ETSI Report Paves the Way for First World Standards in Securing Artificial Intelligence
The ETSI Securing Artificial Intelligence Industry Specification Group (SAI ISG) released its first Group Report, ETSI GR SAI 004, which gives an overview of the problem statement regarding the securing of AI. ETSI SAI is the first standardization initiative dedicated to securing AI.
The Report describes the problem of securing AI-based systems and solutions, with a focus on machine learning, and the challenges relating to confidentiality, integrity and availability at each stage of the machine learning lifecycle. It also points out some of the broader challenges of AI systems including bias, ethics and ability to be explained. A number of different attack vectors are outlined, as well as several cases of real-world use and attacks.
To identify the issues involved in securing AI, the first step was to define AI. For the ETSI group, artificial intelligence is the ability of a system to handle representations, both explicit and implicit, and procedures to perform tasks that would be considered intelligent if performed by a human. This definition still represents a broad spectrum of possibilities. However, a limited set of technologies are now becoming feasible, largely driven by the evolution of machine learning and deep-learning techniques, and the wide availability of the data and processing power required to train and implement such technologies.
The ETSI Industry Specification Group on Permissioned Distributed Ledger (ISG PDL) has recently released a number of Reports to support industry and government institutions needs for what is commonly known as blockchain. These Reports cover data record compliance to regulation, application scenarios and smart contracts.
- ETSI GR PDL 002, “Applicability and compliance to data processing requirements”, describes the implications of the conduits used to connect data sources (sensors, gateways etc.) to distributed ledgers in utility and related industries. The Report also defines how regulatory aspects for data infrastructure security and privacy can be satisfied.
- ETSI GR PDL 003 details the application scenarios and operational requirements for permissioned ledgers to help telecom operators, Internet and over-the-top service providers implement the technology. It includes provision models with special emphasis on as-a-service paradigms and PDL infrastructure governance aspects.
- ETSI GR PDL 004, defines an architecture and functional framework for smart contracts and their planning, coding, and testing. The smart contract is a computer program stored in a distributed ledger system.
ETSI Launches New Group on IPV6 Enhanced Innovation
In the 5G and cloud era, IPv6 will grow rapidly. Strengthening new generation IP network technologies based on IPv6 and its innovative technologies has become the common direction of the IP industry. To tackle the increasing Industry needs for IPv6 adoption in multiple Use Cases and Scenarios, ETSI has recently launched ISG IPv6 Enhanced innovation (IPE). IPE aims to drive full connectivity of IPv6 on everything and facilitate the business success of this technology. IPE members include 43 organizations to date, comprising carriers, vendors, and academia, working together to improve the industry ecosystem and accelerate innovation.
The group will first analyse the current landscape of existing IPv6 standards deployed on prime technologies such as 5G, IoT and Cloud Computing to identify gaps and thus accelerate IPv6-based innovations. Two other reports will cover data centre and Cloud use cases on one hand and 5G Transport use cases on the other hand. The last pieces of work will define Industrial IoT/enterprise requirements and IPv6 only transition requirements across new and evolving technology domains and areas.
ETSI is pleased to unveil ETSI TS 119 182-1, a specification for digital signatures supported by PKI and public key certificates which authenticates the origin of transactions ensuring that the originator can be held accountable and access to sensitive resources can be controlled. This standard is a major achievement for interoperability of digital signatures for a range of applications in today's digital economy including the banking and financial world where so far, some 4,000 banks were using various signing algorithms for their APIs to secure their online transactions. Called JAdES, ETSI TS 119 182-1 comes in support of secure communications fulfilling the requirements of the European Union eIDAS Regulation (No 910/2014) for advanced electronic signatures and seals and regulatory requirements for services such as open banking.
This JAdES digital signature specification is based on JSON Web Signature and contains the features already defined in the related ETSI standards for AdES (advanced electronic signature/seal) applied to other data formats including XML, PDF and binary. The standard was developed with contributions from a number of stakeholders including representatives from the banking sector who, through Open Banking Europe, have brought their operational requirements to align European APIs onto one security model. ETSI TS 119 182-1 can be used for any transaction between an individual and a company, between two companies, between an individual and a governmental body, etc. applicable to any electronic communications.
ETSI announced a new specification, ETSI TS 103 523-2: Transport Layer MSP (TLMSP), Part 2 of the Middlebox Security Protocol (MSP) series, which defines a protocol for varied (fine-grained) access control to communications traffic. This specification was developed by the ETSI Technical Committee CYBER. Middleboxes are vital in modern networks - from new 5G deployments, with ever-faster networks that need performance management, to resisting new cyberattacks with evolved threat defence that copes with encrypted traffic, to VPN provision. Network operators, service providers, users, enterprises, and small businesses require being granted varied (fine grained) permissions.
As more datagram network traffic is encrypted, the problems for cyber defence will grow. This intrusive "break-and-inspect" method, ignoring the desire for explicit authorization by endpoints, raises questions around security, privacy, and trust. ETSI TS 103 523-2, MSP Part 2 addresses this gap by specifying a protocol that allows fine-grained access and nuanced permissions for different portions of traffic, allowing middleboxes to perform their functions securely whilst keeping up with the rapid pace of technical development.
ETSI has successfully completed its international emergency communications interoperability testing event. 285 test pairings, with 87% demonstrating interoperability, were run from 22 February to 5 March 2021, both in Europe and across the Atlantic to assess the compatibility of products for mission-critical public safety services. This remote event was a cooperation between ETSI, EENA, the European Emergency Number Association and for the first time NENA, the 9-1-1 Association.
Vendors of emergency communication equipment connected to test Next Generation 112 and NG9-1-1 technologies, responding to the increasing requirements and demands of content-rich, IP-based emergency calling. Stakeholders included NGCS vendors, Forest Guide developers, user agents, mobile operators and call handling vendors. Government bodies, policy makers and local authorities also joined in to discuss implementation in their countries. Participants tested components of the emergency communication chain such as location and location-based call routing, audio, video, real-time text, policy based routing and core services based on ETSI TS 103 479, developed by the ETSI EMTEL Special Committee.
The European Standards Organizations, CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organize its annual conference virtually this year. The event, which took place from 2 to 4 February, attracted over 2000 participants from the EU and from around the world. The conference addressed standardization in relation to the Radio Equipment Directive (RED) and certification under the provisions of the Cybersecurity Act (CSA). The ultimate objective of the exercise is to enable an effective implementation of the Cybersecurity Act. The objectives of the presentations and key topics addressed by the conference panels were the following:
- Cybersecurity requirements and standardization activities under the scope of the Radio Equipment Directive
- Standardization supporting the Cybersecurity Act
- Developments on standardization in the area of Consumer IoT
- Standardization of 5G
The slides presented during the conference are available on the website of the Cybersecurity Standardization Conference.