Measuring Cyber-readiness; promoting capacity building & knowledge sharing high on the agenda
Cyber criminals are often one step ahead of the field in the battle to prevent misuse of information and communication technology.
In response, more must be done as challenges to cybersecurity such as denial-of-service attacks, identity and data theft, and destructive malware proliferate and become more sophisticated
This was the message delivered by ITU Telecommunication Development Bureau Director Brahima Sanou, at a special event on "Measuring Countries' Readiness and Building Capacity on Cybersecurity" held on the sidelines of ITU's sixth quadrennial World Telecommunications Development Conference (WTDC10-14) currently in session in Dubai in the United Arab Emirates (see the
archive of the event's webcast).
The fact that around one million images of child pornography are currently on the Internet and that another 50,000 are being uploaded each year was cited as a flagrant example of online abuse.
To better gauge the extent of the misuse of ICT for criminal or other purposes in individual countries and their capacity to counter cyber threats, the ITU has launched a
Global Cybersecurity Index (GCI). The GCI, developed in partnership with
ABI Research, was presented at a special event in Dubai on 2 April and reinforces ITU's commitment to strengthening cybersecurity by awareness raising and building capacity at the national level, particularly in developing countries. It will compare national cybersecurity levels and indicate countries with the most successful cybersecurity strategies for possible replication elsewhere.
Chief of the ITU Telecommunication Development Bureau Policies and Strategies Department, Mr Mario Maniewicz, noted that, based on questionnaire responses received by ITU Member States, a first analysis of cybersecurity development in the Arab region has been compiled and one for the Africa region is under way. The objective is to release an initial global cybersecurity status report by the end of the year.
ITU Cybersecurity Coordinator Marco Obiso noted that 44 countries had so far responded to the questionnaire.
Chief Strategy Officer Aaron Boyd from ABI Research, who are partnering with ITU to develop the GCI, stated that it would represent a "strong reflection of the commitment that each country makes to cybersecurity."
"Greater connectivity also brings with it greater risk," said ITU Secretary-General Hamadoun I. Touré. "As our physical and cyber worlds overlap, there is an increased need to address the related challenges of ensuring security, human rights, rule of law, good governance and economic development."
"In embracing technological progress, cybersecurity must form an integral and indivisible part of that process," said Mr Sanou. "Unfortunately, cybersecurity is not yet at the core of many national and industrial technology strategies. Countries need to be aware of their current capability level in cybersecurity and at the same time identify areas where cybersecurity needs to be enhanced."
"The GCI is a measure of each nation state's level of cybersecurity development. The GCI aims at providing the right motivation to countries to intensify their efforts in cybersecurity. The ultimate goal is to help foster a global culture of cybersecurity and its integration at the core of information and communication technologies."
"With the support of each and every Member States, we wish to successfully bring to you a global status of cybersecurity for 2014. I invite you to support the GCI and give us any feedback that will help us improve it by effectively sharing your experience, opinion and concerns. Help us provide you with a tool that will grow, that will help you gauge your cybersecurity readiness and take informed decisions to foster a global culture of cybersecurity," he concluded.
In line with its Global Cybersecurity Agenda, ITU has consolidated its global alliance with governments, academia and industry experts to promote a culture of cybersecurity awareness and a holistic approach to counter misuses of online networks. Altogether 149 ITU Member States have joined this global effort, cooperating among themselves and with ITU at the global level.
In collaboration with United Nations agencies, other international organizations and the European Commission and, in association with IMPACT — the International Multilateral Partnership against Cyber Threats — ITU is helping countries around the world to address cybersecurity challenges.
Some 50 countries have received assistance to assess their national cybersecurity preparedness and response capabilities since WTDC 10. Five countries (Burkina Faso, Kenya, Montenegro, Uganda and Zambia) have received support to set up a national computer incident response team (CIRT) and eight others (Barbados, Burundi, Côte d'Ivoire, Cyprus, Ghana, Jamaica, Tanzania, and Trinidad and Tobago) are currently receiving assistance to do likewise.
The cybersecurity needs of the least developed countries are the focus of particular attention under ITU's "Enhancing Cybersecurity in Least Developed Countries" project.
Member States also have access to ITU's comprehensive cybersecurity-related research, analysis and training materials.
A persistent concern is the lack of harmonization of cybersecurity-related legislations, which makes it difficult to investigate and prosecute offenders if the categorization of cybercrimes and other misuses of cyberspace differ from country to country. In response, ITU is familiarizing selected countries with legal aspects of cybersecurity and helping to harmonize their legal frameworks with a view to making them applicable and interoperable across the world. An example of ITU's cybercrime legislation resources is its publication (in six languages) entitled
"Understanding Cybercrime: A Guide for Developing Countries and the Toolkit for Cybercrime Legislation".
IMPACT's centre in Malaysia is playing a key role in supporting ITU's mandate on cybersecurity to introduce technical measures to combat new and evolving cyber-threats. Designed to be the world's foremost cyber-threat information resource, the centre has been set up to deploy an early warning system and to provide timely guidance to countries under cyberattack. It also plans to link designated ICT experts in ITU Member States to a dedicated communication network that will enable them to mount a collaborative response to cybersecurity emergencies at short notice.
To help bridge this gap, ITU has organized cybersecurity training workshops for more than 2700 government officials, regulators and public and private sector ICT professionals around the world. The workshops cover various technical and policy aspects of ICT security, including malware analysis and investigation, securing networks and forensics. Some of these workshops feature mock trials to test participants' knowledge of national legal frameworks applicable to cyber-related offences. In addition, several national CIRTs (computer incident response teams) around the world have taken part in ITU-IMPACT cyber drills conducted within simulated cyberattack scenarios to test their communication and response capabilities in emergencies; a training simulation exercise that has proven to be extremely popular and effective.
Social Media Round-up
Photos and videos
Aaron Boyd, Chief Strategy Officer, ABI Research
and Marco Obiso, Cybersecurity Coordinator, ITU