Cybersecurity in the Commonwealth: Setting the Stage

Transcription

1 Cybersecurity in the Commonwealth: Setting the Stage Tim Unwin Secretary General Commonwealth Telecommunications Organisation CTO Cybersecurity Forum, Yaoundé 24 th April 2013

2 For governments Imagine if your critical infrastructure went down and your electricity grid ceased to function

3 For governments: Jonathan O Dea MP, ACPAC and NSW PAC Chair Australia The Internet is increasingly important in financial management, and recent attacks on government networks demonstrate that electronic security is vital. The Council recognises the important role of parliaments and Public Accounts Committees in ensuring that cyberspace is safe, secure and resilient

4 For companies Is it worth taking the risk that all of your IPR is being looked at by your competitors, or that noone can access your sites because of a Distributed Denial of Service attack?

5 Who is this? LulzSec gained international attention when they hacked the Sony website in 2011, taking down the company's PlayStation network for weeks and accessing millions of users' accounts. It was estimated to have cost the company over $100 million ( 65m) and was part of a 50-day rampage which targeted organisations ranging from the FBI to Britain's Serious Organised Crime Agency.

6 For individuals How secure is your mobile digital device? What could someone learn about you if they borrowed it?

7 Phone security Who uses a passcode on their mobile phone? Who uses one of these PIN numbers? 15% of people use one of 10 numbers Who uses additional antivirus software on their phones? Mobile devices are sophisticated computers With large amounts of data Is it worth the risk?

8 Cybersecurity matters To states To companies To individuals Across the Commonwealth 2.1 billion people in 54 countries

9 Only as strong as weakest link Cyberspace knows no boundaries Cybercrime will move to the countries that are most connected and least secure

10 The Commonwealth: implications for cybersecurity 54 countries Diversity of economic indicators Diversity of size Across all continents Mainly common law tradition Very significant implications English language enhances communication Many small island states With particular challenges

11 Commonwealth cybersecurity context 2002 Model Law on Computer and Computer Related Crime Building on Council of Europe Draft Convention on Cyber Crime Harare Scheme for Mutual Assistance in Criminal Matters Amendments 1990, 2002, 2005 Provides framework for collaboration 2009 Affirmation of Commonwealth Values and Principles Peace and Security, Democracy, Human Rights, Freedom of Expression, Good Governance Commonwealth Cybercrime Initiative mandate Queen signs Commonwealth Charter

12 The CTO and Cybersecurity One of the CTO s six niche areas of focus Capacity development Research and consultancy Workshops and Forums A platform for Commonwealth countries to share expertise and approaches to international agreements Working closely with International Organisations that focus on cybersecurity Especially ITU o IMPACT o Child Online Protection

13 CTO practical actions A Forum for sharing views and good practices Raising the importance of cybersecurity issues across the Commonwealth What kind of international agreements do we want? Strong member and partner interest in cybersecurity Advisory Board to steer our activities Quick access to key references and links Capacity development and training Supporting country policy implementation Child Online Protection in Africa

14 Challenges in legal contexts Technological innovation is faster than ability of legal systems to respond Police usually only catching up with cybercrime ICTs and globalisation lead to need for international agreements that are tough to agree on All too often resorting to Human Rights agendas Need also to consider responsibilities Challenges over usage and legality of ICTS If some use of ICTs has not yet been defined as illegal, citizens are allowed to act with impunity Yet states often have to seek authorisation from the courts to be able to implement new ICT based initiatives, as with cybersecurity

15 Ways forward Collaboration across organisations Sharing good practices It s easy to sign up to agreements Much more difficult to put them into practice Very significant ethical issues Citizens and states Privacy o As a good weighed up against others, or o A means through which we have power over our lives Importance of capacity development Amongst all stakeholders

16 Need for us all to work together more closely to keep our cyber systems resilient walk with us on the journey