Workshop on ITU-T X.1060 Cyber Defence Centre at Kigali, Rwanda

What is ITU-T X.1060?

X.1060 Framework for the creation and operation of a cyber defence centre[1]is a recommendation document approved by ITU-T, the United Nations specialized agency for information and communication technologies. It defines a cyber security framework which can be used as a reference by a wide range of organisations, regardless of their sizes or industries. The document illustrates a blueprint for Cyber Defence Centre (hereafter CDC), an entity within an organisation that offers security services to manage the cyber security risks of its business activities. CDC facilitates the implementation of security measures through a cycle of three processes – Build, Management and Evaluation.

The Workshop

As part of activities to promote and raise awareness of the CDC, JPCERT/CC organised a workshop at the 2023 FIRST & AfricaCERT Symposium: Africa and Arab Regions[2]on 3 March 2023. Our 2-hour workshop, titled “SOC, CERT/CSIRT and then Cyber Defence Centre - A workshop on how to defend African nations/businesses with ITU-T X.1060”, allowed speakers to introduce the framework which encompasses cyber security measures beyond the traditional CSIRT functions and to discuss threats and challenges for the countries and companies in the Africa and Arab region. Mr. Arnaud Taddei from Symantec/Broadcom, Dr. Jema Ndibwile from Carnegie Melon University Africa and Dr. Koichiro Komiyama from JPCERT/CC gave presentations. Then, participants were invited to ask questions and deepen the discussion. Koichiro emphasised that the framework is more effective for large organisations and national cyber security initiatives. He also explained that X.1060 could be used together with or complement existing frameworks (such as the FIRST CSIRT Services Framework[3]and the NIST SP800-61[4]), which has different scopes.
Workshop title
A hybrid workshop, onsite and online

Address by Dr. Jema Ndibwile
Onsite participants

In closing

Although the workshop was structured for the Africa and Arab regions, the CDC concept is of course applicable to other parts of the world. We are hopeful that it will become even more widespread globally. An interview with X.1060 editor Mr. Shinji Abe is available on the JPCERT/CC official YouTube channel[5]. He briefly explains CDC's outline, target audience and use cases in 5 minutes. The video contains English subtitles, so please have a look.
X.1060 CDC / Cyber Defence Centre in 5 minutes

Masa Toyama


[1] ITU-T X.1060 : Framework for the creation and operation of a cyber defence centre

[2] 2023 FIRST & AfricaCERT Symposium: Africa and Arab Regions

[3] FIRST CSIRT Service Framework

[4] NIST Special Publication 800-61 Revision 2

[5] X.1060 CDC / Cyber Defence Centre in 5 minutes