Distinguished members of ECOSOC,
Ladies and gentlemen,
It is a great pleasure to be here with you in New York this morning for this special ECOSOC event on cybersecurity.
I thank the President for mentioning the World Summit on the Information Society, and the leading role that was given to ITU for Action Line C5 on building confidence and security in the use of information and communication technologies (ICTs).
Cybersecurity is clearly one of the greatest issues of our times, and it will continue to grow in importance.
In 2011, we live in a society where almost everyone is connected to information and communication technologies (ICTs) – with close to six billion mobile cellular subscriptions worldwide and more than 2.3 billion people online.
Those numbers will continue to grow and it is our duty to ensure that ICTs are safe and secure so that the 7 billion people of this planet can reap the benefits of ICTs.
Already, cybercrime takes a huge toll on the global economy:
- In online fraud, identity theft, and lost intellectual property;
- On governments, companies and individuals around the world;
- Inflicting damage on the innocent, on the vulnerable, and on our children.
Unfortunately, this is just the beginning.
Today, everything depends on information and communication technologies, and particularly on the networks which underpin them.
Emergency services. Water supplies and power networks. Food distribution chains. Aircraft and shipping. Navigation systems. Industrial processes and supply chains. Healthcare. Public transportation. Government services. Our children’s education.
In the 21st century, we are absolutely dependent on ICT networks.
And if these networks were to fail – or to be brought down – on a massive scale, in any country in the world, there would be civil unrest within days – as food runs short. As power fails and water becomes unsafe to drink. As stocks of medicines run low and fuel supplies dry up.
There would be sheer panic across whole populations as people found they no longer had easy access to information.
Never mind twitter and facebook – think of television and radio stations, phone networks, email and the internet.
We are all vulnerable.
We see this all the time – with major incidents all over the world, in both the public and private sectors – from the rapid spread of critical viruses, to cyberattacks using worms such as Stuxnet, to the loss of thousands of files from an organization as secure as the Pentagon, back in March this year.
That loss prompted US Deputy Defence Secretary William Lynn to say that “In the 21st Century, bits and bytes can be as threatening as bullets and bombs.”
Cybersecurity is not just an issue for developed countries.
If we look at the top attack destination countries we see not only the most developed nations, but also emerging economies too, such as Brazil, China, India and Russia.
Interestingly, we are now also seeing the same thing in terms of the top attack source countries, with cybercriminals attacking emerging economies from both within and outside.
According to the Cisco Global Threat Report, the number of unique instances of malware attacking companies more than doubled between the first and second quarters of this year.
By many estimates, cybercrime is now a business which exceeds a trillion dollars a year
A recent survey from the Ponemon Institute found that the average annual cost of cybercrime among large-sized organizations reached US$ 5.9 million in 2011, up 56% from 2010 – and that it took an average of 18 days to resolve a cyberattack.
The number of stolen devices being used to perpetrate crimes is rising so fast, that one major South American company started a programme to block stolen cell phones in Mexico.
In a world where it is now predicted that there will be 50 billion connected devices by 2020, securing cyberspace has therefore become one of the most critical issues to be tackled on a global scale.
In order to secure cyberspace, the world is faced with the challenging task of developing harmonized and comprehensive strategies and technical standards at the global level, and implementing them with stakeholders regionally and nationally.
Ladies and gentlemen,
At ITU, we have taken steps to do our part to secure this planet, and to make sure that all the world’s citizens are able to reap the great benefits of ICTs. We have been working actively in this area, as part of our mandate to build confidence and security in the use of ICTs.
In 2007, we launched the Global Cybersecurity Agenda (GCA) as a framework for international cooperation.
In 2008, recognizing the very real dangers being faced by children online, ITU's Child Online Protection Initiative, COP, was launched as a multi-stakeholder coalition to protect children. I am pleased to have former FCC Commissioner Deborah Tate with me today, as ITU has named her our special envoy for Child on-line protection.
We are also so very proud to have Costa Rican President Laura Chinchilla as our Patron for the initiative. The President has done so much in Costa Rica on this issue that it should be a model to other countries.
Also in 2008, ITU joined forces with the International Multilateral Partnership Against Cyber Threats (IMPACT), in Malaysia.
The ITU-IMPACT Alliance is the first truly global multi-stakeholder and public–private alliance against cyberthreats.
Through this alliance we are supporting our Member States and others by offering expertise, facilities and resources to effectively enhance the global community’s capability and capacity to prevent, defend against and respond to cyber threats. As of today, 137 countries are already formally part of the ITU-IMPACT operational deployment.
My colleague, Mr. Mohd Noor Amin, is the Chairman of the Management Board of IMPACT will provide more information on the alliance later. Ms. Cheri F. McGuire, who is with us on our panel today from Symantec Corporation is also partnering with us.
Cybersecurity is an area that effects each and every agency and programme of the United Nations. As we push forward the UN agenda for peace and safety, we must remember that cybersecurity is part of this. The UN system’s collective engagement in addressing cyberthreats is critical and it is essential that we “Deliver this as One”.
The UN Chief Executives Board has given high priority to cybersecurity and tasked ITU as a lead agency to coordinate within the UN systems High Level Committees on Management and Programming and report back to CEB.
We are working together with UNODC and focal points of all CEB members to examine the policy and technology issues of cybersecurity and cybercrime.
We have also officially entered into a partnership with UNODC to assist our member states in mitigating the risks posed by cybersecurity and cybercrime through activities such as joint workshops, capacity building, and knowledge sharing.
Cyberspace will increasingly be the target of cybercriminals, cyberterrorists and cyberwarriors.
We may not have seen a real cyberwar yet – but we are certainly witnessing a virtual, undeclared war in cyberspace; a war between the undeniable good which comes from being part of the global knowledge society, and the evil which could ruin it all.
Cybersecurity is a global issue, which can only be solved with global solutions. It affects each and every one of our organizations, and each and every person who now relies on the internet for the provision of services of any kind – from water and power to food and healthcare.
There is common agreement on this matter, and I would like to quote the UK Foreign Secretary, William Hague, who was at the London Cyberspace Conference in early November.
As Hague said at that event, “There is a real hunger to address the need for a safe and secure future in cyberspace. All governments need to respond to this demand; not just some governments, in some regions of the world, but across the globe.” Hague also stressed that the international debate on cyberspace now needed to be accelerated – and I think we can see that happening here in New York, just as we did there, in London.
This is why I am firmly convinced that we must work together to set international policies and standards, and to build an international framework for cybersecurity.
We need to build on the strengths of the Council of Europe’s Budapest Convention – because while it is good, it is far from global, as it has only been ratified by 30 countries.
Local and regional approaches are of course a good thing – but in the borderless, region-less online world, nothing can ever have the power of a global approach.
Let me repeat the essential truth that cybersecurity is a global issue requiring global solutions.
Let me stress 5 key principles that I published in a report, The Quest for Cyberpeace:
- Every government should commit itself to giving its people access to communications.
- Every government should commit itself to protecting its people in cyberspace.
- Every country should commit itself not to harbour terrorists / criminals in its own territories.
- Every country should commit itself not to be the first to launch a cyber attack on other countries.
- Every country should commit itself to collaborate with others within an international framework of co-operation to ensure that there is peace in cyberspace.
I have been having many discussions with different stakeholders around the world, and there seems to be some consensus for creating a set of norms and principles agreed at the global level for governing cyberspace.
I would be very interested to hear your opinions on this – and I look forward to fruitful discussions this morning.