MONDAY 06 OCTOBER 2008

20:00−

Welcome Reception at Hotel Metropolitan

TUESDAY 07 OCTOBER 2008

08:00−09:00

Meeting Registration and Badging (Online pre-registration required)

09:00−10:15

Meeting Opening and Welcome

Welcoming Address: Plamen Vatchkov, Chairman, State Agency for Information Technology and Communications (SAITC), Bulgaria

Opening Remarks: Sami Al Basheer Al Morshid, Director, Telecommunication Development Bureau, International Telecommunication Union (ITU)

10:15−10:30

10:30−12:00

Session 1: Towards an Integrated Approach for Cybersecurity and Critical Information Infrastructure Protection

Session Description: The necessity of building confidence and security in the use of ICTs, promoting cybersecurity and protecting critical infrastructures at national levels is generally acknowledged. As national public and private actors bring their own perspective to the relevant importance of issues, in order to have a consistent approach, some countries have established cybersecurity/CIIP institutional framework structures while others have used a light-weight and non-institutional approach. This session will review, from a broad perspective, different approaches to such frameworks and their often similar components in order to provide meeting participants with a broad overview of the issues and challenges involved. The session will also present an overview of ITU activities to build confidence and security in the use of ICTs and the ITU National Cybersecurity/CIIP Self Assessment Toolkit. The toolkit is intended to assist national governments in examining their existing national policies, procedures, norms, institutions, and relationships in light of national needs to enhance cybersecurity and address critical information infrastructure protection.

Session Moderator: Valérie Andrianavaly, Officer, Network and Information Security, DG Information Society and Media, European Commission

Speaker: Mark Sunner, Chief Security Analyst, MessageLabs

Speaker: Alexander Zolotnikov, Chief of Information Security, TransTeleCom

Speaker: Marco Obiso, Adviser, ICT Applications and Cybersecurity Division, ITU Development Sector (ITU-D)

Speaker: Joseph Richardson, Consultant, United States of America

12:00−13:30

13:30−15:15

Session 2: Promoting a Culture of Cybersecurity

Session Description: Confidence and security in using information and communication technologies are vital for building an inclusive, secure and global Information Society. The continuing changes in the use of ICTs, systems and networks offer significant advantages but also require a much greater emphasis on cybersecurity and critical information infrastructure protection by governments, businesses, other organizations and individual users, who develop, own, provide, manage service and use these networks. Given the interconnected features of ICTs, genuine cybersecurity can only be promoted when all connected stakeholders are aware of the existing dangers and threats and how they can protect themselves online. Government must play a leading role in bringing about a culture of cybersecurity and in supporting the efforts of other participants in this regard. In addition, regional and international cooperation is critical in fostering a global culture of cybersecurity. Session 2 looks closer at the building blocks needed to successfully promote a culture of cybersecurity.

Session Moderator: Janice Richardson, European Schoolnet and Coordinator, Safer Internet Initiative

Speaker: Christine Sund, Cybersecurity Coordinator, ICT Applications and Cybersecurity Division, ITU Telecommunication Development Sector (ITU-D)

Speaker: Ilari Patrick Lindy, Senior Expert, Relations to Industry and International Organisations, ENISA

Speaker: Solange Ghernaouti–Hélie, Professor, Faculty of Business and Economics, University of Lausanne, Switzerland

15:15−15:30

15:30−17:00

Session 3: Public ― Private Partnerships

Session Description: With privatization, the vast majority of each country’s ICT networks are now owned and operated by the private sector. A key element of a national framework for cybersecurity and CIIP is bringing industry and government together in trusted forums to address common national security challenges. The basis of successful public−private partnerships is trust which is necessary for establishing, developing and maintaining sharing relationships between the private sector and government. Session 3 looks closer at the benefits as well as challenges associated with public−private partnerships.

Session Moderator: Krasimir Simonski, Deputy Chairman, State Agency for Information Technology and Communications (SAITC), Bulgaria

Speaker: Cheri McGuire, Principal Security Strategist, Trustworthy Computing, Critical Infrastructure Protection Program, Microsoft

Speaker: Vladimir Radunovic, DiploFoundation, Malta

Speaker: Victor Minin, Representative, Information Security Association

Speaker: Jody Westby, CEO, Global Cyber Risk, United States of America

17:00−17:15

Daily Wrap-Up and Announcements

19:00−

Reception hosted by the Chairman of the State Agency for Information Technology and Communications at the Central Military Club

WEDNESDAY 08 OCTOBER 2008

09:00−10:15

Session 4: Legal Foundation and Enforcement

Session Description: Appropriate national legislation, international legal coordination and enforcement are all important elements in preventing, detecting and responding to cybercrime and the misuse of ICTs. This requires updating of criminal laws, procedures and policies to address cybersecurity incidents and respond to cybercrime. As a result, many countries have made amendments in their penal codes, or are in the process of adopting amendments, in accordance with international conventions and recommendations. Session 4 looks closer at the need for a sound legal foundation and effective enforcement, reviews some of the national legal approaches taken and explores potential areas for international legal coordination efforts.

Session Moderator: Ehab Elsonbaty, Senior Judge, Damanhor Court, Egypt

Speaker: Henrik Kaspersen, Professor, University of Amsterdam, The Netherlands, Member and Former Chair, Cybercrime Convention Committee

Speaker: Marco Gercke, Lecturer, University of Cologne, Germany

Speaker: Matthew Lamberti, Intellectual Property Law Enforcement Coordinator for Eastern Europe, United States Department of Justice, United States Embassy in Bulgaria

Speaker: Yavor Kolev, Chief Inspector, Head of Cybercrime Unit, National Police Service, Bulgaria

10:15−10:30

Coffee/Tea Break

10:30−12:00

Session 5: Organizational Structures and Incident Management Capabilities

Session Description: A key activity for addressing cybersecurity at the national level requires preparing for, detecting, managing, and responding to cyber incidents through the establishment of watch, warning and incident response capabilities. Effective incident management requires consideration of funding, human resources, training, technological capability, government and private sector relationships, and legal requirements. Collaboration at all levels of government and with the private sector, academia, regional and international organizations, is necessary to raise awareness of potential attacks and steps toward remediation. Session 5 discusses best practices, organizational structures and related standards in the technical, managerial and financial aspects of establishing national, regional and international watch, warning, and incident response capabilities.

Session Moderator: TBD

Speaker: Jacek Gajewski, Secretary General, Central and Eastern European Networking Association (CEENet), Poland and Representative, ENISA Permanent Stakeholder Group

Speaker: Alexander Zolotnikov, Chief of Information Security, TransTeleCom, Russian Federation

Speaker: Mauro Vignati, MELANI, Federal Office of Police, Switzerland

12:00−13:30

Lunch

13:30−15:00

Session 6: A National Cybersecurity Strategy

Session Description: Increasingly, electronic networks are being used for criminal purposes, or for objectives that can harm the integrity of critical infrastructure and create barriers for extending the benefits of ICTs. To address these threats and protect infrastructures, each country needs a comprehensive action plan that addresses technical, legal and policy issues, combined with regional and international cooperation. What issues should be considered in a national strategy for cybersecurity and critical information infrastructure protection? Which actors should be involved? Are there examples of frameworks that can be adopted? Session 6 seeks to explore in more detail various approaches, best practices, and the key building blocks that could assist countries in establishing national strategies for cybersecurity and CIIP.

Session Moderator: Roumen Trifonov, Secretary, Coordination Council on Information Society, Council of Ministers, Bulgaria

Speaker: Alexander Donos, Director, State Enterprise, Center for Special Telecommunications, Moldova

Speaker: Valery Konyavskiy, Director, All-Russia Research-and-Development Institute for the Problems of Computing Equipment and Information (VNII PVTI), Russian Federation

Speaker: Slavcho Manolov, Advisor to the Chairman of SAITC, Bulgaria

15:00−15:15

Coffee/Tea Break

15:15−17:00

Session 7: Review and Discussion: Organizing National Cybersecurity/CIIP Efforts

Session Description: This session seeks to review and further discuss the elements required to develop and organize national cybersecurity/CIIP efforts and the related ITU National Cybersecurity/CIIP Self-Assessment Toolkit, identifying some of the main takeaways from the presentations in the different sessions and the country case studies in preparation for the concluding meeting discussions.

17:00−17:15

Daily Wrap-Up and Announcements

THURSDAY 09 OCTOBER 2008

09:00−10:30

Session 8: Cybersecurity Forensics

Session Description: This session will give an overview of cybersecurity forensics, incident analysis, and best practices for engagement with law enforcement.

Session Moderator: Andrea Ghirardini, Consultant and Expert on Computer Forensics, United Nations Interregional Crime and Justice Research Institute (UNICRI)

Speaker: Eugene Nickolov, Doctor of Mathematical Sciences, Director, National Laboratory of Computer Virology, Bulgaria

Speaker: Ales Zavrsnik, Junior Researcher Associate Institute of Criminology, Faculty of Law, Slovenia

Speaker: Fredesvinda Insa, Manager, Strategic Development, CYBEX, Spain

10:30−10:45

Coffee/Tea Break

10:45−12:30

Session 9: The Economics of Cybersecurity

Session Description: Security flaws are often due to perverse incentives rather than the lack of suitable technical protection mechanisms. Since individuals and companies do not bear the entire costs of cyber incidents, they do not tend to protect their system in the most efficient way. If they did support all the financial consequences, they would have stronger incentives to make their network more secure for the good of all interconnected networks. This session reviews current leading thinking and research on the economics of cybersecurity.

Session Moderator: Roumen Trifonov, Secretary, Coordination Council on Information Society, Council of Ministers, Bulgaria

Speaker: Michel van Eeten, Associate Professor, School of Technology, Policy and Management, Delft University of Technology, The Netherlands, “ITU Study on the Financial Aspects of Network Security: Malware and Spam”

Discussion: The Economics of Cybersecurity

12:30−14:00

Lunch

14:00−15:30

Session 10: Regional and International Cooperation

Session Description: Regional and international cooperation is extremely important in fostering national efforts and in facilitating interactions and exchanges. Regional and international cooperation is extremely important in fostering national efforts and in facilitating interactions and exchanges. The challenges posed by cyber-attacks and cybercrime are global and far reaching, and can only be addressed through a coherent strategy within a framework of international cooperation, taking into account the roles of different stakeholders and existing initiatives. As moderator/ facilitator for WSIS Action Line C5 dedicated to building confidence and security in the use of ICTs, ITU is discussing with key stakeholders on how to best respond in a coordinated manner to the growing cybersecurity challenges. The ITU Global Cybersecurity Agenda (GCA) provides a platform for dialogue aimed at leveraging existing initiatives, working with recognized sources of expertise in a framework for international cooperation, to elaborate global strategies for enhancing confidence and security in the information society. Session will review some of the ongoing initiatives to further the discussions, in order to identify possible next steps and concrete actions to foster and promote international cooperation for enhanced cybersecurity.

Panelist: Marco Obiso, Adviser, ICT Applications and Cybersecurity Division, ITU Development Sector (ITU-D)

Panelist: Ilari Patrick Lindy, Senior Expert, Relations to Industry and International Organisations, ENISA

Panelist: Alexander Donos, Director, State Enterprise, Center for Special Telecommunications, Moldova and Chairman of the Commission on Information Security under the Coordinating Council, Regional Commonwealth in the Field of Communication (RCC)

Panelist: Matthew Lamberti, Intellectual Property Law Enforcement Coordinator for Eastern Europe, United States Department of Justice, United States Embassy in Bulgaria, and Representative, 24/7 High Tech Crime Network

Panelist: Eduard Djanserikov, Head, Information Security Sector, JSC Kyrgyztelecom, Kyrgyz Republic, “Cooperation of Telecom Operators of RCC Participant Countries in the Field of Cybersecurity”

Panelist: Jaroslaw Ponder, Focal Point for Europe, ITU Development Sector (ITU-D)

15:30−15:45

Coffee/Tea Break

15:45−16:45

Session 11: Wrap-Up, Recommendations and the Way Forward

Session Description: The final session of the meeting reports some of the main findings from the event, and aims to elaborate recommendations for future activities in order to enhance cybersecurity and increase protection of critical information infrastructures in the region.

Session Moderators: Krasimir Simonski, Deputy Chairman, State Agency for Information Technology and Communications (SAITC), Bulgaria and Marco Obiso, Adviser, ICT Applications and Cybersecurity Division, ITU Development Sector (ITU-D)

16:45−17:00

Meeting Closing

Closing remarks: Plamen Vatchkov, Chairman, State Agency for Information Technology and Communications (SAITC), Bulgaria

Closing remarks: Marco Obiso, Adviser, ICT Applications and Cybersecurity Division, ITU Development Sector (ITU-D)

• Main Sofia Cybersecurity Forum Webpage

• ITU Regional Cybersecurity Forum for Eastern and Southern Affrica in Lusaka, Zambia (25-28 August 2008)
• ITU Regional Cybersecurity Forum for Asia-Pacific in Brisbane, Australia (15-18 July 2008)
• ITU Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection in Doha, Qatar (18-21 February 2008)
• ITU West Africa Workshop on Policy and Regulatory Frameworks for Cybersecurity and Critical Information Infrastructure Protection (CIIP) in Praia, Cape Verde (27-29 November 2007)

[More on CYB events...]

[More on cybersecurity...]