Workshop on ITU-T X.1060 Cyber Defence Centre at Kigali, Rwanda
What is ITU-T X.1060?
X.1060 Framework for the creation and operation of a cyber defence centre[1]is a recommendation document approved by ITU-T, the United Nations specialized agency for information and communication technologies. It defines a cyber security framework which can be used as a reference by a wide range of organisations, regardless of their sizes or industries. The document illustrates a blueprint for Cyber Defence Centre (hereafter CDC), an entity within an organisation that offers security services to manage the cyber security risks of its business activities. CDC facilitates the implementation of security measures through a cycle of three processes – Build, Management and Evaluation.The Workshop
As part of activities to promote and raise awareness of the CDC, JPCERT/CC organised a workshop at the 2023 FIRST & AfricaCERT Symposium: Africa and Arab Regions[2]on 3 March 2023. Our 2-hour workshop, titled “SOC, CERT/CSIRT and then Cyber Defence Centre - A workshop on how to defend African nations/businesses with ITU-T X.1060”, allowed speakers to introduce the framework which encompasses cyber security measures beyond the traditional CSIRT functions and to discuss threats and challenges for the countries and companies in the Africa and Arab region. Mr. Arnaud Taddei from Symantec/Broadcom, Dr. Jema Ndibwile from Carnegie Melon University Africa and Dr. Koichiro Komiyama from JPCERT/CC gave presentations. Then, participants were invited to ask questions and deepen the discussion. Koichiro emphasised that the framework is more effective for large organisations and national cyber security initiatives. He also explained that X.1060 could be used together with or complement existing frameworks (such as the FIRST CSIRT Services Framework[3]and the NIST SP800-61[4]), which has different scopes.In closing
Although the workshop was structured for the Africa and Arab regions, the CDC concept is of course applicable to other parts of the world. We are hopeful that it will become even more widespread globally. An interview with X.1060 editor Mr. Shinji Abe is available on the JPCERT/CC official YouTube channel[5]. He briefly explains CDC's outline, target audience and use cases in 5 minutes. The video contains English subtitles, so please have a look.Masa Toyama
Reference
[1] ITU-T X.1060 : Framework for the creation and operation of a cyber defence centre
https://www.itu.int/rec/T-REC-X.1060-202106-I
[2] 2023 FIRST & AfricaCERT Symposium: Africa and Arab Regions
https://www.first.org/events/symposium/africa-arab-regions2023/
[3] FIRST CSIRT Service Framework
https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1
[4] NIST Special Publication 800-61 Revision 2
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
[5] X.1060 CDC / Cyber Defence Centre in 5 minutes
https://youtu.be/2qkS7NPTHWs