Working towards a more cyber-secure world
An increasingly connected world may, if left insecure, become a highly
vulnerable one. As ITU has frequently pointed out, cybersecurity could be the
biggest challenge in the online world of the future. As communications networks
and services have proliferated, so has the potential for abuse. Insecurities and
vulnerabilities in networks and services expose users to unexpected threats:
identity theft, cybercrime, spam, malware, online trafficking, exploitation and
harm to children and other at-risk groups.
The potential also exists for increasingly serious and high level threats
including cyberterrorism and cybercrime. As a critical infrastructure,
disruption of ICT can mean catastrophic nationwide disruption of essential
services. Across this spectrum, there are common factors: cyberthreats are a
risk to everyone, everywhere. They know no borders, and even the best-protected
countries have proved themselves vulnerable. What’s more, crimes and attacks can
be committed in one country – or even several countries simultaneously – while
the perpetrator is somewhere else entirely.
ITU has been at the forefront of providing technical and policy solutions to
combat cybersecurity problems, and has been formally mandated to do so through
its work in the World Summit on the Information Society (WSIS). ITU has
responsibility for three Action Lines under the WSIS outcome documents, with
sole facilitation for Action Line C2 – ICT infrastructure, and Action Line C5 –
building confidence and security in ICTs.
The high level cyber-response
This status – together with the unique position of being intergovernmental,
but multi-stakeholder and competent in evaluating the technical relationships
involved– has given ITU special, high level responsibilities. ITU was explicitly
tasked by the ITU Plenipotentiary Conference in Antalya (PP-06)
1
to take ‘all necessary measures’ to curb security problems in cyberspace to
satisfy these Action Lines, in addition to specific responsibilities under its
own Strategic Plan. ITU was asked to give cybersecurity initiatives a ‘high
priority’ by the Plenipotentiary resolution, while a complementary PP-06
resolution instructed the ITU to develop a set of commonly agreed definitions.
Implementation work within ITU to meet these requirements has been vigorous. ITU
has responded with a targeted combination of top-down/bottom-up initiatives,
because although the problem is global, many solutions are necessarily local
ones.
As its overall strategy, in the high level international policymaking sphere,
ITU has developed The
Global
Cybersecurity Agenda (GCA), an international framework for co-operation. The
GCA is built on five strategic pillars, known as work areas, including the
development of legal measures, technical and procedural measures, organizational
structures, capacity building, and international co-operation.
Within the GCA framework, to provide concrete global solutions and be
operationally viable, ITU is currently coordinating two main initiatives:
-
Collaboration with IMPACT, the International Partnership Against Cyber
Threats, to facilitate the deployment of technical and information resources and
toolkits to combat emerging problems to all ITU Member States. The IMPACT Global
Response Centre (GRC) is configured to operationalize the GCA goals of putting
the technical measures in place to combat cyberthreats, and is positioning
itself to be the foremost cyberthreat resource centre in the world. Currently,
around 60 countries are part of the collaboration.
-
The Child
Online Protection (COP) initiative. Part of the GCA, COP is designed to
identify risks and vulnerabilities to children in cyberspace, create awareness,
share resources and develop practical tools to help minimize risk. More than 20
international partners from governments, the private sector, civil society and
international organizations are working together to achieve the COP goals.
The ITU is also able to bring technical expertise and special focus to
cybersecurity issues through its three Sectors, with increased coordination in
this area stipulated as part of the Union’s Strategic Plan. ITU has developed
security Recommendations for IP and NGN standards, and all ITU Study Groups now
routinely review security related questions as part of their work, specifically
with ITU-T Study Group 17 acting as the lead study group on telecommunications
security and identity management. Study Group 17’s work in the area of
cybersecurity was also further strengthened by Resolutions adopted at the World
Telecommunication Standardization Assembly 2008 2.
In the wireless space, ITU has ensured clear security principles for 3G and
satellite service operation.
In development, ITU-D has provided substantial capacity building resources such
as the ITU
National Cybersecurity/CIIP Self-Assessment Tool to enable Member States to
design their own national approach to cybersecurity and critical information
infrastructure protection. ITU has also provided a guidelines toolkit to raise
cyberthreat awareness among users, especially in developing countries.
The content dimension
Going further will require increasing international consensus, because
cybersecurity exposes another challenge: there are few internationally-agreed
definitions of what constitutes criminality in cyberspace. Put simply, there is
a startling lack of international harmonization regarding cybercrime
legislation. Definitions and legal structures – if they exist – may be quite
different from jurisdiction to jurisdiction. As part of the GCA, ITU engaged a
multidisciplinary group of experts and developed a toolkit to provide countries
with sample legislative and reference material that could assist in developing a
harmonized legal framework for cybersecurity. But with so much diverse national
legislation implicated, the task is monumental.
Cultural issues are also evident in the relationship of security to privacy and
to freedom of expression – and these may be in frequent contention. “The bigger
picture is that cybersecurity ultimately means you are dealing with content, and
that potentially politicizes the entire subject,” says ITU Secretary-General Dr
Hamadoun Touré.
ITU, under the leadership of Dr Touré, has forged the beginnings of
international consensus using the protection of children as a starting point and
template that could be replicated for other cybersecurity-related initiatives.
ITU’s 2010 Plenipotentiary Conference will examine the desirability of further
international consensus and commitment to fight cybercrime.
1 ITU Plenipotentiary Conference 2006 Antalya
Resolution 71, Resolution 130, Resolution 140
2 WTSA-08 Resolution 50 “Cybersecurity”, Resolution 52
“Countering and combating spam” Resolution 58 “Encourage the creation of
national Computer Incident Response Teams, particularly for developing
countries.”
|
|
|