Combat of Counterfeit and Stolen ICT Devices

Similar documents
Market Surveillance and enforcement

Outcomes of the ITU Workshop. Global approaches on combating counterfeiting and stolen ICT devices. (23 July 2018, Geneva)

International Telecommunication Testing Centre. Moscow, Russia, December 2009

ITU Workshop on "Combating Counterfeit Using Conformance and Interoperability Solutions" Geneva, Switzerland 28 June 2016

ITU-T SG 11 Workshop Global Approaches on Combating Counterfeiting and Stolen ICT Devices

ITU Conformity and Interoperability Programme: Pillars 3 and 4

ITU C&I Programme Pillars 1 and 2

CITEL s s Focus on Cybersecurity and Critical Infrastructure Protection CITEL

Standards capability in Central America and lessons learned from training programs Sungnam CHOI

ITU-D Regional Development Forum for the Arab Region: NGN and Broadband, Opportunities and Challenges

Homologation of telecommunication equipment experience in India Vineet Verma Director, Department of Telecom India

Conformity and Interoperability regimes of communications equipment in Malaysia

RESOLUTION 47 (Rev. Buenos Aires, 2017)

ITU-T SG 5 Regional Group for Africa

Status of preparations for PP-18. Inter-American Telecommunication Commission (CITEL) Permanent Executive Committee (Com/CITEL)

Regional Workshop for CIS on Conformance and Interoperability. ITU C&I Programme Pillars 3 and 4. Moscow, Russian Federation, August 2014

Conformity and Interoperability Training for AMS Region on Homologation Procedures and Type Approval testing for Mobile Terminals

Mutual Recognition Agreement/Arrangement: General Introduction, Framework and Benefits

Questionnaire on the status of Conformance and Interoperability of Equipment and Systems

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Mutual Recognition Agreement/Arrangement: General Introduction, Framework and Benefits

Cybersecurity and Vulnerability Assessment

RESOLUTION 45 (Rev. Hyderabad, 2010)

Overview of SG11 activities and latest achievements

ITU World Telecommunication Standardization Assembly 2016 Background Paper

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

Promoting Global Cybersecurity

National Cooperation for Laboratory Accreditation Annual General Meeting International versus National Recognition: A Comparison

NIST Designation of CABs: Upcoming Changes for the US and EU Review for Japan

IT Security Evaluation and Certification Scheme Document

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Conformity and Interoperability regimes of Telecommunication/ICT equipment in [India]

Australian Government Cyber-security Activities in the Pacific

Joint ITU-UNIDO Forum on Sustainable Conformity Assessment for Asia-Pacific Region (Yangon City, Republic of Union of Myanmar November 2013)

Conformity Control Activities Tunisia Case Study

GLOBAL CYBERSECURITY INDEX 2016

World Telecommunication Development Conference (WTDC- 14) Dubai, 30 March 10 April 2014

Brazilian certification process. OCD recommended structure. Brazilian Market. Regional references

Symposium on Trustmark Guidelines in CBPR System

Strengthening International Systems of Conformity Assessment

Conformity and Interoperability Regime of Telecommunication/ICT equipment in India

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Work Progress and Plan of ITU-T SG11 on IMT-2020 Shin-Gak KANG

EU policy on Network and Information Security & Critical Information Infrastructures Protection

NIST UPDATES TELECOM MRAS

COUNTERING COUNTERING SPAM IN A DIGITAL WORLD

International Accreditation Forum, Inc. User Advisory Committee UAC

NIS Standardisation ENISA view

ITU-T Study Group 5. Environment, Climate Change and Circular Economy. Qi Shuguang Vice Chairman. ITU-T Study Group 5.

GUIDELINE. of the European Committee for Welding of Railway Vehicles (ECWRV) ( ) PART 1

ITU-T Standardization on Countering Spam

Frequently Asked Questions

Cyber Security in Europe

The International Network for Environmental Compliance & Enforcement

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

BDT Activities on Spectrum Management István Bozsóki Head of Division BDT/IEE/SBD

IMEI Counterfeit Update

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

ITU Academia. Smart Partnership for ICT4SDG. Jaroslaw K. PONDER Coordinator for Europe Region

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

NOW IS THE TIME. to secure our future

ENISA s Position on the NIS Directive

NATIONAL COMMISSION ON FORENSIC SCIENCE

RWANDA S APPROACH TOWARDS EMERGING TECHNOLOGIES, opportunities and challenges

The International Laboratory Accreditation Cooperation (ILAC) & The International Accreditation Forum (IAF)

The Africa Utilities Telecom Council Johannesburg CC, South Africa 1 st December, 2015

A Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services

INTERNATIONAL TELECOMMUNICATION UNION. WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Dubai, November 2012

ACCAB. Accreditation Commission For Conformity Assessment Bodies

IMEI Security Technical Design Principles

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

EUROPEAN ORGANISATION FOR SECURITY SUPPLY CHAIN SECURITY WHITE PAPER

Bridging Standardization Gap BDT Sylvester Cadette

Cybersecurity & Spam after WSIS: How MAAWG can help

State of Conformity Assessment for Equipment Requiring Type Approval in Ethiopia

International Laboratory Accreditation Cooperation. The ILAC Mutual Recognition Arrangement. global trust. Testing Calibration Inspection

USA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036

Council 2012 Geneva, 4 13 July 2012

2. What do you think is the significance, purpose and scope of enhanced cooperation as per the Tunis Agenda? a) Significance b) Purpose c) Scope

Sustainable Management of Waste Electrical and Electronic Equipment (WEEE) in Latin America

European Union Agency for Network and Information Security

ITU ACTIVITIES IN CAPACITY BUILDING UPDATE NOVEMBER 2015

IEEE Conformity Assessment Program (ICAP) June12, 2013

IEEE 802 EC ITU standing committee

IEEE 802 EC ITU standing committee

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Developing a National Emergency Telecommunications Plan. The Samoan Experience November 2012

Security Standardization

Internet Governance and the World Summit on the Information Society (WSIS)

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

DIGITAL FINANCIAL INCLUSION FOR MONGOLIA

Report on the activities of the Independent Integrity Unit, November 2016 to September 2017

Donor Countries Security. Date

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

ILAC The International Laboratory Accreditation Cooperation IAF The International Accreditation Forum Latest developments

Cybersecurity Standards Coordination and Deployment Strategies: CITEL Initiatives

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Scope of the Member State mechanism

Transcription:

SG 11 Regional Workshop for Africa on Counterfeit ICT Devices, Conformance and Interoperability Testing Challenges in Africa (Cairo, Egypt 5 April 2017) Combat of Counterfeit and Stolen ICT Devices João Alexandre Zanon National Telecommunication Agency ANATEL/Brazil Vice Chairman of ITU-T SG11 and WP3/11 Rapporteur of Q15/11 zanon@anatel.gov.br

Outline The Brazilian Scenario. Challenges when addressing the problem. The importance of Conformity Policies. Latest CITEL actives. Latest ITU actives. What we should aim for.

The Brazilian Scenario

300,000.00 250,000.00 271,100.00 General Statistics 200,000.00 201,774.00 150,000.00 100,000.00 79,507.36 Mobile Market Share Others 0.83% 50,000.00 - Mobile Broad. Acc. Mobile Acc. Population OI 18.53% VIVO 28.78% Contract Pre-Paid 23.0% 77.0% TIM 26.91% CLARO 24.95% Mobile Density 134% 0% 20% 40% 60% 80% 100% 120% 140% 160%

C&I Applicable Laws and Regulations Law 9.472 (July 1997) General Telecommunications Law. Establishes that Anatel, the Brazilian National Telecommunications Agency is responsible for issuing or recognizing the certification of telecommunication products and for issuing standards and regulations regarding their use in Brazil. Resolution 242 (November 2000) General regulations on the certification and approval of telecommunication products. Establishes that any telecommunication product, before it may be sold or used in Brazil, must have a CERTIFICATE OF CONFORMITY issued by a Designated Certification Organization OCD and approved / homologated by Anatel. Anatel may implement Mutual Recognition Agreements for conformity assessment of telecommunication products. All equipment that use radiofrequency to transmit signal must be certificate before being used on Brazil.

CA - Enforcement activities To Identify and combat defining preventive actions to protect the market; To favor fair competiton between all equipment manufactures; Protect the internal market and the end-user; Pre-Market Surveillance (Type Approval): To grant access to market by compliance demonstration; Currently are available in Brazil, for testing telecom products: 23 Third Party laboratories: 18 accredited by INMETRO and 5 by OCDs; 5 First Party laboratories evaluated by OCDs. Pós-market (Oversight): When demanded (complains). Continuos validation the equipment follows up-to-date regulations;

Brazilian Certification Process Laboratory Manufacturer Provides Technical Information about the Product Signs a Contract with the OCD Issues Test Report Chooses a Laboratory Provides a Sample of the Product Performs Tests according to Regulations Certification Body (OCD) Reviews Specs Determines Applicable Test Requirements Reviews Test Results Issues Certificate of Conformity Manufacturer / Representative Anatel Reviews Documentation Submits Aditional Documentation Issues Certificate of Homologation Authorized to Market the Product

Stakeholder Roles SGCH Documents from the manufacturer Homologation Certificate Rules and Regulations SGCH Manufacturer / Supplier Technical Specifications Designated Certification Organization Certificate of Conformity Applicable Requirements Sample of the Product Laboratory Test Report

SIGA - Sistema Integrado de Gestão de Aparelhos O Sistema Integrado de Gestão de Aparelhos SIGA aims to control counterfeit, tampered and unauthorized mobile devices. The project is based on Anatel Regulatory framework that dictates that operators can only allow on the network authorized devices. The Project is lead by Anatel with the participation of all relevant actors (Anatel, Operators, ABR-Telecom, Manufactures, GSMA, among others). The system is operated by ABR-Telecom and is active since march 2014 collecting the relevant information from all mobile networks on Brazil.

SIGA Premises Centralized solution: built jointly and integrated to all Brazilian mobile operators; Automated solution: allowing the input of information with low human intervention; Scalable, Dynamic and Flexible: expandable system, rules adjusted over time; Multiple sources of info: CDRs, operators systems, international databases; Reliable and secure: Minimize impacts on regular end users;

SIGA status and next steps On november 2016 Abinee (manufactures association) promoted an awareness campaign Celular pirata não Major campaign involving, TV, Newspaper, internet and other street media. https://www.youtube.com/channel/ucdaapzdku0bmjr8de8phg1q On February 2017 Anatel as launched the website of the project SIGA called Celularlegal. The website aims to help end-users to purchase only regular devices. www.anatel.gov.br/celularlegal Anatel is preparing to start an awareness campaign focused on new irregular devices identified o the network. Initial communication by SMS to all new irregular devices identified on the network. Preparation of the Call-Center of Anatel, Operators and manufactures to assist users. Aligned communication language with all the participants based on Anatel's website of the project. Anatel will provide a tool to enduser check if the device he would like to buy is regular (including checks regarding Stolen devices blacklisting).

Challenges when addressing the problem.

Challenges when addressing Counterfeit/Substandard/unauthorized Construct a reliable reference database. Need of reliable Unique identifiers (as indicated on Res. 188). Preferable use of international reference databases + national bases. Identification and definition of actions for for each scenario. Attack every device of focus first on voice terminals? How to address the cloned problem? Reduce end-user impact. Define Legacy Terminal actions (regulatory wave?) Strong Educative campaign to pass information to the user. Actions effective only on terminal already on the network. How to control the entrance of new Counterfeit and other irregular devices?

Blocking the entrance of these new Devices Source: ITU-T TR Combating Counterfeit CUSTOMS` Inspection in Brazil: 90 % from the incoming products to Brazil are inspected Postal inspections (FEDEX, DHL, UPS, TNT, etc). Shipping inspections when demand.

Source: ITU-T Q.FW_CCF Conformity Assessment Importance

Proposed ICT Equipment Control Workflow Customs Industry Conformity Authority C&I Regime Reliable Unique Identifier Market Surveillance Testing Market / End user Illegal Market Standards Collab./ MRA National DB Source: ITU-T TR Combating Counterfeit Legacy

Multi Layer Initiatives

Multi Layer Initiatives Regarding Counterfeit National: Example - Brazil s SIGA and Custom Integration. Regional: CITEL CCPI: GTPR Correspondence Group on the Combat of Counterfeit, substandard and unauthorized mobile terminals. GTPR Rapporteurship on Fraud Control, Regulatory Non-compliance Practices in Telecommunications and Regional Measures against the Theft of Mobile Terminal Devices. Creation of a Technical Notebook on Counterfeit and discussion of Q.FW_CCF IAP with a proposal of new WTSA-16 Resolution on the combat of Counterfeit Global Wide Actions: PP14 Resolution 188 on Counterfeit. ITU-T SG11 (Q8/11) Technical Report. ITU Event on the combat of Counterfeit. Q.FW_CCF Framework for solution to combat counterfeit ICT Devices. WTSA-16 Res. 96 Combating counterfeit ICT devices SG 11 Regional Workshop for Africa on Counterfeit ICT Devices.

Most Relevant CITEL PCCI Activities XXIV Meeting of PCC.I (Lima, May 2014): Resolution 222 (XXIV-14) - established the "Correspondence Group to Discuss Regional Measures to Combat the Spread of Counterfeit, Substandard and Unapproved Mobile Devices Mandate: develop definitions,evaluate the scope; share information, experiences and best practices among Member States and associate members of CITEL, developing recommendations and guidelines XXVII Meeting of PCC.I (Washington, September 2015): Proposal of the base text for the Technical Report on Counterfeit, Substandard and Unauthorized based on ITU-T TR Counterfeit and responses to the questionnaire. Discussion on how CITEL can coordinate its works with ITU-T Q8/11 work items. Discussion of IAP/Multi-country contribution to Draft Recommendation ITU-T Q.FW_CC. XXIX Meeting of PCC.I (Lima, September 2016): Approval of a Inter-America Proposal (IAP) to create a new WTSA Resolution on the combat of Counterfeit ICT.

Recent ITU Initiatives

On going work from the past Study-Period Q8/11: Based on PP-14 Resolution 188 - Combating counterfeit telecommunication/information and communication technology devices Q.FW_CCF: Framework for solution to combat counterfeit ICT Devices TR-CF_BP: Technical Report - Guidelines on Best Practice and Solutions for Combating Counterfeit ICT Devices TR-Uni_Id: Technical Report on use of anti-counterfeiting technical solutions relying on unique and persistent mobile device identifiers

Resolution 2 of WTSA-16 SGs responsibility and mandates ITU-T SG11 Lead study group on combating counterfeiting and the use of stolen ICT devices AREAS OF STUDY OF ITU-T SG11: studies to combat counterfeiting products including telecommunication/ict and mobile device theft Q15/11 Questions: What technical reports are needed to raise awareness of the problem of counterfeiting of ICT equipment and the dangers they pose? Can Conformity and interoperability testing and assessment schemes be used to combat counterfeit ICT equipment? What technologies may be used as a tool for combating counterfeit, tampered and stolen ICT equipment? What identity management frameworks are appropriate to combat counterfeit and stolen ICT equipment with their identity modified? What kind of Recommendations, technical reports and guidelines should be developed to combat ICT counterfeiting, tampering, modification and/or duplication of unique device identifiers? What kind of Recommendations, frameworks, technical reports and guidelines should be developed to assist ITU Members, in cooperation with ITU-D Sector, on combating counterfeit and mitigate the use of stolen ICT equipment? What ITU Recommendations are required to secure the supply chain management (from manufacturing, importation, distribution and marketing) to ensure traceability, security, privacy and trust of people, products and networks?

Resolution 2 of WTSA-16 SGs responsibility and mandates ITU-T SG11 Lead study group on combating counterfeiting and the use of stolen ICT devices Q15/11 Task: AREAS OF STUDY OF ITU-T SG11: studies to combat counterfeiting products including telecommunication/ict and mobile device theft Develop Recommendations, technical reports and guidelines to assist ITU Members, in cooperation with ITU-D Sector, on combating counterfeit ICT equipment Develop Recommendations, technical reports and guidelines to address the problem of stolen ICT equipment and to assist the Member States, in cooperation with ITU-D Sector, in deploying solutions to and mitigate the use of stolen equipment Study any possible solutions, including identity management frameworks, to combat counterfeit and stolen ICT equipment with their identities modified Study any technologies that can be used as a tool for combating counterfeit and tampered ICT equipment Organize workshops and events across ITU regions in cooperation with the ITU-D Sector to promote the work of ITU-T in this field and involve stakeholders Study possible conformity and interoperability testing (C&I) solutions to combat counterfeiting of ICT equipment, taking into account the activities of the ITU-T CASC Study results achieved by various international standardization bodies and develop technical specifications to feed the standardization work of the Question

Resolution 96 of WTSA-16 - Combating counterfeit ICT devices Instructs ITU-T Study Groups 11, within their mandate: Developing Recommendations, technical reports and guidelines to address the problem of counterfeit and tampered ICT equipment Collect, analyze and exchange information about counterfeiting and tampering practices Study existing as well as new reliable, unique, persistent and secure identifiers that have the potential to be used in combating counterfeit and tampered products, including the context of their possible duplication/cloning Develop methods of assessing and verifying identifiers used for purposes of combating counterfeit production Develop mechanisms as appropriate for identifying products, unique identifiers that are resistant to duplication and respond to confidentiality/security requirements Study possible solutions, including frameworks to discover identity management information, that could support combating of counterfeit and tampered ICT devices Identify a list of technologies/products, used for testing conformance with ITU-T Recommendations, in order to help in efforts to combat counterfeit ICT production

Resolution 97 of WTSA-16 - Combat mobile device theft Instructs ITU-T Study Groups 11, within their mandate: Develop Recommendations, technical reports and guidelines to address the problem of mobile telecommunication device theft and its negative effects Study any possible solutions to combat the use of stolen mobile telecommunication devices with tampered (changed without authorization) identities and to prevent them from accessing the mobile network Study any technologies that can be used as a tool for combating mobile telecommunication device theft Draw up a list of identifiers used in mobile telecommunication/ict device

Key topics to be addressed

KEY CHALLENGES BASED ON RES. 2, 96, 97. Developing Recommendations, technical reports and guidelines on combating the use for Counterfeit and Stolen Devices. Study existing as well as new reliable, unique, persistent and secure identifiers to assist on the combat of counterfeit and stolen. Methods of assessing and verifying identifiers used for purposes of combating counterfeit production. List of technologies/products, used for testing conformance with ITU-T Recommendations, in order to help in efforts to combat counterfeit ICT production Solutions to address the problem of tampering and duplication of unique identifiers.

Strategic plan for Study Period (2017-2020)

Strategic plan for Study Period (2017-2020) Proposed Strategic plan for addressing the Challenges: Division of the work in four major blocks, based on the Res. 2, Res. 96 and Res. 97: 1. Raise the awareness and promote the discussion; 2. Coordinate the actions and collect information, within and outside ITU; 3. Produce deliverable, such as Technical Reports and Recommendation; 4. Assist ITU members implement the deliverables and combat the use of counterfeit and stolen devices; Continuation and improve of the actions regarding the combat of Counterfeit. New immediate actions on the combat of Stolen Mobile Devices: Proposal of new Recommendation: Framework for Combating the use of Stolen Mobile Devices. Proposal of a Workshop to raise information an awareness.

What we should aim for

What we should aim for Multi Level Actions and Cooperation. Bilateral and Regional cooperation. International best-practices and recommendations. Reduce End-user impact (Good Faith user) Good user communication is crucial. Weave for legacy terminal (turnover). National multiple actions to combat Counterfeit and Tampered Structured C&I Policy and Custom Integration. Solutions to Remove Counterfeit from the market. Reliable reference databases and Unique Identifiers to our solutions Secure unique identifier - PP14 Res. 188 Counterfeit WTSA Resolution 96 and 97. Global references databases + Country Specific databases.

Thank You! Any Questions? João Alexandre Zanon zanon@anatel.gov.br

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback