itu-d Study Group 2: ICT Services, Applications, Cybersecurity and Emerging Technologies
Study Group 2 is the ITU-D's primary vehicle for national cybersecurity capacity building — driving GCI metrics, CIRT establishment, e-health data security, and the application of AI/emerging technologies in national ICT infrastructure.
Official Scope
Study Group: SG2 — ICT services and applications
Active Period: 2022–2025 Study Cycle
Addresses cybersecurity capacity building, digital economy security, e-government and e-health services, disaster reduction/resilience, and the security implications of AI, cloud, and blockchain in national ICT strategies. Outputs include the Global Cybersecurity Index (GCI) and national CIRT development guidance.
Tactical Security Significance
- Relevance: 🟢 High — GCI Policy Maturity, National CIRT Capability, Critical Infrastructure Protection, Healthcare Data Security
- Key Security Concepts: GCI v5/v6 Measurement Framework, National CIRT Establishment (X.1060), E-Health Security (Health Data Privacy), Cloud Security for Government
- Attack Surface: National CIRT capability gaps (unmeasured by GCI), e-health interoperability endpoints, government cloud adoption without adequate security baselines
Study Questions Mapping (2022–2025)
| Question ID | Title | Key Security Domain | Output Type |
|---|---|---|---|
| Q1/2 | Digital financial services and their applications | Mobile Money Security & FinTech Fraud | Best Practices |
| Q2/2 | Security of digital infrastructure and applications | Critical Infrastructure Security — GCI Alignment | GCI Framework |
| Q3/2 | E-health and ICT applications for health services | Health Data Privacy / HL7 FHIR Security | Guidelines |
| Q4/2 | ICT for inclusive finance and agriculture | Agricultural IoT Security / m-Commerce | Best Practices |
| Q5/2 | Disaster risk reduction and management | Emergency ICT Resilience | Guidelines |
| Q6/2 | Digital government and public services | e-Government Identity & Data Security | National Policy |
| GCI | Global Cybersecurity Index | National Cybersecurity Maturity Measurement | National Scorecard |
Security Mapping
Global Cybersecurity Index (GCI) — Q2/2
The GCI v5 (2024) measures national cybersecurity commitment across five pillars:
| GCI Pillar | What is Measured | Security Implication |
|---|---|---|
| Legal | Cybercrime laws, e-transaction laws | Legal mandate for operator security controls |
| Technical | CIRTs, vulnerability disclosure, protection plans | Capability to respond to national incidents |
| Organizational | Strategy, awareness campaigns, responsible agencies | Governance framework for CIIP |
| Capacity Development | Education, training, professional certifications | Workforce to implement technical controls |
| Cooperation | Bilateral/multilateral agreements, IOC/IFP sharing | International incident response coordination |
- Operator impact: Nations with high GCI scores typically mandate stricter security requirements on licensed operators — security professionals should track national GCI reports to anticipate regulatory changes (e.g., mandatory ISMS certification, CIRT membership requirements)
National CIRT Development (Q2/2 / X.1060)
X.1060 (SG17) provides the technical framework for establishing a Cyber Defence Centre; Q2/2 provides the policy and capacity-building context for how nations actually implement it.
CIRT Maturity Levels (ITU-D Model):
| Level | Capability | Key Milestone |
|---|---|---|
| 1 — Reactive | Ad-hoc incident response | Incident contact point established |
| 2 — Defined | Documented procedures, basic tools | Formal CIRT team, CSIRT network membership |
| 3 — Proactive | Threat intelligence, CTI sharing | Sectoral CIRT with industry members |
| 4 — Coordinated | National coordination, regional integration | National CIRT coordinates across all critical sectors |
- Assessment: When advising on national telecom security, evaluate the national CIRT's maturity level; operators in Level 1/2 countries should have self-sufficient incident response capability rather than relying on national coordination
E-Health Security (Q3/2)
E-health systems exchange highly sensitive patient data across telecom networks. Q3/2 develops guidelines for securing health data transmission and storage.
- Attack surface: HL7 FHIR APIs exposed by hospital systems without proper OAuth2 authorization; patient records transmitted over unencrypted telecom channels; telemedicine applications using consumer VoIP (no HIPAA/health data security)
- Key requirements: Encrypt all patient data in transit (TLS 1.3 minimum); enforce individual patient identity per X.1254 assurance levels; apply strict access logging for all health record queries; mandate breach notification procedures aligned with national data protection laws
Operational Audit
- National Cybersecurity Policy Checklist: GCI-aligned audit checklist for assessing national cybersecurity maturity across all five GCI pillars.
- ITU-D Policy Audit: Structured assessment framework for national telecom security regulatory frameworks.
!NOTE This study group is part of the master Series Tracker.