Speech from Mr Houlin Zhao, ITU Deputy Secretary-General

Young Presidents Organization on Cybersecurity

Geneva, Switzerland
25 June 2009

First let me welcome you to the ITU and this seminar co-hosted by the Young Presidents’ Organization and the ITU.  I am hopeful that meetings like this can lead to a richer collaboration between the two organizations.

The ITU is the oldest UN agency and throughout its history it has lead the way where the technical, economic and social development opportunities of communications technologies are compromised or forestalled by the lack of international collaboration and the sharing of best practice across nations. Hence history shows us that, in the late 19th century,  the ITU was formed as a direct consequence of the need to co-ordinate the use of radio spectrum between countries. This motivation has propelled the ITU throughout its history and in our work today – this need for international co-ordination also underpins the significance of the ITU and the way in which new debates are nurtured under the auspices of the ITU.

In today’s world there are many ICT debates that are emerging for which international collaboration is needed; and in the context of a World Information Society that the issue of security is one of the most important issues that we all face.

We know that ICTs are a powerful force of change for economic and social development and we know that the technical foundations of the ICT networks are inexorably moving to IP based platforms. These technical platforms create unparalleled opportunities for innovation both in core networks, the services they support and also end-user applications; but the open nature of these networks created the potential for significant and multi- security threats.

I am of the view that the days where the threat came from the naïve hacker testing systems and having fun are over – today we are facing systematic and organized attempts to breach the security of networks in order to create harm, especially economic harm.  We know that there are significant illegal incomes to be earned from breeching the security of systems.  We also know that in many cases the cost of orchestrating these ICT security threats is minimal and the risk of being caught is extremely low – and in many cases, because of international jurisdictions, the probability of a successful prosecution being brought (and all that such a procedure involves) is close to zero.

There have been many insights into the nature and extent of ICT security threats but the report by Semantec last Autumn entitled the Underground Economy somehow eloquently captured the way in which security threats have evolved and now constitute a highly organized and, sad to say, vibrant community of activitists motivated by the allure of ill-gotten gains. 

The Semantec report highlights the value chains and business models used by this illegal community.  The report highlights the extensive advertising of stolen property and the relatively easy access that can be had to individual financial records and for relatively nominal sums – the value of the illegal information for sale was valued by Semantec at $279m and that the information for sale would provide access to at least 1.7 bn of consumer assets.

The same reports states that phishing scams can be bought in the range of 2 – 80 USD although the average prices was 10USD; monthly hosting cost can be as low as 1USD – with these numbers it is easy to see that phishing can be a highly profitable business!

But interestingly, the Semantec report clearly shows that this underground economy is an international phenomenon and hence one way that agencies such as the ITU can play a role.  Under the current management of the ITU cyber-security has been elevated to one of our top priorities.  Launched in 2007 by ITU Secretary-General, Dr. Hamadoun I. Touré, the ITU Global Cybersecurity Agenda (GCA) is a framework for international cooperation aimed at enhancing confidence and security in the information society. The GCA is designed for cooperation and efficiency, encouraging collaboration with and between all relevant partners and building on existing initiatives to avoid duplicating efforts.  The work of the ITU is diverse in this area but I want to highlight two areas of importance. The first is our partnership with the International Multilateral Partnership Against Cyber-Threats (IMPACT).  This partnership provides:

  • Real-time analysis, aggregation and dissemination of global cyber-threat information;
  • Early warning system and emergency response to global cyber-threats; and
  • Training and skills development on the technical, legal and policy aspects of cybersecurity

The second area is the ITU Child Online Protection (COP) initiative: a partnership with organizations from around the world. This partnership will:

  • Identify key risks and vulnerabilities to children in cyberspace
  • Create awareness of the risks and issues through multiple channels;
  • Develop practical tools to help governments, organizations, industry and educators minimize risk;
  • Share knowledge and experience while facilitating international strategic partnerships to define and implement these concrete goals.

More details can be found on our website www.itu.int/cybersecurity.

And now I would like to hand over to our co-hosts for this evening who will introduce the speaker.

Thank you for your attention.