A short overview of how Africa is becoming more connected and is now an
active player in the information society: there are now more than a quarter of a
billion mobile subscribers in Africa. A mobile market that barely existed ten
years ago is now worth more than $25 billion dollars. There are now close on 50
million Internet users in Africa, creating a commercial opportunity for further
strong market growth.
African operators are pioneering new services and business strategies,
including mobile banking, micro-recharge methods and flat-rate pricing models.
Astute investors are investing in Africa’s telecom markets now, to reap the
rewards over the years to come.
Here in Africa, individuals, business enterprises and other organisations are
increasingly dependent on information and communication technologies in many
aspects of their lives.
And yet, strong market growth is matched by fresh challenges. I now want to talk
about a subject close to my heart and a top priority for the ITU – cybersecurity
and the integrity and reliability of modern communication systems.
This topic is especially relevant here in Egypt, which suffered extensive
Internet outages in January and February earlier this year. The failure of a
submarine cable between Alexandria and Palermo, Italy, caused severe problems in
connectivity and service availability in Egypt and across the Middle East and
Asia disrupting business, TV and phone services.
Modern business and society are increasingly dependent on computer systems,
often connected to the Internet. These outages demonstrated the vulnerability of
countries to failure or denial of service attacks over the Internet. Today, the
security and integrity of the Internet is fundamental to modern society.
By every measure, threats to cybersecurity are growing. For example, to take
one of the largest and fastest-growing regions of cyberspace, the number of
Chinese Internet addresses infected by botnets increased by a factor of 22 in
2007. Similarly, recent estimates of card fraud in the UK suggest that card
fraud is double previous estimates, taking failed attempts into account.
Cybercriminals are also becoming more organized. Cybercriminals are now using
stolen card details to buy high-value electronic gadgets such as sat-navs,
laptops and PDAs, which they then ship abroad and sell in a complete supply
chain to other countries, where their value is much higher. Further,
cybercriminals are using Internet gambling to launder the funds obtained
Individual governments are beginning to respond. Many governments have
established Public Key Infrastructure programmes and Computer Emergency Response
Teams (CERTs). The Ugandan Government is finalizing three new cyber laws in the
Electronics Transactions Bill, Digital Signatures Bill and the Computer Misuse
Here in Africa, in terms of collaborative efforts, AfriPKI has been
established by ANCE Tunisia as a collaborative effort of CEA, OIF and ANCE.
Rencontres Africaines du Logiciel Libre (RALL) held a pan-African Regional
Technical Workshop on security . CAPTEF (Conférence des Administrations des
Postes et des Télécommunications d’Expression Française) has held meetings on
securing information systems, fighting spam and managing Internet domain names .
ITU itself held a workshop in Africa on cybersecurity in Abidjan, Cote d’Ivoire,
in February 2008.
Global Cybersecurity Agenda (GCA)
However, it is vital that efforts to fight cybercrime are as well-organized as
the criminals. World leaders during the World Summit on the Information Society
(WSIS) recognized the significant threats posed by cybercrime and other misuses
of ICTs and entrusted ITU as sole facilitator for WSIS Action Line C5 to
coordinate the worldwide response to these global challenges. This is why, one
year ago, on 17 May 2007, ITU launched the Global Cybersecurity Agenda (GCA) as
a leading initiative to organise a collaborative response to the issues
threatening cybersecurity. An expert panel of over one hundred leading experts
has been appointed to advise me on proposals for long-term strategies to promote
cybersecurity. ITU represents a unique forum in which experts from a range of
different backgrounds can meet to debate the issues and formulate solutions in a
neutral environment free from bias.
The ITU's Global Cybersecurity Agenda brings together expertise from all key
stakeholder groups (governments, industry, regional and international
organizations, academic and research institutes).
Uniting experts from all these different backgrounds ensures that the GCA
builds synergies with existing initiatives and avoids duplication. It also
ensures the commitment and dedication of the involved experts to the
implementation of solutions. For example, the work of the Council of Europe's
Convention on Cybercrime is taken into account in the legal area; Intel and
Microsoft are active in the technical work area; and ITU's work in
standardization, Radio-communications and Development is also taken into
account. The involvement of each stakeholder Group within its own mandate helps
ensure the implementation of the global strategies proposed.
Thus, the GCA, through its work in the five Work Areas, links existing
initiatives and provides an overarching framework for the consensus vital for
combating cybercrime and addressing other misuses of the ICTs.
One year on, I am pleased to confirm that this initiative has generated a lot
of interest and enjoys the active participation with contributions from
world-renowned specialists in the private sector and from across academia,
international organizations and government. The High-Level Expert Group sessions
held at the ITU have been extremely well-attended and the experts are now
well-advanced in their strategic proposals to promote cybersecurity.
Work area one, legal measures, has established key legal principles to be
preserved in the development of a legal framework for the definition,
investigation and prosecution of cybercrime. It has also reviewed existing legal
frameworks in operation at the national and international levels, to build on
these essential foundations and avoid some of the pitfalls that existing
frameworks have encountered.
Work area two, technical and procedural measures, has considered current
technical and procedural issues in cybersecurity, and developed strategic
proposals to develop a common approach towards improving security and risk
management processes for software applications and systems.
Work area three, organizational structures, has reviewed existing
organizational structures and policies on cybersecurity to establish a proposal
for a global framework for watch, warning and incidence response capabilities,
building on ITU’s expertise and leading work in digital identity management.
Work area four, capacity-building, has considered initiatives that have been
taken and recommends strategies to build capacity at the national and
international levels to raise awareness, transfer know-how and boost
cybersecurity on the national policy agenda.
Work area five, international cooperation, seeks to establish a common
platform to enable countries to coordinate and cooperate to take action swiftly
and quickly in response to cybercrime threats and emergencies. The challenge is
to build on national infrastructure (such as national CERTs) to take leverage
national information and resources to build an effective international response,
whilst respecting security and confidentiality concerns.
Although these are early days and this initiative represents an ongoing
process, we look forward to the results of the High-Level Expert Group’s
collaboration towards the end of this year. It is my sincere hope that the
involvement and collaboration of leading stakeholders in the GCA process will
commit them personally to the principles and strategies to be endorsed within
the Global Cybersecurity Agenda.
Cyber-criminals are well-organized and connected. We can only win the battle
against cybercrime and other misuses of ICTs if our efforts and initiatives are
likewise well-connected. The Global Cybersecurity Agenda provides that framework
and I invite you all to join us in our efforts to make the information society
safer for all.
In conclusion, let me wish you a productive and successful Round Table. I hope
you will enjoy this opportunity to discuss the growing challenges to the
security and integrity of our communication networks and the key policy
responses needed. I hope you will take this opportunity to pick the brains of
the Executives and experts assembled here today and to explore their views on
potential solutions. For in doing so, you will be joining the ITU in its mission
to help connect the world and fulfil everyone’s fundamental right to