Building Confidence and Security in the Use of ICTs
Ladies and gentlemen,
As you know, one of the outcomes of the World Summit on the Information Society, held in 2003 and 2005, was that heads of state and heads of government assigned ITU with the responsibility to facilitate the ‘building of confidence and security in the use of ICTs’.
When I was elected Secretary-General, this became one of my top three priorities, and exactly three years ago, in May 2007, we launched the Global Cybersecurity Agenda. The aim was to provide a framework within which the international response to growing cybersecurity challenges can be coordinated and addressed.
Is this still relevant and important, three years on?
It is more relevant and more important than ever.
Indeed, cybersecurity has become one of the most important issues of our times.
This is because today, ICTs underpin just about all human activity. ICTs are essential in the management and provision of water supplies and power networks. Food distribution chains. Aircraft and shipping. Navigation systems. Industrial processes and supply chains. Healthcare. Public transportation. Government services. Education. Emergency services.
The problem is that global ICT networks were never designed to be especially secure. They are the result of massive organic growth in what were originally just research projects run by academics.
Today ICT networks connect the world and many of the world’s people together – without paying much attention to international borders or even international law.
Ladies and gentlemen,
Cybercriminals exploit the loopholes.
So that hardly a day goes by without new cybersecurity issues hitting the headlines. Governments are attacked. Corporations are attacked. Individuals are attacked. Children are attacked.
By many estimates, cybercrime is now a business which exceeds a trillion dollars a year in online fraud, identity theft, and lost intellectual property. Not to mention the damage inflicted on the innocent, the vulnerable, and our children.
The dollar figures are colossal, almost incomprehensible numbers, but they affect millions of people around the world – as well as countless businesses and the governments of every nation.
Unfortunately, this is just the beginning.
If networks were to fail, or to be brought down, on a massive scale, in any country in the world, there would be civil unrest within days. As food runs short. As power fails and water becomes unsafe to drink. As stocks of medicines run low and fuel supplies dry up.
There would be sheer panic across whole populations as people found they no longer had easy access to information.
Never mind twitter and facebook – think of television and radio stations, phone networks, email and the internet.
We are more vulnerable than we realize.
This is why the next major war is just as likely to start in cyberspace as it is to start on the ground, or at sea, or in the air.
And that is why cybersecurity needs to be at the top of the agenda.
We have made a great deal of progress in the three years since we launched the Global Cybersecurity Agenda.
Indeed, since its launch, the GCA has attracted the support and recognition of leaders and cybersecurity experts around the world.
His Excellency Blaise Compaoré, President of Burkina Faso, and His Excellency Dr Óscar Arias Sánchez, Former President of the Republic of Costa Rica and Nobel Peace Laureate, are both Patrons of the GCA.
We established a High-Level Expert Group (HLEG) on cybersecurity in 2007, comprising over 100 renowned experts from a broad range of backgrounds, sectors and geographical regions. These experts worked tirelessly to formulate proposals on strategies to curb cyberthreats, combat cybercrime and promote cybersecurity.
Its outputs include the Report of the Chairman of the HLEG, which is a set of strategic proposals, and the HLEG Global Strategic Report, which summarizes the work of the HLEG seeking to promote cybersecurity around the world.
In September 2008, ITU and the International Multilateral Partnership Against Cyber Threats, IMPACT, signed an MoU to make early warning services and real-time cyberthreat analysis available to interested ITU Member States.
IMPACT’s global headquarters in Cyberjaya, Malaysia, then became the physical home of the GCA in March 2009. Malaysia’s Prime Minister, Dato’ Sri Mohd Najib bin Tun Abdul Razak, will receive the World Telecommunication and Information Society Day Award next week in Shanghai for his work in strengthening global cybersecurity.
In October last year, the ITU–IMPACT partnership showcased its state-of-the-art global early response system at ITU Telecom World 2009.
Today, the partnership provides our membership with the expertise, facilities and resources to effectively address the world’s most serious cyberthreats, and almost 60 countries are already participating in this partnership.
We also launched, within the framework of the GCA, the Child Online Protection (COP) initiative, which was established by ITU and other stakeholders as an international collaborative network for action to promote the online protection of children worldwide.
ITU recognizes that many other agencies are also making active efforts in this area – including several of the agencies present here today.
Ladies and gentlemen,
Cybersecurity is a global issue, which can only be solved with global solutions. It affects each and every person who now relies on the internet for the provision of services of any kind – from water and power to food and healthcare.
It is time for us to be proactive, and to develop the right policies to address this crucial issue, and to be able to deliver assistance to member states.
ITU, as the sole Facilitator of WSIS Action Line C5, is in a unique position to promote international cooperation through the GCA, in collaboration with UN and industry partners.
Only by joining forces and bringing together our strategic capabilities will we be able to address current and emerging cyberthreats.
Given the scale of these threats – and the phenomenal harm that can be caused by even a single cyberattack – we can no longer rely on ad hoc solutions, or hope to survive by strengthening our defences after cyberattacks have occurred.
I am pleased to be able to report that there is strong support for this approach within the UN Chief Executives Board, which recently asked ITU to lead joint actions to further strengthen cybersecurity within the UN system.
Increasingly we are also seeing support for global cooperation on the international stage. Just last week, 400 government and business leaders from 40 countries attended the first Worldwide Cybersecurity Summit in Dallas, Texas.
Tom Ridge, who previously headed the US Department of Homeland Security, spoke at the summit, saying: “It’s time to build the trust and establish the laws, treaties and agreements for the cyberspace domain in this 21st century. Collective action is and must be our goal.”
His words were echoed by many other speakers, including Kamlesh Bajaj, Chief Executive of India’s Data Security Council, who said “Real cybersecurity will only happen if there's cooperation. No government can fight cybercrime in isolation.”
I think we can all agree with those statements.
So let’s work together to set international policies and standards. And let’s make sure that all stakeholders are involved in the process.