عربي  |  中文  |  Español  |  Français  |  Русский
 
 Advanced Search Advanced Search Site map Contact us Print Version
  Home: Office of the Secretary General

 
   
Third European Network and Information Security Conference
 Vilnius, Lithuania
20 November 2007

Opening Remarks by ITU Secretary General Dr Hamadoun I. Touré

Excellencies, Ladies and Gentlemen,


Greetings to: the Minister of Transport and Communications, the Executive Director of ENISA and the Director of RTT, Lithuania.


Let me start by thanking the Communications Regulatory Agency of Lithuania, the Ministry of Transport and Communications of Lithuania, the Ministry of the Interior and the European Network and Information Security Agency (ENISA) for their kind invitation for me to address this conference.


As the oldest inter-governmental organization in the world with a long history of developing global standards for telecommunications and ICT networks and services, information security, Cybersecurity and network security are themes that have always been high on ITU’s agenda and where ITU has been very active for many decades.


Cybersecurity is also one of my three top priorities and one of the seven priority strategic goals for ITU.


In this regard, I am delighted to be here in Vilnius to share with you my views on this theme and also to make a few remarks about the importance of Cybersecurity, information security and network security to the global information society.  


The ability to use ICTs safely and securely is the basis for all electronic exchanges of data and online transactions over communication networks.


ICTs today are crucial in meeting developmental targets such as the MDGs and an indispensable tool for social and economic development of mankind.


And yet the safe and secure use of ICTs is in jeopardy, threatening to undermine users’ confidence in ICTs, as well as the future growth potential of the Internet.


According to the latest industry reports, the misuse of ICTs for criminal purposes is growing.  Today, Cybercrime is estimated to generate more revenues than drug trafficking. Spam is not just a nuisance but a channel for the delivery of very harmful content and applications.


Online child pornography is proliferating across national and international boarders. As the perpetrators of these criminal acts are identified and their operations shot down in one country they move to another country where they can find safe havens, free from any type of prosecution and continue their activities with the same devastating effects on innocent children and society.


Cyber attacks are becoming more sophisticated, evolving from direct attacks on infrastructure to more advanced forms of fraud, theft of data and invasion of privacy. 


Cyber-criminals are taking advantage of the technological advances and changing their tactics from central command and control models to peer-to-peer models making it very difficult to pin-point the origins of attacks.
 
The Internet began as a closed network with a limited number of trusted users, meaning that authentication was not an issue.
 
The original design philosophy of the Internet is now several “generations” behind the latest technological challenges (consider, for example, the issue with inherited architecture posed by the ‘millennium bug’).
 
Security was never part of the initial design of the protocols.
 
The technologies that drive the Internet and the innovations of the initial protocol enable new types of applications but they also provide new tools for cyber-criminals, increasing the range and scope of cyber-attacks and other forms of misuse of ICTs.
 
The challenge now is how to replace or modify the inherited architecture of the Internet to build a safe and secure modern information and communication infrastructure.
 
The lack of user authentication on the Internet means that it is easy to be anonymous and to falsify identity information in order to act without fear of reprisal.

We need to find the right balance between the need to guard against the invasion of online privacy and the requirements for establishing the identities of parties to critical transactions.
 
Modern lifestyles are increasingly dependent on ICTs at work and at home, in the storage, processing and transmission of data for everything from bank accounts and financial assets to health records.
 
In many countries, the Internet has become such a vital part of society that it is often difficult to remember how people functioned without it.
 
Loss of connectivity, data or information or the inability to communicate, can have profound economic and societal consequences. Few organizations have the capabilities to prevent, respond to, and recover from incidents.
 
Excellencies, Ladies and Gentlemen,
 
The same global information society that inter-connects all countries and territories also globally inter-connects cyber-criminals. As I mentioned in an International Herald Tribune article in May 2007, everything is connected,   including crime.
 
Cyber-criminals are increasingly exploiting vulnerabilities and loopholes in national and regional legislation. There is clear evidence that some are shifting their operations to countries where appropriate and enforceable laws are not yet in place. 


There is clear evidence that they are now using these locations as a base from which to launch attacks, even on countries that have criminalized the misuse of ICTs.
 
Almost all national legislation is designed to be enforceable in well-defined jurisdictions, whether these are national, sub-regional or regional.
 
There are very good initiatives that are attempting to find solutions to the legal challenges we collectively face today. However, such attempts cannot provide a comprehensive solution to the global nature of the legal challenges faced today.
 
Some laws in place today may even shift the problem of enforcement from one country to another, because in today’s borderless information society, cyber-criminals can act across multiple territories and jurisdictions. 
 
The challenges posed by the globally-connected nature of the information society can only be effectively addressed on a global scale through cooperation with all relevant stakeholders in a holistic manner. 
 
A global legal framework is therefore needed to provide a sound foundation for global cooperation from which to combat the misuse of ICTs and to ensure effective enforcement.
 
In many countries, the absence of national institutional structures to respond to incidents is a significant problem in responding to cyber-attacks. Some countries and regions have put in place structures for watch, warning and incident response and have established mechanisms to coordinate responses and minimize the impact of cyber-attacks on users. 
 
These efforts and initiatives have worked in coordinating regional efforts but Cyber-attacks are not limited to any specific country or region, as viruses, worms, and other malicious software can spread rapidly via email to users located in any part of the globe.


Swift and close coordination bringing together the valuable national and regional initiatives as part of a global effort is vital to provide for a rapid response to limit the harmful effects of cyber-attacks. 
 
Experience to date with globally interconnected information networks has made it painfully clear that the challenges to Cybersecurity cannot be effectively addressed by individual nations alone or even groups of industrialized countries.
 
Cyber-criminals are not bound to geographical locations and countries cannot close their borders to incoming cyber-threats. This means that time and geography are no longer barriers to where and when cyber-attacks are launched or where potential victims are located. Attempts to try and resolve these challenges at the national or regional levels are necessary but have so far proved insufficient.
 
We must look beyond existing regional and political structures, and work towards linking together existing initiatives and frameworks in a coordinated, global and holistic manner.  
 
At the global level, greater coordination and more linkages are needed between all stakeholders. Given the urgency of tackling the challenges to Cybersecurity, there is a need for simple, pragmatic steps towards international cooperation, with increased capacity-building to promote Cybersecurity based on national experiences and country-specific needs.
 
An inclusive dialogue is needed, involving all stakeholders that have a role and expertise in Cybersecurity-related issues.
 
The outcome documents from the two phases of the World Summit on the Information Society (WSIS) emphasize that building confidence and security in the use of ICTs is a vital pillar for building a global information society.
 
World leaders during the Geneva and Tunis phases of WSIS recognized the need for the global coordination of actions aimed at building security and confidence in the information society. 
 
WSIS entrusted ITU to work with all relevant stakeholders to facilitate the coordination of global efforts to address the global challenges we face today. 


The strategy used in the organization of WSIS by bringing together governments, industry, international organizations and civil society is central to ITU efforts in coordinating a global response to the challenges we face today. 
 
ITU cannot do this alone.  No single region, no single country, no single initiative is capable of addressing these challenges alone. 


We can only succeed by cooperating globally. We can only succeed by leveraging existing initiatives, launching new ones and expanding our collective efforts to address the needs and concerns of all nations and peoples.


In response to WSIS decisions and calls from ITU membership, I lunched the Global Cybersecurity Agenda or GCA on the 16 May 2007, a day that marked the 142 anniversary of ITU.


GCA is a global framework for international cooperation in Cybersecurity, to meet the need for a coordinated response to new and emerging cyber threats.  


It is not aimed at replacing existing initiatives but brings together all relevant stakeholders and takes account of existing initiatives with the objective of providing a global roadmap to the current and emerging threats.
 
I have heard on several occasions that there is no need to re-invent the wheel and that we already have solutions and initiatives that address the current challenges.
Let me say a few words about the wheel.


History tells us that more than 5000 years ago, in ancient Mesopotamia, for the first time, the porter’s wheel was used.


About 1200 years later, the Egyptians used the wheel for their chariots.


Today, we cannot count the number of applications that use this old invention. Today, it is difficult to measure how far we have gone from the wheels that were used in ancient Egypt for their chariots to the magnesium alloys we have today in high performance automobiles. Mankind has always improved on inventions and sometimes even re-inventing them to meet new challenges. 


The technological evolution, increased level of sophistication and global nature of the threats we face today do not permit us to be complacent.


We need to improve on what exists in order to meet our current and future challenges. This can only be achieved by working with those at the origins of these existing initiatives.


To take account of the need for bringing together existing initiatives and using recognized sources of expertise, I have setup a High Level Experts Group for the Global Cybersecurity Agenda. The HLEG is comprises of a multi-stakeholders group of experts from leading organizations and countries including but not limited to ENISA, Council of Europe, Interpol, United Nations Office of Drugs and Crime, Microsoft, Intel, Verisign, CISCO, UNITAR, CTO, Common Wealth, experts from the governments of USA, Germany, Japan, India, Italy, Malaysia, Indonesia, Argentina, South Africa, Cameroon, Estonia, Brazil, Switzerland, Russian Federation.


On 5 October 2007, the HLEG met for the first time in Geneva under the Chairmanship of Judge Stein Schjølberg of Norway and agreed on a concrete timetable and deliverables for global strategies and solutions to meet our global challenges.


Because the challenges related to the constantly evolving threats to the information society are not limited to legal framework, the GCA is built on five main pillars which correspond to work areas that are considered vital for a holistic, global and coordinated approach for building confidence and security in the use of ICTs.  The five work areas are:

  •  Legal Measures.
  • Technical and Procedural Measures
  • Organizational Structures
  •  Capacity Building
  •  International Cooperation


ITU has a long history of working with various stakeholders and in brokering global agreements. Just last week at the ITU World Radio-Communication Conference, nearly 3000 delegates representing 164 countries and observers met at ITU for five weeks to agree on the future landscape for global spectrum allocations which will revolutionize the wireless communications for the next few decades. 


Such global agreements are possible because they take account of the needs and views of all countries and stakeholders.  This approach of consensus-building towards a common understanding is central to ITU strategy for a global response to combating Cybercrime and other threats to the information society.
 
Excellencies, Ladies and Gentlemen,


We have run out of time and can no longer hide behind our national or regional borders or initiatives.  We can no longer continue to focus our energies on defending what we are individually doing but we must bring together our strengths, resources and expertise to put together a collective response to the global threats we all face.


In concluding, I take this opportunity to invite all interested stakeholders to join our collective efforts in a spirit of cooperation and collaboration for a safer information society for all.


Thank you.

 

 

 

 

 

Top -  Feedback -  Contact Us -  Copyright © ITU 2014 All Rights Reserved
Contact for this page: External Affairs and Corporate Communication Division
Updated: 2014-08-20