Title of Presentation: "UNODC Activities Related to Cybersecurity ".

The UNODC presentation at the second facilitation meeting for WSIS Action Line C5: “Building Confidence and Security in the use of ICTs” will make reference to the general mandate for UNODC, arising from the Bangkok Declaration on “Synergies and Responses: Strategic Alliances in Crime Prevention and Criminal Justice”, endorsed by General Assembly resolution 60/177 of 16 December 2005, “to enhance and supplement existing cooperation to prevent, investigate and prosecute high-technology and computer-related crime, including through the development of partnerships with the private sector”.

he presentation will further focus on the more specific mandate for UNODC to elaborate a study on fraud and the criminal misuse and falsification of identity, in accordance with Economic and Social Council resolution 2004/26 of 21 July 2004. In that resolution, the Council had requested the Secretary-General to convene an intergovernmental expert group for the purpose of preparation of the study. The expert group was convened on an open-ended intergovernmental basis, and met twice, in March 2005 and January 2007. Between the two sessions, a questionnaire was prepared, circulated for discussion and sent to all Member States. 46 Member States responded, providing the majority of the data used in the study. A draft report, including conclusions and recommendations, was prepared and circulated to the experts, and then revised based on comments received. The results of the study were presented to the Commission on Crime Prevention and Criminal Justice at its 16th session, held on 23-27 April 2007 in Vienna.

The part of the study on identity-related crime, which is considered to include both “identity-theft” and “identity-fraud”, provides a series of recommendations in areas such as international cooperation; jurisdictional aspects; domestic powers to investigate, prosecute and punish related offences; cooperation between criminal justice systems and the private sector; identity-related crime in the context of development, reconstruction and economic transition; prevention; and training. The UNODC officer will share those findings and recommendations with the participants looking forward to a constructive dialogue and exchange of views.

Text coming soon.

Title of Presentation: "Enhancing Cybersecurity Knowledge by an Educational Program Framework".

This presentation proposes an initiative developed by the University of Lausanne to promote cybersecurity education at regional and international levels. A global educational program framework related to cyberthreats issues is identified to meet WSIS action line C5 goals, in order to contribute to cyberthreats control and to countermeasures’ quality improvement at different levels. This comprehensive program takes into consideration the necessity to understand cybersecurity issues and to develop effective countermeasures by policy makers, regulators, IT engineers, executives and end users. The structure of this program, including examples of putting into practices is presented.

Top of page

Text coming soon.

Title of Presentation: "Integral Enabling System as the Mission of a National Strategy".

Cyber security is considered to be one of the most important factors to build a new kind of information and knowledge society, information and knowledge economy worldwide – only secure flow of data over ICT networks ensures confidence of general public in technological novelties and promotes wider adoption of ICTs into daily lives. Cyber threats have no state boards, but can make significant negative impact on national economy and personal life.

The truly international feature of cyber security was duly regarded in WSIS Tunis, final documents of which made a call for global action. This encouraged looking more closely at cyber security challenges at the national level and search for new more effective measures to combat cyber security threats. In the meeting, the Lithuanian experience in developing a cyber security strategic approach will be presented, including the reasons behind the need for a strategy, the integral system of strategic guidelines and the evolving changes.

Title of Presentation: "Text coming soon".

Text coming soon.

Title of Presentation: "Policies to Protect the Critical Information Infrastructure in Several OECD Member Countries".

This presentation will provide an overview of ongoing work by the OECD Working Party on Information Security and Privacy (WPISP) on similarities and differences in policies for protecting the critical information infrastructure (CII) across several OECD countries. With a view to identifying good practices, the OECD WPISP studies focus on the definition of the CII, risk management strategies, frameworks and policies regarding the CII, as well as challenges to information sharing and cross-border cooperation for addressing the risk to the CII. In 2006, the WPISP conducted a first study examining policies in four volunteer OECD countries. The final report from that study is available on the OECD Information Security and Privacy website. A second study is being conducted in 2007 that examines the policies of three additional OECD countries.

Rapid advances in technology and increased dependence on the Internet have made information systems and networks, including those that support national critical infrastructures, vulnerable to failure, outage, and attacks by malicious actors. To complement ongoing efforts to improve the security of information systems and networks, and better tackle the international dimension of information security risks, the OECD and APEC have partnered to examine the issues of malicious code and malicious software, commonly known as "malware". The OECD and the APEC are developing analytical report on malware focusing on how it is used to compromise information systems and networks with the goal of:

• Informing policymakers on the impacts of malware;
• Cataloguing data trends in malware growth and evolution;
• Examining the economics of malware and the business models behind malicious activity involving malware;
• Evaluating existing technical and non-technical countermeasures to combat malware and identify gaps; and,
•  Outlining recommendations to secure information systems from the threat of malware.

In addition to the analytical report, APEC and OECD held a Malware Workshop April 22 - 23, 2007 at the APEC TEL 35 meeting in Manila, Philippines. The workshop brought together representatives from the various communities addressing malware in order to inform policymakers of the issues, gain a better collective understanding of the issues, and inform the analytical report. The issues of malware demand close international cooperation and coordination among the various stakeholders in the security community.

Top of page

Text coming soon.

Title of Presentation: "Text coming soon".

Text coming soon.

Title of Presentation: "Insights into the Tunisian Experience and Strategy in the Establishment of National Watch, Warning and Incident Response Capabilities".

As a case example for developing countries, we will present the Tunisian Experience in establishing the first public CERT in Africa (CERT-Tcc), to outline the tasks that are important for CERTs in developing countries. We will give an overview about :

• The awareness and information actions carried by the CERT-TCC and the specific actions carried due to our position as a public CERT (parents and youth and common ICT users awareness).
• The launch of an incident handling team and the accompanying lawful measures, besides the establishment of a Watch and Alert Center and reaction plan.
• Professional Training and Education actions, based on the launch of training sessions for trainers and on the launch of Masters in IT security
• Research and Development strategy and actions, based on the open-source approach, for the rapid and efficient emergence of national R&D activities.
• The collaboration with associations (NGO).

We will close by presenting an overview about some of the urgent needs of less developing countries and present some key points to consider when building CERTs in less developing countries.

Title of Presentation: "Global Harmonization of Cybercrime Legislation".

The global harmonization of national cybercrime legislation has been an evolution over a period of 30 years. From a Bill, through recommendations to the adoption of a convention, we have reached a time of bringing information of the basic standards and principles of what is achieved to the global society.

Based on the convention and recommendations from global organizations it is today necessary to envisage the elaboration of a global legal framework on cybercrime. This presentation will consider different future models for global harmonization of cybercrime legislation.

Top of page

Title of Presentation: "Report on ITU-T Study Group 17 activities".

Text coming soon.

In order to establish a legislative framework to meet the challenges of cybercrime countries need to:

 - Criminalise certain conduct in their substantive criminal law. As a minimum this should include illegal access to a computer system, illegal interception, data interference, system interference, the misuse of devices, computer-related forgery and fraud, child pornography, xenophobia and racism, infringement of copyright and related rights

 - Give law enforcement/criminal justice the means to investigate, prosecute and adjudicate cybercrimes in their criminal procedure law. As a minimum this should provide for expedited preservation of computer and traffic data, production order, search and seizure of stored computer data, real-time collection of traffic data, interception of content data and procedural safeguards

 - Allow for efficient international cooperation by harmonising legislation, making provisions and establishing institutions for police and judicial cooperation, and concluding or joining agreements.

The Convention on Cybercrime of the Council of Europe serves any country as a clear guideline for the development of national legislation along these lines. In addition, it provides a framework for effective international cooperation among the increasing number of parties to this treaty.

Top of page

Title of Presentation: "Report on ITU-D Cybersecurity-Related Activities" and "Report from meeting of ITU-D Study Group 1/Q22".

Title of Presentation: "Text coming soon".

Text coming soon.

Title of Presentation: "A Generic National Framework for Critical Information Infrastructure Protection".

Meeting Background Paper :  "A Generic National Framework for Critical Information Infrastructure Protection"

The task of Critical Information Infrastructure Protection (CIIP) is acknowledged as an indispensable component of national security policy all over the world. Some countries have built up sophisticated CIIP organizations, involving agencies from different ministries, and building on a variety of initiatives and programs. However, since these solutions are fairly resource-intensive, they are not suitable for a majority of the countries of the world. Thus, in order to help countries to determine their individual solution, the presented generic model offers building blocks for a working, government-led CIIP unit.

By concentrating on the most essential tasks, cooperation between various stakeholders, flexibility and adaptability, one may develop a relatively inexpensive solution that can be further tailored, if necessary, to country-specific needs.

Title of Presentation: "Information Sharing and Incident Response – A European Perspective".

Mr. Thorbruegge's presentation will give a summarised picture of what’s going on in the field of Information Sharing and Incident Response. The presentation will shortly introduce the European Network and Information Security Agency (ENISA) and its work in various fields of NIS, with a special emphasis on the work in the field of CERT/CSIRT cooperation and support, as CSIRTs (Computer Security and Incident Response Teams) play a leading role in both fields and are a key factor for a comprehensive and successful security strategy on various levels.

Finally the presentation will give the audience some information about a feasibility study for a “European Information Sharing and Alerting System” (EISAS) that the ENISA is currently carrying out, based on a request from the European Commission.

Title of Presentation: "Governance for Security and Dependability"

Ms. Jody Westby's presentation focuses on how governance is the critical foundation for an organization to manage incident response and provide critical information to national or regional coordination centers.