Speech from Dr Hamadoun I. Touré, ITU Secretary-General

WSIS Forum 2009 - High-Level Panel on Cybersecurity
Geneva, Switzerland
19 May 2009

Distinguished colleagues,
Ladies and gentlemen,

In a remarkably short space of time, information and communication technologies have become the keystone of modern society – as essential to development and prosperity as conventional networks such as transport, power and water.

As technologies advance and applications multiply, high-speed always-on broadband access is an increasingly critical platform for business activity of all kinds, as well as for the delivery of services ranging from entertainment and interpersonal interaction, to education and health.

But the very tool that is bringing us a host of exciting and empowering new services is also bringing with it a special set of risks.

The proliferation of always-on connections is creating a vast global network of open conduits which can carry all kinds of malware.

This is not just a question of viruses and Trojan horses, but also spyware that installs itself on a computer and then transmits personal information – secretly logging keystrokes, recording web browsing history, or scanning information on the computer’s hard disk.

Indeed, most of today’s viruses are not designed to disable a machine or destroy data, but rather to enlist a computer into a vast network of ‘zombies’ which cyber-criminals can use for nefarious purposes, without the user’s knowledge.

Up to 80% of all spam is now believed to be sent by such zombies. This not only helps spammers avoid detection, it dramatically cuts their costs, since the computer’s owner also unwittingly pays for the bandwidth.

Distinguished colleagues,

The World Summit on the Information Society recognized that ICTs, and the enormous benefits they can bring, cannot flourish in the absence of user trust and confidence in the online world.

That is why, as facilitator of WSIS Action Line C5 on Building Confidence and Security in the use of ICTs, ITU took the important step of launching the Global Cybersecurity Agenda, or GCA.

Remarkably, given the scale and global nature of the problem, the GCA represents the first international strategy to counter cybercrime. Designed as a framework for cooperation and response, it focuses on building partnerships and effective collaboration between all relevant parties.

I believe that one of ITU’s greatest strengths is this ability to bring key decision makers together on an equitable footing, to share expertise and build consensus around critical issues such as these.

International cooperation is absolutely crucial to our success.

We are therefore most privileged to have the support of global leaders including Nobel Peace Laureate Dr Óscar Arias Sánchez, President of the Republic of Costa Rica, and President Blaise Compaoré of Burkina Faso.

And we are proud have forged a strong and highly supportive relationship with Malaysia’s IMPACT – the International Multilateral Partnership Against Cyber-Threats – which last year culminated in a Memorandum of Understanding that has seen IMPACT’s headquarters in Cyberjaya, Kuala Lumpur, become the physical home of the GCA.

The world’s first global public-private initiative against cyberthreats, this collaboration provides ITU’s 191 Member States with the expertise, facilities, information, and rapid access to resources to effectively address actual and potential cyberthreats.

IMPACT’s state-of-the-art Global Response Centre has been designed to serve as the world’s foremost cyberthreat resource centre, providing a real-time aggregated early warning system that helps countries quickly identify cyberthreats, and offering expert guidance on effective counter measures.
It also provides governments with a unique electronic tool to enable authorized cyber-experts in different countries to pool resources and collaborate with each other remotely and securely, helping the global community respond immediately to cyberthreats.

The first phase of physical deployment has already been launched in some 20 countries, with further deployment in another 50 countries planned during the coming year.
To promote capacity building, IMPACT will also conduct training and skills development programmes delivered in collaboration with leading ICT companies and institutions. At the same time, the organization’s Centre for Security Assurance & Research will work with leading ICT experts to develop global best practice guidelines, creating international benchmarks and acting as an independent, internationally recognized, voluntary certification body for cybersecurity.

Finally, under ITU leadership, IMPACT’s Centre for Policy & International Cooperation will work with partners including UN agencies, Interpol, the Council of Europe, the OECD and others to formulate new policies on cybersecurity and help promote the harmonization of national laws relating to cyberthreats and cybercrime.

Complementing IMPACT’s Malaysia-based facilities, ITU will also host a ‘virtual showcase’ here in Geneva, profiling the new early warning system, crisis management capabilities and real-time analysis of global cyber threats.

Ladies and gentlemen,

Here at ITU, we have also been taking concrete actions within the Development and Standardization Bureaus.

The Development Bureau has finalized two key deliverables in the area of cybercrime: the ‘ITU Cybercrime Legislation Toolkit’, and ‘Understanding Cybercrime: A Guide for Developing Countries’. These are both part of our efforts to assist countries in understanding the legal aspects of cybersecurity and to help harmonize legal frameworks.

A new version of the ‘ITU National Self Assessment toolkit’ has also been finalized by BDT and is now available.

Furthermore, following the MoU with IMPACT, a team in BDT has been set up to start the deployment of cybersecurity capabilities – specifically on Incident Management and the establishment of Computer Incident Response Teams (CIRTs).

Capacity building activities in these areas will be initiated during the upcoming Cybersecurity Forum for the Arab and African region which is taking place in Tunisia early next month.

In the Standardization Bureau, I am pleased to report that collaboration continues with other standards bodies and that the activities of Study Group 17 were adjusted at WTSA-08 to focus on security.

SG-17’s new initiatives include the development of a report on the business use of ICT/telecommunication security standards, and the establishment of a correspondence group on the trusted exchange of network digital forensics – which are absolutely indispensable for establishing criminal activities online, and prosecuting criminals at a global level.

These steps constitute great progress towards an urgently-needed coordinated global approach to cybersecurity.

But they are still not enough. As family members ourselves, we can’t help but be aware that children are among the most vulnerable groups being targeted by online criminals.

The web can be a dangerous neighbourhood for children, who are often sent out into cyberspace alone and unprotected, simply because their guardians do not fully understand the risks.

That’s why ITU recently launched our Child Online Protection initiative, a multi-stakeholder coalition under the GCA framework dedicated to the protection of children online.

According to recent surveys, over 60 per cent of children and teenagers with access Internet access talk in chat rooms on a daily basis.
Three quarters of children online are willing to freely share personal information about themselves and their family in exchange for goods and services.

And one in five of those online children will be targeted by a cyber-predator or paedophile each year.

ITU’s Child Online Protection initiative was presented at the High Level Segment of ITU Council 2008,, where it was endorsed by Heads of State, Ministers and heads of international organizations from around the world.

The initiative will see ITU work with policy makers, educators, industry, the media, NGOs, UN agencies like UNICEF, UNIDIR and UNICRI – and of course children themselves – to promote awareness and develop effective strategies to protect young people.

To throw the global spotlight on this issue, ITU Members chose ‘Protecting Children in Cyberspace’ as the theme of this year’s World Telecommunication and Information Society Day, which marks the founding of ITU on 17 May 1865, 144 years ago.

At yesterday’s WTISD Awards Ceremony and launch of a year-long Child Online Protection campaign with Interpol, I was pleased to be able to salute the three laureates: former FCC Commissioner Deborah Tate; President Lula of Brazil; and Rob Conway, CEO of the GSM Association.

Distinguished guests,

The net cannot flourish as a facilitator of learning, as a platform for e-health, as a key driver of trade and commerce, and as a global communications channel, if users lack faith in the security of the online world.

Criminals should no longer be able to hide behind legal loopholes and regulatory inconsistencies. Nations with less well-developed ICT legislation should no longer find themselves host to nefarious online activities. And even the world’s most disadvantaged states deserve to have an effective shield with which to safeguard themselves.

I believe ITU is uniquely well-placed to serve as the broker and coordinating agency for such making the information society safer and more secure. We have a long and successful history of building multi-stakeholder consensus on globally shared ICT resources – such as satellite orbits and the radiofrequency spectrum.

We are a truly globally representative body whose mandate has always been based on cooperation, and on partnership.

And I am very grateful for your support.

Thank you.