ITU

Committed to connecting the world

Speech by ITU Secretary-General, Dr Hamadoun I. Touré 
 

 
Geneva Press Club
Governance Monday: Do We Need a Global Cybersecurity Framework
   
15 July 2013, Geneva, Switzerland
 
Dear colleagues,
Ladies and gentlemen,

I would like to thank you for your invitation to this session, and let me thank the organizers in particular for this excellent initiative – cybersecurity is a subject that already affects each and every one of us, and I am very pleased to be able to discuss it with you here, at the Geneva Press Club.

In terms of global communications, we are living through the most exciting period in human history. We are on the brink of seeing as many mobile cellular subscriptions as there are people on the planet, and by the end of this year some 2.7 billion people will be using the Internet; with 2.1 billion active mobile-broadband subscriptions.

The Internet is a global resource, a basic commodity, and a valuable international platform for exchange and learning – and the word ‘cyber’ has fast become one of the commonest prefixes we hear.

The Internet offers us a vision of a world where everyone is able to fully participate in the interconnected knowledge-driven economy and society; a fully-inclusive world, where everyone can exchange ideas, access healthcare and education, innovate and sell products and services, and stay in touch with family and friends.

As cyber presence grows, however, individuals, businesses and even nations are now experiencing negative social and financial impacts from the misuse of information and communication technologies, ICTs.

The growth in cyberthreats and cybercrime is not the result of some strange epidemic, or a sudden change in human behaviour; it is simply a natural consequence of so many of the world’s people embracing the evident advantages that ICTs bring into our world.

The 2013 Internet Security Threat Report from ITU-IMPACT reveals some startling facts:
  • There was a 42% increase in targeted attacks in 2012.
  • 31% of all targeted attacks were aimed at businesses with less than 250 employees.
  • 32% of all mobile threats steal information.
  • The number of phishing sites spoofing social networking sites increased 125%.
  • Web-based attacks increased 30%.
 
Ladies and gentlemen,

Let me give you a quick overview on some general trends and figures related to security issues:
  • High-profile attacks are continuing to hit major organizations. With more and more corporate data stored or accessed by devices that are not fully controlled by IT administrators, the incidence of data loss is rising rapidly – usually attributable to the use of improperly-secured personal devices.
  • Cybercriminals are becoming more skilled – both at penetrating organizations and at avoiding detection by IT professionals and law enforcement agencies. Moreover, they are also now so adept at social engineering that the effort to target companies individually – big or small – is becoming less costly.
  • Hacker groups are increasingly trying to profit – by abusing legitimate online revenue sources such as online advertising. This will surely complicate the work of both law enforcement and anti-fraud watchdogs.
  • In addition, as smartphone usage continues to grow worldwide, mobile platforms will become ever more tempting targets for cybercriminals. With the mobile platform today, threats come in the form of malicious apps; moving forward, we expect cybercriminals to go after legitimate apps as well.
  • Their job is made easier by the new generation of young social networkers having a different attitude towards protecting and sharing information. They are more likely to reveal personal data to other parties through social networking sites, and this will increase their likelihood of becoming cyber-victims.
  • Another worrying trend is the ease with which cybercrime tools are available. The ‘crimeware-as-a service’ market place offers a multitude of customized solutions that allow even technically-unsophisticated criminals to cause maximum damage. A recent white paper by McAfee quotes a variety of available services. These include:
    • Purchasing customized email lists for spamming;
    • Exploits that take advantage of vulnerabilities;
    • Ransomware services that restrict users from conducting further activity until they pay up;
    • And the practice of renting out botnets for launching attacks – among many others.
  • It is frightening to discover that you can now hire someone to carry out a Denial of Service attack for you, for as little as two US dollars an hour!
  • Finally, it is also worth noting that in the near future, cybercriminals will not be the only ones using these tools and tactics.
  • As the effectiveness of advanced threats becomes more obvious, activist groups, corporations, and even governments will find themselves tempted to use similar approaches to achieve their goals.
  • Dear colleagues,

Let me share a few recent statistics with you.
  • Web attacks in 2012 were up 30% on web attacks in 2011, and malware targeting mobile phones grew by 58%.
  • Annual losses of over 110 billion dollars are being caused by cybercrime, with over 550 million adults worldwide experiencing some form of cybercrime last year.
  • In financial terms, this is the equivalent of the entire GDP of a country like Morocco, Slovakia or Bangladesh. In human terms, this is significantly greater than the entire population of Europe.
  • Three quarters of Generation Y respondents do not trust websites to protect personal information – such as credit card and personal contact details. Yet their lack of trust, paradoxically, does not stop them sharing this information online.
  • Almost half of teenagers aged 13 to 17 report that they have experienced some sort of cyberbullying in the past year; and three quarters of young people involved in aggressive sexual solicitations in the real world met their aggressors online.

These statistics are alarming, and no one is immune. Governments, corporations, global media channels, social media sites and even UN agencies – including my agency, ITU – are being targeted.

Ladies and gentlemen,

We need to address these issues, because in today’s world everything depends on ICTs – and particularly on the networks which underpin them.

This includes emergency services; water supplies and power networks; food distribution chains; aircraft and shipping; navigation systems; industrial processes and supply chains; healthcare; public transportation; government services; and even our children’s education.

The Internet has become the important global public resource it is today thanks to a tremendous spirit of openness, innovation, pragmatism, freedom of expression and multi-stakeholderism

And it is clearly essential to protect the right of the freedom of expression; the right to communicate; and the right to privacy.

But we must recognize that none of these freedoms can exist without security – especially in the online world.

If you – your personal information, your banking details and even your identity – are not secure, then how can you use ICTs with trust and confidence?

Major recent events, and the global debates they have sparked, demonstrate the challenges that are faced in finding the right balance between security and privacy.

Clearly, we need to reduce the risks posed by the illicit use of ICTs as much as possible – with a forward-looking vision and, most importantly, in a multilateral but also multi-stakeholder fashion.

ITU has been playing its role in bringing stakeholders from across the globe together, but it is evident that no single entity can achieve this vision alone.

This means working together with other intergovernmental bodies and ensuring the active participation of all stakeholders, including local and regional bodies; the private sector; and civil society organizations.

Good progress is being made:
  • With big countries like China, Russia and the USA realizing the importance of dialogue;
  • With the EU establishing a framework on cybersecurity endorsed by all EU Member States;
  • With the new International Telecommunication Regulations, the ITRs, having a specific provision that provides an international framework on security;
  • And with initiatives such as ITU-IMPACT and Child Online Protection.
ITU-IMPACT is the world’s first comprehensive alliance against cyber threats which brings together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats. It has now been formally endorsed by – and is offering services to – 145 countries.

Child Online Protection, for its part, is an international collaborative network for action, with a growing number of partners, to promote the online protection of children worldwide. COP provides guidance on safe online behaviour in conjunction with other UN agencies and partners, and has already reached a very wide audience.

Dear colleagues,

To conclude, let me say that I believe that in the fullness of time a global framework on securing cyberspace is possible – with the full participation of governments, the private sector and civil society.

But we will need to continue working hard to improve coordination and collaboration – and of course trust – between all the different stakeholders.

Thank you for your attention.