ETSI releases a white paper on future ICT technology trends

Sophia Antipolis, 10 May 2021

“Information and Communications Technology (ICT) is an exciting and dynamic area, that is in constant innovation, through the evolution of existing concepts and technologies but also through the emergence of disruptive technologies and even sometimes unexpected new use cases”.

Read More...

ETSI releases IoT testing specifications for MQTT, CoAP and industrial automation and control systems

Sophia Antipolis, 25 June 2021

The ETSI committee on Methods for Testing and Specifications (TC MTS) has recently completed a first set of seven standards addressing the testing of the IoT MQTT and CoAP protocols, and the foundational security IoT-Profile.

Read More...

ETSI's Director-General speaks of the future of railway mobile communication systems at COIT event

Sophia Antipolis, 28 June 2021

On 23 June, as part of the commemoration of the European Year of Rail, the COIT Smart Railways Working Group conducted an online session to publicise the features and advantages of the FRMCS (Future Railway Mobile Communication System). This system will replace the current GSM-R and technologically mark the next decades of a means of transport that is living its best moment.

Read More...

ETSI releases specifications boosting trustful end-to-end network and service automation

Sophia Antipolis, 13 September 2021

ETSI is pleased to announce the release of three major specifications and reports developed by its Zero-touch network and Service Management (ZSM) group. ETSI GS ZSM 003, defines end-to-end network slicing management and orchestration architecture blueprint and solutions, and ETSI GS ZSM 009-1 specifies the enablers for closed-loop automation. The general security aspects related to the ZSM framework and solutions, and potential mitigation options are introduced in the ETSI GR ZSM 010.

Read More...

Listen to ETSI webinar: “IPv6 Enhanced Innovation: the IPv6-only Future in the 5G, IoT & Cloud Era"

Sophia Antipolis, 17 September 2021

ETSI has successfully held two webinars on ‘IPv6 Enhanced Innovation: the IPv6-Only Future in the 5G, IoT & Cloud Era’ on 13 September. They are available at the following locations:

Part 1: https://www.brighttalk.com/webcast/12761/497800;

Part 2: https://www.brighttalk.com/webcast/12761/497809

Ten experts from government institutions, operators, manufacturers and research institutes, shared their vision and the progress made to date within ETSI ISG (Industry Specification Group) IPE (IPv6 Enhanced innovation).

Read More...

Congratulations to Optare solutions, winner of the 2021 ETSI MEC Hackathon

Sophia Antipolis, 10 November 2021

Following the ETSI MEC Hackathon that took place during the Edge Computing World from 12 to 15 October, you can now discover the winner, the A Team, from Optare solutions, on the event website. The A Team presented the “flex drone concept”, edge AI autonomous drone flights, compliant with ETSI MEC standards.

Read More...

ETSI Announces Second Release on Self-Adapting Autonomous Networks

Sophia Antipolis, 13 January 2022

Following on from meetings conducted in late 2021, ETSI has now completed Release 2 of its Experiential Networked Intelligence (ENI) specifications with the system architecture ETSI GS ENI 005. 

ETSI GS ENI 005 and associated documents will provide better insight into network operations - allowing more effective closed-loop decision making plus better lifecycle management. Through its use, operators will be able to leverage acquired data and apply artificial Intelligence (AI) algorithms to it. This will mean that they can respond much quicker to changing situations and gain far greater agility. The services being delivered across their networks may thereby be rapidly adapted and the resources they have available correctly assigned in accordance with subscribers’ requirements, or any other alterations in circumstances (either operationally or commercially driven).

Read More...

ETSI publishes a white paper introducing Permissioned Distributed Ledger (PDL)

Sophia Antipolis, 24 January 2022

After the release of the first specification on smart contracts on 18 January, members from the ETSI PDL group published a White Paper entitled “An Introduction of Permissioned Distributed Ledger (PDL)”.

Distributed ledgers have consolidated as one of the most disruptive applications of information technology that have appeared in recent years. Their ability to store any kind of data as a consensus of replicated, shared, and synchronized digital records distributed across multiple sites, without depending on any central administrator, together with their properties regarding immutability (and therefore non-repudiation) and multi-party verifiability opens a wide range of applications.

Read More...

MEC is ramping up with Phase 3 work on Multi-access Edge Computing

Sophia Antipolis, 15 March 2022

Since the beginning of 2022 the ETSI MEC Industry Specification Group (ETSI ISG MEC) has moved forward with the on-going Phase 3 work, which is foreseen to help accelerate and enable more effective and fruitful collaboration with other organizations.

Read More...

ETSI unveils 2022 Fellows rewarding outstanding personal contribution

Sophia Antipolis, 6 April 2022

ETSI is pleased to unveil its 2022 ETSI Fellows. The Award committee, composed of the GA Chair and Vice-Chairs, the Board Chair and the ETSI Director-General, unanimously nominated Dr. Diego López, Dr. Günter Kleindl, Mr. Larry Taylor and Mr. Lindsay Cornell as ETSI Fellows for their outstanding personal contributions to the organization.

Read More...

Sophia Antipolis, 13 June 2022

The 2nd FRMCS Plugtests^TM event, organized remotely by ETSI with the support of the European Commission, EFTA, TCCA and UIC from 16 to 20 May 2022, has concluded with a success rate of 95% of the executed tests.

ETSI Plugtests events are essential to ensure seamless access to mission critical services across different vendors’ products and implementations. The MCX ETSI Plugtests series is the first independent testing of public safety and other mission critical LTE services. The MCX services are the basis for the Future Rail Mobile Communications System (FRMCS), and tests are based on the MCX (collectively for MCPTT, MCVideo and MCData services) framework.

Read More...

ETSI publishes a new White Paper on Multi-access Edge Computing security

Sophia Antipolis, 28 September 2022

Members from the ETSI Multi-Access Edge Computing group (ISG MEC) have just published a new white paper, “MEC security; Status of standards support and future evolutions".

Read More...

New ETSI Telemetry Standard Improves Automation for better End-User Quality of Experience

Sophia Antipolis, 28 November 2022

As the scale and services offered through the Optical Access Networks increase, it is crucial to maintain network good operation and performance. To achieve this, the Optical Access Network monitoring can be improved when compared to existing traditional methods via automated real-time data collection. Telemetry enables this and transmits data from the optical line terminal (OLT) - i.e., the device at the endpoint of a passive optical network - in real-time to provide information to the data collection platform.

Read More...

Sophia Antipolis, 9 January 2023

The ETSI group on Experiential Networked Intelligence (ISG ENI) has just published a White Paper describing the design of a novel cognitive network. This White Paper explains how the ETSI ENI novel system architecture (based on ETSI GS ENI-005) intelligently manages, predicts, adjusts and optimises network behaviour using cognition management, thereby enhancing the operator experience.

Read More...

Leading to more effective and fruitful cross organization collaboration

Sophia Antipolis, 14 February 2023

In the last three months, ETSI ISG MEC has released its final Phase 2 specification (GS MEC 015, on Traffic Management APIs) and made significant progress on Phase 3 with the release of a number of important specifications, including the MEC Federation Enablement APIs (GS MEC 040): in particular, this specification is critical for supporting the requirements received from GSMA OPG (Operator Platform Group) to enable inter-MEC system communication and allow 5G operators to collaborate among themselves, with service cloud providers and with other stakeholders. 

Read More...

Sophia Antipolis, 22 February 2023

During the 17th meeting of ETSI’s Securing AI Industry Specification Group, Scott Cadzow from Cadzow Communications, was elected as the new Chair.

His vision is to confirm ISG SAI as the European Union’s and Standards Development Organizations’ centre of excellence in the topic of securing Artificial Intelligence and Machine Learning.

AI is, or is likely to become, endemic. All reasonably complex software will eventually include AI elements and he is convinced that ETSI is well placed to become thought leader on the role of AI and, particularly, the role of standards for AI, addressing the challenges to standardization of the forthcoming AI Act.

Read More...

Sophia Antipolis, 24 February 2023

In the light of ten years from the NFV introductory whitepaper, is the new whitepaper the ETSI ISG NFV Network Operator Council (NOC), an advisory group of ISG NFV, launched this week, 10 years after the introductory whitepaper. 

Read More...

Sophia Antipolis, 14 March 2023

To celebrate the 10th anniversary of ETSI NFV, ETSI organized a conference on the “Evolution of NFV towards the next decade” on 6 and 7 March at its facilities. The face-to-face event provided a unique opportunity for the NFV community to reflect on their achievements in the past 10 years and on the way forward. Carriers, vendors, SDOs representatives, and stakeholders from the whole ecosystem came together to debate on challenges and opportunities. They also addressed how to increase the cooperation between various SDOs and the open-source communities to enhance interoperability and to smooth the deployment of cloudified network telecom functions.

Read More...

Sophia Antipolis, 23 March 2023

Autonomous Networks (AN) are considered one of the most important evolutions to enable Digital Transformation, offering new service opportunities and significant cost saving in network operation. It is one of the most attractive environments where to leverage Artificial Intelligence in the Network and activities around Autonomous Networks have gained momentum in Standards and ICT Industry.

Read More...

Sophia Antipolis, 27 April 2023

ETSI has just released a Protection Profile (PP) for the security evaluation of quantum key distribution (QKD) modules, ETSI GS QKD 016. This Protection Profile is a first and anticipates the need for quantum safe cryptography. The ETSI specification will help manufacturers to submit pairs of QKD modules for evaluation under a security certification process.

Read More...

Sophia Antipolis, 3 July 2023

ETSI is starting today its 3rd FRMCS (Future Railway Mobile Communication System) Plugtests™ event. GSM-R is one of the main standards for railway telecommunication services. It is developed and maintained by the ETSI Technical Committee Railway Telecommunications. With the increased need for more throughput, higher capacity and flexible deployment options, FRMCS is being developed based on 3GPP Mission Critical Services.

Read More...

Sophia Antipolis, 1 September 2023

The Report of the 3rd interoperability Plugtests™ event for the Future Railway Mobile Communication System (FRMCS) is now available. All executed tests achieved an interoperability success rate of 86%.

Read More...

Sophia Antipolis, 20 September 2023

ETSI has published a new standard on “Requirements for trust service providers issuing publicly trusted S/MIME certificates” (ETSI TS 119 411-6 ) helping Trust Service Providers comply with new standards for S/MIME certificates that are enforced since 1 September 2023. Secure MIME (S/MIME) certificates are used to sign, verify, encrypt, and decrypt email messages. 

Read More...

Sophia Antipolis, 30 November 2023

ETSI proudly announces its commitment to fostering the education and skills development of the next generation of European standardization professionals. This initiative is part of a voluntary pledge which ETSI’s Director-General Luis Jorge Romero signed today in Brussels in the presence of the Commissioner for Internal Market of the European Union, Thierry Breton. It was launched by the European Commission’s High-Level Forum on European Standardization, specifically under the workstream on Education and Skills.

Read More...

Sophia Antipolis, 21 February 2024

ETSI’s first LTA Signature Augmentation and Validation Plugtests™ has seen international participants exchange over 35 000 digital signature validation reports.

Held from 23 October - 22 December 2023, the remote interoperability event was organized by the ETSI Centre for Testing and Interoperability (CTI), on behalf of ETSI’s Technical Committee for Electronic Signatures and Trust Infrastructures (TC ESI). This Plugtests™ event was facilitated with the support and co-funding of the European Commission (EC) and the European Free Trade Association (EFTA).

Conducted using a dedicated web portal, sessions over the month-long Plugtests™ attracted the involvement of 190 participants from 121 organizations across 38 countries.

Read More...

Sophia Antipolis, 15 April 2024

ETSI Multi-access Edge Computing completed Phase 3 Work and started Phase 4

Leading to more effective and fruitful cross organization collaboration

In the last three months, ETSI ISG MEC has released its final set of Phase 3 specifications and made significant progress on Phase 4 with the opening of new Work Items. In particular, the last Phase 3 version of MEC 011 (Edge Platform Application Enablement) contains the updates related to the latest alignment with 3GPP on CAPIF, thanks to a fruitful collaboration with SA6, CT3 and SA3 groups. Also, ISG MEC produced an updated version of MEC 040 (Federation Enablement APIs), that carefully considered the relevant work of other industry bodies relating to MEC federation and all relevant work done in ETSI. This work is critical for supporting the requirements from GSMA OPG (Operator Platform Group) to enable inter-MEC system communication and allow 5G operators to collaborate among themselves, with service cloud providers and with other stakeholders. New APIs are introduced for the enablement of MEC federation, helping operators to "federate" edge computing resources by offering their MEC service capabilities for mutual consumption, application developers and end-customers (e.g. vertical markets).

Read More...

Sophia Antipolis, 18 April 2024

ETSI is pleased to unveil its 2024 ETSI Fellows who were announced at the 83rd ETSI General Assembly on 16 April 2024.
The Award Committee, composed of the GA Chair and Vice-Chairs, the Board Chair and the ETSI Director-General, unanimously named Dr. Howard Benn, Mr. Philippe Magneron, Dr. Matthias Schneider, Mrs. Isabelle Valet Harper and Mr. Dirk Weiler, as ETSI Fellows 2024 for their outstanding personal contributions to the organization.

Read More...

Sophia Antipolis, 30 April 2024

The ETSI TeraFlowSDN community is proud to announce the third release of TeraFlowSDN, an innovative and robust SDN orchestrator and controller, delivering a fully featured Network Automation Platform. In this latest release, TeraFlowSDN enhances its capabilities with the integration of an Optical SDN controller, expanding device support to include gNMI and OpenConfig protocols. It also features enriched network integrations for end-to-end orchestration like IP over DWDM, L3VPN, MEC, and network topology exposure. The management of network topologies is improved with the addition of a new BGP-LS speaker able to discover the topologies, and a new Forecaster component is introduced, providing predictive insights for network management. These additions substantially augment the versatility and management capabilities of the TeraFlowSDN platform.

Read More...

Sophia Antipolis, 24 May 2024

Speakers at the 10th ETSI/IQC Quantum Safe Cryptography Conference have called on organizations to prepare their cybersecurity infrastructures to address the challenges of a post-quantum world.

Organized by ETSI and the Institute for Quantum Computing, this year’s conference was hosted from 14-16 May by the Centre for Quantum Technologies (CQT), National University of Singapore (NUS), in partnership with the Infocomm Media Development Authority (IMDA) and the Cyber Security Agency (CSA) of Singapore. The event attracted an impressive 235 onsite delegates from 27 countries, reflecting fast-growing interest worldwide in the critical importance of quantum-safe cryptography in today’s cybersecurity strategies.

Read More...

Sophia Antipolis, 11 June 2024

ETSI, the Standards People, are putting high emphasis on enhancing education to help prepare the next generation of standards professionals master tech standardization.

The European standardization organization provides a comprehensive set of high-quality educational materials on ICT standardization aimed at universities, NSOs and member organizations for training purposes. This comprises a textbook on ‘Understanding ICT Standardization’ which is complemented by a modular slide set allowing components to be used in a range of engineering, business, and law courses.

ETSI is pleased to announce a new collaboration with the Utrecht University Summer School on ‘Global Power and Technology’ covering ‘Competition, Innovation & Technological Advancement through Standardization in the EU’, taking place on 15-19 July 2024 in the Netherlands.

Read More...

Sophia Antipolis, 5 July 2024

ETSI is pleased to announce the successful conclusion of the FRMCS #4 Plugtests event, held at Sophia Antipolis, ETSI HQ, from July 1 – 5, 2024. This event brought together key stakeholders, including railway operators, telecom vendors, system integrators, and industry experts worldwide. ETSI organized the event with the support of the European Union, EFTA, TCCA-Critical Communications, and UIC— International Union of Railways.

Read More...

Starts: Sat, 23 Nov 2024 18:30:00 -0500
11/23/2024 06:30:00PM
Location: Seoul, Korea (south)

Starts: Sat, 07 Dec 2024 13:30:00 -0500
12/07/2024 11:30:00AM
Location: Los Angeles, U. S. A.

The Civil War began with a largely symbolic battle at Fort Sumter, a battle in which the only fatality was a (southern) horse.

New essay by Joel E. Cohen just added to Nature Transformed: The Environment in American History, TeacherServe from the National Humanities Center.

This document is only available in PDF format.

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

A twitter TeachIn about marine protected areas, hosted by @RJ_Dunlap on 4/8/2013

Selected responses categorized into 'helped', 'helped and harmed' and 'harmed'.

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case