Ladies and gentlemen,
In 2011, we live in a society where almost everyone is connected to information and communication technologies (ICTs) – with close to six billion mobile cellular subscriptions worldwide and more than 2.3 billion people online.
Most countries are now critically dependent on technology for commerce, finance, healthcare, emergency services, transportation, food distribution and more.
As the global reliance on ICTs has dramatically grown, hwoever, so too has the vulnerability to attacks on ICT networks through cyberspace.
Securing cyberspace is therefore one of the most critical issues to be tackled on a global scale.
As ICT technologies bind whole populations to complex and intertwined systems, substantial attacks against national infrastructure and Internet services go far beyond the failure of a single system and often directly affect everything connected to ICTs.
The vulnerabilities of ICTs are a lure to terrorism and espionage, and have now shaped a new concept of a war, cyberwar, which is fought in cyberspace, using and targeting ICTs.
Unfortunately, it is no longer surprising news that the ICT network systems of major national agencies, companies, entities or even international organizations have been victims of cyberattacks.
In order to secure cyberspace, the world is therefore faced with the challenging task of developing harmonized and comprehensive strategies and technical standards at the global level and implementing them with the various relevant national, regional, and international stakeholders in each country.
Ladies and gentlemen,
A key role assigned to ITU, following the World Summit on the Information Society (WSIS) in 2003 and 2005, is to build confidence and security in the use of ICTs.
Indeed, security considerations have been an integral part of ITU’s work ever since its creation in 1865. In 1988, ITU specified certain fundamental characteristics of public key encryption, the scheme which is widely used today to secure Internet transactions using the secure HTTP protocol.
In 2008, ITU adopted a definition of cybersecurity, and ITU has also adopted numerous other security standards including measures to combat spam.
To further carry out its mandate, ITU launched the Global Cybersecurity Agenda (GCA) as a framework for international cooperation in 2007, with the aim of enhancing confidence and security in the information society.
In 2008, ITU and the International Multilateral Partnership Against Cyber Threats (IMPACT) formally entered into a Memorandum of Understanding, after which IMPACT’s state-of-the-art headquarters in Cyberjaya, Malaysia, became the physical home of the GCA.
ITU-IMPACT is the first truly global multi-stakeholder and public–private alliance against cyberthreats.
It provides ITU’s 193 Member States and others with the expertise, facilities and resources to effectively enhance the global community’s capability and capacity to prevent, defend against and respond to cyberthreats.
As of today, 137 countries are already formally part of the ITU-IMPACT operational deployment.
ITU recently joined forces with the United Nations Offices on Drugs and Crime (UNODC) to collaborate globally on assisting Member States in mitigating the risks posed by cybercrime.
ITU also launched the Child Online Protection (COP) initiative in November 2008 as a multi-stakeholder effort within the GCA framework aimed at bringing together partners from all sectors of the global community to ensure safe and secure online experience for children everywhere.
ITU is also participating in the Commonwealth Internet Governance Forum’s Cyber Crime Initiative which the Commonwealth Heads of Government Meeting supported last week.
Let me now turn to the International Telecommunication Regulations, the ITRs.
Back in 1988, ITU’s Member States agreed to a new version of an international treaty whose origins can be traced right back to 1865, and the first international cooperation in telecommunications.
That treaty, the ITRs, opened the door for the telecommunications revolution of the 1990s – and notably privatization, liberalization, and new technologies such as mobile and the Internet.
There is broad consensus that the time has come to update and revise that treaty so we can take the next step and open the door for the broadband revolution of the next decade.
We need updated ITRs because without them we risk the collapse of the ICT networks which underpin all communications technologies, including the Internet.
It has been proposed that new provisions on security could be included in the revised ITRs. Although it is not widely known, the current ITRs contain what is possibly the first cybersecurity treaty provision, which states that measures should be taken to avoid “technical harm” in certain types of international connections.
That provision was agreed in order to address the the Morris worm, or Internet worm of November 1988, which was one of the first computer worms distributed via the Internet, and was certainly the first worm to gain significant mainstream media attention.
The proposals to revise the ITRs will be discussed at the World Conference on International Telecommunications, WCIT, which will take place in December 2012 in Dubai.
It seems to me that WCIT will be a golden opportunity to state explicitly, in an international treaty, some of the key principles that are emerging during our discussions here in London.
For example, it would seem reasonable to expect that all countries could agree to the basic principle of cooperation regarding cybersecurity matters in areas such as the development of technical standards and acceptable legal norms regarding territorial jurisdiction and sovereign responsibility.
Equally it would not seem controversial to harmonize national laws and practices in the areas of the investigation and prosecution of cybercrime; data preservation, protection, and privacy; and approaches for network defence and response to cyberattacks.
Ladies and gentlemen,
We must keep telecommunications open for business to sustain growth in the massively inter-dependent global digital economy. The Internet is borderless and global, so some issues – such as cybersecurity – are too big for individual nations to address alone.
Cybersecurity is a global issue requiring global solutions. Given the scale of the threats, we can no longer rely on ad hoc solutions, or hope to survive by strengthening our defences after a cyberattack has occurred. So we must work together to set international policies and standards, and to build an international framework for cybersecurity.
The World Conference on International Telecommunications next year provides a unique opportunity to embody in a treaty those key high-level principles that can help us reach our common goal of building an international framework for cybersecurity.
I invite you all to consider how best to contribute to the process of revising the ITRs, and I look forward to your contributions to this important work.