Why the ITU Can Spearhead a Standards Renaissance

You get to see and learn a lot during a 30-year career working in technology, where change is the only constant. But if my time in the trenches has taught one overriding lesson, it’s the importance of industry standards.

Simply put, it’s nigh impossible to make major progress when we, as an industry, fail to coalesce around common standards. But when we do, the results speak for themselves.

Take the example of the X.509 protocol, which has made an enormous contribution to cybersecurity globally since its debut 35 years ago. It has since become the universal language for public key infrastructure (PKI) and privilege management infrastructure (PMI), which are the fundamental building blocks for secure transactions in business-to-business, business-to-consumer, and government-to-citizen environments. It’s hard to imagine our world without it.

This happened on purpose

None of this happened by accident. Progress required the determination and labor of countless people across the globe to make this happen. They set an admirable example for the rest of us to follow.

In fall 2023, Symantec (now part of Broadcom’s Enterprise Security Group) agreed to support the UK government’s request to nominate me as candidate to the role of ITU-T Study Group 17 (SG17) chair. I hope to contribute to that collective body of work, should I be appointed at the World Telecommunication Standardization Assembly 2024 in New Delhi this October. SG17 essentially coordinates security related work across all ITU-T Study Groups, often working in cooperation with other standards development organizations and information and communications technology industry fora. We’ll be tackling a myriad of topics, everything from security models and frameworks to new and emerging security technologies including AI, Generative AI and quantum-based security. 

Needless to say, we’re going to be busy. But that’s fine. We’re at one of the most exciting junctures in the recent history of the technology industry, especially as innovations such as AI find their way into the market. 

But at the same time, we also face new perils. As the attack surface explodes in size, it’s critical that the industry finds agreement on common security models that protect all the entities of interest. That puts a premium on finding ways to make sure communication systems and jurisdictions around the world don’t erect artificial barriers that make it hard–or worst-case, impossible–to defend those environments. That would only foster confusion and hand new opportunities to attackers. 

Here's where the ITU plays a vital role. This venerable institution, which started in the 19th century, is the longest serving standards defining organization in the world. Nowadays, it’s the rare forum where nations, business, academia and civil society can come together to work out standards problems as they crop up. That means diplomacy and negotiation are employed to clinch agreements on any new standards.

For technology organizations like Broadcom, which famously invests 20% of its revenues back into R&D, it’s hard to underscore the importance of this forum. Companies can invent products, but their upside is limited if those new products don’t conform to internationally recognized and governed standards, whether long existing or new. Beyond security, if a chip winds up running on what’s deemed to be the “wrong” frequency, you have a big problem getting wide customer acceptance. 

Advancing the state of the art

Thankfully, by pursuing globally recognized standards, the industry is working in its own enlightened self-interest. We can further mitigate these potential risks by fostering a more inclusive community with the ITU serving as a common fulcrum for global technical standardization. Ultimately, we share the same goal: to produce high quality/relevant international standards that advance the state of the art.

If I might take a bow on behalf of the organization, the ITU is particularly well suited for this role. Over the years, it has rightly come to be viewed as one of the few places in the world where all countries can count on getting a fair hearing. It’s why neutrality will continue to be our north star so that participants trust us.

All this is a personal privilege for me. But I’m only the latest executive from Symantec (and now Broadcom) to take up the work of building better industry standards and frameworks. Many of my colleagues at the company have similarly advocated for customers at global standards bodies and international communities, helping to create interoperable security recommendations like the ones that the ITU develops. In this tradition, a large number of innovations you hear about come from pioneering work at the company. That long commitment to service on behalf of a greater good has been a source of daily inspiration for me.

These are core values that I’ve soaked up working here. And they underscore the overarching truth that when we do right by customers, we all gain.