Avoiding security breaches through standardization
IEC International Standards ensure that electronics and electrotechnical components found in everything from transport, medical wearables and toys, to data centres and tablet computers, function reliably and safely.
There is much technology behind the scenes that allows us, for example, to swipe our way into the office, scan food items at the supermarket, purchase a sofa online and arrange its delivery, do banking from home or clear immigration using a biometric passport. To function smoothly, it must also be interoperable as well as protected from cyberattacks.
ISO/IEC JTC 1 produces International Standards for many fields, for example, smart cards, automatic identification and data capture (AIDC), information security, biometrics, cloud computing multimedia (MPEG) database query and programming languages, to name a few. It continues to follow technology trends and develop Standards. These are being applied in new areas, such as augmented reality and virtual reality applications, which are used in fields as diverse as military, transport, broadcasting, sports, gaming, construction, tourism, manufacturing and healthcare.
More specifically, the work of ISO/IEC JTC 1 covers the specification, design and development of systems and tools dealing with the capture, representation, processing, security, transfer, interchange, presentation, management, organization, storage and retrieval of information.
Keeping the cyber world safe
Smart Cities require a sustainable and reliable supply of energy and water, and must provide populations with efficient mobility and communication, while ensuring effective cybersecurity for all the tools and systems that enable their smooth functioning.
As a result of the growing contribution of IEC work towards Smart Cities, ISO/IEC JTC1/WG 11: Smart Cities, was established during the JTC 1 October 2015 plenary in Beijing. Representatives from this Working Group also participated in the World Smart City Forum in Singapore in July, organized by IEC in partnership with ISO and the ITU.
Along this theme, ISO/IEC JTC 1 updated its ISO/IEC 27000 family of International Standards on security techniques for information technology earlier this year. ISO/IEC 27000 gives an overview of these Standards, how they support the implementation of ISO/IEC 27001, Information technology – Security techniques – Information security management systems – Requirements, and how they relate to each other. It also provides a brief introduction to the information security area and information security management systems (ISMS), describing how to implement, operate, maintain and improve the ISMS.
Protecting information in the cloud (ISO/IEC 27017)
Providers located around the world routinely transfer data across national boundaries. This International Standard contains a new code of practice for information security controls for cloud services.
Integrated solutions for services (ISO/IEC 27013)
ISO/IEC 27013 offers a systematic approach to facilitate the integration of an ISMS with a service management system. Users can lower implementation costs and avoid duplication as only one audit is needed for certification.
Inter-sector and inter-organizational communications (ISO/IEC 27010)
This International Standard guides the initiation, implementation, maintenance and improvement of information security in inter-organizational and inter-sector communications. It includes general principles on how to meet these requirements using established messaging and other technical methods. It is used for protecting critical national infrastructure, where exchanging sensitive information securely is of utmost importance, as well as by security incident response teams.
Detecting and preventing cyberattacks (ISO/IEC 27039)
Organizations must be able to detect and prevent cyberattacks, or identify where breaches occur and how to stop similar intrusions in the future. ISO/IEC 27039 provides guidelines to prepare and deploy Intrusion Detection and Prevention Systems (IDPS).
Audit and certification (ISO/IEC 27006)
Third-party certification audits demonstrate that organizations have implemented a solid information security management system (ISMS), which conforms to ISO/IEC 27001 requirements. ISO/IEC 27006 provides the requirements that certification and registration bodies need to meet to be accredited so they can offer ISO/IEC 27001 certification services.
IT Standards for developing countries
During the October plenary, JTC 1 also held a workshop on Enhancing developing countries capacity to participate in international standardization and implement standards related to IT, which was attended by 17 countries. Overall feedback pointed to the need for more help in using available tools to improve participation in JTC 1 activities, funds to attend meetings, and facilitated discussions between developing countries and committee experts.
Contributing to the Internet of Things
The IoT is an important global trend, which needs Standards to ensure the interoperability, safety and energy efficiency of IoT devices and systems. In May, the first joint global workshop on the IoT Standards, organized by IEC, ISO and the ITU was held in Berlin. Hosted by the German Institute for Standardization (DIN) and led by ISO/IEC JTC 1, the event was aimed at sharing experiences of IoT and ongoing standardization activities among the three organizations. Topics discussed included Smart Grids, intelligent manufacturing, supply chain management, wearable smart devices, as well as the global challenges of energy conservation, smarter cities and improved healthcare. The issues of privacy and security were also discussed.
The workshop concluded that International Standards are key to building a global market of safe, energy efficient and interoperable IoT devices and systems.
Working with other standards development organizations
One of the roles of ISO/IEC JTC 1 is to work with other organizations that develop standards in the same field.
ISO/IEC JTC 1 approved the OASIS MQTT Standard for the Internet of Things. Published in June, ISO/IEC 20922, Information technology - Message Queuing Telemetry Transport (MQTT) v3.1.1, is a foundational standard for the IoT, developed by the Oasis consortium.
This light-weight publish-subscribe messaging protocol is designed for connections with remote locations or where the network bandwidth is limited. It is suited to IoT applications where resources such as battery power and bandwidth are at a premium. Hospitals use it to communicate with medical devices, such as pacemakers. Oil and gas companies monitor miles of pipelines. In smart cars it is a fundamental enabler for telematics, infotainment and mobile applications.