Session 2 of ITU Open Forum, 2nd Internet Governance Forum
Rio de Janeiro, Brazil
12 November 2007
Can we win the war against cyber-threats?
The role of standardization in cybersecurity
Ladies and Gentlemen,
It is an honour and a pleasure for me to speak here today on behalf of the
Telecommunication Standardization Sector of the ITU.
Two years ago this month, in Tunis in November 2005, ITU was entrusted by
the World Summit on the Information Society with the task of coordinating
multi-stakeholder implementation of the WSIS outcomes for action line C5, on
building confidence and trust in the use of ICTs.
One year ago this week, in Antalya in November 2006, I was fortunate enough
to become part of the new ITU management team that was elected to help carry
out this task under the leadership of Dr. Hamadoun Toure. ITU has targeted
cybersecurity as one of the priority areas for coordinated action among the
Sectors and the Membership.
Now, here in Rio, at this Open Forum on cybersecurity, we have the chance to
join the dialogue with other stakeholders on how to win the war against
In the last year, we have seen the nature of the global threat to
cybersecurity move to a new level of intensity:
- We have seen cybersecurity attacks elevated to the level of warfare, with
attacks against basic government infrastructure in several countries;
- The percentage of email which now constitutes spam has risen above
three-quarters, and spam is increasingly being used as a vehicle for
viruses, fraud and phishing attacks;
- In August, the storm botnet compromised an estimated 1.8 million computers
For this reason, it is important that those parts of the international
community that seek to defend the safety and security of the world’s ICT
networks should also step up their efforts to a new level of intensity.
An important part of this process is standardization work, to ensure that
common standards for network security are adopted as widely as possible. Not
only will harmonization of standards increase the level of security, it will
also reduce the costs of building secure systems.
ITU is a unique global forum for ICT standards-setting, which brings
together some 191 Member States and more than 700 private Sector Members and
Associates. Within ITU-T, it is Study Group 17 which has the lead
responsibility for telecommunication security. This involves maintaining
overall security frameworks as well as project management activities
including the coordination, assignment and prioritization of actions that
lead to timely security Recommendations.
There are now literally hundreds of ITU-T Recommendations on security, or
which have security implications. In particular:
- The X.500 series of Recommendations on directory services and
authentication, including the well-known X.509 Recommendation which lies
behind public key infrastructure (PKI) encryption;
- The X.800 series on Security Architecture framework;
- The X.1000 series on Telecommunication Security; and
- The new Y.2700 series on security for Next-Generation Networks.
Ongoing ITU-T work on security is now looking into areas like telebiometrics,
security for home networks and security for mobiles. ITU is also working
with other standards development organizations to maintain an ICT Security
Roadmap, to help coordinate the work among the different agencies.
One particularly urgent area of work is in combatting identity theft, which
was identified in an ITU survey as the biggest fear preventing users from
placing more trust in online networks. In December 2006, ITU-T established a
Focus Group to look at the management of digital identities and the
development of common global needs for interoperability. The Focus Group
held six meetings and completed its work in September 2007 and will report
its work to Study Group 17. This is an excellent illustration of how quickly
ITU-T can react to the changing security threats.
In conclusion, standardization is a key building block in constructing a
global culture of cybersecurity. We can and will win the war against
cyber-threats. We will do so by building on the work of the thousands of
dedicated individuals—from governments, the private sector and civil
society—who come together, in organizations like ITU, to develop security
standards and guidelines for best practice. The work is not glamorous, or
high profile, but it is nonetheless essential for our common digital future.