International Training Program 2011 ITU Global Cybersecurity Agenda

Transcription

1 International Training Program 2011 ITU Global Cybersecurity Agenda Sameer Sharma

2 Key Cybersecurity Challenges Lack of adequate and interoperable national or regional legal frameworks Lack of secure software and ICT-based applications Lack of appropriate national and global organizational structures to deal with cyber incidents Lack of information security professionals and skills within governments; lack of basic awareness among users Lack of international cooperation between industry experts, law enforcements, regulators, academia & international organizations, etc. to address a global challenge Cybersecurity not seen yet as a cross-sector, multi-dimensional concern. Still seen as a technical/technology problem.

3 Global Cybersecurity Cooperation Cyber threats/vulnerabilities are global challenges that cannot be solved by any single entity alone! The world is faced with the challenging task of developing harmonized and comprehensive strategies at the global level and implementing these with the various relevant national, regional, and international stakeholders in the countries

4 ITU and Cybersecurity WSIS entrusted ITU as sole facilitator for WSIS Action Line C5 Building Confidence and Security in the use of ICTs 2007 ITU Secretary-General launched the Global Cybersecurity Agenda (GCA) A framework for international cooperation in cybersecurity ITU Membership endorsed the GCA as the ITU-wide strategy on international cooperation

5 Global Cybersecurity Agenda (GCA) GCA is designed for cooperation and efficiency, encouraging collaboration with and between all relevant partners, and building on existing initiatives to avoid duplicating efforts.

6 GCA: From Strategy to Action 1. Legal Measures ITU Toolkit for Cybercrime Legislation ITU Publication on Understanding Cybercrime: A Guide for Developing Countries 3. Organizational Structures CIRT assessments and deployment ITU work on CIRTs cooperation ITU Cybersecurity Information Exchange Network (CYBEX) Global Cybersecurity Agenda (GCA) 2. Technical and Procedural Measures ITU Standardization Work ICT Security Standards Roadmap ITU-R Security Activities ITU-T Study Group 17 ITU-T Study Group 2 4. Capacity Building 5. International Cooperation ITU High-Level Expert Group (HLEG) ITU-IMPACT Collaboration ITU Cybersecurity Gateway ITU s Child Online Protection (COP) Collaboration with UNICEF, UNODC, UNICRI, UNICITRAL and UNDIR ITU National Cybersecurity Strategy Guide ITU Botnet Mitigation Toolkit and pilot projects Regional Cybersecurity Seminars Cybersecurity Assessment and Self assessment

7 Examples of Recent Initiatives ITU NATIONAL CYBERSECURITY STRATEGY GUIDE The Guide focuses on the issues that countries should consider when elaborating or reviewing national Cybersecurity strategies. 7

8 GCA and ITU-T Activities ITU-T Study Group 17 Lead Study Group for Telecommunication Security Mandate for Question 4/17 (Q.4/17): Cybersecurity Provides ICT Security Standards Roadmap ITU-T Cybersecurity Information Exchange Framework (CYBEX): September 2009 ITU-T Security Manual "Security in telecommunications and information technology (4 th ed.): Scheduled for publication in 2010 Draft summaries of Study Group 17 recommendations Focus Group on Identity Management (IdM) Approved over 100 Recommendations on security for communication Facilitates collaboration among national Computer Incident Response Teams (CIRTs) WTSA Resolutions ITU WTSA Resolution 50: Cybersecurity (Rev. Johannesburg, 2008) ITU WTSA Resolution 52: Countering and combating spam (Rev. Johannesburg, 2008) ITU WTSA Resolution 58: Encourage the creation of national computer incident response teams, particularly for developing countries (Johannesburg, 2008)

9 GCA and ITU-D Activities Assisting developing countries in bridging the digital divide by advancing the use of ICT-based networks, services and applications, and promoting cybersecurity ITU National Cybersecurity Guide ITU Botnet Mitigation Toolkit ITU Cybercrime Legislation Resources ITU-D Study Group Q 22/1 : Securing information and communication networks: best practices for developing a culture of cybersecurity Assistance in establishing Cybersecurity capabilities and services (e.g. Computer Incidnet Response Teams CIRTs) Regional workshops and capacity building activities related to cybersecurity/cybercrime WTDC Resolutions ITU Hyderabad Declaration, Paragraph 13 & 14 (2010) 13. [ ] the challenge of building confidence and trust in the availability, reliability, security and use of telecommunications/icts [.] can be addressed by promoting international coordination and cooperation in cybersecurity, taking into account, inter alia, the ITU Global Cybersecurity Agenda (GCA), as well as the development of related public policies and elaboration of legal and regulatory measures, including building capacity, to ensure cybersecurity, including online protection of children and women.

10 GCA and ITU-R Activities Establish fundamental security principles for IMT-2000 (3G) networks Issue ITU-R Recommendation on security issues in network management architecture for digital satellite system and performance enhancements of transmission control protocol over satellite networks ITU-R Recommendations Recommendation ITU-R M.1078: Security principles for International Mobile Telecommunications-2000 (IMT-2000) Recommendation ITU-R M.1223: Evaluation of security mechanisms for IMT-2000 Recommendation ITU-R M.1457: Detailed specifications of the radio interfaces of International Mobile Telecommunications-2000 (IMT-2000) Recommendation ITU-R M.1645: Framework and overall objectives of the future development of IMT-2000 and systems beyond IMT-2000 Recommendation ITU-R S.1250: Network management architecture for digital satellite systems forming part of SDH transport networks in the fixed-satellite service Recommendation ITU-R S.1711: Performance enhancements of transmission control protocol over satellite networks

11 ITU COP Initiatives 11

12 Online Threats to Children Pornography Cybergrooming Child abuse materials Sexual solicitation Disclosure private information Child pornography Threats & Risks Cyberstalking Violence Online Fraud Racism Phishing attacks Spam Youth-to-youth cybercrimes Online Gaming & Addiction Anorexia, self-harm or suicide Cyber Bullying so many! 12

13 Potential Threats for Safety of Online Children As use of the Internet grows, so do the risks it presents to children. Children already spend large amounts of time in an online environment. Children are often more vulnerable when it comes to Internet safety as they are still developing and learning. This has consequences for their capacity to identify and manage potential risks on the Internet. The nature of the risks children are exposed to are broadly similar given the global nature of online communication. But, the biggest risk to children could be different in various countries. With the arrival of new methods of communication on the Internet and mobile technologies, children are more and more exposed to complex and multi-faceted emerging threats. 13

14 International Cooperation on Child Online Protection Child online protection is a global challenge, which requires a global approach. While many efforts to improve child online protection are already underway, their reach has been more national or regional than global. There are even some difference between Internet usage amongst children in developed and developing countries; i.e., location of access or mode of access. Although the strategy for online safety issues amongst children could vary by country, the most research has a developed country focus. The world is faced with the challenging task of developing harmonized and comprehensive strategies at the global level and implementing these with the various relevant national, regional, and international stakeholders in the countries. 14

15 ITU Child Online Protection (COP) ITU launched the Child Online Protection (COP) Initiative in 2008 within the framework of the Global Cybersecurity Agenda (GCA), aimed at bringing together partners from all sectors of the global community to ensure a safe and secure online experience for children everywhere. Key Objectives of COP Identify risks and vulnerabilities to children in cyberspace; Create awareness of the risks and issues through multiple channels; Develop practical tools to help governments, organizations and educators minimize risk; and Share knowledge and experience while facilitating international strategic partnership to define and implement concrete initiatives 15

16 Working together COP has been supported by a wide range of partners from all stakeholder groups (governments, industries, NGOs, and other UN agencies) as well as the UN Secretary-General. Advanced Development for Africa (ADA) Child Helpline International (CHI) Children's Charities' Coalition on Internet Safety Cyber Peace Initiative ECPAT International European Broadcasting Union (EBU) European Commission - Safer Internet Programme European Network and Information Security Agency (ENISA) European NGO Alliance for Child Safety Online (enasco) ewwg Family Online Safety Institute (FOSI) Girl Scouts of America Government of Poland (UKE) GSM Association ikeepsafe International Criminal Police Organization (Interpol) International Multilateral Partnership Against Cyber Threats (IMPACT) International Centre for Missing & Exploited Children Microsoft Optenet Save the Children Telecom Italia Telefónica United Nations Children s Fund (UNICEF) United Nations Institute for Disarmament Research (UNIDIR) United Nations Interregional Crime and Justice Research Institute (UNICRI) United Nations Office on Drugs and Crime (UNODC) Vodafone Group 16

17 COP Guidelines ITU has worked with some COP partners to develop the first set of guidelines for different stakeholders: Available in the six UN languages (+ more) 17

18 World Telecommunication & Information Society Day (WTISD) 2009 Theme: Protecting Children in Cyberspace The ITU Secretary-General Call for Action for long Member States and organizations have responded with their own initiatives in: - Creating public awareness - Supporting the developments of the ITU Guidelines on COP - Identifying risks and vulnerabilities - Building resource depositories for general use - Promoting capacity building 18

19 COP National Survey The COP National Survey has been carried out by ITU Aims to address a broad range of issues connected to national policies and practices in the field of COP - to determine the scope of COP policy and legal frameworks across the world. - to establish a database showing what is happening in the area of COP. As of Sep. 2011, more than 90 countries have participated in the Survey. (Result is available on ITU s COP website) 19

20 Q: Does your country require assistance in any of the following areas? 20

21 COP Statistical Framework ITU Child Online Protection Statistical Framework and Indicators The world s first attempt to provide the overall statistical framework related to the measurement of child online protection with a particular emphasis on measures that are suitable for international comparison. 21

22 New COP Global Initiative Individual rights without the fulfillment of duties causes cracks in society. Democracy without responsibility undermines freedom. H.E. Laura Chinchilla, President of Costa Rica became a Patron of Child Online Protection (COP) in In November 2010, ITU Secretary- General, together with H.E. President Chinchilla, announced the launch of a new Global Initiative with high-level deliverables. 22

23 Through this initiative, ITU is taking the next steps to develop a cybersecurity strategy for child online safety, delivering significant national benefits. 23

24 The COP Five Strategic Pillars COP high-level deliverables across the five strategic pillars are designed to be achieved by ITU and COP members in collaboration. Legal Measures Technical & Procedural Measures Organizational Structures Capacity Building International Cooperation It is designed to transform the COP Guidelines into concrete activities by leveraging the active support provided by COP partners. 24

25 High Deliverables under 5 Pillars 1. Legal Measures 1. Legal Measures Develop national roadmaps and legislative toolkits to help Member States achieve their goals while simultaneously harmonizing legal frameworks - COP National Strategy Guide - COP Legislative Toolkit 2. Technical and Procedural Measures Develop industry codes of conduct and related technical measures to combat new and emerging threats to children - ITU Security expert group started to develop interoperable standards and related recommendations to protect children online in April

26 3. Organizational Structures 3. Organizational Structures Establish national COP centres, including national hotlines, with multistakeholder participation - Establishing a national hotline (Working with COP partner, INHOPE) - Supporting Member States to set up a national center for COP 4. Capacity Building Build human and institutional cybersecurity capabilities, including awareness-raising campaigns, community forums and training for parents, guardians, educators, and children. - Inviting public figures or celebrities to be a COP Special Envoy - Raising awareness on COP issues through global/regional/ national workshops, strategic dialogues, regional forums. - Supporting different stakeholders to build their strategies on COP 26

27 5. International Cooperation Harness the power of multistakeholder collaboration through resources such as an online platform for sharing advice and information - Developing the COP Online Platform - Coordinating with other UN organizations to establish partnership to maximize and synergize efforts in this area - Working closely with COP multi-stakeholder partners - Coordinating COP activities with other initiatives to eliminate possible overlap 27

28 ITU s Role in Child Online Protection At the ITU PP in 2010, ITU Member States adopted a new Resolution concerning ITU s Role in Child Online Protection (Res. 179, Guadalajara 2010). This new resolution encourages ITU to continue its COP initiative as a platform to raise awareness and educate stakeholders on this important issue. Instructs the [ITU] Secretary-General, - to deploy greater efforts to ascertain the activities carried out by other United Nations organizations in this domain, and to coordinate with them appropriately, with the objective of establishing partnerships to maximize and synergize efforts in this important area; - to coordinate ITU activities also with other similar initiatives being undertaken at the national, regional and international levels, in order to eliminate possible overlaps; - to bring this resolution to the attention of other COP members and of the United Nations Secretary-General, with the aim of increasing the engagement of the United Nations system in child online protection; - to submit a progress report on the results of implementation of this resolution to the next plenipotentiary conference, 28

29 ITU and Cybersecurity in Asia-Pacific Policy related Capacity Building CIRT (CERT) Bhutan Indonesia Assistance to Pacific Islands Countries under the ITU-European Commission Project Establishment of a training Node (IMPACT) in Asia- Pacific to build capacity on a continuous basis Pacific CERT Afghanistan, Bangladesh, Bhutan, Maldives, Nepal, Cambodia, Laos, Myanmar, Vietnam Forums Seminars Regional Forum on Cybersecurity, Vietnam Regional Forum on Cybersecurity, Australia CLMV Ministerial Sub Theme Regional Forum on Cybersecurity India Ministerial Sub Theme ABBMN Regional Forum on fighting Cybercrime, Rep. of Korea

30 Conclusion While it will never be possible to completely remove all risks, drawing together an effective package of policies and practices, infrastructure and technology, awareness and communication can do a great deal to help. The international cooperation, based on a multi-stakeholder approach and the belief that every organization whether online or mobile, educator or legislator, technical expert or industry body has something to contribute. Moreover, the online world respects neither boundaries nor borders, so creating a safe cyber-environment requires cooperation. By working together with ITU, all interested stakeholders and countries can achieve this critical international collaboration, confronting child online threats with a dynamic and unified coalition. 30

31 I THANK U ITU : ITU Asia Pacific : E mail: sameer.sharma@itu.int