The GCA was launched by the ITU Secretary-General as the ITU framework for international multi-stakeholder cooperation towards a safer and more secure information society: as one of the its most fostered initiatives, ITU and IMPACT partnership aims to bring together governments, industry leaders and cybersecurity experts in order to enhance the global community’s capacity to prevent, defend and respond to cyber threats.

IMPACT is the first global public-private initiative against cyber threats. On 3 September 2008, ITU and IMPACT formally entered into a Memorandum of Understanding (MoU) in which IMPACT’s new state-of-the-art global headquarters in Cyberjaya, Malaysia, has effectively become the physical home of the GCA. Under this collaboration, ITU and IMPACT provide ITU’s 191 member states with the expertise, facilities and resources to effectively address the world’s most serious cyber threats.
One of the key aspects of this collaboration is the participation of world leaders in the cybersecurity field. ITU and IMPACT are collaborating with industry and academia such as Symantec Corporation, Kaspersky Lab, F-Secure Corporation, Trend Micro Inc., Microsoft Corporation, as well as with leading cybersecurity training institutions like The SANSTM Institute, EC-Council, The Honeynet Project and (ISC)2.

Description

IMPACT’s Global Response Center (GRC) has been identified as a global level platform for Early Warning System and the foremost cyber threat resource centre for the global community, providing emergency response services and knowledge sharing mechanisms in a trusted environment.

Moreover, dedicated organizational structures at national level would be also established to manage cyberattacks: in this perspective, ITU and IMPACT have elaborated a strategy for the implementation of national CIRTs, called CIRT Lite, as trusted, central coordination cybersecurity point of contact within a country, providing watch and warning systems and incident response services. The proposed solution would be integrated into the GRC, already provided to the countries, and would be compliant with the international best practices.

As underlying component of the collaboration, capacity building programs will be provided to the Member States through training workshops, online sessions and a catalogue of courses to be tailored to the specific capacity building needs expressed by the Countries.

ITU Telecommunication Development Bureau (BDT) has taken the lead in facilitating the implementation process, communicating with the ITU Member States, assessing their needs and ensuring proper follow-up in coordination with IMPACT, which is providing the necessary technical support and expertise.

Benefits for Partners

Potential benefits for Member States include:

•  Establishment of a global emergency response centre to facilitate identification of cyber threats and as centralized information repository for resource sharing;
•  Development of strategies for the creation of a global framework for watch, warning and incident response to ensure cross-border coordination between new and existing initiatives;
•  Acts as early warning center for NCI and initiate the communication with NCI Providers on measures to take to protect themselves;
•  Establishment of a National CIRT as a national trusted point of reference and as a central coordination point for ICT-security incident response within the nation’s borders;
•  Promotion of a community of national and regional teams for sharing data, research, response strategies, and early warning notifications;
•  Capability building programs to support incident reporting across national sectors;
•  Development of education, awareness and training materials tailored to the specific needs expressed by the Member States;
•  Promoting regional, inter-regional and cross-sectoral cooperation in the establishment of national dedicated structures to tackle cyber threats.

Potential Benefits to Industry Partners include:

•  Increased government and public awareness of the Industry Partner’s products and services in targeted markets.
•  Sharing ideas, best practices and other information related to Cybersecurity with governments, industry and academia.
•  Increased understanding of the potential threats and emerging technologies where Industry Partners can build better cybersecurity solutions in collaboration with others involved in IMPACT.
•  Establishment of new relationships with academia doing research on cybersecurity.
•  Become part of IMPACT’s Experts Group and Partner in Cybersecurity Project Implementation.

Current status of collaboration

According to the current status of the collaboration, some 40 Countries from all the ITU regions have joined the initiative; the GRC has been identified as the initial service that will be made available for free to all Member States which have confirmed their participation to the initiative: the deployment includes training sessions on the usage of the GRC and technical and operational support for Member States.

Concerning the establishment of a National CIRT, coordination with the Member States from Africa, Central East Europe and Asia Pacific is underway with the Administrations, to finalize the process and organize the necessary resource mobilization to move to the operational phase.