"Cyberspace has no borders, no constraining frontiers. The global nature of today's threats means no country can regard itself as an island."
- Dr. Hamadoun Touré, ITU
From its origins as a dedicated defense research network, the Internet has transformed modern lifestyles with its promise of open, real-time communications and limitless information. We have come to rely on the smooth and secure operation of networks in our online activities at work, at home and as consumers. And yet, at the same time, the rapid growth of ICT networks has also opened up new opportunities for criminals to exploit online vulnerabilities and attack countries' critical infrastructure. Confidence and security in using ICTs are vital for building an inclusive, secure and global Information Society. But increasingly sophisticated, well-organized cybercriminals are seriously undermining the future growth and potential of the online environment.
ITU and cybersecurity
In the areas of radiocommunication and standardization, ITU has carried out significant work in security architecture, encryption and authentication and information security management systems. Safeguarding quality of service against degradation or denial of service is vital for the secure operation of networks in data transmission and service provision and many of ITU's Radio Recommendations on generic requirements and the protection of radiocommunications against interference are relevant to security. ITU has issued recommendations on security principles for IMT-2000, with references to standards maintained by National and Regional Standards Development Organizations. ITU has also published a substantial number of security-related recommendations, as well as an ICT Security Standards Roadmap, a database for approved ICT security standards and a Security Manual: Security in Telecommunications and Information Technology.
"Everything in today's world is
interconnected, and protecting each component of the ecosystem is equally
important. If we have strong security in the network, but end user devices are
less secure, it is like enabling a powerful home security system, and leaving
all the doors open."
- Justin Rattner, Intel's Chief
Work with developing countries
ICTs are the engine driving many other economic sectors. In developing countries, the ICT sector has enabled a faster development rate than was previously permitted by pure industrialization. However, developing countries are deeply concerned about minimizing the risks that participation in the global Information Society can entail, with cybercrime topping the list of serious concerns. In its development work, ITU has long been engaged in building capacity to promote cybersecurity by providing technical assistance, implementing projects using advanced cybersecurity technologies, organizing capacity-building cybersecurity forums, and even releasing a national self-assessment toolkit to help governments evaluate their readiness with regard to national capacity in cybersecurity. Other ITU initiatives include a global anti-spam legislative survey, publications on cybersecurity and cybercrime, research on the financial impact of network security, and a variety of toolkits on botnet mitigation, cybercrime legislation, Computer Incidents Response Teams (CIRTs), and the promotion of a cybersecurity culture.
Global Cybersecurity Agenda (GCA)
its logo, the GCA is designed around five major pillars:
Technical and Procedural Measures
Despite ITU's active involvement in cybersecurity, much more can be achieved. Given ITU's long and successful history of forging consensus on how the world should manage global resources relating to ICTs such as satellite orbits and radiofrequency spectrum at the Tunis Phase of the World Summit on the Information Society (WSIS) in 2005, ITU was entrusted with the responsibility to lead international efforts to build confidence and security in the use of ICTs.
In response, ITU launched the Global Cybersecurity Agenda (GCA) in March 2007. A High-Level Experts Group (HLEG) was established to provide expert advice and guidance to the ITU Secretary-General on strategies to promote cybersecurity. This expert panel attracted top specialists from the likes of AT&T, Intel, Microsoft, Interpol, Verisign, as well as high-level government, academic and industry representatives from across the world, who contributed their insights and thought leadership on how best to tackle the growing challenges to the security of the online world.
What makes the GCA unique?
The GCA seeks to link existing initiatives and provide an overarching framework for consensus. This allows each stakeholder Group to focus on its own mandate, while ensuring cooperation with other stakeholders. The GCA already has Interpol the global organization for international law enforcement, with 186 member states sharing ideas with UNODC, the United Nations Office on Drugs and Crime. Both these organizations are putting heads together with the likes of APECTEL (Asia Pacific Economic Telecommunications and Information Working Group) and UNITAR (United Nations Institute for Training and Research). By working together, our chances of success in promoting cybersecurity and beating cybercrime on an international level are increased significantly. By involving global experts in the process from the beginning, we help to ensure that the solutions decided upon get implemented properly. Everyone recognizes that working together is the only way forward. A piecemeal approach to cybercrime is like the proverbial chain it is only as strong as its weakest link.
From idea to practice
Since its launch, the GCA has set in motion projects like the Child Online Protection (COP) initiative, which aims to provide children everywhere with a safe and secure online experience. GCA has also partnered with the International Multilateral Partnership against Cyber-Threats (IMPACT), the first global public-private initiative against cyber threats. This initiative has been conceived as a framework for international cooperation aimed at bringing key stakeholders and partners from governments, private sector companies and academia together to provide ITU Member States with the expertise, facilities and resources to effectively address cyber-threats The five work areas of the GCA are being addressed by IMPACT’s key tracks: the Global Response Centre, the Centre for Policy and International Cooperation, the Centre for Training and Skills Development and the Centre for Security Assurance and Research.
Working with leading partners, the GRC provides the global community with a real-time aggregated early warning system and access to specialized tools for authorized cyber-experts in order to respond immediately to cyber-threats, especially during crisis situations.
Following its launch, 38 Member States have formally joined the GRC: Afghanistan, Andorra, Brazil, Bulgaria, Burkina Faso, Cape Verde, Costa Rica, Côte d\'Ivoire, Dem. Rep. of the Congo, Egypt, Gabon, Ghana, Kenya, India, Indonesia, Iraq, Israel, Italy, Lao P.D.R., Malaysia, Mauritius, Montenegro, Morocco, Nepal, Nigeria, Philippines, Poland, Serbia, Seychelles, Saudi Arabia, Switzerland, Syrian Arab Republic, Sudan, Tanzania, Tunisia, Uganda, United Arab Emirates and Zambia.
As a response to the need of establishing appropriate and dedicated organizational structures at a global level, and in order to identify, respond to and manage cyber-threats, ITU and IMPACT have defined a strategy for helping the Member States to establish their own National Computer Incident Response Team (CIRT), through a CIRT Lite solution, fully compliant and integrated with the GRC. Several Member States are asking for assistance from ITU in building their incident management capabilities, including Afghanistan, Burundi, Burkina Faso, Cote D’Ivoire, Ghana, Kenya, Nigeria, Rwanda, Tanzania, Uganda and Zambia. The first phase of the CIRT Lite solution is being deployed by ITU and IMPACT by the end of 2009.
With official patronage from Nobel Peace Prize Laureate Dr Óscar Arias Sánchez and President of Burkina Faso, Blaise Compaoré, the GCA will continue to promote the vision and underline the importance of a safe and secure online world for everyone.