International Telecommunication Union   ITU
عربي  |  中文  |  Español  |  Français  |  Русский
 
Site Map Contact us Print Version
 
Home : About the ITU : ITU Corporate Annual Reort
 
   

Strategic Goal Four: Safeguarding Networks

 

Strategic Goal Four

Developing tools, based on contributions from the membership, to promote end-user confidence, and to safeguard the efficiency, security, integrity and interoperability of networks.1

1 Information and communication network efficiency and security cover threats including, inter alia, spam, cybercrime, viruses, worms and denial-of-service attacks.

As a result of the WSIS, ITU was appointed sole facilitator of Action Line C5, “Building confidence and security in the use of ICTs”. The rapid growth of ICT networks has created new opportunities for criminals to exploit online vulnerabilities and attack countries' critical infrastructure. The future growth and potential of the online information society are in danger from growing cyberthreats. Furthermore, cyberspace is borderless: cyberattacks can inflict immeasurable damage in different countries in a matter of minutes.

Governments, firms and individuals are now more reliant on the information stored and transmitted over advanced communication networks. The costs associated with cyberattacks are significant - in lost revenue, loss of sensitive data, damage to equipment, denial-of-service attacks and network outages. Analysts have estimated that the total cost of online fraud will amount to some USD 105 billion in 2007, outstripping illegal drug sales worldwide for the first time .

ITU is working hard to address the emerging challenges associated with the information society. ITU's standardization work directly addresses security vulnerabilities in networks and transmission capabilities.

Standards guarantee established levels of performance and security in technologies, systems and products, boosting confidence among providers and end users. ITU's security standards cover a broad range of areas, including security principles for IMT (3G) networks , IP multimedia systems, NGN, network security requirements, network attacks, theft and denial of service, theft of identity, eavesdropping, telebiometrics for authentication and security of emergency telecommunications.

“Standardization is a key building block in constructing a global culture of cybersecurity. We can and will win the war against cyberthreats. We will do so by building on the work of the thousands of dedicated individuals - from governments, the private sector and civil society - who come together, in organizations like ITU, to develop security standards and guidelines for best practices.”

Malcolm Johnson

Malcolm Johnson
Director of the ITU Telecommunication Standardization Bureau

 
One key example is X.509, an ITU-developed Recommendation for electronic authentication over public networks and one of the most important security standards in use today. The elements defined in X.509 are used in public-key certificates for securing connections between web-browsers and servers, agreeing encryption keys and providing digital signatures. ITU's work on electronic authentication has enabled jurisdictions around the world to recognize e-mail as legal documents and to accord electronic signatures legal status.

ITU's Standardization Sector (ITU-T) is uniquely positioned to bring together the private sector and governments to coordinate work in the harmonization of security policy and security standards worldwide.

ITU works closely with other standards development organizations (SDOs) in setting standards for security and monitoring security work and hosts a regular joint security workshop coordinating work between other SDOs. In conjunction with the European Network and Information Security Agency and the Network and Information Security Steering Group, ITU publishes an ICT Security Standards Roadmap highlighting existing standards, current work and future standards among key SDOs to inform users about standards that are available and under development.

ITU study groups are engaged in many security-related activities and reviewing security questions is a key part of their work. Study Group 17 is the lead study group on Communications System Security and has approved over one hundred Recommendations on security for communications, mainly in the X series of Recommendations (by itself or jointly with ISO/IEC). It regularly publishes a Security Manual on “Security in telecommunications and information technology” as an overview of security issues and ITU-T Recommendations for secure telecommunications (the third manual was issued in August 2006), as well as a Security Compendium containing a catalogue of approved ITU-T Recommendations related to telecommunication Security.

ITU is also engaged in direct technical assistance to build capacity in Member States, particularly developing countries, to coordinate national strategies and protect network infrastructures from threats. National frameworks and strategies are needed that allow stakeholders to use all the technical, legal and regulatory tools available in promoting a culture of cybersecurity. While some countries are advanced in national cybersecurity and Critical Information Infrastructure Protection (CIIP) strategies, others are only just beginning to consider the necessary measures to undertake. ITU-D is working on a Framework for Organizing a National Approach to Cybersecurity that identifies the main policy objectives of national strategies for cybersecurity in:

  1. Developing a national cybersecurity strategy;

  2. Establishing national government-industry collaboration;

  3. Creating a national incident management capability;

  4. Deterring cybercrime; and

  5. Promoting a national culture of cybersecurity.

ITU is working with many partners from the public and private sectors on specific cybersecurity/ CIIP development initiatives to assist developing countries in awareness and self-assessment, building capacity and expanding watch, warning and incident response capabilities. ITU promotes the sharing of experience between and amongst developing and developed countries through its online platforms, an active workshop programme and toolkits.

Cybersecurity

ITU is working to establish an international framework to promote cybersecurity - the Global Cybersecurity Agenda (www.itu.int/gca/). An expert panel has been appointed to advise the ITU Secretary-General on the complex issues surrounding cybersecurity. The High-Level Experts Group consists of world-renowned specialists in cybersecurity from a broad range of backgrounds in policy-making, government, academia and the private sector. This group will formulate proposals to the ITU Secretary-General on long-term strategies to promote cybersecurity in five key work areas (Figure 3).

The work area on “Legal measures” is developing advice on how to deal with criminal activities committed over ICT networks through legislation in an internationally compatible manner. “Technical and procedural measures” focuses on key measures for addressing vulnerabilities in software products, including accreditation schemes, protocols and standards. “Organizational structures” is developing a framework and response strategies for the prevention, detection, response to and crisis management of cyberattacks, including the protection of critical information infrastructure systems. “Capacity building” focuses on elaborating strategies for capacity-building mechanisms to raise awareness, transfer know-how and boost cybersecurity on the national policy agenda. Finally, “International cooperation” is developing a strategy for international cooperation, dialogue and coordination in dealing with cyberthreats.

 

 

Top - Feedback - Contact Us -  Copyright © ITU 2008 All Rights Reserved
Contact for this page : External Affairs and Corporate Communication Division
Updated : 2008-04-07