ITU Cybersecurity Capabilities

www.itu150.org

Building Cybersecurity Capacity

Tomas LamanauskasHead, Corporate Strategy Division

25 March 2015

Committed to Connecting the World

2

The importance of Cybersecurity• From industrial age to information societies

- Increasing dependence on the availability of ICTs- Number of Internet users growing constantly (now 40% of world’s population)

• Statistics and reports show that cyber-threats are on the rise- The likely annual cost to the global economy

from Cybercrime is estimated at more than $455 billion (Source: McAfee Report on Economic Impact of Cybercrime, 2013).

• Developing countries most at risk as they adopt broader use of ICTs

- E.g. Africa leading in Mobile-broadband penetration: almost 20% in 2014- up from less than 2% in 2010 (Source: ITU ICT Statistics)


3

Need for building cybersecurity capacity


4


Coordinated ResponseNeed for a multilevel response to the cybersecurity challenges

International Cooperation frameworks and

exchange of information

Harmonization of legislation and best practices at regional level

National strategies and policiesNational response capabilities

Country level capacity building and training

International

Regional

National

5


New Generation

Cybersecuri-ty Policy

National Priority

A holistic approach

EnhancedCoordina-

tionPublic-Private

Coopera-tion

Internatio-nal

Coopera-tion

Funda-mental Values

Source: OECD6


Emerging Policy Trends

Multistake-holder

Dialogue

Economic Aspects

Flexible Approach

Sovereignty Considera-

tions

Source: OECD7


8

ITU and Cybersecurity


9

150 years of experience in ICTs

• 150th Anniversary celebrated in May 2015• ITU is based in Geneva, Switzerland• 193 Member States and 700 Sector Members

(including Industry and Civil Society), Academia and Associates

• Organized in three Sectors:– Radiocommunication (ITU-R) – Standardization (ITU-T)– Development (ITU-D)


ITU and Cybersecurity2003 – 2005

WSIS entrusted ITU as sole facilitator for WSIS Action Line C5 “Building Confidence and Security in the use of ICTs”

2007ITU Secretary-General launched the Global Cybersecurity

Agenda (GCA). A framework for international cooperation in cybersecurity

2008 - 2010ITU Membership endorsed the GCA as the ITU-wide strategy on

international cooperation.In 2008 the Child Online Protection Initiative was launched, as an international and multistakeholder collaborative framework

fostering the protection of children online 10

http://www.itu.int/osg/csd/cybersecurity/gca/cop/

http://www.itu.int/osg/csd/cybersecurity/gca/impact_index.html


National Strategies

Multistakeholder National

CollaborationCIRTs

Information & best practice

sharing

Public-Private Partnerships

Measuring capabilities

Elaborating Standards

Protecting vulnerable

groups

Regional & International Cooperation

11Source: 10-Year WSIS Action Line C5 Report (2014)


12

National Strategies

Developing comprehensive and efficient National Cybersecurity Strategies is fundamental for building a secure ICT ecosystem.

ITU together with its partners helps countries organize Child Online Protection Strategy Framework workshops to assist national stakeholders in planning and deploying an effective and practical approach to COP at a national level.


13


14

Cybersecurity Strategy Model


15101 National CIRTs Worldwide

National CIRTs for enhancing global resilienceNeed to fill the gaps


16

National CIRT Programme

Assess existing capability of/need for national cybersecurity mechanisms

On-site assessment through meetings, training, interview sessions and site visits

Form recommendations for plan of action (institutional, organizational and technical requirements)

Implement based on the identified needs and organizational structures of the country

Assist with planning, implementation, and operation of the CIRT.

Continued collaboration with the newly established CIRT for additional support

Capacity Building and trainings on the operational and technical details

Exercises organized at both regional and international levels

Help enhance the communication and response capabilities of the participating CIRTs

Improve overall cybersecurity readiness in the region

Provide opportunities for public-private cooperation


17

ITU’s National CIRT Programme

• Assessments conducted for 61 countries• Implementation completed for 9 countries Cyp rus , Burkina Faso, Côte d'Ivoire, Ghana, Kenya , Montenegro, Tanzania, Uganda, Zambia

• Implementation in progress for 6 countries Barbados, Burundi, Gambia, Jamaica, Lebanon , Trinidad and Tobago

• 9 cyber drills conducted with participation of over 90 countries

Organized in Myanmar, Jordan, Bulgaria, Uruguay, Oman, Lao P.D.R., Turkey, Peru, Zambia


ObjectiveThe Global Cybersecurity Index (GCI) measures and ranks each nation state’s level of cybersecurity development in five main areas: • Legal Measures• Technical Measures• Organizational Measures• Capacity Building• National and International Cooperation

Goals- Promote cyberesecurity strategies at a national level- Drive implementation efforts across industries and sectors- Integrate security into the core of technological progress - Foster a global culture of cybersecurity

18

Final Global and Regional Results 2014 are on ITU WebsiteNext iteration in progress


19

Cyberwellness Country Profiles

Factual information on cybersecurity achievements on each country based on the GCA pillars• 194 profiles to date • Live documents

e.g.


20

Enhancing Cybersecurity in Least Developed Countries project

Aims at supporting the 49 Least Developed Countries in strengthening their cybersecurity capabilities.How • Assessment for selected key government ministries & subsequent solutions provision• Capacity building through training of trainers, workshops,..• Customised guidelines on legislation, regulation and technologiesEnd Result• protection of their national infrastructure, including the critical information

infrastructure, thereby making the Internet safer and protecting Internet users• serve national priorities and maximize socio-economic benefits in line with the

objectives of the World Summit on the Information Society (WSIS) and the Millennium Development Goals (MDGs).

We are only as secure as our weakest link

Implemented in 4 countriesDifferent stages of planning/implementation in 15 more


Child Online Protection InitiativeKey Objectives: Identify risks and

vulnerabilities to children in cyberspace

Create awareness Develop practical tools to

help minimize risk Share knowledge and

experiencePartners: - 10 international organizations- 34 civil society organizations- 13 private sector organizations

21


22

Key COP Activities Elaboration of COP Guidelines for parents, children, policy makers and industry

New! Updated version of the COP Guidelines for Industry with the contribution of several partners (UNICEF, GSMA, Sony, Facebook, The Walt Disney Company and EBU)

COP National Strategy Framework ITU together with its partners helps countries organize Child Online Protection

Strategy Framework workshops to assist national stakeholders in planning and deploying an effective and practical approach to COP at a national level.

Child Online Protection Challenge Educating children by presenting an interactive platform where children, parents

and educators can engage in fun activities to learn more about the risks that the children face on the Internet and how these risks can be averted.

Council Working Group on Child Online Protection (CWG-COP) Multi-stakeholder open platform, where 193 Member States and other

stakeholders exchange views and promote work on the subject matter


Economic Impact of Standardization

Adds 0.3% - 1% to the GDP

Source: European Commission

ITU-T Study Group 17 – Security

• Over 300 standards (ITU-T Recommendations) relevant to security

• Key areas of current work:• Cybersecurity• Child Online Protection• Security architectures and frameworks• Countering spam• Identity management• Security of applications and services

for the Internet of Things, web services, social networks, cloud computing and Big Data

Standardization

23


World Conference on International Telecommunications (WCIT-12)

WCIT-12 set the ground for international cooperation on certain cybersecurity-related matters

Article 6, ITRs: Security and robustness of networks

Article 7, ITRs: Unsolicited bulk electronic communications

24


25

New edition 2014: ITU Publication on UNDERSTANDING CYBERCRIME: Phenomena, Challenges and Legal Response

The Guide serves to help developing countries better understand the implications related to the growing cyber-threats and assist in the assessment of the current legal framework and in the establishment of a sound legal foundation.

Publications

COMBATTING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

Joint project among several partners under the coordination of the World Bank to build capacity in developing countries in the policy, legal and criminal justice aspects of the combat against “cybercrime”


26

Capacity building initiatives, joint consultations and more.

Best practices in cybercrime legislations, joint technical assistance to member states, information sharing

Tap on expertise of globally recognized industry players and accelerate info sharing with ITU member states

Building a global partnership

Collaboration with ABI Research – The Global Cybersecurity Index (GCI)

Collaboration with FIRST – To share best practices on computer incident response, engage in joint events, facilitate affiliation of national CIRTS of member states

Collaboration with Member States – Regional Cybersecurity Centres


27

Coordinated Action


Budapest Convention (2001), 45 Countries ratified/acceded

24/7 Network – some 50 countries, since 1997

EU Cybersecurity Strategy (2013)

Produced set of confidence-building measures (CBMs) to reduce the risks of conflict stemming from the use of ICTs

International and Regional Cooperation

Comparative Analyses on Cybersecurity Policies

Convention on Cybersecurity and Personal Data Protection (2014)

28


UN Efforts- Resolutions 69/166 and 68/167 of the UN General Assembly on “The Right to

privacy in the digital age” (2014-2013)

- Resolutions 69/28 and 68/243 of the UN General Assembly on “Developments in the field of information and telecommunications in the context of international security” (2014-2013)

- Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2013)

- Resolution 20/8 of the Human Rights Council on “The promotion, protection and enjoyment of human rights on the Internet” (2012)

- Resolution 64/211 of the UN General Assembly on “Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructures” (2010)

29


UN-wide cooperation mechanisms

UN-wide Framework on Cybersecurity and Cybercrime (2013)

Developed by ITU and UNODC along with 33 UN Agencies. Enables enhanced coordination among UN entities in their response to

concerns of Member States regarding cybercrime and cybersecurity

UN System Internal Coordination Plan on Cybersecurity and Cybercrime (2014)

Developed building on the UN-wide Framework on Cybersecurity and Cybercrime upon request by the UN Secretary-General, Mr. Ban Ki-moon

Designed as a guide to improve the internal coordination activities of the UN system organizations on related matters

30


31

• ITU Member States committed to work towards the shared vision of:

– “An information society, empowered by the interconnected world, where telecommunication/ICTs enable and accelerate social, economic and environmentally sustainable growth and development for everyone”

Connect 2020 Agenda for Global Telecommunication/ICT Development


32

Global Telecommunication/ICT Targets

4

by 2

020.

..

Goal 1 Growth – Enable and foster access to and increased use of telecommunications/ICTs

55% of households should have access to the Internet

60% of individuals should be using the Internet

40% Telecommunications/ICTs should be 40% more affordable

Goal 2 Inclusiveness – Bridge the digital divide and provide broadband for all

50% of households should have access to the Internet in the developing world; 15%in the least developed countries

50% of individuals should be using the Internet in the developing world; 20% in the least developed countries

40% affordability gap between developed and developing countries should be reduced by 40%

5%Broadband services should cost no more than 5% of average monthly income in the developing countries

90% of the rural population should be covered by broadband services

Gender equality among Internet users should be reached

Goal 4 Innovation and partnership – Lead, improve and adapt to the changing telecommunication/ICT environment

Enabling environments ensuring accessible ICTs for persons with disabilities should be established in all countries

40% improvement in cybersecurity readiness

50% reduction in volume of redundant e-waste

30% decrease in Green House Gas emissions per device generated by the telecommunication/ICT sector

Telecommunication/ICT environment conducive to innovation

Effective partnerships of stakeholders in telecommunication/ICT environment

Goal 3 Sustainability – Manage challenges resulting from the telecommunication/ICT development


• Regional Cyber Security Summit29-30 March 2015, Muscat, Oman

• WSIS Forum 201525-29 May 2015, Geneva, Switzerland

• Regional Cyber Drills planned for 2015Cyberdrill for Africa, Kigali, Rwanda, 5-7 May 2015 Upcoming ones in Egypt, Sri Lanka, Montenegro and Colombia

Upcoming Related Events

33


International Organizations Private Sector

Civil Society& Academia

Governments

34

Only together we can achieve best results

35

Thank You

www.itu.int/cybersecurity www.itu150.org

[email protected]

itu150.org