ITU appeals for greater international cooperation to combat cybercrime

Speaking during Thursday’s Council review of a report on ITU’s role in building confidence and security in the use of information and communication technologies, ITU Secretary-General Dr Hamadoun I. Touré appealed for greater international cooperation to combat the growing threat of cybercrime.

Addressing some of the main challenges to making the Internet and other information and communication technologies more secure, the Secretary-General emphasized that success in combating the spreading scourge of cybercrime largely depends on the willingness of countries to cooperate and share their expertise.

Dr Touré noted that ITU had been a virtual “lone soldier” when, under his leadership, the organization created a Global Cybersecurity Agenda (GCA) in 2007. “Now there is far greater awareness of the problem and I hope everyone will see the need to come together in a spirit of international cooperation to address it,” he said.

The report was presented to the Council by Doreen Bogdan-Martin, Chief of ITU's Strategic Planning and Membership Department, and summarizes ITU activities and initiatives in relation to implementing Resolution 130 (Rev. Guadalajara, 2010), ITU’s role as sole facilitator for WSIS Action Line C5 and other decisions by the membership on strengthening the Union’s role in efforts to make information and communication technologies more secure.

Ms Bogdan-Martin recalled that the GCA is built on five strategic work areas around which the report is organized: legal measures, technical and procedural measures, organizational structures, capacity building, and international cooperation.

The discussion that followed her presentation focused mainly on the ITU-IMPACT initiative, with many councillors expressing appreciation for the assistance provided by ITU under this partnership and encouraging it to continue its significant work in this area. But there were questions too that sought to clarify details of the ITU-IMPACT relationship (including with various other bodies such as FIRST).

Brahima Sanou, Director of the ITU Telecommunication Development Bureau (BDT) explained the complimentary nature of the ITU-IMPACT relationship and emphasized that this joint project to assist countries in building resilience to cybercrime was open to all stakeholders. 

In the absence of institutional structures to deal with cyber-incidents and cyberattacks, Marco Obiso, BDT’s Cybersecurity Coordinator, described how ITU is working with Member States to provide concrete assistance in this area. It is also deploying, in partnership with IMPACT, capabilities to build capacity at the national and regional levels. As of today, 145 countries have formally joined the collaboration, and have access to the Global Response Centre (GRC).

To assist these and other countries in understanding the legal aspects of cybersecurity, Mr Obiso informed the Council that the sixth edition of the publication Understanding Cybercrime: A Guide for Developing Countries had been updated and would soon be published on the ITU’s website cybersecurity page.

Other report highlights

• ITU has undertaken work to facilitate the harmonization of cybercrime legislations in some 60 countries in Caribbean, Sub-Saharan Africa and Pacific islands.
  
• In order to identify cyberthreats and countermeasures to mitigate risks, ITU has developed recommendations of security requirements, guidelines and specifications for ICT and IP-based systems.
  
• ITU continues to provide an international platform for the development of the protocols, systems and services that protect current and next-generation networks (NGN).
  
• Coordination is ongoing with several Member States and regions on providing specific assistance for the establishment of National Computer Incident Response Teams (CIRTs).
  
• ITU in partnership with IMPACT has conducted technical assessments in 41 countries to evaluate the preparedness for the establishment of CIRTs.
  
•  ITU-IMPACT has successfully completed CIRT implementation in Burkina Faso, Kenya, Montenegro and Zambia and 10 other countries have provided financial contributions to move to the implementation phase.
  
• ITU-IMPACT has so far conducted Cyber Drills to enhance cyber-incident response capabilities in Cambodia, Lao  P.D.R, Viet Nam and Myanmar; Qatar, Oman, Sudan, Egypt, Tunisia and United Arab Emirates (UAE); Armenia, Bulgaria, Moldova, Montenegro, Romania, Slovakia, Turkey and Ukraine.
  
• The first ITU-IMPACT Arab Regional Cyber Security and Innovation Centre will be hosted by Oman CERT (OCERT). The centre will cover 22 nations in the Arab region, but will also be able to provide support to other countries in the region upon request.
  
• ITU continues to organize regular capacity-building training forums in all its administrative regions.
  
• ITU has launched a project to enhance the cybersecurity capacity, capability, readiness, skills and knowledge of the 49 United Nations-designated least developed countries.
  
• ITU continues to release Symantec Threat Intelligence Reports to increase Member States’ understanding of and readiness to address cyberthreats and risks.
  
• ITU has established new partnerships with industry leaders including Symantec, Kaspersky Labs, (ISC)², ABI Research and ASICO aimed at making cyberspace a safer and more secure place for consumers, businesses, children and young people.

The Council took note of this activity report.

ITU reaffirms its commitment to Child Online Protection

The Council reaffirmed its strong commitment to mobilize all resources at its disposal to ensure child online protection worldwide.

Dr Touré said: “Children are part of the solution” as will be seen at the BYND 2015: Global Youth Summit to be held in Costa Rica next September, which will gather some 500 youths to highlight the work of young people aimed at ensuring better use of information and communication technologies.

The Secretary-General recalled the universal consensus on the need to ensure child online protection, in contrast to the divergent views among States regarding governance and regulatory frameworks for the Internet and other ICT platforms.

Speaking after Vice-Chairman Sylvia Poll presented the latest report of the Council Working Group  on Child Online Protection, the Secretary-General recalled that while children are the most frequent Internet users they are also the most vulnerable to online abuse.

The report underlines the need to educate children, parents and educators about child online protection and requests ITU to pursue its mission to provide assistance to Member States in this regard.

Several countries, notably the Czech Republic, Germany, Poland and Sweden requested clarification on a proposal made in the report that Sector Members develop filters for Internet service providers  to secure child online protection.

Vice-Chairman Poll explained that the proposal referred to measures already being undertaken by developing countries, such as the Notice and Take-down mechanism in relation to the uploading and downloading activities of a user of a peer-to-peer file-sharing network, otherwise known as PsP.  

The aforementioned countries expressed reservations about any move to introduce a filtering system that might compromise their national sovereignty as well as individual freedoms. The Russian Federation also favoured self-regulation in this regard.

Germany said it prefers to “delete” rather than “block” what it considers inappropriate Internet content while the Czech Republic emphasized the primordial role of parents in ensuring child online protection.

In response to a query from Turkey, Vice-Chairman Poll confirmed that the European Union is already a partner of the ITU’s Child Online Protection (COP) initiative and that it had been invited to attend the last Working Group session as an ad hoc expert.
Finally, Algeria, Nigeria, the Philippines, Rwanda, the United Arab Emirates and Zambia emphasized the role of ITU in child online protection and encouraged the Union to pursue its work in this field.

Council takes note of WTPF-13 outcomes

The Council noted with interest the Secretary-General’s report summarizing the outcomes of the World Telecommunication/ICT Policy Forum held in Geneva in May 2013.

Brazil requested that the report include a more detailed account of the WTPF-13 discussions on the role of government in Internet governance. To that end, the Secretary-General was requested to modify the report in line with a Brazil-proposed paragraph including input from Bulgaria and Sweden.

The United Arab Emirates presented a document proposing that discussions at future WTPFs be based on a single report by the Secretary-General as well as contributions from participants based on that report received during the WTPF preparatory process. After discussion, the chairman invited the UAE to collect inputs from participants and to revise them accordingly in line with the UAE proposal.

The Council discussed a resolution annexed to Document C13/64 which proposes to open up the composition of the Council Working Group on International Internet-related Public Policy Issues to all stakeholders on an interim trial basis. The Council was unable to reach agreement on the proposal, with several councillors in support and others preferring to take up the matter at  the Plenipotentiary Conference.

The Council Chairman and the Secretary-General will hold consultations with delegations informally on the  matter.  The Secretary-General said he was confident that a compromise could be reached before the issue would be taken up again in plenary in the second week of the Council.

In brief

ITU Internet activities: Document C13/62 is a report summarizing ITU’s activities related to Plenipotentiary Conference Internet Resolutions revised in Guadalajara in 2010. These are Resolutions 101 on “Internet Protocol-based Networks”; 102 on “ITU’s role with regard to international public policy issues pertaining to the Internet and the management of Internet resources, including domain names and addresses”; 133 on “Roles of administrations of Member States in the management of internationalized (multilingual) domain names”; and 180 on “Facilitating the transition from IPv4 to IPv6”.

No questions were raised on the activities listed in the report, and so the report was noted.
 

Standing Committee on Administration and Management (ADM)

Independent Management Advisory Committee (IMAC)

The second annual report of the Independent Management Advisory Committee was presented to ADM (Document C13/65). IMAC is composed of five independent expert members mandated to assist the ITU Council and the Secretary-General in fulfilling their governance responsibilities, including ensuring the effectiveness of ITU’s internal control systems, risk management and governance processes.

Key points
The report consists of conclusions and eight recommendations in areas relating to internal audit function, risk management and internal controls, financial statements, accounting and external audit.

There has been a follow-up on the implementation of five out of six recommendations in the first IMAC report.

A number of councillors expressed their gratitude to IMAC and their support for all the recommendations.  It was proposed that the terms of reference of the Council Working Group on Financial and Human Resources (CWG-FHR) include reviewing IMAC recommendations in the same way that External Auditors’ recommendations are reviewed.

Recommendation 6 provides a clear time-frame for negotiations and signature of Host Country Agreements for regional offices. It also applies to area offices. The ITU secretariat clarified that progress is being made on this regard.

Several councillors expressed strong support for Recommendation 7, proposing that it be added to objective 2 of the General Secretariat’s strategic approaches i.e., “development of systematic enterprise-wide risk management arrangements”.

Councillors underscored the need for regular dialogue and close collaboration between IMAC, the ITU secretariat and the Council.

The ITU secretariat expressed strong support for the work of IMAC and appreciation for the candid and fruitful discussions between them. 

Next step
ADM recommends to the plenary to consider the IMAC report and to approve its recommendations.

Draft Budget of the Union for 2014-2015

A revised draft budget (version 2) was presented incorporating all the mandatory expenses of the Union, as requested during the previous Council plenary meeting (C13/10 + Add. 1 + C13/DT/4).

Key points
Additional expenses include the estimated cost of WRC-15 and RA-15, as well as some staff-related expenses totalling CHF 10.567 million.

WRC-15 and RA-15 amounts to about CHF 5 million.

Staff-related expenses cover repatriation fund replenishment, step increments, cumulative leave and installation costs estimated at CHF 5.567 million for the biennium.  A breakdown was provided by the ITU secretariat for transparency.

A number of delegates expressed their thanks and commended the ITU secretariat in presenting a revised comprehensive draft budget at a very short notice.

The hard work and tremendous efforts made by the ITU secretariat in budget preparation, including the continued efficiency and cost-saving measures being taken are well-appreciated by the Council (implementation of paperless policy, automation of processes, improvement of travel cost management and efficient procurement system).

Some councillors indicated the importance of a balanced budget without withdrawal from the Reserve Account and the need for the ITU secretariat to prioritize its activities. 

However, a number of councillors emphasized that it is the responsibility of Member States to identify priorities and activities that could be taken into account by the ITU secretariat. These councillors also highlighted the importance of giving the same treatment to all Sectors. The Committee was reminded of Article 27 of the Financial Regulations, which says that withdrawals from the Reserve Account may be made to balance the budget.

Next step
Discussions on the revised draft Budget will continue during the forthcoming ADM meetings.

Not an official document – For information only.