Cybersecurity for ALL An Overview of ITU s Cybersecurity Activities UNECE International Conference on Technological Readiness for Innovationbased Competitiveness 30 in Geneva, Switzerland Christine Sund ITU Telecommunication Development Bureau ICT Applications and Cybersecurity Division <christine.sund@itu.int> For more information on ITU s Cybersecurity Activities visit the website at: www.itu.int/cybersecurity/ or contact cybmail@itu.int International Telecommunication Union
Cybersecurity for ALL ITU s objective: To build trust, confidence and security in the use of ICTs Activities being undertaken: Global Cybersecurity Agenda (GCA) Implementation activities that relate to all five pillars of the GCA Coordination activities as part of ITU s responsibility as the facilitator for WSIS action line C5 Development of cybersecurity and cybercrime resources and material Anti-spam measures Critical Information Infrastructure Protection (CIIP) related initiatives Global standardization activities Child Online Protection (COP) initiative related activities Capacity building, training, direct assistance to countries, etc. Fostering enhanced sub-regional, regional and international cooperation on cybersecurity 2
Cybersecurity Issues and Challenges Constant evolution of the nature of cyber threats Vulnerabilities in software and hardware applications and services changing and increasing Countries are increasingly at risk and under attack Low entry barriers and increasing sophistication of the type of cybercrimes committed Loopholes in current legal frameworks Absence of appropriate national organizational structures to deal with the threats Inadequate cooperation amongst the various stakeholders and stakeholder groups The lack of cybersecurity is global problem that cannot be solved by any single entity (country or organization) alone! The world is faced with the challenging task of developing harmonized and comprehensive strategies at the global and international level and implementing these with the various relevant national, regional, and international stakeholders in the countries 3
Nature and Scope of Cybersecurity Around the World Countries and/or stakeholders see cybersecurity as: a technical, network or information technology issue, or a developmental issue because ICT services need secure and reliable networks, or an economic issue relating to maintaining business continuity or economic advantage, or a law and enforcement issue to deal with cybercrime and criminalizing the misuse of ICTs, or a national security issue relating to critical information infrastructure protection (CIIP). Any international road map for cybersecurity must address all these different national perspectives. All stakeholder groups have a role to play in promoting a global culture of cybersecurity. 4
Promoting a Culture of Cybersecurity Promoting a culture of cybersecurity consistent with UNGA Resolutions: Resolution 57/239, Creation of a global culture of cybersecurity Resolution 58/199, Creation of a global culture of cybersecurity and the protection of critical information infrastructures 5
UN Resolutions (57/239 & 58/199) Related to a Culture of Security UN Resolution 57/239 (2002) on the Creation of a global culture of cybersecurity Identifies nine elements for creating a global culture of cybersecurity: a) Awareness b) Responsibility c) Response d) Ethics e) Democracy f) Risk Assessment g) Security Design and Implementation h) Security Management i) Reassessment 6
UN Resolutions (57/239 & 58/199) Related to a Culture of Security UN Resolution 58/199 (2004) further emphasizes the promotion of a global culture of cybersecurity and protection of critical information infrastructures Recognizes the growing importance of information technologies for the promotion of socio-economic development and the provision of essential goods and services Notes the increasing links among most countries critical infrastructures and that these are exposed to a growing number and a wider variety of threats and vulnerabilities that raise new security concerns Recognizes that effective protection requires communication and cooperation nationally and internationally among all stakeholders and that national efforts should be supported by effective, substantive international and regional cooperation among stakeholders Encourages Member States and relevant regional and international organizations that have developed strategies to deal with cybersecurity and the protection of critical information infrastructures to share their best practices and measures that could assist other Member States in their efforts to facilitate the achievement of cybersecurity 7
WSIS and Promoting a Global Culture of Cybersecurity From WSIS Phase II: Tunis Agenda 39. We seek to build confidence and security in the use of ICTs by strengthening the trust framework. We reaffirm the necessity to further promote, develop and implement in cooperation with all stakeholders a global culture of cybersecurity, as outlined in UNGA Resolution 57/239 and other relevant regional frameworks. This culture requires national action and increased international cooperation to strengthen security while enhancing the protection of personal information, privacy and data. Continued development of the culture of cybersecurity should enhance access and trade and must take into account the level of social and economic development of each country and respect the development-oriented aspects of the Information Society. 8
Foundation for Cybersecurity Action International and Regional Efforts include: United Nations General Assembly (UNGA) lead initiatives G8 activities Council of Europe (CoE) Convention on Cybercrime ENISA initiatives European Commission activities Regional Commonwealth in the field of Communications (RCC) activities Asia Pacific Economic Cooperation (APEC) Organization of American States (OAS) Arab League initiatives Gulf Cooperation Council (GCC) initiatives Organization for Economic Cooperation and Development (OECD) activities World Summit on the Information Society (WSIS) and its action line C5 dedicated to building confidence and security in the use of ICTs UN organizations dedicated activities ITU Global Cybersecurity Agenda (GCA) initiative Etc. 9
ITU and Cybersecurity ITU constitutes a unique global forum to discuss related to cybersecurity Based on the existing mandate and country requests, the ITU Secretary-General has set cybersecurity as a top priority ITU Membership has been calling for a greater role to be played by ITU in matters relating to cybersecurity through a number of Resolutions, Decisions, Programmes and Recommendations ITU provides a global perspective and expertise and is currently promoting cybersecurity through a range of activities related to standardization, radiocommunication and technical assistance to countries, tailored to their specific needs 10
Global Framework for Cybersecurity: ITU's Global Cybersecurity Agenda At the World Summit on the Information Society (WSIS) in 2005, ITU was entrusted by leaders of the international community to act as the facilitator for WSIS Action Line C5: Building confidence and security in the use of ICTs As a result, in 2007, ITU Secretary-General launched the Global Cybersecurity Agenda, an international framework for collaboration on cybersecurity matters that addresses 5 main areas: 1. Legal Measures 2. Technical and Procedural Measures 3. Organizational Structure 4. Capacity Building 5. International Cooperation 11
ITU-D s s Work in Cybersecurity Needs for global solutions and harmonized international frameworks ITU Global Cybersecurity Agenda (GCA) Integrated approach to cybersecurity undertaken within the WTDC Programme 3 managed by ITU-D s s ICT Applications and Cybersecurity Division Implementation at national, regional and international level Special focus on Developing Countries Multi-stakeholder approach ITU Study Groups work ITU Conferences outcomes Addressing the specific requirements of the countries, to provide strategies at national level 12
Legal Measures Summary of objective: Harmonization of legal frameworks and the elaboration of strategies for the development of cybercrime legislation that is globally applicable and interoperable with existing national/regional legislative measures. Related activities/initiatives: ITU Cybercrime Legislation Resources ITU Toolkit for Cybercrime Legislation ITU Publication on Understanding Cybercrime: A Guide for Developing Countries Capacity building and training (training for judges, etc.) Regional workshops and events 13
Examples of Recent Initiatives ITU Toolkit for Cybercrime Legislation aims to provide countries with sample legislative language and reference material that can assist in the establishment of harmonized cybercrime laws and procedural rules. ITU Publication on Understanding Cybercrime: A Guide for Developing Countries provides a comprehensive overview of the most relevant topics linked to the legal aspect of cybersecurity and cybercrime. www.itu.int/itu-d/cyb/cybersecurity/legislation.html 14
Technical and Procedural Measures Summary of objective: Development of strategies for the establishment of globally accepted security protocols, standards, minimum security criteria and accreditation schemes for hardware and software applications and systems Related activities/initiatives: ITU Standardization Work ITU-T Study Group 17 ICT Security Standards Roadmap promoting collaboration between regional/ international organizations and standards bodies ITU Radiocommunications security activities IMPACT collaboration services, etc. Country direct assistance activities, etc. 15
Cybersecurity Study Group Activities in ITU-T (Standardization) ITU standardization activities are organized under Study Groups that focus on different topic areas (e.g.,security, access and transport networks, multimedia, signalling, numbering, naming and addressing, tariffs, IP and NGN). These compose a unique forum for public-private partnerships Cooperation and collaborative activities exist with many organizations and forums, including regional telecom forums, IETF, ISO,IEC, ETSI, etc. Examples of specific ITU-T activities related to cybersecurity and Child Online Protection include: Study Group 17 Security has primary focus on communication security and is the Lead Study Group on security for ITU-T Study Group 2 Operational aspects of service provision and telecommunication management works on harmonizing numbering resources for child helplines, etc. 16
Specific Cybersecurity Study Group Activities in ITU-T (Standardization) Study Group 17 has primary focus on communication security and is the Lead Study Group on security for ITU-T Work under way under Study Group 17 Questions: Working Party 1: Network and information security Q 1 Telecommunications systems security project Q 2 Security architecture and framework Q 3 Telecommunications information security management Q 4 Cybersecurity Q 5 Countering spam by technical means Working Party 2: Application security Q 6 Security aspects of ubiquitous telecommunication services Q 7 Secure application services Q 8 Telebiometrics Q 9 Service oriented architecture security Working party 3: Identity management and languages Q 10 Identity management architecture and mechanisms Q 11 Directory services, Directory systems, and public-key/attribute certificates Q 12 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration Q 13 Formal languages and telecommunication software Q 14 Testing languages, methodologies and framework Q 15 Open Systems Interconnection (OSI) 17
Other Cybersecurity Initiatives in ITU-T Correspondence group on exchange of network digital forensics: Trusted exchange of network forensics, including vulnerabilities, has become an increasingly important and rapidly evolving field of cybersecurity. This generally refers to the acquisition, preservation, and exchange of trusted information associated with an incident, event or discovered vulnerability of interest. Draft Recommendation on Traceback use cases and capabilities. These traceback capabilities should help to find ingress point, path, partial path or source of a network event. X.1240-series of Recommendations on technical means for countering spam. A series of published Recommendations and other draft in progress assist in preventing reception of un-solicited information Supplement 5 to ITU-T Recommendation E.164 Guidance with regards to the selection of numbers for helplines for children was approved in May 2008. New Draft Recommendation on Specification of an Intl Numbering Resource for use in the provisioning of International Help lines This calls for easy-to-remember numbers, accessible from all phones to be made available free of charge. Expecting its approval by the end of 2009. 18
Some Cybersecurity Initiatives in ITU-R (Radiocommunication) Radio spectrum global frequency management is increasingly important for building confidence and security and creating an enabling environment in the use of ICTs. ITU-R plays a central role in facilitating complex intergovernmental negotiations needed to develop legally binding agreements between sovereign states in an increasingly unwired world. Mobile handheld devices are widely used by children and young people and therefore merit extra attention when it comes to security. Some examples of ongoing activities include: Recommendation ITU-R M.1457 Security mechanism incorporated in IMT-2000 Recommendation ITU-R M.1645 Framework and overall objectives of the future development of IMT-2000 and systems beyond IMT-2000 Recommendation ITU-R M.1223 Evaluation of security mechanism for IMT-2000 Recommendation ITU-R M.1078 Security principles for IMT-2000 19
Organizational Structures Summary of objective: Elaboration of global strategies for the creation of appropriate national and regional organizational structures and policies on cybercrime, watch, warning and incident response, generic and universal identity systems Related activities/initiatives: International Multilateral Partnership Against Cyber Threats (IMPACT) collaboration related services IMPACT Global Response Centre services, etc. Development of national computer incident response teams (CIRTs) and related training, etc. Capacity building and training Regional workshops and events Direct assistance to countries, etc. 20
Examples of Ongoing Initiatives for Developing Organizational Structures and Building Incident Management Capabilities Assistance to Developing Countries in the Establishment of Watch, Warning and Incident Response (WWIR) Capabilities Facilitate the deployment of IMPACT s Global Response Centre to Member States Information package sent to all ITU Member States in April 2009 Some 15+ countries confirmed Deployment has already started Developing National Computer Incident Response Teams (CIRTs) CIRT Toolkit being developed to assist in the development and implementation of national centers Direct assistance to countries Capacity building and training www.itu.int/itu-d/cyb/cybersecurity/wwir.html 21
Capacity Building Summary of objective: Development of global strategies to facilitate human and institutional capacity building across all relevant aspects of cybersecurity Related activities/initiatives: ITU National Cybersecurity/ CIIP Self-Assessment Tool ITU Toolkit for Promoting a Culture of Cybersecurity ITU Botnet Mitigation Toolkit and pilot projects IMPACT Training and Skills Development Centre IMPACT Research Division Capacity building and training for all pillars in the GCA Targeted workshops and events 22
Examples of Some Ongoing Initiatives ITU National Cybersecurity/CIIP Self Assessment Tool aims to assist governments in examining existing national policies, procedures, norms, institutions and other elements necessary for formulating cybersecurity strategies in an ever-changing ICT environment. www.itu.int/itu-d/cyb/cybersecurity/readiness.html ITU Study on the Financial Aspects of Network Security: Malware and Spam, 2008 is a survey of existing resources and data available when it comes to the economics and financial aspects of cybersecurity. The study develops a framework within which the financial impacts and implications can be assessed and brings together the many disparate sources of financial data on malware and spam. www.itu.int/itu-d/cyb/cybersecurity/spam.html 23
Examples of Some Ongoing Initiatives ITU Regional Cybersecurity Forums 8 regional cybersecurity events held in 2007 and 2008 in all regions. Several more planned for 2009. ITU Regional Cybersecurity Forum for Europe and CIS held in Bulgaria, 7-9 October 2008 2009 ITU Regional Cybersecurity Forum for Africa and Arab States held in Tunisia, 4-5 2009 ITU Regional Cybersecurity Forum for Asia Pacific to be held in India, 23-25 September 2009 www.itu.int/itu-d/cyb/events/ 24
Outcomes of Recent Event in Tunisia ITU Regional Cybersecurity Forum for Africa and Arab States in Tunis, Tunisia, 4-5 Country representatives identified requirements for specific cybersecurity capacity building and training needs that the countries in the regions have and ways in which to achieve these. Mechanisms to finance such activities were also discussed. Recommendations for concrete actions that need to be taken by countries: In the area of developing a legal framework and establishing effective enforcement, countries encouraged the involvement of governments in the region in international efforts and in coordination/cooperation with regional and international effort. They noted that more direct assistance to countries is needed and with the help of existing tools, such as the newly released ITU Toolkit for Cybercrime Legislation, and Understanding Cybercrime Guide Countries expressed their need for direct assistance in the development of watch, warning and incident management capabilities and for the establishment of the necessary organizational structures with national responsibility, including national computer incident response teams (CIRTs). Countries committed to concrete actions to be taken in developing a national cybersecurity strategy and ensuring harmonization within the key principles of international cooperation. www.itu.int/itu-d/cyb/events/ 25
International Cooperation Summary of objective: Development of proposals to enhance international dialogue on issues that pertain to cybersecurity and enhance cooperation and coordination across all relevant activities Related activities/initiatives: ITU Secretary-General High Level Expert Group (HLEG) deliverables ITU-International Multilateral Partnership Against Cyber Threats (IMPACT) collaboration ITU Cybersecurity Gateway World Telecommunication and Policy Forum WTPF 2009 opinions (Opinion 1: Internet related public policy issues) Regional cybersecurity forums ITU s Child Online Protection (COP) initiative 26
Child Online Protection (COP) COP is a global initiative created by ITU, as part of the Global Cybersecurity Agenda, which aims to address cybersecurity holistically. COP Objectives: Identify risks and vulnerabilities to children in cyberspace; Create awareness; Develop practical tools to help minimize risk; Share knowledge and experience. www.itu.int/cop/ 27
Child Online Protection (COP) Guidelines Draft Guidelines for Children Draft Guidelines for Parents, Guardians and Educators Draft Guidelines for Industry Draft Guidelines for Policy Makers The Draft Child Online Protection Guidelines can be found online at: www.itu.int/osg/csd/cybersecurity/gca/cop/guidelines/ The Draft Guidelines are currently open for comments (Deadline 30 ) 28
Working together ITU is working with the following organizations on COP and would like to thank them for their support Children's Charities' Coalition on Internet Safety Child Helpline International (CHI) Cyber Peace Initiative European Network and Information Security Agency (ENISA) European Broadcasting Union (EBU) European Commission - Safer Internet Programme European NGO Alliance for Child Safety Online (enasco) ewwg Family Online Safety Institute (FOSI) GSM Association International Criminal Police Organization (Interpol) International Centre for Missing & Exploited Children Microsoft Telecom Italia Telefónica Save the Children United Nations Children s Fund (UNICEF) United Nations Office on Drugs and Crime (UNODC) United Nations Interregional Crime and Justice Research Institute (UNICRI) United Nations Institute for Disarmament Research (UNIDIR) With YOUR support, we can make every child s online adventure a safe one! 29
Links to More Information An Overview of ITU Activities in Cybersecurity www.itu.int/cybersecurity/ ITU Global Cybersecurity Agenda www.itu.int/cybersecurity/gca/ ITU-D ICT Applications and Cybersecurity Division www.itu.int/itu-d/cyb/ ITU National Cybersecurity/CIIP Self-Assessment Toolkit www.itu.int/itu-d/cyb/projects/readiness.html ITU Cybercrime Legislation Resources www.itu.int/itu-d/cyb/cybersecurity/legislation.html ITU Botnet Project Website www.itu.int/itu-d/cyb/cybersecurity/projects/botnet.html Regional Cybersecurity Forums and Conferences www.itu.int/itu-d/cyb/events/ ITU Child Online Protection (COP) www.itu.int/cop/ 30
Thank You! For more information on ITU s Cybersecurity Activities visit the website at: www.itu.int/cybersecurity/ or contact christine.sund@itu.int or cybmail@itu.int For more information on ITU s Cybersecurity Activities visit the website at: www.itu.int/cybersecurity/ or contact cybmail@itu.int International Telecommunication Union