International Telecommunication Union   ITU
عربي  |  中文  |  Espa˝ol  |  Franšais  |  Русский
 
Site Map Contact us Print Version
 
Home : ITU-T Home
 
   
 Session 2 of ITU Open Forum, 2nd Internet Governance Forum
 Rio de Janeiro, Brazil  12 November 2007 

Can we win the war against cyber-threats?
The role of standardization in cybersecurity

Excellencies,
Ladies and Gentlemen,


It is an honour and a pleasure for me to speak here today on behalf of the Telecommunication Standardization Sector of the ITU.

Two years ago this month, in Tunis in November 2005, ITU was entrusted by the World Summit on the Information Society with the task of coordinating multi-stakeholder implementation of the WSIS outcomes for action line C5, on building confidence and trust in the use of ICTs.

One year ago this week, in Antalya in November 2006, I was fortunate enough to become part of the new ITU management team that was elected to help carry out this task under the leadership of Dr. Hamadoun Toure. ITU has targeted cybersecurity as one of the priority areas for coordinated action among the Sectors and the Membership.

Now, here in Rio, at this Open Forum on cybersecurity, we have the chance to join the dialogue with other stakeholders on how to win the war against cyber-threats.

In the last year, we have seen the nature of the global threat to cybersecurity move to a new level of intensity:
  • We have seen cybersecurity attacks elevated to the level of warfare, with attacks against basic government infrastructure in several countries;
  • The percentage of email which now constitutes spam has risen above three-quarters, and spam is increasingly being used as a vehicle for viruses, fraud and phishing attacks;
  • In August, the storm botnet compromised an estimated 1.8 million computers worldwide.

For this reason, it is important that those parts of the international community that seek to defend the safety and security of the world’s ICT networks should also step up their efforts to a new level of intensity.

An important part of this process is standardization work, to ensure that common standards for network security are adopted as widely as possible. Not only will harmonization of standards increase the level of security, it will also reduce the costs of building secure systems.

ITU is a unique global forum for ICT standards-setting, which brings together some 191 Member States and more than 700 private Sector Members and Associates. Within ITU-T, it is Study Group 17 which has the lead responsibility for telecommunication security. This involves maintaining overall security frameworks as well as project management activities including the coordination, assignment and prioritization of actions that lead to timely security Recommendations.

There are now literally hundreds of ITU-T Recommendations on security, or which have security implications. In particular:
  • The X.500 series of Recommendations on directory services and authentication, including the well-known X.509 Recommendation which lies behind public key infrastructure (PKI) encryption;
  • The X.800 series on Security Architecture framework;
  • The X.1000 series on Telecommunication Security; and
  • The new Y.2700 series on security for Next-Generation Networks.

Ongoing ITU-T work on security is now looking into areas like telebiometrics, security for home networks and security for mobiles. ITU is also working with other standards development organizations to maintain an ICT Security Roadmap, to help coordinate the work among the different agencies.

One particularly urgent area of work is in combatting identity theft, which was identified in an ITU survey as the biggest fear preventing users from placing more trust in online networks. In December 2006, ITU-T established a Focus Group to look at the management of digital identities and the development of common global needs for interoperability. The Focus Group held six meetings and completed its work in September 2007 and will report its work to Study Group 17. This is an excellent illustration of how quickly ITU-T can react to the changing security threats.

In conclusion, standardization is a key building block in constructing a global culture of cybersecurity. We can and will win the war against cyber-threats. We will do so by building on the work of the thousands of dedicated individuals—from governments, the private sector and civil society—who come together, in organizations like ITU, to develop security standards and guidelines for best practice. The work is not glamorous, or high profile, but it is nonetheless essential for our common digital future.

Thank you.

 

Top - Feedback - Contact Us -  Copyright ę ITU 2008 All Rights Reserved
Contact for this page : TSB EDH
Updated : 2008-03-28