عربي  |  中文  |  Español  |  Français  |  Русский
 
 Advanced Search Advanced Search Site map Contact us Print Version
  Home: Office of the Secretary General

 
   
Second WSIS Action Line C.5 Facilitation Meeting
Geneva, Switzerland
14 May 2007

Opening Remarks by ITU Secretary General Dr Hamadoun I. Touré

 

Excellencies,

Distinguished Delegates,

Ladies and Gentlemen,

Dear Colleagues,
 
Let me take this opportunity to welcome you to the ITU and for those who have come from far away, welcome to Geneva.
 
Since the first phase of the World Summit on the Information Society in Geneva, the representatives of the peoples of the world have agreed to a common vision on the information society and the potentials of information and communication technologies in promoting the development goals of the MDGs. 
 
In the second phase of the World Summit in Tunis, the representatives of the peoples of the world agreed on an Agenda for meeting commonly agreed goals.
 
Last year in May during the first WSIS Action Line C.5 facilitation meeting held at ITU HQ in Geneva, in addition to spam, work programmes in the following three focus areas were initiated:

  1.  National Strategies
  2. Legal Frameworks
  3. Watch, warning and incident response


We now need to analyze the changes that have occurred since then, evaluate the progress achieved and agree on ways forward.
 
While significant progress has been made in the use of ICTs as a vehicle for social and economic development, in order to meet our goals and reap the full benefits of the information society, we must address the current and emerging threats to the information society.
 
Increase in number, scope and the degree of sophistication of attacks

Much has changed since 1986 when the first known case of a computer virus aimed at advertising a Computer Store in Lahore Pakistan was reported.  
 
Just a few years ago the development and dissemination of malware (viruses, worms, and Trojans) was more to demonstrate the technical skills of information technology (IT) professionals.
 
Today, it is a new form of organized cyber-crime aimed at financial gains with an expansion of the threats to various platforms and many countries.
 
Spam today is a vehicle for the delivery of more dangerous payloads such as the dissemination of viruses, worms, Trojans used for online financial fraud, identity theft and many other forms of cyber-threats. 
 
These threats are spreading to critical infrastructures and are affecting the integrity of systems linked to services in health, commerce, public administration and other sectors.
 
The attacks are becoming more sophisticated as hackers begin to shift from the central command and control model for controlling botnets to a peer-to-peer model with a distributed command structure which could spread over computers located in several countries.
 
This change in strategy makes it very difficult to pin-point the origins of these attacks and consequently makes it difficult to identify them and shut them down. 
 
As more users rely on their mobile for voice and data communications and as mobile phones increasingly use Internet Protocol one can easily see how cyber-criminals can re-cycle existing tools and techniques to expand their activities to other platforms.
 
This expansion will not be limited to smart mobiles, wireless networks and smart satellite receivers but could expand to household appliances connected to the Internet and therefore globally reachable.
 
This clearly is a problem which has a global scope.


 
Lower entry barrier and ease of acquiring Cybercrime toolkits

It is today relatively easy to acquire toolkits for phishing and malware from underground sites or purchase them legally from Websites that can be reached globally.
 
This significantly lowers the financial and intellectual entry barriers for cyber-criminals and facilitates the exchange through the Internet of such tools, the expertise required to use them and strategies for avoiding their detection.
 
As information technology becomes more and more parts of our lives there is a high chance that cyber-threats will spread to new levels and affect us in ways not known today.
 
With more than 1 billion people connected to the Internet from all countries and the global nature of the information society, geography and time can no longer be considered effective barriers to attacks. 


 
Legal: Loopholes in current legal frameworks


Cyber criminals are already exploiting vulnerabilities and loopholes in national and regional legislation.  
 
They shift their operations to countries where appropriate and enforceable laws are not yet in place and use these new locations to launch attacks even to victims located in countries which have laws in place. 
 
Some countries have adopted or are working on legislation to combat Cybercrime and other misuses of information technology.  
 
Most of these laws are elaborated to be enforceable in well-defined jurisdictions which are national, sub-regional or regional.
 
These attempts do not provide a comprehensive solution to the global nature of the legal challenges faced today.
 
They will result in shifting the problem from one country to the next because cyber-criminals cannot be bound to any territory or jurisdiction. Cyber criminals do not have to be in the same location as their victims.


 
Technical Measures: Vulnerabilities of software applications


Many of the threats we face today such as malware (viruses, worms, Trojans) are due to a wide range of issues including security vulnerabilities in network, host and application software.
 
Hackers exploit these vulnerabilities to gain unauthorized access to critical resources and use these hijacked systems to launch other attacks.
 
There are several initiatives led by industry and governments to address vulnerabilities in security software through standards, accreditation schemes and certification.
 
However, there is a lot that needs to be done for standard applications on which many users, businesses, companies and government rely for the delivery of services.
Some of these applications provide services in sectors such as health, finance, commerce and public administration. 
 
For many countries that rely on ICTs for delivery of services in critical sectors such a health, the consequences of modifying a patient’s medical data could have effects that go far beyond financial losses.
 

Organizational: Absence of appropriate organizational structures


The absence of structures in many countries to respond to incidents is a real problem when dealing with combating Cybercrime and responding to cyber-attacks.
 
Some countries and regions have set up structures for watch, warning and incident response and have put in place mechanisms for coordinating their actions and reduce the effects of cyber-attacks to users.
 
However, many cyber-attacks are not limited to defined territories and regions as viruses and worms can spread through emails to users located in any part of the globe.
 
The need to ensure proper coordination between organizational structures at the national, regional and global level is vital for a coordinated and rapid response to reduce the effects of cyber-attacks. 
 
There are initiatives aimed at bringing together some of these organizational structures at the national and regional levels in order to facilitate communication and coordinate actions.
 
These efforts need to be expanded globally because the problems are not limited to a region or sub-region.
 
It is necessary to enhance cooperation between these national and regional structures in order to provide global solutions to these global issues.


 
Capacity Building


In Cybersecurity, people are the weakest link.


People are the users, they develop the systems, elaborate the policies and they put in place the strategies and procedures.
 
Capacity building and an adequate level of awareness is therefore one of the principal challenges we face today.
 
Like using any modern infrastructure, children surfing in a cybercafé need basic awareness on how to safely use this new and very powerful communication tool.  
 
They need to be aware of dangers related to revealing personal information such as their name, telephone number and address to cyber-hawks who pretend to be children and lure them to physical meetings.
 
In this era of global connectivity, we need to ensure that the minimum basic information on how to safely reap the full benefits of the information society is available to all.


 
It is a global problem and it needs a global solution


It is difficult today for countries to shut down their borders to incoming cyber threats. 
 
We can not restrict cyber-criminals to geographical locations. 


Cyber-criminals do not have to be in the same location as their victims.


Laws, technological measures and other strategies that are national or regional are very important but they do not address global nature of the challenges we face today.


 
Understanding what Cybersecurity means to all


We need to work together in a collective manner to identify those actions and strategies necessary to address the global challenges we face today.
 
Building confidence and security in the use of ICTs which is why we are here today, means different things to different countries and regions.
 
In order to arrive at global solutions to the challenges we face, we must take account of the views and priorities of all countries and stakeholders.
 
We must arrive at a common understanding on how we can address the needs of least developed, developing, transition economies and developed countries.


 
ITU as a forum for international cooperation in cybersecurity


With its 191 Member States and more than 700 Sector members and Associates ITU is well placed to provide the forum for international cooperation in Cybersecurity. 
 
Its Membership includes the least developed, developing, emerging economies and the industrialized countries.
 
Its lead role as Facilitator for WSIS Action Line C.5, its mandate in the standardization and development domains of Cybersecurity and having Cybersecurity as one of its long term strategic goal provide the right environment bringing together all interested stakeholders to work on strategies and solutions to these global challenges.
 
The strategy for a solution must take account of existing national and regional initiatives, the full engagement of all countries and the participation of all relevant players to avoid duplication.
 
On 17 May, which is the 142 anniversary of ITU, I will be launching the Global Cybersecurity Agenda.
 
The Global Cybersecurity Agenda (GCA) is a multi-stakeholder framework that will build on existing initiatives, partners and take full advantage of recognized sources of expertise.
 
Its purpose is to identify those common and global challenges and propose concrete solutions.
 
The Global Cybersecurity Agenda is aimed at making progress on commonly agreed goals in our collective the fight against Cybercrime.
 
It is aimed at leveraging the potentials of the ICTs in promoting the development goals of the MDGs through confidence and security in the use of ICTs. 
 
I invite you all to join us in our efforts so that we can put together our resources and expertise in a coordinated, global and coherent strategy to build confidence and security in the use of ICTs.
 
We should use these two days to exchange views and ideas on the focus areas for the next year with the objective of making the information society more secure and for ICTs to deliver their full potential to all peoples.
 
I wish you a successful meeting and look forward to the results achieved at the end the two days.

 

 

 

 

Top -  Feedback -  Contact Us -  Copyright © ITU 2014 All Rights Reserved
Contact for this page: External Affairs and Corporate Communication Division
Updated: 2014-09-20