Upload
itu
View
106
Download
0
Embed Size (px)
Citation preview
www.itu150.org
Building Cybersecurity Capacity
Tomas LamanauskasHead, Corporate Strategy Division
25 March 2015
Committed to Connecting the World
2
The importance of Cybersecurity• From industrial age to information societies
- Increasing dependence on the availability of ICTs- Number of Internet users growing constantly (now 40% of world’s population)
• Statistics and reports show that cyber-threats are on the rise- The likely annual cost to the global economy
from Cybercrime is estimated at more than $455 billion (Source: McAfee Report on Economic Impact of Cybercrime, 2013).
• Developing countries most at risk as they adopt broader use of ICTs
- E.g. Africa leading in Mobile-broadband penetration: almost 20% in 2014- up from less than 2% in 2010 (Source: ITU ICT Statistics)
Committed to Connecting the World
Coordinated ResponseNeed for a multilevel response to the cybersecurity challenges
International Cooperation frameworks and
exchange of information
Harmonization of legislation and best practices at regional level
National strategies and policiesNational response capabilities
Country level capacity building and training
International
Regional
National
5
Committed to Connecting the World
New Generation
Cybersecuri-ty Policy
National Priority
A holistic approach
EnhancedCoordina-
tionPublic-Private
Coopera-tion
Internatio-nal
Coopera-tion
Funda-mental Values
Source: OECD6
Committed to Connecting the World
Emerging Policy Trends
Multistake-holder
Dialogue
Economic Aspects
Flexible Approach
Sovereignty Considera-
tions
Source: OECD7
Committed to Connecting the World
9
150 years of experience in ICTs
• 150th Anniversary celebrated in May 2015• ITU is based in Geneva, Switzerland• 193 Member States and 700 Sector Members
(including Industry and Civil Society), Academia and Associates
• Organized in three Sectors:– Radiocommunication (ITU-R) – Standardization (ITU-T)– Development (ITU-D)
Committed to Connecting the World
ITU and Cybersecurity2003 – 2005
WSIS entrusted ITU as sole facilitator for WSIS Action Line C5 “Building Confidence and Security in the use of ICTs”
2007ITU Secretary-General launched the Global Cybersecurity
Agenda (GCA). A framework for international cooperation in cybersecurity
2008 - 2010ITU Membership endorsed the GCA as the ITU-wide strategy on
international cooperation.In 2008 the Child Online Protection Initiative was launched, as an international and multistakeholder collaborative framework
fostering the protection of children online 10
Committed to Connecting the World
National Strategies
Multistakeholder National
CollaborationCIRTs
Information & best practice
sharing
Public-Private Partnerships
Measuring capabilities
Elaborating Standards
Protecting vulnerable
groups
Regional & International Cooperation
11Source: 10-Year WSIS Action Line C5 Report (2014)
Committed to Connecting the World
12
National Strategies
Developing comprehensive and efficient National Cybersecurity Strategies is fundamental for building a secure ICT ecosystem.
ITU together with its partners helps countries organize Child Online Protection Strategy Framework workshops to assist national stakeholders in planning and deploying an effective and practical approach to COP at a national level.
Committed to Connecting the World
15101 National CIRTs Worldwide
National CIRTs for enhancing global resilienceNeed to fill the gaps
Committed to Connecting the World
16
National CIRT Programme
Assess existing capability of/need for national cybersecurity mechanisms
On-site assessment through meetings, training, interview sessions and site visits
Form recommendations for plan of action (institutional, organizational and technical requirements)
Implement based on the identified needs and organizational structures of the country
Assist with planning, implementation, and operation of the CIRT.
Continued collaboration with the newly established CIRT for additional support
Capacity Building and trainings on the operational and technical details
Exercises organized at both regional and international levels
Help enhance the communication and response capabilities of the participating CIRTs
Improve overall cybersecurity readiness in the region
Provide opportunities for public-private cooperation
Committed to Connecting the World
17
ITU’s National CIRT Programme
• Assessments conducted for 61 countries• Implementation completed for 9 countries Cyp rus , Burkina Faso, Côte d'Ivoire, Ghana, Kenya , Montenegro, Tanzania, Uganda, Zambia
• Implementation in progress for 6 countries Barbados, Burundi, Gambia, Jamaica, Lebanon , Trinidad and Tobago
• 9 cyber drills conducted with participation of over 90 countries
Organized in Myanmar, Jordan, Bulgaria, Uruguay, Oman, Lao P.D.R., Turkey, Peru, Zambia
Committed to Connecting the World
ObjectiveThe Global Cybersecurity Index (GCI) measures and ranks each nation state’s level of cybersecurity development in five main areas: • Legal Measures• Technical Measures• Organizational Measures• Capacity Building• National and International Cooperation
Goals- Promote cyberesecurity strategies at a national level- Drive implementation efforts across industries and sectors- Integrate security into the core of technological progress - Foster a global culture of cybersecurity
18
Final Global and Regional Results 2014 are on ITU WebsiteNext iteration in progress
Committed to Connecting the World
19
Cyberwellness Country Profiles
Factual information on cybersecurity achievements on each country based on the GCA pillars• 194 profiles to date • Live documents
e.g.
Committed to Connecting the World
20
Enhancing Cybersecurity in Least Developed Countries project
Aims at supporting the 49 Least Developed Countries in strengthening their cybersecurity capabilities.How • Assessment for selected key government ministries & subsequent solutions provision• Capacity building through training of trainers, workshops,..• Customised guidelines on legislation, regulation and technologiesEnd Result• protection of their national infrastructure, including the critical information
infrastructure, thereby making the Internet safer and protecting Internet users• serve national priorities and maximize socio-economic benefits in line with the
objectives of the World Summit on the Information Society (WSIS) and the Millennium Development Goals (MDGs).
We are only as secure as our weakest link
Implemented in 4 countriesDifferent stages of planning/implementation in 15 more
Committed to Connecting the World
Child Online Protection InitiativeKey Objectives: Identify risks and
vulnerabilities to children in cyberspace
Create awareness Develop practical tools to
help minimize risk Share knowledge and
experiencePartners: - 10 international organizations- 34 civil society organizations- 13 private sector organizations
21
Committed to Connecting the World
22
Key COP Activities Elaboration of COP Guidelines for parents, children, policy makers and industry
New! Updated version of the COP Guidelines for Industry with the contribution of several partners (UNICEF, GSMA, Sony, Facebook, The Walt Disney Company and EBU)
COP National Strategy Framework ITU together with its partners helps countries organize Child Online Protection
Strategy Framework workshops to assist national stakeholders in planning and deploying an effective and practical approach to COP at a national level.
Child Online Protection Challenge Educating children by presenting an interactive platform where children, parents
and educators can engage in fun activities to learn more about the risks that the children face on the Internet and how these risks can be averted.
Council Working Group on Child Online Protection (CWG-COP) Multi-stakeholder open platform, where 193 Member States and other
stakeholders exchange views and promote work on the subject matter
Committed to Connecting the World
Economic Impact of Standardization
Adds 0.3% - 1% to the GDP
Source: European Commission
ITU-T Study Group 17 – Security
• Over 300 standards (ITU-T Recommendations) relevant to security
• Key areas of current work:• Cybersecurity• Child Online Protection• Security architectures and frameworks• Countering spam• Identity management• Security of applications and services
for the Internet of Things, web services, social networks, cloud computing and Big Data
Standardization
23
Committed to Connecting the World
World Conference on International Telecommunications (WCIT-12)
WCIT-12 set the ground for international cooperation on certain cybersecurity-related matters
Article 6, ITRs: Security and robustness of networks
Article 7, ITRs: Unsolicited bulk electronic communications
24
Committed to Connecting the World
25
New edition 2014: ITU Publication on UNDERSTANDING CYBERCRIME: Phenomena, Challenges and Legal Response
The Guide serves to help developing countries better understand the implications related to the growing cyber-threats and assist in the assessment of the current legal framework and in the establishment of a sound legal foundation.
Publications
COMBATTING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES
Joint project among several partners under the coordination of the World Bank to build capacity in developing countries in the policy, legal and criminal justice aspects of the combat against “cybercrime”
Committed to Connecting the World
26
Capacity building initiatives, joint consultations and more.
Best practices in cybercrime legislations, joint technical assistance to member states, information sharing
Tap on expertise of globally recognized industry players and accelerate info sharing with ITU member states
Building a global partnership
Collaboration with ABI Research – The Global Cybersecurity Index (GCI)
Collaboration with FIRST – To share best practices on computer incident response, engage in joint events, facilitate affiliation of national CIRTS of member states
Collaboration with Member States – Regional Cybersecurity Centres
Committed to Connecting the World
Budapest Convention (2001), 45 Countries ratified/acceded
24/7 Network – some 50 countries, since 1997
EU Cybersecurity Strategy (2013)
Produced set of confidence-building measures (CBMs) to reduce the risks of conflict stemming from the use of ICTs
International and Regional Cooperation
Comparative Analyses on Cybersecurity Policies
Convention on Cybersecurity and Personal Data Protection (2014)
28
Committed to Connecting the World
UN Efforts- Resolutions 69/166 and 68/167 of the UN General Assembly on “The Right to
privacy in the digital age” (2014-2013)
- Resolutions 69/28 and 68/243 of the UN General Assembly on “Developments in the field of information and telecommunications in the context of international security” (2014-2013)
- Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2013)
- Resolution 20/8 of the Human Rights Council on “The promotion, protection and enjoyment of human rights on the Internet” (2012)
- Resolution 64/211 of the UN General Assembly on “Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructures” (2010)
29
Committed to Connecting the World
UN-wide cooperation mechanisms
UN-wide Framework on Cybersecurity and Cybercrime (2013)
Developed by ITU and UNODC along with 33 UN Agencies. Enables enhanced coordination among UN entities in their response to
concerns of Member States regarding cybercrime and cybersecurity
UN System Internal Coordination Plan on Cybersecurity and Cybercrime (2014)
Developed building on the UN-wide Framework on Cybersecurity and Cybercrime upon request by the UN Secretary-General, Mr. Ban Ki-moon
Designed as a guide to improve the internal coordination activities of the UN system organizations on related matters
30
Committed to Connecting the World
31
• ITU Member States committed to work towards the shared vision of:
– “An information society, empowered by the interconnected world, where telecommunication/ICTs enable and accelerate social, economic and environmentally sustainable growth and development for everyone”
Connect 2020 Agenda for Global Telecommunication/ICT Development
Committed to Connecting the World
32
Global Telecommunication/ICT Targets
4
by 2
020.
..
Goal 1 Growth – Enable and foster access to and increased use of telecommunications/ICTs
55% of households should have access to the Internet
60% of individuals should be using the Internet
40% Telecommunications/ICTs should be 40% more affordable
Goal 2 Inclusiveness – Bridge the digital divide and provide broadband for all
50% of households should have access to the Internet in the developing world; 15%in the least developed countries
50% of individuals should be using the Internet in the developing world; 20% in the least developed countries
40% affordability gap between developed and developing countries should be reduced by 40%
5%Broadband services should cost no more than 5% of average monthly income in the developing countries
90% of the rural population should be covered by broadband services
Gender equality among Internet users should be reached
Goal 4 Innovation and partnership – Lead, improve and adapt to the changing telecommunication/ICT environment
Enabling environments ensuring accessible ICTs for persons with disabilities should be established in all countries
40% improvement in cybersecurity readiness
50% reduction in volume of redundant e-waste
30% decrease in Green House Gas emissions per device generated by the telecommunication/ICT sector
Telecommunication/ICT environment conducive to innovation
Effective partnerships of stakeholders in telecommunication/ICT environment
Goal 3 Sustainability – Manage challenges resulting from the telecommunication/ICT development
Committed to Connecting the World
• Regional Cyber Security Summit29-30 March 2015, Muscat, Oman
• WSIS Forum 201525-29 May 2015, Geneva, Switzerland
• Regional Cyber Drills planned for 2015Cyberdrill for Africa, Kigali, Rwanda, 5-7 May 2015 Upcoming ones in Egypt, Sri Lanka, Montenegro and Colombia
Upcoming Related Events
33
Committed to Connecting the World
International Organizations Private Sector
Civil Society& Academia
Governments
34
Only together we can achieve best results