Howard Schmidt, Former Special Assistant to the President and Cybersecurity Coordinator
Hamadoun Touré, Secretary-General, International Telecommunication Union
Eugene Kaspersky, CEO of Kaspersky Lab
Kapil Sibal, Ministry of Communications and Information Technology, India
Ambassador Gabor Iklody, Assistant SG on Emerging Security Challenges, NATO
Ladies and gentlemen,
I am honoured to be part of this very important panel and to be able to address one of the most important topics of our time – which is the issue of cyber warfare and the criminal use of information and communication technologies, ICTs.
We all recognize the importance of ICTs in the 21st century. ICTs are part of everything we do in the modern world, and will continue to play an ever-increasing role in social and economic development as we move forward.
Indeed, all countries – at some level or other – are now using ICTs to improve education, healthcare, food distribution, transportation, commerce, finance, government services, and much more.
Unfortunately, however, this indispensable new infrastructure also brings new challenges for preserving peace and stability.
We have all seen the growing number of vulnerabilities and threats in cyberspace which have direct effects in the real world.
In 2011, we saw 5.5 billion malicious attacks that were successfully blocked, with the greatest increases being in polymorphic malware attacks within web attack kits and email borne malware.
Let me give you a quick overview on some general trends and figures related to security issues:
- High-profile attacks are continuing to hit major organizations in 2012. Since more and more corporate data is stored or accessed by devices that are not fully controlled by IT administrators, the incidence of data loss – attributable to the use of improperly secured personal devices – is rising rapidly.
- Cybercriminals are becoming more skilled both at penetrating organizations and at avoiding detection by IT professionals and law enforcement agencies. Moreover, they are also now so adept at social engineering that the effort to target companies individually – big or small – is becoming less costly.
- Moreover, hacker groups are increasingly trying to profit by abusing legitimate online revenue sources such as online advertising. This will surely complicate the work of both law enforcement and anti-fraud watchdogs hired by banks and other financial agencies.
- In addition, as smartphone usage continues to grow worldwide, mobile platforms will become even more tempting targets for cybercriminals. With the mobile platform, threats today come in the form of malicious apps; moving forward, we expect cybercriminals to go after legitimate apps as well.
- Sadly, furthermore, the new generation of young social networkers have a different attitude towards protecting and sharing information, and they are more likely to reveal personal data to other parties through social networking sites. This will increase the likelihood of their becoming cyber-victims.
- Finally, it is also worth noting that in the near future, cybercriminals will not be the only ones using these attacks. As the effectiveness of advanced threats becomes more obvious, other parties such as activist groups, corporations, and governments will find themselves tempted to use similar cybercrime tools and tactics to achieve their goals.
In conclusion, we are living today in a world where a new concept of war – cyberwar, launched in cyberspace using ICTs – is affecting individuals, businesses and even governments.
Ladies and gentleman,
We need to provide a solution; we need to provide answers.
We need to ensure cyberpeace.
In this regard, when somebody asks me if there is a need for government regulation and standardization, I can honestly say that – if it is done with a sufficiently light touch – then yes, there really is a need for government regulation and standardization.
But I also add that it is extremely important to balance security with the respect of human rights such as privacy and the freedom of expression.
So how do we ensure cyberpeace? What strategies should we adopt?
As part of the solution, to achieve cyber resilience – and therefore ensure cyberpeace – international cooperation is required. Different stakeholders, states, companies, academia, civil society, and international organizations will need to collaborate with each other and actively participate in joint international efforts.
Cyberspace is global, and so building cyber resilience and ensuring cyberpeace will require global efforts – ideally in the form of an international framework.
To this end, the implementation of international norms and principles – such as ensuring Internet access, promoting security in cyberspace, protection of fundamental rights (cyber freedom and the fundamental rights of users), state involvement and international cooperation – will lead to a sustainable and proactive culture of cybersecurity, building on national, regional and international efforts.
I am strongly convinced that promoting access to ICTs and ensuring the right to communicate needs to go hand in hand with ensuring cyberpeace and minimizing the illicit use of ICTs.
Over many years now, as part of the effort to establish a harmonized and coordinated approach at the international level, ITU has been using the Global Cybersecurity Agenda to advocate for coordinated multi-stakeholder action at the global level – and we are working with members and partners to find better ways of ensuring that cyberspace is safe and peaceful.
A good example of this strategy is the establishment of the ITU-IMPACT initiative – the first truly global multi-stakeholder and public–private alliance against cyberthreats.
As of today, more than 144 countries are already part of the initiative, and I would like to encourage any remaining nations not already with us to come on board.
I am also working to encourage the private sector to come on board as well, along with intergovernmental agencies and non-governmental bodies.
Together, at the international level, we need to cooperate in the development and maintenance of secure technologies that protect users – particularly children and young people – and which together help us to build global cyber resilience.
Let me therefore invite you to continue doing what we all do best – which is to work together, listening to all the different stakeholders, and building a better future for all the world’s people.
We have the potential for a brighter future than any generation in human history.
So let’s seize that opportunity and create a world – a cyber world – where that future can be realized!