Excellencies, Ladies and Gentlemen,
Greetings to: the Minister of Transport and Communications, the
Executive Director of ENISA and the Director of RTT, Lithuania.
Let me start by thanking the Communications Regulatory Agency of
Lithuania, the Ministry of Transport and Communications of
Lithuania, the Ministry of the Interior and the European Network
and Information Security Agency (ENISA) for their kind
invitation for me to address this conference.
As the oldest inter-governmental organization in the world with
a long history of developing global standards for
telecommunications and ICT networks and services, information
security, Cybersecurity and network security are themes that
have always been high on ITU’s agenda and where ITU has been
very active for many decades.
Cybersecurity is also one of my three top priorities and one of
the seven priority strategic goals for ITU.
In this regard, I am delighted to be here in Vilnius to share
with you my views on this theme and also to make a few remarks
about the importance of Cybersecurity, information security and
network security to the global information society.
The ability to use ICTs safely and securely is the basis for all
electronic exchanges of data and online transactions over
ICTs today are crucial in meeting developmental targets such as
the MDGs and an indispensable tool for social and economic
development of mankind.
And yet the safe and secure use of ICTs is in jeopardy,
threatening to undermine users’ confidence in ICTs, as well as
the future growth potential of the Internet.
According to the latest industry reports, the misuse of ICTs for
criminal purposes is growing. Today, Cybercrime is
estimated to generate more revenues than drug trafficking. Spam
is not just a nuisance but a channel for the delivery of very
harmful content and applications.
Online child pornography is proliferating across national and
international boarders. As the perpetrators of these criminal
acts are identified and their operations shot down in one
country they move to another country where they can find safe
havens, free from any type of prosecution and continue their
activities with the same devastating effects on innocent
children and society.
Cyber attacks are becoming more sophisticated, evolving from
direct attacks on infrastructure to more advanced forms of
fraud, theft of data and invasion of privacy.
Cyber-criminals are taking advantage of the technological
advances and changing their tactics from central command and
control models to peer-to-peer models making it very difficult
to pin-point the origins of attacks.
The Internet began as a closed network with a limited number of
trusted users, meaning that authentication was not an issue.
The original design philosophy of the Internet is now several
“generations” behind the latest technological challenges
(consider, for example, the issue with inherited architecture
posed by the ‘millennium bug’).
Security was never part of the initial design of the protocols.
The technologies that drive the Internet and the innovations of
the initial protocol enable new types of applications but they
also provide new tools for cyber-criminals, increasing the range
and scope of cyber-attacks and other forms of misuse of ICTs.
The challenge now is how to replace or modify the inherited
architecture of the Internet to build a safe and secure modern
information and communication infrastructure.
The lack of user authentication on the Internet means that it is
easy to be anonymous and to falsify identity information in
order to act without fear of reprisal.
We need to find the right balance between the need to guard
against the invasion of online privacy and the requirements for
establishing the identities of parties to critical transactions.
Modern lifestyles are increasingly dependent on ICTs at work and
at home, in the storage, processing and transmission of data for
everything from bank accounts and financial assets to health
In many countries, the Internet has become such a vital part of
society that it is often difficult to remember how people
functioned without it.
Loss of connectivity, data or information or the inability to
communicate, can have profound economic and societal
consequences. Few organizations have the capabilities to
prevent, respond to, and recover from incidents.
Excellencies, Ladies and Gentlemen,
The same global information society that inter-connects all
countries and territories also globally inter-connects
cyber-criminals. As I mentioned in an International Herald
Tribune article in May 2007, everything is connected,
Cyber-criminals are increasingly exploiting vulnerabilities and
loopholes in national and regional legislation. There is clear
evidence that some are shifting their operations to countries
where appropriate and enforceable laws are not yet in place.
There is clear evidence that they are now using these locations
as a base from which to launch attacks, even on countries that
have criminalized the misuse of ICTs.
Almost all national legislation is designed to be enforceable in
well-defined jurisdictions, whether these are national,
sub-regional or regional.
There are very good initiatives that are attempting to find
solutions to the legal challenges we collectively face today.
However, such attempts cannot provide a comprehensive solution
to the global nature of the legal challenges faced today.
Some laws in place today may even shift the problem of
enforcement from one country to another, because in today’s
borderless information society, cyber-criminals can act across
multiple territories and jurisdictions.
The challenges posed by the globally-connected nature of the
information society can only be effectively addressed on a
global scale through cooperation with all relevant stakeholders
in a holistic manner.
A global legal framework is therefore needed to provide a sound
foundation for global cooperation from which to combat the
misuse of ICTs and to ensure effective enforcement.
In many countries, the absence of national institutional
structures to respond to incidents is a significant problem in
responding to cyber-attacks. Some countries and regions have put
in place structures for watch, warning and incident response and
have established mechanisms to coordinate responses and minimize
the impact of cyber-attacks on users.
These efforts and initiatives have worked in coordinating
regional efforts but Cyber-attacks are not limited to any
specific country or region, as viruses, worms, and other
malicious software can spread rapidly via email to users located
in any part of the globe.
Swift and close coordination bringing together the valuable
national and regional initiatives as part of a global effort is
vital to provide for a rapid response to limit the harmful
effects of cyber-attacks.
Experience to date with globally interconnected information
networks has made it painfully clear that the challenges to
Cybersecurity cannot be effectively addressed by individual
nations alone or even groups of industrialized countries.
Cyber-criminals are not bound to geographical locations and
countries cannot close their borders to incoming cyber-threats.
This means that time and geography are no longer barriers to
where and when cyber-attacks are launched or where potential
victims are located. Attempts to try and resolve these
challenges at the national or regional levels are necessary but
have so far proved insufficient.
We must look beyond existing regional and political structures,
and work towards linking together existing initiatives and
frameworks in a coordinated, global and holistic manner.
At the global level, greater coordination and more linkages are
needed between all stakeholders. Given the urgency of tackling
the challenges to Cybersecurity, there is a need for simple,
pragmatic steps towards international cooperation, with
increased capacity-building to promote Cybersecurity based on
national experiences and country-specific needs.
An inclusive dialogue is needed, involving all stakeholders that
have a role and expertise in Cybersecurity-related issues.
The outcome documents from the two phases of the World Summit on
the Information Society (WSIS) emphasize that building
confidence and security in the use of ICTs is a vital pillar for
building a global information society.
World leaders during the Geneva and Tunis phases of WSIS
recognized the need for the global coordination of actions aimed
at building security and confidence in the information society.
WSIS entrusted ITU to work with all relevant stakeholders to
facilitate the coordination of global efforts to address the
global challenges we face today.
The strategy used in the organization of WSIS by bringing
together governments, industry, international organizations and
civil society is central to ITU efforts in coordinating a global
response to the challenges we face today.
ITU cannot do this alone. No single region, no single
country, no single initiative is capable of addressing these
We can only succeed by cooperating globally. We can only succeed
by leveraging existing initiatives, launching new ones and
expanding our collective efforts to address the needs and
concerns of all nations and peoples.
In response to WSIS decisions and calls from ITU membership, I
lunched the Global Cybersecurity Agenda or GCA on the 16 May
2007, a day that marked the 142 anniversary of ITU.
GCA is a global framework for international cooperation in
Cybersecurity, to meet the need for a coordinated response to
new and emerging cyber threats.
It is not aimed at replacing existing initiatives but brings
together all relevant stakeholders and takes account of existing
initiatives with the objective of providing a global roadmap to
the current and emerging threats.
I have heard on several occasions that there is no need to
re-invent the wheel and that we already have solutions and
initiatives that address the current challenges.
Let me say a few words about the wheel.
History tells us that more than 5000 years ago, in ancient
Mesopotamia, for the first time, the porter’s wheel was used.
About 1200 years later, the Egyptians used the wheel for their
Today, we cannot count the number of applications that use this
old invention. Today, it is difficult to measure how far we have
gone from the wheels that were used in ancient Egypt for their
chariots to the magnesium alloys we have today in high
performance automobiles. Mankind has always improved on
inventions and sometimes even re-inventing them to meet new
The technological evolution, increased level of sophistication
and global nature of the threats we face today do not permit us
to be complacent.
We need to improve on what exists in order to meet our current
and future challenges. This can only be achieved by working with
those at the origins of these existing initiatives.
To take account of the need for bringing together existing
initiatives and using recognized sources of expertise, I have
setup a High Level Experts Group for the Global Cybersecurity
Agenda. The HLEG is comprises of a multi-stakeholders group of
experts from leading organizations and countries including but
not limited to ENISA, Council of Europe, Interpol, United
Nations Office of Drugs and Crime, Microsoft, Intel, Verisign,
CISCO, UNITAR, CTO, Common Wealth, experts from the governments
of USA, Germany, Japan, India, Italy, Malaysia, Indonesia,
Argentina, South Africa, Cameroon, Estonia, Brazil, Switzerland,
On 5 October 2007, the HLEG met for the first time in Geneva
under the Chairmanship of Judge Stein Schjølberg of Norway and
agreed on a concrete timetable and deliverables for global
strategies and solutions to meet our global challenges.
Because the challenges related to the constantly evolving
threats to the information society are not limited to legal
framework, the GCA is built on five main pillars which
correspond to work areas that are considered vital for a
holistic, global and coordinated approach for building
confidence and security in the use of ICTs. The five work
- Legal Measures.
- Technical and Procedural Measures
- Organizational Structures
- Capacity Building
- International Cooperation
ITU has a long history of working with various stakeholders and
in brokering global agreements. Just last week at the ITU World
Radio-Communication Conference, nearly 3000 delegates
representing 164 countries and observers met at ITU for five
weeks to agree on the future landscape for global spectrum
allocations which will revolutionize the wireless communications
for the next few decades.
Such global agreements are possible because they take account of
the needs and views of all countries and stakeholders.
This approach of consensus-building towards a common
understanding is central to ITU strategy for a global response
to combating Cybercrime and other threats to the information
Excellencies, Ladies and Gentlemen,
We have run out of time and can no longer hide behind our
national or regional borders or initiatives. We can no
longer continue to focus our energies on defending what we are
individually doing but we must bring together our strengths,
resources and expertise to put together a collective response to
the global threats we all face.
In concluding, I take this opportunity to invite all interested
stakeholders to join our collective efforts in a spirit of
cooperation and collaboration for a safer information society