International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Wednesday, April 16, 2008

A presentation on "e-Environment Opportunities for ITU " has been posted online today on the ITU-D ICT Applications and Cybersecurity Division (CYB) website. The presentation was made by Robert Shaw, head of the ICT Applications and Cybersecurity division, for the ICTs and Climate Change Symposium in Kyoto, Japan on 15-16 April 2008. It discusses definitions, the ITU report on "ICTs for e-Environment", background and objectives, environmental issues, trends of ICTs for environment, the effects of ICTs, e-Environment and sustainable development, implications for developing countries, and opportunities for ITU. More relevant information on the ITU activities on climate change website and on the CYB e-Environment website.

Wednesday, April 16, 2008 8:20:36 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, April 14, 2008

As an input to its activities on economics of network and information security (NIS), ENISA has commissioned a study identifying barriers and incentives for NIS. The overarching aim of the report is to analyse the economic impact of NIS, to assess added value and contribution to the smooth functioning of the Internal Market for e-Communication. In February 2008, the report entitled "Security Economics and the Internal Market" by Prof. Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore was submitted to ENISA, aiming:

  • To identify existing economic barriers for addressing Network and Information Security (NIS) issues in a single, open and competitive Internal Market for e-Communication;
  • To assess these barriers’ potential impact on the smooth functioning of the Internal Market for e-Communication;
  • To identify and analyse incentives (regulatory, non-regulatory, technical, educational, etc.) for lifting these barriers identified to cause distortion of the smooth functioning of the Internal Market for e-Communication;
  • And to provide a range of recommendations to relevant actors (decision-makers both at EU and national level, industry, academia, etc.) for policy options, possible follow-up actions and initiatives.

The report identifies relevant groups of stakeholders and assesses their role and responsibilities. In addition, the report offers explanatory and where possible causal linkages.

More information on the ENISA website.
Read the full report here.

Monday, April 14, 2008 3:33:46 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The European Network and Information Security Agency, ENISA's report gives an overview on information security certifications of products, people and processes. It addresses common concepts, definitions, certifications of different types, as well as clarifies the mandatory and legal background for some certifications. It also explores the analogies and disparities between a number of existing certification schemes. Finally, it analyses current trends in certification and offers six recommendations to improve network and information security in Europe through a wider use of security certification.

Recommendations:

  1. ENISA recommends that organisations should certify their information security management systems, choose certified security products where possible and encourage information security employees to choose
    one or more appropriate personal information security certifications.
  2. Starting from ISO 27001 as the standard of choice for the certification of information security management systems in private and public organisations, the development of the complementary standards of the
    27000 family should be encouraged. However, their value must be verified on a case-by-case basis.
    The case of small or medium-sized organisations deserves particular attention.
  3. Special attention should be paid to areas where Common Criteria evaluation has become mandatory, and to the impact on the market.
    The EC should reconsider the feasibility and benefits of extending the intergovernmental Mutual Recognition Agreement on Common Criteria to all Member States as a shared tool contributing to a more secure e-Communication market.
    Government, vendors and security experts should analyse ways of building solid business models for product certification according to various schemes.
    Framework Programme 7 should consider sponsoring research to analyse the economics of the certification of products.
  4. The European Institutions should consider the feasibility of strengthening accreditation schemes related to people certification in IT security as well as a more systematic reference to recognised standards.
    The European Institutions should also encourage the development of people certification adapted to different types of professional use of IT systems, from the enduser level (Computer Driving Licence) to the most professional (e.g. IT security officer).
  5. The European Institutions should consider ways to reinforce bridges between education (schools and universities) and the certification process (private training and certificate providers) throughout a professional career.
  6. At a more individual level, ENISA recommends that the decision to seek a certificate should be based on the following questions: Do I want information security to be my certified profession? Do I want to prove that I can work in information security? Do I want to prove expertise in a very specific area of security? Or do I just want to prove IT skills which include aspects of security?

For more information, please refer to the full report.

Monday, April 14, 2008 1:44:30 PM (W. Europe Standard Time, UTC+01:00)  #     | 

A presentation by Martin J. Levy of Tier1 Research and Josh Snowhorn of Terremark on Datacenter Power Trends - NANOG 42 Power Panel at the NANOG 42 meeting discusses colocation centre problems, how these came about, what is expected to happen, and how colo is considered the bottleneck of the Internet. As cited from the Gartner Research in 2006, "some organizations are in the unenviable position of paying more to power and cool a rack a servers than they paid for the rack and the servers themselves. Clearly things are moving out of balance." Case studies and possible solutions to these datacenter problems are also included in the presentation.

Read the full presentation here.
More on the NANOG 42 meeting here.

Monday, April 14, 2008 1:16:19 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, April 11, 2008

The first ITU Symposium on ICTs and Climate Change (15-16 April in Kyoto, Japan, co-organized and hosted by the Ministry of Internal Affairs and Communications (MIC) will be available as a webinar in order that remote participants can see and hear presentations from wherever they are in the world. Provision will also be made for remote participants to submit comments and questions. Space is limited.

Reserve your seat for

- Day 1 at https://www2.gotomeeting.com/register/862573173.

- Day 2 at https://www2.gotomeeting.com/register/540961252.

A live audio stream will be provided at: mms://stream.icckyoto.ne.jp/ict/.

Full Programme (times in JST, London -8, New York -13)

ITU Background Paper on ICTs and Climate Change

System requirements

Friday, April 11, 2008 1:29:57 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, April 09, 2008

In Al Gore's new slideshow on climate change posted yesterday on TED.com, he presents evidence that climate change may could be even worse than scientists were recently predicting, and challenges us to act with a sense of "generational mission" - the kind of feeling that brought forth the civil rights movement - to set it right.

Mr. Gore was awarded the Nobel Peace Prize for 2007, along with the Intergovernmental Panel on Climate Change (IPCC), "for their efforts to build up and disseminate greater knowledge about man-made climate change, and to lay the foundations for the measures that are needed to counteract such change."

Wednesday, April 09, 2008 8:28:46 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, April 07, 2008

A recent paper of Andrew Odlyzko of the Digital Technology Center at the University of Minnesota discusses “the Internet’s role in aggravating and alleviating the energy crises”. The article points out that, since the days of the horse-drawn coach and the penny post in England, people have believed that travel and communications would be substitutes, i.e. an increase in one would result in a decrease in the other. Nevertheless, history has shown that both travel and communications have grown in parallel with economic growth and have been complementing and stimulating each other. This has happened despite – and even because of – technological developments in each of these two areas.

One could conclude from past experience, therefore, that the Internet – as a new form of communication – would cause a continued increase in travel, leading to ever-greater consumption of energy. The article highlights, however, that there is a key difference between the current situation and the past: the very high and growing price of energy. Because of this unique context, the article concludes that the Internet - and greater broadband deployment - may actually bring about a reduction in energy consumption by helping to reduce the need for travel as well as by bringing about other efficiencies.

To read the full article, click here.

Monday, April 07, 2008 5:17:50 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, April 03, 2008

A report by the UK media regulator, Ofcom, has reported that 'millions of children are using social networking websites intended for older users.'

Despite the minimum age requirement  of between 13 and 14 yrs set by Bebo, MySpace and Facebook, the report found that more than 25% of UK 8-11yr olds have a social network profile.

The Home Office is due to disclose a set of guidelines for such sites involving best practice, security and privacy on Friday 4th April.

This report by Ofcom showed a "significant difference" between the perception of risks in using social network sites between parents and children.

James Thicket, director of market research, Ofcom stated, "While people are aware of the status of their profile, there is a general lack of awareness of the issues attached to them around privacy and safety". He also added, "People put aside concerns about privacy and safety believing they have been taken care of by someone else".

The lack of child protection in such social network sites is further demonstrated by the following Ofcom figures:

41% of children allowed their profile to be viewed by anyone -

16% of parents did not know if their child's profile could be seen by strangers -

The vulnerability of children (especially younger ones) to online predators cannot be ignored and Mr Thickett goes on to say,

"Children are using these sites with a far lower awareness of some of the issues and rules that these sites entail".

Ofcom  plan to monitor and review the new guidelines agreed by social networks and the Home Office.

Dr Rachel O'Connell, Bebo chief safety officer, said, "We're working with the regulatory bodies. It's critical to our business that we adhere to these guidelines".

For more information see BBC and The Guardian.

Thursday, April 03, 2008 10:27:01 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, April 01, 2008

The impact of human activities on the environment – and on climate change in particular – are issues of growing concern confronting life on Earth. Concurrently, information and communication technologies (ICTs) are being rapidly deployed around the world. Although ICTs require energy resources, they also offer opportunities to monitor, learn about and protect the environment, reduce carbon emissions, and mitigate climate change.

A scoping study on using ICTs for environmental matters has been commissioned last year by the ITU's Telecommunication Development Bureau. This ICTs for e-Environment report approaches the issues from a development perspective and is based on consultations with key actors and extensive online research. It documents current activities and initiatives and makes a set of recommendations for strengthening the capacity of developing countries to make beneficial use of ICTs to mitigate and adapt to environmental change, including climate change.

The draft report and an overview presentation are available at ITU's ICT Applications and Cybersecurity Division dealing with e-Environment matters.

For more information about ITU activities relating to climate change, click here.

Tuesday, April 01, 2008 11:30:17 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The International Telecommunication Union (ITU) issued a press release on the upcoming Symposia on ICTs and Climate Change that aim at reaching a better understanding of the relationship between information and communication technologies (ICTs) and climate change.

The International Symposia on ICTs and Climate Change, featuring high-level experts drawn from industry, government and academia as well as key writers on the topic, will seek to provide guidance to the global ICT sector on how to monitor, mitigate and adapt to climate change. The meetings will take place April 15−16 in Kyoto, Japan, co-organized and hosted by the Ministry of Internal Affairs and Communications (MIC); and 17−18 June 2008 in London, UK, supported and hosted by BT. These events will be available as a webinar so that remote participants can see and hear presentations from wherever they are in the world. Provision will also be made for remote participants to submit comments and questions.

It is estimated that ICTs contribute around 2-2.5 per cent of global greenhouse gas emissions. These percentages are likely to grow as ICTs become more widely available. At the same time ICTs can be a major linchpin in the effort to combat climate change. ICTs have the potential to serve as a potent, cross-cutting tool to limit and ultimately reduce greenhouse gas emissions across economic and social sectors, in particular by the introduction and development of more energy efficient devices, applications and networks, as well as their environmentally sound disposal. ICT can therefore be a key enabler to a low carbon economy while also promoting growth.

In December 2007, ITU representatives made a statement at the UN Conference on Climate Change in Bali, Indonesia, illustrating how ICTs are both a cause and a potential cure for climate change. UN Secretary-General, Ban Ki-moon previously underlined ITU’s role in meeting one of the most important challenges facing mankind. "ITU is one of the very important stakeholders in the area of climate change," he said. Dr Hamadoun I. Touré, ITU Secretary-General, said, "Unequivocal and authoritative scientific evidence, recent climate events and an increased public awareness have elevated climate change to the highest rungs of the political agenda — globally, regionally and at national levels. Climate change is a concern for all of humanity and requires efforts on the part of all sectors of society, including the ICT sector. ITU is committed to achieving climate neutrality and to working with our membership to promote the use of ICTs as an effective tool to combat climate change."

For more information on all ITU activities related to climate change, including e-environment, click here.

Tuesday, April 01, 2008 11:01:00 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, March 27, 2008

The Guardian newspaper reports that the first UK national strategy for child Internet safety (which includes a streamlined system for classifying  computer games and codes of practice for social networking sites) will be set out today, 27th March 2008.

This comprehensive and detailed report  carried out by child psyhologist, Dr Tanya Byron, showed that parents are worried about online predators and children are worried by cyber bullying.

One of her proposals includes new codes of practice to regulate social networking sites, such as Bebo and Facebook, and standards on privacy and harmful content.

Dr Byron states that these social networking sites should be asked to agree on codes of practice on harmful content and calls for an independent body to evaluate whether the site is meeting such standards.

She is planning to say that the online explosion has rendered parents as "...the Internet immigrants" and children as "...the Internet natives.." leaving parents lagging behind as as result of the fast past of technology.

Dr Byron is reported to have said yesterday, "Ironically parents' concerns about risk and safety of their children in the streets and outside has driven a generation of children indoors, where it could be argued they are being exposed to a whole new set of risks".

Suprisingly, the British Board of  Film Classification system fails to provide any indication about the actual content of computer games or to explain their age rating.

Full article here.

Thursday, March 27, 2008 8:29:12 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, March 26, 2008

The UK government is pledging action to protect teachers from bullying through mobile phones and the Internet.

During the NASUWT Annual Conference 24-27 March 2008, Secretary of State for Children, Schools and Families, Ed Balls, is expected to address union members declaring that the cyber bullying of teachers should be regarded as a "serious disciplinary offence".

A "cyber bullying taskforce" for England will be responsible for preventing teachers from being targeted by pupils.

NASUWT leaders (the largest UK wide teachers' union) want mobile phones classified as "potentially offensive weapons" as well as a ban on online allegations.  Until now the government taskforce  has focused on the effects of cyber bullying on children, but with the increasing numbers of teachers being harassed online, the situation for teachers can no longer be ignored.

The cyber bullying taskforce includes representatives from anti-bullying and children's charities, the Internet industry and teachers' groups.

The general secretary of NASUWT, Chris Keates, stated, "I am pleased the government accepts that we need strong policies in schools which focus on teachers. Increasingly, teachers' lives are being destroyed by what pupils are doing" and added, "pupils who once had to content themselves with exhibiting poor behaviour when face to face with the teacher, now increasingly use technology to support their indiscipline. Relying on industry self-regulation to resolve this problem is the equivalent of waiting for hell to freeze over".

Read full article at BBC website.

Wednesday, March 26, 2008 8:17:23 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, March 25, 2008

Another "security lapse" has allowed unauthorised access to personal photos posted on Facebook. What makes this situation all the more worrying is that it happened after a recent upgrade to the website's privacy controls.

This incident was verified by the Associated Press after they were alerted by computer technician, Byron Ng.

Facebook spokeswoman, Brandee Barker stated, "We take privacy very seriously and continue to make enhancements to the site".

This latest lapse is yet another warning about the dangers of sharing photographs and personal information online, even when such websites attempt to assure its members that their information cannot be accessed by everyone.

Even after such warnings, increasing numbers of teenagers and young adults are still publishing personal details on the Internet.

MySpace.com, the only online social network larger than Facebook, also experienced a similar security lapse last year.

Full story at CNN website.

Tuesday, March 25, 2008 4:37:27 PM (W. Europe Standard Time, UTC+01:00)  #     | 

A blog entry by Jessica Hupp at VirtualHosting.com addresses the impact on the environment in web development and use of computer equipment in general.

It provides a sample collection of environmentally friendly applications, tools, networks and directories, web hostings, and others. The list mentions tools and resources concerning information and communication technology infrastructure, hardware, software, and so on.

For more information, click here.

Tuesday, March 25, 2008 4:17:31 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Reuters recently reports on cyber warfare, from the Cold War Soviet oil pipeline explosion to the current information security situation. "The pipeline explosion was probably the first major salvo in what has since become known as cyber warfare. The incident has been cropping up in increasingly urgent discussions in the U.S. on how to cope with attacks on military and civilian computer networks and control systems - and how and when to strike back. Air traffic control, power plants, Wall Street trading systems, banks, traffic lights and emergency responder communications could all be targets of attacks that could bring the U.S. to its knees."

According to Director of National Intelligence Michael McConnell's testimony to a Senate committee, "[the US] information infrastructure - including the Internet, telecommunications networks, computer systems and embedded processors and controllers in critical industries - increasingly is being targeted... by a growing array of state and non-state adversaries." The Pentagon adds that it detects three million attempts to infiltrate its computer networks every day. On a report of the US Government Accountability Office, an audit of 24 government agencies, including Defense and Homeland Security, had shown that "poor information security is a widespread problem with potentially devastating consequences" pertaining to the inevitable involvement of civilians with private companies owning more than 80 percent of the infrastructure.

"Unlike traditional defense categories (i.e. land, sea and air), the military capabilities required to respond to an attack on U.S. infrastructure will necessarily involve infrastructure owned and operated by the private sector," according to Jody R. Westby, CEO of Global Cyber Risk and a champion of better public-private coordination to cope with cyber attacks.

The article further discusses the importance of public-private coordination and the power of botnets in this warfare. A scenario of the damage extent and how the cyber warfare may unfold was also drawn from an interview with Westby.

Read the full article here.

Tuesday, March 25, 2008 2:15:58 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, March 19, 2008

An unexplained "security breach" at the US supermarket chain, Hannaford Bros., resulted in 1800 reported (to date) cases of fraud after about 4.2 million unique card numbers were exposed. This is reported to be one of the largest data breaches ever.

Although the supermarket chain is said to have become aware of the breach on February 27, 2008, investigators report that it actually began on December 7, 2007 and Hannaford Bros. vice president of marketing, Carol Eleazer stated that, "it wasn't contained until 10 March, 2008".

The company's president and CEO, Ronald C. Hodge stated, " We have taken aggressive steps to augment our network security capabilities. Hannaford doesn't collect, know or keep any personally identifiable customer information from transactions".

The US Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed that they are investigating this case.

Beth Givens, director of Privacy Rights Clearinghouse said that debit card holders involved in this incident were most at risk of fraud. Banks generally cover costs from fraudlent charges on credit cards but it might prove more difficult in proving fraud once a criminal has cleared out an individual's bank account.

Visa and MasterCard  state in their contracts with retailers that they do not divulge the source when a data breach occurs. Such a law  does nothing to help either the customer or the retailer in these situations.

Following criticism of the delay in notifying the public about this breach, Carol Eleazer said, " We moved with all deliberate speed to get out to customers with information that we could have confidence in..."

Read full article at CNN website.

Wednesday, March 19, 2008 4:30:52 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, March 18, 2008

Once again parents in the UK are being warned by teachers about the possible dangers to children by Internet and mobile phone misuse.

A survey of the Association of Teachers and Lecturers' members reports that more than half are aware of pupils being "cyber bullied" and 16% have been victims themselves.

Dr Mary Bousted, General Secretary of the Association of Teachers and Lecturers calls for more serious consequences and policies which might deter such behaviours. She then went on to suggest that as most cyber bullying takes place outside school hours, it might be difficult for teaching staff to take action.

What about the parental role? With parents complaining that their young children are watching pornography in the school playground on their mobile phones, it seems that the call to engage parent-teacher dialogue is not before time.

Unfortnately the situation is more complex, as Dr Bousted  points out the difficulty in  punishing children for such behaviours without the complete support of the parents, adding, "...it's not just students who can behave inappropriately through the Internet, it's parents as well".

Read full article at BBC website.

Tuesday, March 18, 2008 9:57:03 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, March 17, 2008

The Washington Post's Security Fix features an article on vishing scams reporting three recent vishing attacks and how these attacks were done. According to the article, a series of well-orchestrated wireless phone-based phishing attacks against several financial institutions took place last week illustrating how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies.

"The scams in this case took the form of a type of phishing known as "vishing," wherein cell-phone users receive a text message warning that their bank account has been closed due to suspicious activity, and that they need to call a provided phone number to reactivate the account. Victims who called the number reached an automated voice mail box that prompted callers to key in their credit card number, expiration date and PIN to verify their information (the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down)."

The article also pointed out the importance of installing the latest security updates on the Web servers as well as the use of non-obvious passwords to help mitigate these kinds of vishing attacks.

Read the full article on the Washington Post.

CYB | Cybersecurity | Malware | Spam | Mobile | Privacy
Monday, March 17, 2008 3:43:49 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Once more there is some discussion about privacy laws regarding the content of e-mails.This  time it concerns the publishing of letters reportedly sent by e-mail by an aide to the Mayor of London, Ken Livingstone. The American writer GK Chesterton is said to have argued that the best reason for leaving the country and moving to the city was to avoid everyone knowing your business.

Such a move might be laughable now, as it appears that privacy no longer exists. The author Clive James suggests,

"...every computer you sit down at, is a direct pipeline to universal publicity for any thought you dare to express..."

Indeed with the planned closure of around 3000 post offices in London, sending a letter by post may soon be a thing of the past.

Full article at BBC website.

Monday, March 17, 2008 1:10:23 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, March 14, 2008

Bill St. Arnaud writes about fiber to the home (FTTH) connections on his blog on Green IT/Broadband and Cyberinfrastructure. A presentation quoted of PriceWaterhouseCoopers and the European FTTH Council of 28 February 2008 takes into account CO2 emissions that are produced in the construction and deployment of fiber and measure them against the savings of three ICT applications in the area of telecommuting,telemedicine and home assistance. Among others, the main findings are that the environmental impact of the deployment of a typical FTTH network would be positive in less than 14 years regarding the selected services mentioned above. Additional existing or future applications would further emphasize these results.

For more information on the European FTTH Council, click here.

Friday, March 14, 2008 4:25:11 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Thorsten Holz writes about Measuring and Detecting Fast-Flux Service Networks on the Honeyblog, a weblog that deals with IT-security related stuff, honeypots/honeynets, malware and bots/botnets. Findings on a lab project focusing on fast-flux service networks (FFSNs), a mechanism used by attackers to build an overlay network on top of compromised machines, were published in a paper at NDSS'08.

The paper presents the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widely-known phenomenon in the Internet. "Through [their] measurements [they] show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, [they] developed a metric with which FFSNs can be effectively detected. " Possible mitigation strategies are also discussed in the document.

Read the full paper here.
More about the paper on Honeyblog.

Friday, March 14, 2008 10:07:14 AM (W. Europe Standard Time, UTC+01:00)  #     |