Building Confidence and Security in the Use of ICTs: Cybersecurity
Ladies and gentlemen,
As you are no doubt aware, one of the outcomes of the World Summit on the Information Society, held in 2003 and 2005, was that heads of state and heads of government assigned ITU with the responsibility to facilitate the ‘building of confidence and security in the use of ICTs’.
When I was elected Secretary-General, this became one of my top three priorities, and three years ago, in May 2007, we launched the Global Cybersecurity Agenda. The aim was to provide a framework within which the international response to growing cybersecurity challenges can be coordinated and addressed.
Three years on, this is more relevant and important than ever. Indeed, cybersecurity has become one of the most important issues of our times.
This is because today, ICTs underpin just about all human activity. ICTs are essential in the management and provision of water supplies and power networks. Food distribution chains. Aircraft and shipping. Navigation systems. Industrial processes and supply chains. Healthcare. Public transportation. Government services. Education. Emergency services.
The problem is that global ICT networks were never designed to be especially secure. They are the result of massive organic growth in what were originally just research projects run by academics.
Today ICT networks connect the world and many of the world’s people together – without paying much attention to international borders or even international law.
Cybercriminals exploit the loopholes, so that hardly a day goes by without new cybersecurity issues hitting the headlines. Governments, corporations, individuals and even children are attacked.
By many estimates, cybercrime is now a business which exceeds a trillion dollars a year in online fraud, identity theft, and lost intellectual property. Not to mention the damage inflicted on the innocent, the vulnerable, and our children.
The dollar figures are colossal, almost incomprehensible numbers, but they affect millions of people around the world – as well as countless businesses and the governments of every nation.
Unfortunately, this is just the beginning.
If networks were to fail, or to be brought down, on a massive scale, in any country in the world, there would be civil unrest within days. As food runs short, power fails and water becomes unsafe to drink, stocks of medicines run low and fuel supplies dry up.
There would be sheer panic across whole populations as people found they no longer had easy access to information. This isn’t just about social networking sites like twitter and facebook, but about mass media – think of television and radio stations, phone networks, email and the internet.
We are more vulnerable than we realize. And this is why the next major war is just as likely to start in cyberspace as it is to start on the ground, or at sea, or in the air.
And that is why cybersecurity needs to be at the top of the agenda.
We have made a great deal of progress in the three years since we launched the Global Cybersecurity Agenda. Indeed, since its launch, the GCA has attracted the support and recognition of leaders and cybersecurity experts around the world.
His Excellency Blaise Compaoré, President of Burkina Faso, and His Excellency Dr Óscar Arias Sánchez, Former President of the Republic of Costa Rica and Nobel Peace Laureate, are both Patrons of the GCA.
We established a High-Level Expert Group (HLEG) on cybersecurity in 2007, comprising over 100 renowned experts from a broad range of backgrounds, sectors and geographical regions. These experts worked tirelessly to formulate proposals on strategies to curb cyberthreats, combat cybercrime and promote cybersecurity.
Its outputs include the Report of the Chairman of the HLEG, which is a set of strategic proposals, and the HLEG Global Strategic Report, which summarizes the work of the HLEG seeking to promote cybersecurity around the world.
Within the framework of the GCA, and in order to assist Member States, ITU has developed the ITU Cybercrime Legislation Resources package, which now includes:
The ITU Toolkit for Cybercrime Legislation, which aims to provide countries with sample legislative language and reference material that can assist in the establishment of harmonized cybercrime laws and procedural rules.
Understanding Cybercrime: A Guide for Developing Countries, which is a resource to help developing countries better understand the national and international implications of growing cyber-threats, assess the requirements against the existing national regional and international legal instruments, and assist countries in establishing a sound legal foundation.
The ITU National Cybersecurity/CIIP Self-Assessment Tool, which is an initiative to assist ITU Member States who wish to elaborate on their national approach for cybersecurity and critical information infrastructure protection (CIIP).
The ITU Botnet Mitigation Toolkit, which is being developed to assist developing countries in particular to deal with the growing problem of botnets.
The ITU Study on the Financial Aspects of Network Security: Malware and Spam, which is a review of some of the current leading thinking and research on the economics of cybersecurity.
The ITU Toolkit for Promoting a Culture of Cybersecurity, which is designed to provide guidelines on how to raise awareness on cybersecurity issues for small and medium sized enterprises, consumers and end-users in developing countries.
In September 2008, ITU and the International Multilateral Partnership Against Cyber Threats, IMPACT, signed an MoU to make early warning services and real-time cyberthreat analysis available to interested ITU Member States.
IMPACT’s global headquarters in Cyberjaya, Malaysia, then became the physical home of the GCA in March 2009. Malaysia’s Prime Minister, Dato’ Sri Mohd Najib bin Tun Abdul Razak, received the World Telecommunication and Information Society Day Award this year for his work in strengthening global cybersecurity.
The award was accepted on Monday on his behalf in Shanghai, at Expo 10, by the Malaysian Minister of Information, Communication and Culture, Dr Rais Yatim.
In October last year, the ITU–IMPACT partnership showcased its state-of-the-art global early response system at ITU Telecom World 2009.
Today, the partnership provides our membership with the expertise, facilities and resources to effectively address the world’s most serious cyberthreats, and almost 60 countries are already participating in this partnership.
We also launched, within the framework of the GCA, the Child Online Protection (COP) initiative, which was established by ITU and other stakeholders as an international collaborative network for action to promote the online protection of children worldwide.
In collaboration with UN agencies and other organizations, we published four sets of guidelines last October, for parents, guardians and educators; policy makers; industry; and children themselves. These guidelines are available in the six UN languages and I encourage you to take advantage of the hard work which has gone into producing them.
Cybersecurity is a global issue, which can only be solved with global solutions. It affects each and every person who now relies on the internet for the provision of services of any kind – from water and power to food and healthcare.
It is time for us to be proactive, and to develop the right policies to address this crucial issue, and to be able to deliver assistance to member states.
ITU, as the sole Facilitator of WSIS Action Line C5, is in a unique position to promote international cooperation through the GCA, in collaboration with UN and industry partners.
Only by joining forces and bringing together our strategic capabilities will we be able to address current and emerging cyberthreats.
Given the scale of these threats – and the phenomenal harm that can be caused by even a single cyberattack – we can no longer rely on ad hoc solutions, or hope to survive by strengthening our defences after cyberattacks have occurred.
I am pleased to be able to report that there is strong support for this approach within the UN Chief Executives Board, which recently asked ITU to lead joint actions to further strengthen cybersecurity within the UN system.
Increasingly we are also seeing support for global cooperation on the international stage. Just last month, 400 government and business leaders from 40 countries attended the first Worldwide Cybersecurity Summit in Dallas, Texas.
Tom Ridge, who previously headed the US Department of Homeland Security, spoke at the summit, saying: “It’s time to build the trust and establish the laws, treaties and agreements for the cyberspace domain in this 21st century. Collective action is and must be our goal.”
His words were echoed by many other speakers, including Kamlesh Bajaj, Chief Executive of India’s Data Security Council, who said “Real cybersecurity will only happen if there's cooperation. No government can fight cybercrime in isolation.”
I think we can all agree with those statements.
So let me encourage us all to work together to set international policies and standards, making sure that all stakeholders are involved in the process.