InternationalTelecommunicationUnion

An Overview of ITUAn Overview of ITU’’s s Cybersecurity ActivitiesCybersecurity Activities

Cybersecurity for ALLCybersecurity for ALL

For more information on ITU’s Cybersecurity Activities visit the website at: www.itu.int/cybersecurity/ or contact cybmail@itu.int

UNECE International Conference on Technological Readiness for Innovation-

based Competitiveness30 June 2009 in Geneva, Switzerland

Christine SundITU Telecommunication Development Bureau ICT

Applications and Cybersecurity Division<christine.sund@itu.int>

2June 2009

Cybersecurity for ALLCybersecurity for ALLITU’s objective:

To build trust, confidence and security in the use of ICTs

Activities being undertaken:Global Cybersecurity Agenda (GCA)

Implementation activities that relate to all five pillars of theGCA Coordination activities as part of ITU’s responsibility as the facilitator for WSIS action line C5

Development of cybersecurity and cybercrime resources and material Anti-spam measuresCritical Information Infrastructure Protection (CIIP) related initiatives Global standardization activitiesChild Online Protection (COP) initiative related activitiesCapacity building, training, direct assistance to countries, etc. Fostering enhanced sub-regional, regionaland international cooperation on cybersecurity

3June 2009

Cybersecurity Issues and ChallengesCybersecurity Issues and ChallengesConstant evolution of the nature of cyber threatsVulnerabilities in software and hardware applications and services changing and increasingCountries are increasingly at risk and under attackLow entry barriers and increasing sophistication of the type of cybercrimes committedLoopholes in current legal frameworksAbsence of appropriate national organizational structures to deal with the threatsInadequate cooperation amongst the various stakeholders and stakeholder groupsThe lack of cybersecurity is global problem that cannot be solved by any single entity (country or organization) alone!

The world is faced with the challenging task of developing harmonized and comprehensive strategies at the global and international level and implementing

these with the various relevant national, regional, and international

stakeholders in the countries

4June 2009

Nature and Scope of Cybersecurity Nature and Scope of Cybersecurity Around the WorldAround the World

Countries and/or stakeholders see cybersecurity as:

a technical, network or information technology issue, or a developmental issue because ICT services need secure and reliable networks, or an economic issue relating to maintaining business continuity or economic advantage, or a law and enforcement issue to deal with cybercrime and criminalizing the misuse of ICTs, or a national security issue relating to critical information infrastructure protection (CIIP).

Any international road map for cybersecurity must address all these different national perspectives.

All stakeholder groups have a role to play in promoting aglobal culture of cybersecurity.

5June 2009

Promoting a Culture of CybersecurityPromoting a Culture of Cybersecurity

Resolution 57/239, Creation of a global culture of cybersecurityResolution 58/199, Creation of a global culture of cybersecurity and the protection of critical information infrastructures

Promoting a culture of cybersecurity consistent with UNGA Resolutions:

6June 2009

UN Resolutions (57/239 & 58/199) UN Resolutions (57/239 & 58/199) Related to a Related to a ““Culture of SecurityCulture of Security””UN Resolution 57/239 (2002) on the “Creation of a global culture of cybersecurity”Identifies nine elements for creating a global culture of cybersecurity:

a) Awarenessb) Responsibilityc) Responsed) Ethicse) Democracyf) Risk Assessmentg) Security Design and Implementationh) Security Managementi) Reassessment

7June 2009

UN Resolutions (57/239 & 58/199) UN Resolutions (57/239 & 58/199) Related to a Culture of SecurityRelated to a Culture of Security

UN Resolution 58/199 (2004) further emphasizes the “promotion of a global culture of cybersecurity and protection of critical information infrastructures”

Recognizes the growing importance of information technologies for the promotion of socio-economic development and the provision of essential goods and servicesNotes the increasing links among most countries’ critical infrastructures and that these are exposed to a growing number and a wider variety of threats and vulnerabilities that raise new security concernsRecognizes that effective protection requires communication and cooperation nationally and internationally among all stakeholders and that national efforts should be supported by effective, substantive international and regional cooperation among stakeholdersEncourages Member States and relevant regional and internationalorganizations that have developed strategies to deal with cybersecurity and the protection of critical information infrastructures to share their best practices and measures that could assist other Member States in their effortsto facilitate the achievement of cybersecurity

8June 2009

WSIS and Promoting a WSIS and Promoting a Global Culture of CybersecurityGlobal Culture of Cybersecurity

From WSIS Phase II: Tunis Agenda

39. We seek to build confidence and security in the use of ICTs by strengthening the trust framework. We reaffirm the necessity to further promote, develop and implement in cooperation with all stakeholders a global culture of cybersecurity, as outlined in UNGA Resolution 57/239 and other relevant regional frameworks.

This culture requires national action and increased international cooperation to strengthen security while enhancing the protection of personal information, privacy and data. Continued development of the culture of cybersecurity should enhance access and trade and must take into account the level of social and economic development of each country and respect the development-oriented aspects of the Information Society.

9June 2009

Foundation for Cybersecurity ActionFoundation for Cybersecurity ActionInternational and Regional Efforts include:

United Nations General Assembly (UNGA) lead initiativesG8 activities Council of Europe (CoE) Convention on CybercrimeENISA initiativesEuropean Commission activitiesRegional Commonwealth in the field of Communications (RCC) activitiesAsia Pacific Economic Cooperation (APEC)Organization of American States (OAS)Arab League initiativesGulf Cooperation Council (GCC) initiativesOrganization for Economic Cooperation and Development (OECD) activitiesWorld Summit on the Information Society (WSIS) and its action line C5 dedicated to building confidence and security in the use of ICTsUN organizations’ dedicated activitiesITU Global Cybersecurity Agenda (GCA) initiativeEtc.

10June 2009

ITU ITU andand CybersecurityCybersecurity

ITU constitutes a unique global forum to discuss related to cybersecurity Based on the existing mandate and country requests, theITU Secretary-General has set cybersecurity as a top priorityITU Membership has been callingfor a greater role to be played by ITU in matters relating to cybersecurity through a numberof Resolutions, Decisions, Programmes and Recommendations ITU provides a global perspective and expertise and is currently promoting cybersecurity through arange of activities related to standardization,radiocommunication and technical assistance to countries,tailored to their specific needs

11June 2009

Global Framework for Cybersecurity: Global Framework for Cybersecurity: ITU's Global Cybersecurity AgendaITU's Global Cybersecurity Agenda

At the World Summit on the Information Society (WSIS) in 2005, ITU was entrusted by leaders of the international community to act as the facilitator for WSIS Action Line C5:“Building confidence and security in the use of ICTs”

As a result, in 2007, ITU Secretary-General launched the Global Cybersecurity Agenda,an international framework for collaborationon cybersecurity matters that addresses 5 main areas:

1. Legal Measures 2. Technical and Procedural Measures3. Organizational Structure 4. Capacity Building 5. International Cooperation

12June 2009

ITUITU--DD‘‘s Work in Cybersecuritys Work in Cybersecurity

Needs for global solutions and harmonized international frameworks

Implementation at national, regional and international levelImplementation at national, regional and international levelSpecial focus on Developing CountriesSpecial focus on Developing Countries

MultiMulti--stakeholder approachstakeholder approach

Addressing the specific requirements of the countries, to provide strategies at national level

ITU Global Cybersecurity Agenda (GCA)

ITU Study Groups work – ITU Conferences outcomes

Integrated approach to cybersecurity undertaken within the WTDC Integrated approach to cybersecurity undertaken within the WTDC Programme 3 Programme 3 managed by ITUmanaged by ITU--DD’’s ICT Applications and Cybersecurity Divisions ICT Applications and Cybersecurity Division

13June 2009

Legal MeasuresLegal MeasuresSummary of objective:

Harmonization of legal frameworks and the elaboration of strategies for the development of cybercrime legislation thatis globally applicableand interoperable withexisting national/regionallegislative measures.

Related activities/initiatives:ITU Cybercrime LegislationResourcesITU Toolkit for CybercrimeLegislationITU Publication on Understanding Cybercrime:A Guide for Developing CountriesCapacity building and training (training for judges, etc.)Regional workshops and events

14June 2009

Examples of Recent Initiatives

ITU Publication on Understanding Cybercrime: A Guide for Developing Countries provides a comprehensive overview of the most relevant topics linked to the legal aspect of cybersecurity and cybercrime.

ITU Toolkit for Cybercrime Legislationaims to provide countries with sample legislative language and reference material that can assist in the establishment of harmonized cybercrime laws and procedural rules.

www.itu.int/ITU-D/cyb/cybersecurity/legislation.html

15June 2009

Technical and Procedural MeasuresTechnical and Procedural MeasuresSummary of objective:

Development of strategies for the establishment of globally accepted security protocols, standards, minimum security criteria and accreditation schemes for hardware and software applications and systems

Related activities/initiatives:ITU Standardization WorkITU-T Study Group 17ICT Security Standards Roadmap promoting collaboration between regional/ international organizations and standards bodiesITU Radiocommunications security activitiesIMPACT collaboration services, etc.Country direct assistance activities, etc.

16June 2009

Cybersecurity Study Group Activities in ITU-T (Standardization)

ITU standardization activities are organized under “Study Groups”that focus on different topic areas (e.g.,security, access and transport networks, multimedia, signalling, numbering, naming and addressing, tariffs, IP and NGN).

These compose a unique forum for public-private partnershipsCooperation and collaborative activities exist with many organizations and forums, including regional telecom forums, IETF, ISO,IEC, ETSI, etc.Examples of specific ITU-T activities related to cybersecurity and Child Online Protection include:

Study Group 17 – Security has primary focus on communication security and is the Lead Study Group on security for ITU-TStudy Group 2 – Operational aspects of service provision and telecommunication management works on harmonizing numbering resources for child helplines, etc.

17June 2009

Specific Cybersecurity Study Group Activities in ITU-T (Standardization)

Study Group 17 has primary focus on communication security and is the Lead Study Group on security for ITU-TWork under way under Study Group 17 Questions:

Working Party 1: Network and information securityQ 1 Telecommunications systems security projectQ 2 Security architecture and frameworkQ 3 Telecommunications information security managementQ 4 CybersecurityQ 5 Countering spam by technical means

Working Party 2: Application securityQ 6 Security aspects of ubiquitous telecommunication servicesQ 7 Secure application servicesQ 8 TelebiometricsQ 9 Service oriented architecture security

Working party 3: Identity management and languagesQ 10 Identity management architecture and mechanismsQ 11 Directory services, Directory systems, and public-key/attribute certificatesQ 12 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registrationQ 13 Formal languages and telecommunication softwareQ 14 Testing languages, methodologies and frameworkQ 15 Open Systems Interconnection (OSI)

18June 2009

Other Cybersecurity Initiatives in ITU-TCorrespondence group on exchange of network digital forensics:

Trusted exchange of network forensics, including vulnerabilities, has become an increasingly important and rapidly evolving field of cybersecurity. This generally refers to the acquisition, preservation, and exchange of trusted information associated with an incident, event or discovered vulnerability of interest.

Draft Recommendation on Traceback use cases and capabilities.These traceback capabilities should help to find ingress point, path, partial path or source of a network event.

X.1240-series of Recommendations on technical means for countering spam.

A series of published Recommendations and other draft in progress assist in preventing reception of un-solicited information

Supplement 5 to ITU-T Recommendation E.164‘Guidance with regards to the selection of numbers for helplines for children’ was approved in May 2008.

New Draft Recommendation on ‘Specification of an Intl Numbering Resource for use in the provisioning of International Help lines’

This calls for easy-to-remember numbers, accessible from all phones to be made available free of charge.Expecting its approval by the end of 2009.

19June 2009

Some Cybersecurity Initiatives in ITU-R (Radiocommunication)

Radio spectrum global frequency management is increasingly important for building confidence and security and creating an enabling environment in the use of ICTs.

ITU-R plays a central role in facilitating complex intergovernmentalnegotiations needed to develop legally binding agreements between sovereign states in an increasingly ‘unwired’ world.Mobile handheld devices are widely used by children and young people and therefore merit extra attention when it comes to security.

Some examples of ongoing activities include:Recommendation ITU-R M.1457 “Security mechanism incorporated in IMT-2000”Recommendation ITU-R M.1645 “Framework and overall objectives of the future development of IMT-2000 and systems beyond IMT-2000”Recommendation ITU-R M.1223 “Evaluation of security mechanism for IMT-2000”Recommendation ITU-R M.1078 “Security principles for IMT-2000”

20June 2009

Organizational StructuresOrganizational StructuresSummary of objective:

Elaboration of global strategies for the creation of appropriate national and regional organizational structures and policies on cybercrime, watch, warning and incident response, generic and universal identity systems

Related activities/initiatives:International Multilateral Partnership Against Cyber Threats (IMPACT) collaboration related services

IMPACT Global Response Centre services, etc.

Development of national computer incident response teams (CIRTs) and related training, etc.Capacity building and trainingRegional workshops and eventsDirect assistance to countries, etc.

21June 2009

Assistance to Developing Countries in the Establishment of Watch, Warning and Incident Response (WWIR) Capabilities

Facilitate the deployment of IMPACT’s Global Response Centre to Member StatesInformation package sent to all ITU Member States in April 2009Some 15+ countries confirmedDeployment has already started

Developing National Computer Incident Response Teams (CIRTs)

CIRT Toolkit being developed to assist in the development and implementation of national centers Direct assistance to countriesCapacity building and training

Examples of Ongoing Initiatives for Developing Organizational Structures and Building Incident Management Capabilities

www.itu.int/ITU-D/cyb/cybersecurity/wwir.html

22June 2009

Capacity BuildingCapacity Building

Summary of objective:Development of global strategies to facilitate human and institutional capacity building across all relevant aspects of cybersecurity

Related activities/initiatives:ITU National Cybersecurity/ CIIP Self-Assessment ToolITU Toolkit for Promoting a Culture of Cybersecurity ITU Botnet Mitigation Toolkit and pilot projectsIMPACT Training and Skills Development CentreIMPACT Research DivisionCapacity building and training for all pillars in the GCATargeted workshops and events

23June 2009

Examples of Some Ongoing Initiatives

ITU National Cybersecurity/CIIP Self–Assessment Tool aims to assist governments in examining existing national policies, procedures, norms, institutions and other elements necessary for formulating cybersecurity strategies in an ever-changing ICT environment.

ITU Study on the Financial Aspects of Network Security: Malware and Spam, 2008 is a survey of existing resources and data available when it comes to the economics and financial aspects of cybersecurity. The study develops a framework within which the financial impacts and implications can be assessed and brings together the many disparate sources of financial data on malware and spam.

www.itu.int/ITU-D/cyb/cybersecurity/spam.html

www.itu.int/ITU-D/cyb/cybersecurity/readiness.html

24June 2009

Examples of Some Ongoing Initiatives

ITU Regional Cybersecurity Forums8 regional cybersecurity events held in 2007 and 2008 in all regions. Several more planned for 2009.

ITU Regional Cybersecurity Forum for Europe and CIS held in Bulgaria, 7-9 October 2008

2009 ITU Regional Cybersecurity Forum for Africa and Arab States held in Tunisia, 4-5 June 2009

2009 ITU Regional Cybersecurity Forum for Asia Pacific to be held in India, 23-25 September 2009

www.itu.int/ITU-D/cyb/events/

25June 2009

Outcomes of Recent Event in TunisiaITU Regional Cybersecurity Forum for Africa and Arab Statesin Tunis, Tunisia, 4-5 June 2009Country representatives identified requirements for specific cybersecurity capacity building and training needs that the countries in the regions have and ways in which to achieve these. Mechanisms to finance such activities were also discussed. Recommendations for concrete actions that need to be taken by countries:In the area of developing a legal framework and establishing effective enforcement, countries encouraged the involvement of governments in the region in international efforts and in coordination/cooperation with regional and international effort. They noted that more direct assistance to countries is needed and with the help of existing tools, such as the newly released ITU Toolkit for Cybercrime Legislation, and Understanding Cybercrime GuideCountries expressed their need for direct assistance in the development of watch, warning and incident management capabilities and for the establishment of the necessary organizational structures with national responsibility, including national computer incident response teams (CIRTs). Countries committed to concrete actions to be taken in developing a national cybersecurity strategy and ensuring harmonization within the key principles of international cooperation.

www.itu.int/ITU-D/cyb/events/

26June 2009

International CooperationInternational CooperationSummary of objective:

Development of proposals to enhance international dialogue on issues that pertain to cybersecurity and enhance cooperation and coordination across all relevant activities

Related activities/initiatives:ITU Secretary-General High Level Expert Group (HLEG) deliverables ITU-International Multilateral Partnership Against Cyber Threats (IMPACT) collaborationITU Cybersecurity GatewayWorld Telecommunication and Policy Forum WTPF 2009 opinions (Opinion 1: Internet–related public policy issues) Regional cybersecurity forumsITU’s Child Online Protection (COP) initiative

27June 2009

Child Online Protection (COP)COP is a global initiative created by ITU, as

part of the Global Cybersecurity Agenda,

which aims to address cybersecurity

holistically.

COP Objectives:Identify risks and vulnerabilities to children in

cyberspace;

Create awareness;

Develop practical tools to help minimize risk;

Share knowledge and experience.

www.itu.int/cop/

28June 2009

Child Online Protection (COP) Guidelines

Draft Guidelines for Children

Draft Guidelines for Parents,

Guardians and Educators

Draft Guidelines for Industry

Draft Guidelines for Policy Makers

The Draft Child Online Protection Guidelines

can be found online at:

www.itu.int/osg/csd/cybersecurity/gca/cop/guidelines/

The Draft Guidelines are currently open for comments (Deadline 30 June 2009)

29June 2009

Working together

ITU is working with the following organizations on COPand would like to thank them for their support

International Centre for Missing & Exploited ChildrenMicrosoft Telecom ItaliaTelefónicaSave the Children United Nations Children’s Fund (UNICEF)United Nations Office on Drugs and Crime (UNODC) United Nations Interregional Crime and Justice Research Institute (UNICRI)United Nations Institute forDisarmament Research (UNIDIR)

With YOUR support, we can make every child’s online adventure a safe one!

Children's Charities' Coalition on Internet SafetyChild Helpline International (CHI)Cyber Peace InitiativeEuropean Network andInformation Security Agency (ENISA)European Broadcasting Union (EBU)European Commission - Safer Internet ProgrammeEuropean NGO Alliance for ChildSafety Online (eNASCO)eWWGFamily Online Safety Institute (FOSI)GSM AssociationInternational Criminal Police Organization (Interpol)

30June 2009

Links to More InformationLinks to More InformationAn Overview of ITU Activities in Cybersecurity

www.itu.int/cybersecurity/ITU Global Cybersecurity Agenda

www.itu.int/cybersecurity/gca/ITU-D ICT Applications and Cybersecurity Division

www.itu.int/ITU-D/cyb/ITU National Cybersecurity/CIIP Self-Assessment Toolkit

www.itu.int/ITU-D/cyb/projects/readiness.htmlITU Cybercrime Legislation Resources

www.itu.int/ITU-D/cyb/cybersecurity/legislation.htmlITU Botnet Project Website

www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.htmlRegional Cybersecurity Forums and Conferences

www.itu.int/ITU-D/cyb/events/

ITU Child Online Protection (COP)

www.itu.int/cop/

InternationalTelecommunicationUnion

Thank You!Thank You!

For more information on ITU’s Cybersecurity Activities visit the website at: www.itu.int/cybersecurity/

or contact christine.sund@itu.intor cybmail@itu.int

For more information on ITU’s Cybersecurity Activities visit the website at: www.itu.int/cybersecurity/ or contact cybmail@itu.int