


 

Annex B
New work items

The following new work items were agreed to be added to the SG17 Work Programme:

 

# Q# WI abbreviation Title​ Base Text C#
1.       

1/17 

X.rs-certi
[incubation] Framework for risk assessments of server certificate applications TD55/3 C141
2.        ​1/17
X.cramms Framework for Cyber Security Reference Architectures, Models and Methodologies Strategy and Roadmap (CRAMMS) TD62/3 C85
3.        ​1/17
TR.trust**
Technical Report: Trust issue for telecommunication/ICTs
TD32/3
C44
4.        ​1/17

TR.PKIC-man-lb**
[incubation]

Technical Report: Technical guidelines for Web PKI certificate validation and fine-grained configuration for Internet browser
TD61/1 C111
5.       

2/17 

X.s-isac*
Security guidelines for integrated sensing and communication in IMT-2020 networks and beyond
TD36/2 C161
6.        ​2/17
TR.FMSC-IMT2030** Technical Report: Security technologies for fixed, mobile and satellite convergence of IMT-2030 networks TD39/2 C154
7.        ​2/17
X.5Gsec-scio* Framework of Security Capability Intelligent Orchestration system for IMT-2020 Network TD42/2 C100
8.        ​2/17
X.uc-zt-5g Security threats associated with use cases for applying zero trust to IMT-2020 private network deployments TD43/2 C48
9.        3/17 X.C2M2 Cybersecurity Capability Maturity Model for telecommunication organisations TD60/3 C167
10.    

4/17

X.MVSC
Minimum Viable Security Controls
TD45/3 C176
11.     ​4/17
X.sg-resso Security guidelines for reporting email security status to security operations TD49/3 C36
12.    

6/17 

TR.trust-metaverse** Technical Report: Technical challenges to achieving trustworthy metaverses TD60/2 C172
13.     ​6/17
X.iot-dt* Technical requirements for verification of IoT data security TD52/2 C163
14.     ​6/17
X.IoT-RF-Auth
Security framework for radio frequency characteristics-based IoT device authentication TD62/2 C147
15.     ​6/17
X.sg-eimv* Security guidelines for enabling integration of virtual and physical worlds of the metaverses in smart city TD57/2 C137
16.     ​6/17
TR.cr-mv** Technical Report: Cybersecurity risks, threats, and harms in the metaverse TD29/2 C60
17.     ​6/17
TR.sec-iepi-AI** Technical Report: Security guideline for artificial intelligence applications of IoT-based electric power infrastructure monitoring system TD51/2 C42
18.    

7/17 

X.SSDHN-AI-Atk Security Guidelines for Software-Defined Heterogeneous Networks Architecture against AI generated Attacks and Threats TD93/4 C166
19.     ​7/17
X.APIRSD Technical Requirements for Public API Runtime Security risk Detection TD76/4 C148
20.     ​7/17
X.sec-va Security guidelines for vertical applications within the IMT-2020 ecosystem TD41/4 C145
21.     ​7/17
X.sgfems* Security requirements and guidelines for factory energy management system TD74/4 C139
22.     ​7/17
X.Spud* Security requirements associated with procedures for pseudonymizing unstructured data TD53/4 C105
23.     ​7/17
TR.lzkml** Technical Report: Landscape analysis of Zero-Knowledge Machine Learning TD64/4 C67
24.     ​7/17
X.AA-LLM Guidelines for Preventing and Mitigating Adversarial Attacks on LLMs in Metaverse and Digital Twin Environments TD57/4 C162
25.     ​7/17
X.S-AIA* Security Requirements and Guidelines for Artificial Intelligence Agent TD49/4 C159
26.     ​7/17
TR.saAIoT* Technical Report: Security Threat Analysis for Artificial Intelligence of Things on Devices TD43/4 C151 
27.     ​7/17
X.sg-sd* Security guidelines for synthetic data in the context of AI systems TD52/4 C140
28.     ​7/17
TR.AISec** Technical Report: Artificial intelligence security standardization strategies TD53/4 C92
29.     ​7/17
X.AI-gcd* Guidelines for Artificial Intelligence generated content detection TD54/4 C62
30.     ​7/17
X.GenAI-FT Security guidelines for fine-tuning generative AI model TD48/4 C49
31.     ​7/17
X.AI-App_policy* Reference architecture for AI-assisted analysis of consistency between App's data usage behaviour and its privacy policy TD47/4 C47
32.     8/17 X.gdso-cs* Guidelines of development, security and operations (DevSecOps) for cloud service TD23/4 C78
33.    

10/17 

X.aas* Collaboration between ITU-T SG17 and ISO/IEC JTC 1 SC 27 on the development of ISO/IEC 27566 TD19/1 C123
34.     ​10/17
X.sfdiw* Security framework of digital identity wallet for decentralized identity model TD51/1 C98
35.     ​10/17
X.1280rev* Framework for out-of-band mutual authentication using mobile devices TD29/1 C29
36.     ​10/17
X.1281.Amd1* Open Standards Identity APIs (X.1281) extension for Authentic Sources Use Case  TD52/1 TD82/P
37.    

13/17 

X.ececu-sec* Security requirements for externally connected electronic control units of connected vehicles TD21/2 C116
38.     ​13/17
X.ivkm-sec* Security requirements and guidelines for the in-vehicle key management TD66/2 C69
39.     ​13/17
X.cov-sec* Security guidelines for countermeasures against covert channels in connected vehicles TD35/2 C33
40.     15/17 TR.SQKDN-SC** Technical Report: Security consideration for satellite-based quantum key distribution network TD48/1 C133

Note:  * marked items are for approval by TAP;  ** marked items are for approval by agreement; Items without any mark are for approval by AAP.


Annex C
Work items discontinued

Question Acronym Title
None
   

 


 

Annex D
SG17 meeting Statistics

374/57 Participants/Countries (TD3/P)

  Participants #of Countries # of Member States # of Sector Members # of SG17 Associates # of Academia # Invited Experts
Final 374 57 49 (+3 Permanent missions) 32 2 12 9

Meeting input and organization

Table of SG17 statistics of this first meeting

C LS/i LS/o TD ​ ​ ​ ​ ​

GEN PLEN WP1 WP2 WP3 WP4
189
​104
​54
104 93 66 75 71 94

 

Contributions

189 – new record (past meetings: 187, 153, 119, 104, 101). DDP: 99%

o   APT 169.5 (90%) (= China 83 + Korea 67 + India 9 + Japan 5.5 + Singapore 2 + Malaysia 1 + Australia 1 + Sri Lanka 1)

o   EUR 6.5 (3%) (UK 5.5 + Denmark 1)

o   Americas 10 (5%) (Canada 5.5 + US 2.5 + Brazil 2)

o   AFR 3 (2%) (Mali 1 + Senegal 1 + multiple African countries & Soonchunhyang Univ 1)

o   CIS 1 (= Russia 1)

o   ARAB (0)

LSi/LSo (matrix in TD13/P)

·       104/54 (past meetings: 187/28, 89/41 60/25 61/22, 55/21, 72/21)

TDs (503) 

 

______________________​​

AltStyle によって変換されたページ (->オリジナル) /