Opening remarks
Doreen Bogdan-Martin
Secretary-General, International Telecommunication Union (ITU)
Excellencies, colleagues, good morning.
Let me start by thanking Ambassador Gafoor [Burhan Gafoor, Permanent Representative of Singapore to the United Nations] for the invitation, and to Minister Teo [Singapore's Minister for Communications and Information, Josephine Teo] for hosting the ministerial breakfast earlier this morning.
This conversation couldn't be timelier.
Year after year, cyberthreats continue to escalate at unprecedented rates.
The numbers should give us pause.
Cyber insecurity now figures among the top 10 most severe global risks over the short and long term, according to the World Economic Forum's 2024 Global Risks Report.
This year alone, cybercrime is projected to cost the global economy an astronomical 9.4 trillion US dollars.
And analysts predict that by next year, nearly 50 per cent of all organizations will be impacted in some way by a cyber-attack, somewhere along the software value chain.
The UN system itself is also a frequent target, with cyber threats increasing by 170 per cent last year compared to 2022, according to UNICC (the United Nations International Computing Centre).
Threat actors are targeting us in increasingly sophisticated ways, sometimes coordinating attacks across multiple entities at once.
As United Nations (UN) agencies and Member States, these threats concern us all.
And this is also reflected in the zero draft of the Global Digital Compact where cybersecurity has been mainstreamed across all the issue areas, advocating for safe, secure, and trustworthy digital systems as well as resilient infrastructure.
They certainly matter to the International Telecommunication Union (ITU).
Cyber threats matter because they affect our ability to achieve our strategic goals of universal meaningful connectivity and sustainable digital transformation.
Cyber threats affect our ability to achieve the Sustainable Development Goals (SDGs).
They have serious implications for the security of our Member States, and the entire global economy. And they undermine public trust and confidence in digital technologies — which undermines our ability to bridge the digital divide.
The stakes couldn't be higher — and no single entity can tackle these challenges alone.
That is why this conversation today on capacity building is so important. I commend you for that. Because cybersecurity is a global issue that requires a global dialogue and cooperation.
That's why ITU is committed to helping our members address cyber risks, under the umbrella of our global cybersecurity agenda which focuses on 5 pillars: legal, technical, organizational, capacity building, and cooperation.
Many of you may recall WSIS (World Summit on the Information Society), and a clear action line establishing building confidence and security in the use of digital technologies. ITU has been the lead facilitator of action line C5.
Multi-stakeholder and UN-mandated, the WSIS process has been tried and tested over two decades. It is where we are working to forge meaningful partnerships to help countries — especially across the Global South — anticipate and mitigate cyber threats.
Our capacity building work in this area focuses on promoting national cybersecurity strategies, supporting national incident response capabilities, and developing international technical standards related to cybersecurity.
In carrying out this work, we often find cybersecurity underrepresented in digital transformation plans, even though it's a fundamental aspect of meaningful connectivity. We need that “security by design'' up front in our policies.
And that is why we have been working with Sweden, the Global Forum for Cybersecurity Expertise (GFCE), and Microsoft to deliver a report called Cybersecurity and Sustainable Development – A Global Path Forward.
The report lays out the interplay between cyber resiliency and sustainable digital development.
It is also why we have teamed up with UNDP (United Nations Development Programme) on a joint programme on cyber development and capacity building.
As part of our regular cyber work we have been both helping countries set up Computer Incident Response Teams or “CIRTS" and also assessing CIRTS.
CIRTS are an important starting point for cybersecurity in many countries, and eventually become crucial hubs for international cooperation and cyber capacity development.
ITU also conducts regular, hands-on training exercises called “CyberDrills", to enhance the ability of national CIRTs to respond to threats (even for our own workforce).
So far, we've conducted over 46 of these CyberDrills, involving more than 140 countries – the most recent took place in Dubai, UAE, just last month.
Experts from 104 different countries participated in the Global CyberDrill.
ITU is also helping tackle the digital gender divide in the cyber workforce by training and upskilling more women in this critical area.
Over 300 women have participated in Women in Cyber and Her CyberTracks over the past three years, during which they have received mentorship, training, and networking opportunities.
But we do see gaps.
And decades of experience have given us valuable insights into what works and what doesn't when it comes to strengthening global cybersecurity capacity.
First, make sure it's not an outsourced afterthought.
10 years ago, a consultant might have been hired to write a national cybersecurity strategy.
Today, ITU works with countries to help them develop their own strategies by bringing a diverse set of stakeholders to the table, working through their priorities, and providing additional resources for further learning, such as our many cyber courses on ITU Academy.
This takes time, but it's worth it when countries are in the driver's seat of their own cybersecurity strategies.
Second: one size does not fit all.
What works in Singapore probably won't be right for other countries in the region and beyond.
I cannot overstate the importance of tailored interventions that meet specific local needs by taking factors like language, skill levels, availability of technology, and maturity of partnerships into account.
ITU often gets requests for interventions that are far beyond the technical capacity of the country.
In such cases, we work with stakeholders to identify starting points, and then co-create a longer-term action plan to build sustainable cyber capacity.
Which brings me to my third point: in cybersecurity, skilling, inclusion, you name it – capacity building is an ongoing process.
Let's move away from thinking of cyber as a “one and done."
Only iterative approaches, with people at the centre, can reliably secure our digital spaces, as decades of experience have taught us.
I hope you'll join us as we delve into this and other topics in the context of the upcoming WSIS+20 High-Level Event, as well as during the AI for Good Global Summit at the end of May.
This year's edition kicks off with “AI Governance Day" for the first time since the Summit was established, back in 2017.
Expected outcomes include exploring standards for AI watermarking and multimedia authentication – tools that can help make the digital environment safer and more secure for everyone at a time when the risk of disinformation is looming large.
ITU is ready to work closely with each of you on trusted, innovative cyber capacity building initiatives that measure up to the challenges of the AI (artificial intelligence) era we're entering.
I'm confident we can build a secure, inclusive and trustworthy digital ecosystem for the world, as long as we do it together.
Thank you.
