Speech from Dr Hamadoun I. Touré, ITU Secretary-General
H.E. Mons. Marcelo Sánchez Sorondo,
Ambassador Henning Wegener,
Professor Antonino Zichichi,
Ladies and Gentlemen,
Highly-organized criminal gangs are now actively targeting companies,
individuals, and – increasingly – children. The dark side of the Net is home to
a host of illicit activities including identify theft, fraud, illegal gambling
Independent agencies estimate that there are over 40,000 viruses in
circulation at this present time. Spyware programmes are believed to infect over
80% of all business computers. And spam, which now accounts for over 90% of all
email traffic, is estimated to cost business 100 billion US dollars a year.
While many criminal activities target individuals or organizations, the
borderless nature and anonymity of the Internet open the door to significant
threats. Using botnets and other forms of malware, individuals or criminal
groups can arm themselves with sufficient resources to launch attacks on
national infrastructure that threaten the economic and even the military
security of sovereign states. We’ve already seen a small-scale example of this
kind of cyberterrorism in the wave of Denial of Service attacks directed at
government, media and business sites in Estonia last year.
Just last week, we also saw a Commission directed by the United States Center
for International and Strategic Studies declare cybersecurity to be one of the
foremost national security challenges facing the US. It’s no secret that some of
that country’s best-protected sites have fallen victim to cyberattacks, with
hackers successfully breaking into systems at the Pentagon and the White House,
as well as international organizations such as the World Bank.
Of even greater concern is how the Internet can be protected against
large-scale virus attacks like the Backbone Denial-of-Service attack launched in
February 2007, which hit three key servers at the very heart of the Internet.
ITU recognizes the gravity of these threats, whereby a small well-organized
group could wreak havoc on a system that underpins a huge range of critical
That’s why our 2006 Plenipotentiary Conference, with representation from the
191 sovereign nations who are ITU Member States, endorsed Resolution 130.
This Resolution stresses – and I quote:
Through this Resolution, we resolved to take action to prevent the abuse of
ICTs for criminal and terrorist purposes, while ensuring strict respect for
In support of our role as sole Facilitator of Action Line C5 of the World
Summit on the Information Society (WSIS), the Resolution also mandates ITU to
take action to build confidence and security in the use of ICTs. The Internet
cannot flourish as a resource for learning, as a platform for e-health, and as a
global communications channel, if users lack faith in the safety and security of
the online world.
The WSIS recognized that the global nature of the Internet creates worldwide
threats that can only be dealt with at the global level. That’s why Paragraph 40
of the WSIS Tunis Agenda stresses the importance of the prosecution of
cybercrime – including cybercrime committed in one jurisdiction, but having
effects in another.
The WSIS outcomes emphasize the necessity of effective tools and actions at
the international level to promote international cooperation among law
enforcement agencies. They also call on governments and other stakeholders to
develop the necessary legislation for the investigation and prosecution of
As the UN organization charged by the international community with developing
an effective response to this growing menace, ITU understands the importance of
presenting a united front to cybercriminals. A fragmented approach creates
chinks in our defensive armour that cybercriminals and cyberterrorists are all
too quick to exploit. In cyberspace, no country can hide behind its geographic
borders, so any vulnerability puts us all at risk.
That’s why, in May 2007, ITU launched our Global Cybersecurity Agenda (GCA).
As a framework for international cooperation and response, the GCA focuses on
forging partnership and leveraging collaboration between all relevant parties in
the fight against cybercrime.
To set priorities and develop clear strategies for a coordinated global
approach, my first action was to convene a special High-Level Experts Group (HLEG)
which brought together more than 100 top-level representatives from around the
world as a thinktank to advise me.
This group comprised cybersecurity experts from national administrations,
from enforcement agencies such as Interpol, from international organizations
including the UN and the Council of Europe, from academic and research
organizations, and from the ICT industry itself.
You may be surprised to learn that this was the first time that many of these
key organizations had ever collaborated – clear evidence, I think, of the very
urgent need for a global approach led by a representative and inclusive global
organization like ITU.
ITU is unique among UN agencies in having both public and private sector
membership. In addition to 191 Member States, we count more than 600 Sector and
Associate Members – many of them corporate rivals who put aside their
competitive interests to work cooperatively with us to develop new technical
standards and regulations governing the equitable use of shared ICT resources.
Since the delivery of the High-Level Experts Group’s final report and
proposals last month, the GCA continues to gain momentum worldwide.
As we now move from preparation to implementation, I am pleased to report
that the Agenda has already won the support of leaders around the world,
including the Nobel Peace Laureate, Dr Óscar Arias Sánchez, President of the
Republic of Costa Rica, and President Blaise Compaoré of Burkina Faso.
In September, ITU signed a key MoU with Malaysia’s IMPACT – the
International Multilateral Partnership Against Cyber-Threats – that will see
IMPACT’s state-of-the-art global headquarters in Cyberjaya, Kuala Lumpur, become
the physical home of the GCA.
Under the terms of the MoU, IMPACT provides a broad portfolio of services to
support the GCA. Its state-of-the-art Global Response Centre has been designed
to serve as the foremost cyberthreat resource centre in the world. The Centre
provides the global community with a real-time aggregated early warning system
that will help member countries quickly identify cyberthreats and provide
critical guidance on effective counter measures.
It also provides nations with a unique electronic tool that will enable
authorized cyber-experts in different countries to pool resources and
collaborate with each other remotely and securely, to help the global community
respond immediately to cyber-threats, especially during crisis situations.
In the area of capacity-building, IMPACT conducts high-level briefings for
the benefit of representatives of ITU Member States, along with training and
skills development delivered in collaboration with leading ICT companies and
institutions. Such high-level, cross-industry briefings represent an
unprecedented opportunity for Member States to gain invaluable information and
privileged private sector insight about the latest trends, threats and emerging
IMPACT’s Centre for Security Assurance & Research works with leading ICT
experts to aggregate and develop global best practice guidelines, creating
international benchmarks relevant to governments around the world.
On request, the Centre is empowered to conduct independent ICT security
audits for government agencies or critical infrastructure companies, such as
national utility and telecommunication companies.
IMPACT’s Security Assurance Division also functions as an independent,
internationally-recognized voluntary certification body for cybersecurity.
Finally, under ITU leadership, IMPACT’s Centre for Policy & International
Cooperation will work with partners including UN agencies, Interpol, the Council
of Europe, the OECD and others to formulate new policies on cybersecurity and
help promote the harmonization of national laws relating to cyberthreats and
ITU’s agreement with IMPACT clearly represents a major advance in the battle
to stamp out cybercrime and cyberterrorism. In the one month since ITU hosted a
demonstration of the ITU GCA-IMPACT alliance, thirteen countries have approached
us to become a part of this initiative, along with key industry partners and
international crime fighting organizations including Interpol. In addition, ten
major security companies are now working on ways of improving
information-sharing as part of their early warning systems.
But the GCA does not stop there.
Because children are increasingly targeted by cybercriminals, who seek to
exploit their natural affinity for technology and their vulnerability to
manipulation, ITU recently launched its global Child Online Protection
initiative. At ITU, we believe that children everywhere have the right to a safe
environment. Even though the connection may be virtual, online dangers are very
Through its Child Online Protection initiative, ITU will be working with
policy-makers, educators, industry, the media, NGOs, and with children
themselves, to promote awareness and develop effective strategies to protect
young people from the predations of cybercriminals of all kinds.
In today’s globalized, interconnected world, none of us can do it alone. More
than ever, we need to work together, to build multi-stakeholder consensus on
effective strategies to tackle this powerful threat.
I maintain that the best way to win a war is to avoid a war. The GCA provides
a means of effectively disarming cyberterrorists, by removing their access to
‘cyber weapons of mass destruction’ and robbing them of their power to
After an intensive one year analysis by the High Level Experts Group which
brought together a number of key elements in the five work areas of the GCA, I
thought it necessary to bring to your attention the idea of an international
Protocol Against Cyber-Threats (or PACT).
This PACT could provide us with a clear guildeline, common code of conduct
and a clear set of principles within which as a global community, we can have a
foundation through which we can begin to effectively combat cyber-threats,
prosecute cybercriminals and stamp out their activities. Criminals will no
longer be able to hide behind legal loopholes and regulatory inconsistencies.
Nations with less well-developed ICT legislation will no longer unwittingly find
themselves host to nefarious online activities. And even the world’s most
disadvantaged states will at last have an effective shield with which to
ITU is uniquely well-placed to serve as the broker and coordinating agency
for this international Protocol. We have a long and successful history of
forging multi-stakeholder consensus on globally-shared ICT resources such as
satellite orbits and radiofrequency spectrum. And we are a truly globally
representative body whose mandate has always been based on cooperation and
It is time for us to stand united in our determination to defeat cyber-threats. If we do not, the potential of the Internet to enrich and enhance our lives can never be fully realised. And it is my duty, as Secretary-General of the ITU, to ensure that the true benefits of ICTs are available to all. I believe that this PACT could be a key step that can help us reap the full benefits and capabilities of ICTs.