1. The Problem: Users’ Confidence in the Use of ICTs is declining
The transformation of societies into information societies, made possible by
the integration of Information and Communication Technologies (ICTs) within
every sphere of human activity, makes individuals, organizations and countries
increasingly dependent on globally networked infrastructures. Unfortunately,
accompanying this greater dependency on information and communication
infrastructure, there is also growing and more sophisticated misuse of ICTs for
malicious and criminal purposes in many different guises — from direct attacks
on physical infrastructures, identity theft, financial fraud, invasion of
privacy to virus attacks, spam and online child pornography. We are all affected
by the cybersecurity choices of others. For example, the majority of spam today
is sent through hundreds of thousands of home user computers that have been
taken over by spammers. Therefore, the weakest links in the global Internet have
the potential to affect and wreak damage throughout the entire global ICT
infrastructure.
2. This Problem is Growing: Cyber-Threats are Intensifying
Cybersecurity is growing in importance to countries and stakeholders around
the world due to several reasons, including:
- Inherited Architecture of the Internet: the Internet began as a
closed network with a limited number of trusted users, meaning that
authentication was not an issue. The original design philosophy of the
Internet is now several “generations” behind the latest technological
challenges (consider, for example, the issue with inherited architecture
posed by the ‘millennium bug’). The challenge now is how to replace or
modify the inherited architecture of the Internet to build a safe and secure
modern information and communication infrastructure.
- Anonymity Online: the lack of user authentication on the Internet
means that it is easy to be anonymous and/or to falsify identity information
in order to act without fear of reprisal (although conversely, anonymity may
be one way in which users may feel more protected, by not giving away
personal information and guarding against invasions of privacy).
- Society’s Growing Dependency on ICTs: modern lifestyles are
increasingly dependent on ICTs at work and at home, in the storage,
processing and transmission of electronic data for everything from bank
accounts and financial assets to health records. In some countries, the
Internet has become such a vital part of society that it is often difficult
to remember how people functioned without it. Loss of connectivity, data or
information and/or the ability to communicate, can have profound economic
and societal consequences. Few organizations have the capabilities to
prevent, respond to, and recover from incidents.
3. Global Challenges in Cybersecurity
The following selection of current and emerging issues emphasizes the need for
close collaboration between all stakeholders (this selection is not exhaustive).
3.1 Loopholes in Current Legal Frameworks
Cyber-criminals are increasingly exploiting vulnerabilities and loopholes
in national and regional legislation. There is clear evidence that some are
shifting their operations to countries where appropriate and enforceable
laws are not yet in place and are now using these locations as a base from
which to launch attacks, even on countries that have criminalized the misuse
of ICTs.
Almost all national legislation is designed to be enforceable in
well-defined jurisdictions, whether these are national, subregional or
regional. However, such attempts cannot provide a comprehensive solution to
the global nature of the legal challenges faced today. Some laws in place
today may even shift the problem of enforcement from one country to another,
because in today’s borderless information society, cyber-criminals can act
across multiple territories and jurisdictions. The challenges posed by
global networks such as the Internet can only be effectively addressed on a
global scale. A global legal framework is therefore needed to provide a
sound basis from which to combat the misuse of ICTs and to ensure effective
enforcement.
3.2 Absence of Appropriate Organizational Structures
In many countries, the absence of national institutional structures to
respond to incidents is a significant problem in responding to
cyber-attacks. Some countries and regions have put in place structures for
watch, warning and incident response and have established mechanisms to
coordinate responses and minimize the impact of cyber-attacks on users.
Cyber-attacks are not limited to any specific country or region, as
viruses, worms, and other malicious software can spread rapidly via email to
users located in any part of the globe. Swift and close coordination among
responsible agencies is vital at the national, regional and global levels to
provide for a rapid response to limit the harmful effects of cyber-attacks.
Some initiatives have been launched to enhance communication among
organizational structures at the national and regional levels in order to
coordinate emergency response, but more needs to be done.
3.3 The need for Global Solutions
Experience to date with globally interconnected information networks has
made it painfully clear that the challenges to cybersecurity cannot be
effectively addressed by individual nations alone or even groups of
industrialized countries.
Cyber-criminals are not bound to geographical locations and countries
cannot close their borders to incoming cyber-threats. This means that time
and geography are no longer barriers to where and when cyber-attacks are
launched or where potential victims are located. Attempts to try and resolve
these challenges at the national or regional levels have so far proved
insufficient.
At the international level, greater coordination and more linkages are
needed between all stakeholders. Given the urgency of tackling the
challenges to cybersecurity, there is a need for simple, pragmatic steps
towards international cooperation, with increased capacity-building to
promote cybersecurity based on national experiences and country-specific
needs. An inclusive dialogue is needed, involving all stakeholders and
international organizations that have a role and expertise in cybersecurity-related
issues. A global culture of cybersecurity is needed, while building trust
amongst the stakeholders is needed for security to be improved worldwide.
4. Policy dialogue on national, regional and international strategies
The outcome documents from the two phases of the World Summit on the
Information Society (WSIS) emphasize that building confidence and security in
the use of ICTs is a necessary pillar for building a global information society.
Through its activities in standardization, radiocommunication, development and
policies and strategies, ITU has a long-standing track record in promoting
security in telecommunications and ICT networks and services. As a consequence,
WSIS entrusted ITU to play a leading role in the facilitation of WSIS Action
Line C5: Building Confidence and Security in the Use of ICTs.
The High-Level Segment of Council provides a forum for senior policy-makers
to deliver policy statements on their perspectives on cybersecurity, spam and
combating cybercrime. A non-exhaustive list of issues is presented here, with
the objective of facilitating their discussions at the High-Level Segment of
Council:
4.1 Possible questions to be discussed:
- What are the greatest cyber-threats currently faced in your country?
- What are the key elements to be considered in formulating a national
strategy for cybersecurity and for preventing cybercrime?
- What role should be played by governments in promoting a culture of
cybersecurity at the national, regional and international levels?
- What does your government consider to be the highest priority
activities for addressing current and emerging cyber-threats at the
national, regional and international levels?
|