Budapest, Hungary, 05 October 2012
As the Internet becomes more and more an essential element in our lives, cybersecurity is an issue that concerns all of us.
Charged by ITU’s membership – a public-private partnership of 193 governments and several hundred private sector companies, academia, civil society, and other regional and international governmental and non-governmental organisations - Cybersecurity has become a major focus of ITU in recent years.
So I would like to take this opportunity to tell you what ITU is contributing in this area.
By bringing together all stakeholders, with such initiatives as the Global Cybersecurity Agenda, ITU offers a unique global platform to address this increasing threat.
The World Summit on the Information Society assigned to ITU the responsibility of facilitating the “building of confidence and security in the use of information and communication technologies”.
And, at ITU’s Plenipotentiary Conference in 2010, ITU’s role in the field of cybersecurity was further strengthened.
Improving security is now one of our top priorities. It is a major factor in the design of future networks, and this is where ITU’s standardization work is particularly important.
It is one of the main elements of the Global Cybersecurity Agenda which was launched in 2007, by ITU’s Secretary-General Hamadoun Touré, and which has attracted the support and recognition of government leaders and security experts around the world.
Its physical home is our partner organization called IMPACT in Cyberjaya, Malaysia. IMPACT has a Global Response Centre that provides ITU Member States with access to specialised tools and systems that enables authorised cyber-experts in different countries to pool their resources and collaborate with each other remotely, so as to respond immediately to cyber-threats. It acts as a ‘one-stop’ coordination and response centre for countries during emergencies, enabling swift identification and the sharing of available resources across borders.
144 countries already profit from this service and we invite other countries to take advantage of it. I believe it is very much in line with the UK Foreign Secretary’s call for international hotlines to be set up to help tackle emergencies.
ITU has also developed toolkits on cybersecurity to assist its Members, especially developing countries, and runs a series of workshops and tutorials for capacity building around the world, addressing technical, legal, policy and strategic issues.
ITU is also leading joint actions to further strengthen cybersecurity within the UN system.
But there are no superpowers in cyberspace.
No one organization is big enough to go it alone in this vital area of cybersecurity. Collaboration and coordination is all important to avoid duplication of effort and to pool our resources to fight these attacks. This is quite a challenge in itself, which is why this session is very welcome.
ITU is very keen to collaborate with all other relevant organizations, and to coordinate our work so that together we share and promote the best practices that will bring confidence and security in the use of ICTs to all the citizens of the world.
Because in a connected world we are as strong as our weakest link.
We can only achieve strong global solutions through a global framework that promotes – for example – the trusted sharing of information and expertise, more effective early warning systems to mitigate cyber risks, and increase resilience to these attacks.
The effective creation of CIRTS (Computer Incident Response Teams) is key to this.
CIRTs identify, defend, respond, and manage cyber threats, and enhance security in cyberspace.
ITU, in partnership with IMPACT, conducts CIRT readiness assessments which assesses the ability of a country to establish a CIRT. So far, more than 45 countries have been assessed by ITU-IMPACT and we are providing assistance in establishing their national CIRTs.
In our experience we have found that the secret to establishing a successful CIRT is to start small and grow gradually. Big investment is less important than commitment from decision makers.
In the spirit of collaboration ITU, along with CTO, UNODC, INTERPOL, ICANN, the Council of Europe, and others, is providing support to the Commonwealth Cybercrime Initiative, mandated by Commonwealth Heads of Government, in particular to help Commonwealth countries establish CIRTs, and assist them in the elaboration of cybercrime legislation and cybersecurity strategies.
Within the framework of the Commonwealth Cybercrime Working Group, mandated by the Commonwealth Law Ministers, ITU is providing an information sharing platform (or share point), where partners share resources, inform each other of planned events, activities and initiatives. It acts as a repository of good practices, and a place to log the experiences of countries and organizations that are part of this effort. The intention is to make sure we are all aware of each other’s efforts, avoid duplication, and share our resources.
I would like to extend an invitation to all organizations present here to make use of this platform.
Ladies and gentlemen, I cannot close without mentioning the World Conference on International Telecommunications (WCIT), something that has already been mentioned several times at this conference.
WCIT will amend the only truly global treaty on international telecommunications, known as the International Telecommunication Regulations (ITRs). This treaty has not been revised for 24 years, and at that time security was not the major concern it is today, so the treaty does not include any explicit provisions on security, although reference to avoiding technical harm was quickly added in light of the Morris worm, or Internet worm, of 2 November 1988. 178 countries are bound to this treaty.
So some specific proposals related to security, in particular references to countermeasures against spam, and the need for all countries to collaborate to improve security, have been submitted for inclusion in the treaty.
Also, in the preparations for the conference there has been a lot of discussion on whether there is a need to reflect in the treaty the balance between implementing measures for security, and the need to protect privacy and freedom of expression. Although this is already provided for in the ITU Constitution, some consider it might be desirable to repeat it in this treaty.
It is very much hoped that this new treaty will further the efforts that are being made to make cyberspace a safer place for everyone.