ITU News

Tells you what's happening in Telecommunications around the world

Español  |  download pdf
                     

Cybersecurity
Making the online world safer
 
image
Photo credit: AFP/Image Source

Cyberattacks are happening now, and even big tech-savvy companies are not safe — hackers have already invaded Google, Sony, Lockheed Martin, PBS, Epsilon and, most recently, Citibank. Hackers posted false information on the PBS website, and stole the names, account numbers and e-mail addresses of around 200 000 Citibank customers — the bank confirmed this breach in early June 2011.

Growth in cyberthreats

We use information and communication technologies (ICT) in every aspect of our lives. ICT have expanded into shopping, banking, water and electricity supply, social networking, health care, education, traffic management and commerce. This leaves us increasingly vulnerable to cybercrime.

The growing reliance on ICT means that even short interruptions in service can result in great financial damage. Also, the ubiquity of Internet access increases the number of targets for cybercrime, and makes it easier for offenders to escape identification. The sheer volume of information, users and devices adds to the difficulty of tracking and locating cybercriminals.

Fraud is a typical cybercriminal offence. Credit card fraud, Internet marketing and retail fraud, and electronic auction fraud are just some examples. Copyright violations have soared as a result of the ease with which files can be downloaded and shared. Illegal activities have particularly affected the music and film industries. An estimated 95 per cent of all music downloads worldwide are illegal, and revenues from global music sales declined about 30 per cent between 2004 and 2009, representing billions of dollars in lost sales, according to ITU’s report Trends in Telecommunication Reform 2010–2011: Enabling Tomorrow’s Digital World.

Globalization of cybercrime

Cybercrime often extends across national boundaries, such as when viruses are transmitted through a number of countries during the transfer from sender to recipient. As noted in Trends in Telecommunication Reform 2010–2011, “cybercrimes have become highly globalized because they can be committed against Internet users anywhere in the world. A cybercriminal can send law enforcement agencies on a virtual chase around the world by using any number of techniques” that mask identity and make tracing communications difficult. One example of this technique is the use of anonymous communication servers that encrypt transmissions.

The ITU report further says that cybercriminals often enjoy impunity because they work from countries with weak or non-existent cybercrime legal frameworks. But even in countries with strong cybercrime legislation, the speed at which electronic theft and fraud occur, for example, make it difficult for law enforcement agents to catch cybercriminals. Legal difficulties often arise because of a lack of international cooperation. Even for countries with mutual legal assistance agreements, the processes for sharing information are often formal and time-consuming.

Trends in Telecommunication Reform 2010–2011 underlines that: “Cybercrime will continue to offer high rewards and low risks to criminals until there are effective international frameworks and national legislation capable of investigating, prosecuting and punishing cybercrimes.”

The report calls on policy-makers to seek to protect legitimate activities against four broad categories of cybercrimes: offences against data privacy and the integrity of computer systems, such as illegal access and data interference; computer-related offenses, such as cyber theft and fraud; digital piracy and copyright violations; and content-related offenses, which may include illicit content, online gambling, libel and cyberbullying.

Global responses — new and old ITU partnerships

ITU and the United Nations Office on Drugs and Crime

     image
Photo credit: Shutterstock

France’s response to digital piracy

To combat the problem of digital piracy, countries are increasingly imposing heavy penalties on people who download copyrighted material illegally. Internet service providers are being required to assist in identifying illegal downloaders and in enforcing antipiracy laws.

One measure that has gained worldwide attention is France’s anti-piracy law, Création et Internet, which came into effect in January 2010. Known as the antipiracy “three strikes” law, it requires Internet service providers to send suspected digital pirates two warnings about their illegal downloading activities. After the third suspected offence, the downloader is required to appear before a judge who can impose a fine of up to EUR 300 000, send the person to jail or suspend Internet access for up to a year. Infringers are also put on a “three-strike” blacklist to prevent them from acquiring Internet service through another provider. Proponents of the law claim that it will stop or curb illegal downloading of music, movies and other copyrighted materials, and that it will promote artistic expression by protecting the creator’s copyright in the work.

Opponents claim that the law will not lead to a decrease in illegal file-sharing because there are numerous ways to circumvent the limitations it imposes, for example by streaming rather than downloading video. They believe that, instead of deterring copyright violations, the law puts innocent users at risk of being penalized if hackers use their IP addresses to download materials illegally.

Other European countries have also passed antipiracy measures, including Sweden and the United Kingdom.

A Memorandum of Understanding between ITU and the United Nations Office on Drugs and Crime (UNODC) signed at the WSIS Forum 2011 event in Geneva in May will see the two organizations collaborate in assisting ITU and UN Member States mitigate the risks posed by cybercrime.

The two bodies will work together to make available the necessary expertise and resources to establish legal measures and legislative frameworks at national level, for the benefit of all interested countries. This is the first time that two organizations within the UN system have formally agreed to cooperate at the global level on cybersecurity.

“This new alliance with UNODC is a major milestone in implementing a coordinated global approach to an increasingly serious global problem. Together, our two agencies will generate powerful synergies that will help all interested countries fight the scourge of cyberthreats and cybercrime, and create a safer online environment for all,” said ITU Secretary-General Dr Hamadoun I. Touré.

ITU and Symantec

In line with its long tradition of public-private partnership, ITU has also signed a Memorandum of Understanding with Symantec, a leading provider of security, storage and systems management solutions. ITU will use Symantec’s security intelligence, in the form of its quarterly Internet Security Threat Reports, to increase understanding of, and readiness for, cybersecurity risks.

By distributing this report — which captures data from across Symantec’s global intelligence network — to interested Member States, ITU aims to help better prepare governments to respond to the ever-growing risk from malware, cyberattackers and information thieves. Raising awareness and transferring knowledge in this way will complement the work of ITU and strengthen its effectiveness as a global forum in which governments and the private sector can build confidence and security in the use of ICT.

Commenting on the partnership, Enrique Salem, President and Chief Executive Officer of Symantec, said: “Over the past year and a half, the researchers that make up Symantec’s global intelligence network have noted a dramatic increase in the number of cyberattacks, as well as the growing sophistication and impact of threats. The partnership between ITU and Symantec will facilitate an increased understanding of cybersecurity risks and how they can be reduced, increasing confidence in new and emerging technologies, and facilitating the evolution of the digital world.”

ITU and IMPACT

Further reinforcing ITU’s efforts in this area, ITU’s work and relations with the International Multilateral Partnership Against Cyber Threats (IMPACT) continue to gain momentum, with over 130 ITU Member States now part of the ITU-IMPACT coalition.

ITU-IMPACT is the first cooperative global venture to make available cybersecurity expertise and resources to enable interested Member States to detect, analyse and respond effectively to cyberthreats. Of particular benefit to countries that do not have the capacity or resources to develop their own sophisticated cyber response centres, the coalition also helps technically advanced nations by providing them with a global snapshot of potential and real online threats.

ITU-IMPACT members enjoy:

  • Access to the IMPACT Global Response Centre, the foremost cyberthreat resource centre in the world for global threat information, at no cost.

  • Access to the Electronically Secure Collaboration Application Platform for Experts (ESCAPE), allowing experts across different countries to share their knowledge and best practices with regard to cybersecurity, as well as facilitate the mitigation of cyberattacks, at no cost.

  • On-site assessments and elaboration of implementation strategies for the establishment of computer incidents response teams. To date 24 countries have been assessed, and work is in progress to move to the implementation phase.

  • Specialized cybersecurity capacity building programmes to arm Member States and international agencies with relevant knowledge to face and prevent cyberthreats. To date, more than 200 cybersecurity professionals and 50 law enforcement offi cers have received specialist training. In addition, 155 training scholarships to 29 partner countries globally have been provided.

ITU-IMPACT also offers managed security services to the United Nations family.

 

  Previous Printable version Top email to a friend Next © Copyright ITU News 2014
Disclaimer - Privacy policy