Meeting Agenda
The second WSIS Action Line
C5 facilitation meeting was held 14th-15th May 2007 at ITU Headquarters
(Room C) in Geneva, Switzerland from 9:30 –17:30 both days. A special lunch
session briefing on the Convention on Cybercrime organized by the Council
of Europe took place on the 15th from 13:30 – 15:00 also in Room C. The
meeting was open to all stakeholders and held in conjunction with a
cluster
of events organized from 14th-25th May surrounding
World Telecommunication
and Information Society Day (17th May).
Based on the first facilitation meeting held in May 2006, work programmes
in four focus areas have been initiated. Focus Area 1 (National Strategies)
involves the development of a generic model framework or toolkit that national
policy-makers could use to develop and implement a national cybersecurity
programme. Focus Area 2 (Legal Frameworks)
considers capacity-building on the harmonization of cybercrime legislation,
the Council of Europe's Convention on Cybercrime, and enforcement.
Focus Area 3 (Watch, Warning and Incident
Response) looks at information-sharing of best practices on developing
watch, warning and incident response capabilities.
Focus Area 4 is dedicated to spam and related
threats. Discussions on new alliances and initiatives aimed at building
capacity and raising awareness on cyber-threats and countermeasures were
also covered in this session.
The guiding themes for this second facilitation meeting were: progress
by stakeholders in implementation activities in these focus areas, consideration
of future framework discussions to improve international cooperation and
coordination in the above domains as well as future work plans.
PARTNERSHIPS FOR GLOBAL CYBERSECURITY
|
DAY 1 - MONDAY 14 MAY 2007 |
08:30-09:30 |
Registration in the ITU Montbrillant
Building (2, Rue de Varembé), meeting held in Room C (ITU Tower
Building). |
09:30-09:45 |
Session
1: Meeting Opening and Welcome (audio
cast) |
|
- Welcoming Address : Dr. Hamadoun Touré (biography),
Secretary-General, International Telecommunication Union (ITU)
(Opening
Remarks
)
- Chairperson's Opening Remarks : Seymour Goodman (biography),
Professor, Georgia Institute of Technology, United States of
America
|
09:45-10:45 |
Session
2: The Changing Cybersecurity Threat Environment and Innovative
Solutions (audio
cast) |
|
Session Description: As
data networks across the world transition from narrowband to
broadband, the nature of the cybersecurity threat is changing.
Longstanding concerns, such as viruses and spam, are being reinforced
by new threats, such as botnets or phishing. Technological change
is both part of the problem and the hope for a solution, but
there is a constant struggle to keep ahead of criminals, on
the one hand, and careless users on the other. This opening
session features two companies involved in offering innovative
solutions in the areas of messaging security and cryptography. Mark Sunner (biography),
Chief Security Analyst, MessageLabs, United Kingdom (Abstract/Full
Presentation
)
Keynote Speaker : Grégoire Ribordy (biography),
CEO and Co-Founder, id Quantique, Switzerland (Abstract/Full
Presentation
)
|
10:45-11:00 |
Coffee Break |
11:00-12:30 |
Session
3: Partnerships for Global Cybersecurity – Framework for WSIS
Action Line C5 and Update on Activities (audio
cast) |
|
Session Description: This
session provides an overview of current and planned future activities
related to the WSIS Action Line C5: Partnerships for Global
Cybersecurity initiative as well as related ITU developments
in this domain.
Session Facilitator: Alexander Ntoko (biography),
Strategy and Policy Advisor, International Telecommunication
Union (ITU) and Focal Point for WSIS Action Line C5
|
12:30-13:30 |
Lunch
Break |
13:30-14:45 |
Session
4: PGC Focus Area – National Strategies (audio
cast) |
|
Session Description: At
the start of the 21st century, modern societies have a growing
dependency on information and communication technologies (ICTs)
which are globally interconnected. However, with these growing
dependencies, new threats to network and information security
have emerged. There is a growing misuse of electronic networks
for criminal purposes or for objectives that can adversely affect
the integrity of critical infrastructures within States. To
address these threats and to protect these infrastructures,
a coordinated national strategy and action plan is required
– combined with regional and international cooperation. This
session will discuss different national approaches to cybersecurity
and critical information infrastructure protection (CIIP).
Session Facilitator: TBD
- Presentation : Manuel Suter (biography),
Research Fellow, Center for Security Studies (CSS), ETH Zurich,
Switzerland, Meeting background study on “A Generic National
Framework for Critical Information Infrastructure Protection”
(Abstract/Full
Presentation
/Background
Paper
)
- Presentation : Audrey Plonk (biography),
Information Security and Privacy, Organisation for Economic
Co-operation and Development (OECD), “Policies to Protect
the Critical Information Infrastructure in Several OECD Member
Countries” (Abstract/Full
Presentation
)
- Presentation : Diana Korsakaite (biography),
Deputy Director, Communications Regulatory Authority, Lithuania,
“Integral Enabling System as the Mission of a National Strategy”
(Abstract/Full
Presentation
)
|
14:45-16:00 |
Session
5: PGC Focus Area – Legal Frameworks and Enforcement
(audio
cast) |
|
Session Description : An integral component of any national strategy
is the adoption of appropriate legislation against the misuse
of ICTs for criminal or other purposes, including activities
intended to affect the integrity of ICT transactions and national
critical infrastructures. As threats can originate anywhere
around the globe, the challenges are inherently international
in scope and it is desirable to harmonize legislative norms
as much as possible to facilitate regional and international
cooperation. This session will discuss the current international
standards, principles and instruments relating to electronic
crimes and related challenges in enforcement. Session Facilitator:
Betty-Ellen Shave (biography),
Assistant Deputy Chief, International Computer Crime, Department
of Justice, United States of America
- Presentation : Alexander Seger (biography),
Head of Technical Cooperation, Department of Crime Problems,
Council of Europe (CoE), “Developing National Legislation on
Cybercrime: The Convention on Cybercrime as a Guideline”
(Abstract/Full
Presentation
)
- Presentation : Demostenes Chryssikos (biography),
Crime Prevention and Criminal Justice Officer, United Nations
Office on Drugs and Crime (UNODC), "UNODC Activities Related
to Cybersecurity" (Abstract/Full
Presentation
)
- Presentation : Stein Schjolberg (biography),
Chief Judge, Moss Tingrett, Moss District Court, Norway, “Global
Harmonization of Cybercrime Legislation” (Abstract/Full
Presentation
)
|
16:00-16:15 |
Coffee Break |
16:15-17:15 |
Session
6: PGC Focus Area – Watch, Warning and Incident Response
(audio
cast) |
|
Session Description: An
integral part of any cybersecurity strategy is a national or
regional level organization that acts as a coordination centre
to respond to and tackle any emergency computer and network
security incidents. Typical roles include handling computer
security incidents and vulnerabilities, publishing security
alerts, and developing information and training on information
security. This session discusses the technical, managerial and
financial aspects of establishing national or regional watch,
warning, and incident response (WWIR) capabilities.
Session Facilitator : Seymour Goodman (biography),
Professor, Georgia Institute of Technology, United States of
America
- Presentation : Marco Thorbruegge (biography),
Senior Expert on Computer Incident and Response Handling Policy,
European Network and Information Security Agency (ENISA), "Information
Sharing and Incident Response – A European Perspective"
(Abstract/Full
Presentation
)
- Presentation : Nabil Sahli (biography),
Head of the CERT/TCC and CEO of the National Agency for Computer
Security, Tunisia, “Insights into the Tunisian Experience and
Strategy in the Establishment of National Watch, Warning and
Incident Response Capabilities” (Abstract/Full
Presentation
)
- Presentation : Jody R. Westby (biography),
American Bar Association’s Privacy & Computer Crime Committee,
Author of “Governing for Information Security Implementation
Guide” for Carnegie Mellon's CERT, “Governance for Security
and Dependability” (Abstract/Full
Presentation
)
|
17:15-17:30 |
Chairperson’s Wrap-up
(audio
cast) |
|
Chairperson's Remarks :
Seymour Goodman (biography),
Professor, Georgia Institute of Technology, United States of
America |
|
DAY 2 - TUESDAY 15 MAY 2007 |
08:30-09:30 |
Registration in the ITU
Montbrillant Building (2, Rue de Varembé), meeting
held in Room C (ITU Tower Building).
|
09:30-11:00 |
Session
7: PGC Focus Area – Spam and Related Threats
(audio
cast) |
|
Session Description:
Spam is the uncomfortable reality of the Information
Society. In a society that defends freedom of
expression, spam has, for long years, been the
price that is paid to defend the principle that
anyone can speak to anyone. But spam is increasingly
being used as a bearer for viruses and fraud,
especially through phishing and pharming. There
are already an armoury of tools – technical,
legal, financial, user training – that can be
used against spammers, but there is a lack of
coordination at the international level. This
session includes latest information on a number
of initiatives that have been launched to counter
spam, at a national, regional and international
level, and provides a forum for the exchange
of experiences.
Session Facilitator: Richard Cox (biography),
CIO, The Spamhaus Project (Full
Presentation
)
- Presentation : Suresh Ramasubramanian
(biography),
Manager, Outblaze, India (Full
Presentation
)
- Presentation : Audrey Plonk (biography),
Information Security and Privacy, Organisation
for Economic Co-operation and Development (OECD),
“OECD - APEC Joint Work on Malicious Software”
(Abstract/Full
Presentation
)
- Presentation : Solange Ghernaouti-Hélie
(biography),
Professor, University of Lausanne, “Enhancing
Cybersecurity Knowledge by an Educational Program
Framework” (Abstract/Full
Presentation
)
|
11:00-11:20 |
Coffee
Break |
11:20-13:20 |
Session
8: Speed Exchanges on PGC Focus Areas
(audio
cast) |
|
Session Description:
Speed Exchanges allow meeting participants to
discuss topics in a smaller “round table” peer-to-peer
environment. Facilitated by expert moderators
for each of the PGC Focus Area, Speed Exchanges
allow for more in-depth discussions, exchange
of information and sharing of experiences. Separate
tables are designated for each topic and participants
are given 20 minutes to discuss a particular
topic and then given the opportunity to move
tables to discuss another topic. Participants
will be asked to prepare questions in advance
for table moderators. The feedback from each
focus area will be presented in Session 9.
Session Facilitator: Suresh Ramasubramanian
(biography),
Manager, Outblaze, India
- National Strategies Focus Area Speed
Exchange : moderated by Tim Kelly (biography),
Head, Strategy and Policy Unit, ITU
- Legislation and Enforcement Focus Area
Speed Exchange : moderated by Alexander
Seger (biography),
Head of Technical Cooperation, Department of
Crime Problems, Council of Europe (CoE)
- Watch, Warning and Incident Response
Focus Area Speed Exchange : moderated by
Jody R. Westby (biography),
American Bar Association’s Privacy & Computer
Crime Committee
- Spam and Related Threats Focus Area Speed
Exchange : moderated by Richard Cox (biography),
The Spamhaus Project
|
13:20-15:00 |
Lunch
Break |
13:30-15:00 |
Special Session Organized
by the Council of Europe on the Convention on
Cybercrime (audio
cast) |
|
Presentation
: Alexander Seger (biography),
Head of Technical Cooperation, Department of
Crime Problems, Council of Europe (CoE), “The
Convention on Cybercrime of the Council of Europe
- A Framework for National Action and International
Cooperation Against Cybercrime”
Presentation : Henrik Kaspersen, Council
of Europe (CoE), “Why
the Cybercrime Convention?”,“Experiences
in The Netherlands”
Presentation : Betty-Ellen Shave (biography),
Assistant Deputy Chief, International Computer
Crime, Department of Justice, United States
of America, “Experiences in the Unites States”
|
15:00-15:30 |
Session
9: Reporting on Speed Exchange on PGC Focus
Areas (audio
cast) |
|
Session Description:
This session will provide an overview of the
discussions held during the Speed Exchanges
for the different PGC Focus Areas. Main challenges
and proposed solutions will be summarized by
the moderators and discussed among meeting participants.
Session Facilitator: Suresh Ramasubramanian
(biography),
Manager, Outblaze, India
Discussion
|
15:30-15:45 |
Coffee
Break |
15:45-17:00 |
Session 10: Partnerships for Global Cybersecurity
- Regional and International Cooperation Frameworks
and Ideas for Next Steps (audio
cast) |
|
Session Description:
The borderless nature of cyber-threats and their
constantly evolving nature pose a number of
challenges to the global community. Most recent
indicators show an increase in the number, scope
and level of sophistication of these threats.
Are we losing the fight against these cyber-attacks?
This session poses questions about future strategies,
focus areas and the types of solutions, partners
and frameworks that need to be put in place
for real changes to take place. Session Facilitator: Alexander
Ntoko (biography),
Strategy and Policy Advisor, International Telecommunication
Union (ITU) and Focal Point for WSIS Action
Line C5
Panel Discussion
|
17:00-17:15 |
Close of Meeting |
|
Chairperson's Closing Remarks
: Seymour Goodman (biography),
Professor, Georgia Institute of Technology,
United States of America |
Do not hesitate to send any questions or comments
you may have to
gca@itu.int |
Based on the first facilitation meeting held in May 2006, work
programmes in three focus areas have been initiated, in addition
to ongoing activities in the area of spam and related threats.
- Focus Area 1 (National Strategies) involves the
development of a generic model framework or toolkit that
national policy-makers could use to develop and implement
a national cybersecurity programme.
- Focus Area 2 (Legal Frameworks) considers capacity-building
on the harmonization of cybercrime legislation, the Council
of Europe's Convention on Cybercrime, and enforcement.
- Focus Area 3 (Watch, Warning and Incident Response)
looks at information-sharing of best practices on developing
watch, warning and incident response capabilities.
- Focus Area 4 is dedicated to spam and related threats.
The guiding themes for this second facilitation meeting were:
progress by stakeholders in implementation activities in these
focus areas, consideration of future framework discussions to
improve international cooperation and coordination in the above
domains as well as future work plans.
For background on WSIS Action Line C5, please see
here
Further enquiries can be directed to
gca@itu.int
|