ITU Regional Cybersecurity Forum for Eastern and Southern Africa
Forum Agenda
Description: At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) that are globally interconnected. This interconnectivity creates interdependencies and risks that must be managed at national, regional and international levels. At the national level, each nation should consider organizing itself to take coordinated action related to the prevention of, preparation for, response to, and recovery from cyber incidents. Such action requires coordination and cooperation among national participants, i.e., those in government, business, and other organizations, as well as individual users who develop, own, provide, manage, service and use information systems and networks.
At the regional and international level, nations with compatible approaches and interests can engage in cooperation and coordination to further common objectives through mutually beneficial activities. The formulation and implementation of a common national framework for cybersecurity and critical information infrastructure protection (CIIP) represents a first step in addressing the main challenges arising from globally interconnected ICT infrastructures.
The workshop, one in a series of regional events organized by ITU-D, is organized in response to Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity.
|
MONDAY 25 AUGUST 2008 |
|
08:00−09:00 |
Meeting Registration |
|
09:00−10:15 |
Meeting Opening and Welcome |
|
10:15−10:30 |
Coffee/Tea Break |
|
10:30−10:45 |
Adoption of Workshop Agenda and Practical Information |
|
10:45−12:00 |
Session 1: Towards a Framework for Cybersecurity and Critical Information Infrastructure Protection |
|
|
Session Description: The necessity of building confidence and security in the use of ICTs, promoting cybersecurity and protecting critical infrastructures at national levels is generally acknowledged. As national public and private actors bring their own perspective to the relevant importance of issues, in order to have a consistent approach, some countries have established cybersecurity/CIIP institutional framework structures while others have used a light-weight and non-institutional approach. This session will review, from a broad perspective, different approaches to such frameworks and their often similar components in order to provide meeting participants with a broad overview of the issues and challenges involved. The session will also present an overview of the ITU Management Framework for Organizing National Cybersecurity/CIIP Efforts and the ITU National Cybersecurity/CIIP Self Assessment Toolkit. The toolkit is intended to assist national governments in examining their existing national policies, procedures, norms, institutions, and relationships in light of national needs to enhance cybersecurity and address critical information infrastructure protection.
|
|
12:00−13:30 |
Lunch |
|
13:30−15:15 |
Session 2: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Promoting a Culture of Cybersecurity
|
|
Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 2 looks closer at the building blocks needed to successfully Promote a Culture of Cybersecurity.
|
|
15:15−15:30 |
Coffee/Tea Break |
|
15:30−17:00 |
Session 3: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Government―Industry Collaboration |
|
|
Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 3 looks closer at Government ― Industry Collaboration.
|
|
17:00−17:15 |
Daily Wrap-Up and Announcements |
|
|
|
|
|
TUESDAY 26 AUGUST 2008 |
|
09:00−10:15 |
Session 4: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Legal Foundation and Enforcement |
|
|
Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 4 looks closer at the need for Legal Foundation and Enforcement.
|
|
10:15−10:30 |
Coffee/Tea Break |
|
10:30−12:00 |
Session 5: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Incident Management Capabilities |
|
|
Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 5 looks closer at developing Incident Management Capabilities.
|
|
12:00−13:30 |
Lunch |
|
13:30−15:00 |
Session 6: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Developing a National Cybersecurity Strategy |
|
|
Session Description: Increasingly, electronic networks are being used for criminal purposes, or for objectives that can harm the integrity of critical infrastructure and create barriers for extending the benefits of ICTs. To address these threats and protect infrastructures, each country needs a comprehensive action plan that addresses technical, legal and policy issues, combined with regional and international cooperation. What issues should be considered in a national strategy for cybersecurity and critical information infrastructure protection? Which actors should be involved? Are there examples of frameworks that can be adopted? This session seeks to explore in more detail various approaches, best practices, and the key building blocks that could assist countries in establishing national strategies for cybersecurity and CIIP.
|
|
15:00−15:15 |
Coffee/Tea Break |
|
15:15−17:00 |
Session 7: Review and Discussion: Management Framework for Organizing National Cybersecurity/CIIP Efforts |
|
|
Session Description: Session 7 seeks to review and further discuss the Management Framework for Organizing National Cybersecurity/CIIP Efforts and related toolkit, identifying some of the main takeaways from the presentations on the Framework and the country case studies in preparation for the concluding meeting discussions.
|
|
17:00−17:15 |
Daily Wrap-Up and Announcements |
|
|
|
|
WORKING SESSIONS ON DEVELOPING NATIONAL AND REGIONAL CYBERSECURITY/CIIP CAPACITY
|
|
WEDNESDAY 27 AUGUST 2008 |
|
09:00−11:00 |
Working Session 1: Legal Foundation and Enforcement |
|
11:00−11:15 |
Coffee/Tea Break |
|
11:15−12:30 |
Working Session 2: Legal Foundation and Enforcement |
|
12:30−14:00 |
Lunch |
|
14:00−15:30 |
Working Session 3: Developing a National Cybersecurity Strategy |
|
15:30−15:45 |
Coffee/Tea Break |
|
15:45−16:45 |
Working Session 4: Developing a National Cybersecurity Strategy |
|
16:45−17:00 |
Daily Wrap-Up and Announcements |
|
|
|
|
THURSDAY 28 AUGUST 2008 |
|
09:00−10:30 |
Session 8: ITU National Cybersecurity/CIIP Self-Assessment Toolkit: An Exercise |
|
|
Session Description: The ITU National Cybersecurity/CIIP Self Assessment Toolkit is based on studies underway in the ITU Telecommunication Development Sector’s Study Group 1, Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity. The toolkit is intended to assist national governments in examining their existing national policies, procedures, norms, institutions, and relationships in light of national needs to enhance cybersecurity and address critical information infrastructure protection.
The toolkit is directed to leadership at the policy and management levels of government, and addresses the policies, institutional framework, and relationships for cybersecurity.
It seeks to produce a snapshot of the current state of national
policy and capability, of institutions and institutional
relationships, of personnel and expertise, of relationships among
government entities and relationships among government, industry and
other private sector entities. Sessions 8 and 9 of the workshop aim
to take countries through the self-assessment process to help
governments understand their existing efforts, identify gaps that
require attention, and prioritize national efforts.
|
|
10:30−10:45 |
Coffee/Tea Break |
|
10:45−12:30 |
Session 9: ITU National Cybersecurity/CIIP Self-Assessment Toolkit: An Exercise (Continued) |
|
|
Session Description: See above.
|
|
12:30−14:00 |
Lunch |
|
14:00−15:30 |
Session 10: Regional and International Cooperation |
|
|
Session Description: Regional and international
cooperation is extremely important in fostering national efforts and
in facilitating interactions and exchanges. The challenges posed by
cyber attacks and cybercrime are global and far reaching, and can
only be addressed through a coherent strategy within a framework of
international cooperation, taking into account the roles of
different stakeholders and existing initiatives. As
moderator/facilitator for WSIS Action Line C5 dedicated to building
confidence and security in the use of ICTs, ITU is discussing with
key stakeholders on how to best respond in a coordinated manner, to
the growing cybersecurity challenges. The ITU Global Cybersecurity
Agenda (GCA) provides a platform for dialogue aimed at leveraging
existing initiatives, working with recognized sources of expertise
in a framework for international cooperation, to elaborate global
strategies for enhancing confidence and security in the information
society. This session will review the ongoing initiatives to further
the discussions, in order to identify possible next steps and
concrete actions to foster and promote international cooperation for
enhanced cybersecurity.
|
|
15:30−15:45 |
Coffee/Tea Break |
|
15:45−16:45 |
Session 11: Wrap-Up, Recommendations and the Way Forward |
|
|
Session Description: The final session of the meeting reports some of the main findings from the event, and aims to elaborate recommendations for future activities in order to enhance cybersecurity and increase protection of critical information infrastructures in the region.
|
|
16:45−17:00 |
Meeting Closing |
|
|
|
 |
|
