Committed to connecting the world

ICTs for a Sustainable World #ICT4SDG

Speech by ITU Secretary-General, Dr Hamadoun I. Touré

  Erice International Seminars on Planetary Emergencies - 45 th Session


The Role of Science in the Third Millennium

Cyber-Resilience: The Essence of Cyber Peace


20 August 2012, Erice, Sicily

Excellency Váklav Klaus President of the Czech Republic
Professor Zichichi,
Lord John Alderdice
Distinguished colleagues,
Ladies and gentlemen,

It is a tremendous pleasure to be here with you in Erice, which really must count among the most beautiful historic locations – not just in Sicily, or even Italy, but in the whole world!

This morning I would like to take the opportunity to say a few words about cyber-resilience – which I believe is the essence of cyber peace.

The World Federation of Scientists, Permanent Monitoring Panel played a key role in contributing to Nuclear Peace during the cold war era when the nuclear arms race was at its peak.  Today, with the complexity of cyberspace and the fundamental role that ICTs play in social and economic development, I am glad that the WFS, PMP is again, enabling the world to benefit from the participation of science and scientist in contributing to the ever growing threats we face in cyber space.

Ladies and gentlemen,

We live in a world which now has more than six billion mobile cellular subscriptions, and where there will soon be two and a half billion people using the Internet.

This global hyperconnectivity allows us to leverage the power of technology – and especially mobile technologies – to make the world a better place.

Unfortunately, however, this indispensable new infrastructure also brings with it new challenges for preserving peace and stability.

Indeed, we have all seen the growing number of vulnerabilities and threats in cyberspace which have direct effects in the real world such as Stuxnet in 2010 which directly targeted the Iranian enrichment plant (a specific industrial system),  Duqu in 2011 which among others, was aimed at gathering information about industrial systems and Flame in 2012 which among others, collected a wide range of intelligence to be used for other unlawful purposes. .

Mobile is now the key driver of Internet growth, and by the end of last year there were almost 1.5 billion 3G subscriptions.

During 2011 alone, some 1.7 billion feature phones and smartphones were shipped worldwide .

As the sales of smartphones in particular rise, mobiles offer new opportunities for potentially lucrative cybercrime – and cybercriminals are adapting with extraordinary rapidity to this golden opportunity.
Distinguished colleagues,

Last year was the first year when mobile malware became a tangible threat to enterprises and consumers, and we can only expect this trend to continue as malware authors explore new ways to attack mobile phones and tablets.

Indeed, in just the opening months of 2012, some 25,000 new threats were detected on one of the most common mobile platforms .

One interesting new trend is that the spam phenomenon is changing in nature – with spam activity declining from 88.5% of all email traffic in 2010 to 75.1% of all email traffic last year . It seems that spammers today are now focusing more on social networking, rather than purely on email.

Malicious code targeting Apple machines is also now on the rise, and this trend is expected to continue through 2012 as malicious code becomes more integrated within wider web-attack toolkits .

In truth, none of this should come as any surprise to us, as cybercrime becomes increasingly profitable, with estimates no longer in the millions of dollars, but in billions of dollars annually .

Cybercrime also has the potential to become much more dangerous than in the past, with ICTs increasingly used to control and monitor critical infrastructures, and nations becoming ever more dependent on them.

Last year we saw more targeted attacks; more politically and financially motivated attacks; and more data breaches and attacks on certificate authorities, than ever before. Government and public sector organizations found themselves specifically targeted by email attacks, with businesses of all sizes also increasingly at risk .

I am pleased in this regard that ITU, jointly with Kaspersky Labs, and within the framework of the ITU-IMPACT collaboration, managed to discover Flame early on, and was able to immediately alert Member States and UN agencies.

And just about 10 days ago, we again partnered with Kaspersky in the discovery of yet another cyber weapon, called Gauss, which is specifically designed to monitor online banking accounts and related confidential financial information.

With malware and cyber weapons, we have seen how the power of ICT networks acts as a lure to terrorism and espionage, shaping a new concept of war – cyberwar.

Cyberwar is launched in cyberspace using ICTs – but it can quickly spread beyond the virtual world, affecting governments, businesses and individuals.

We need to start thinking seriously about the potential global negative impact that this may have on international security, and to put aside any political or other differences.

Ladies and gentlemen,

To ensure cyber peace, we need cyber-resilience – and this means looking at the five strategic pillars of the Global Cybersecurity Agenda or GCA:

Cybersecurity is a multi-dimensional issue. Individual security includes the absence of cyber threats such as computer fraud, illegal electronic data processing, identity theft, child pornography, etc. Malicious cyber activities pose high-level threats to national security. Without secure individuals and secure countries, we cannot hope to achieve international security. To ensure global cybersecurity, an international cybersecurity culture must be created.

At ITU – the specialized agency of the United Nations responsible for ICTs, and a global, impartial organization – we are proud of the work we have done under the banner of our Global Cybersecurity Agenda, the GCA.

The GCA comprises five pillars, which together act as key measures in helping to achieve cyber resilience and foster cyber peace and cybersecurity.
The five pillars are:
  • Legal measures – which are essential as a deterrent and in ensuring appropriate responses to cybercrime;
  • Technical and procedural measures – which use technology itself to help increase cyber resilience;
  • Organizational structures – which need to be in place to maximize cooperation and partnership between all stakeholders;
  • Capacity building – which is of course essential in ensuring that people know and understand the technology they are using; and
  • International cooperation – which I will come to in a moment.
As a result of work done within the framework of the GCA, it necessary to look into the following areas to have a comprehensive solution for cyber resilience.
  • Access to the Internet;
  • Protection of fundamental rights (including privacy and freedom of expression);
  • State involvement; and
  • International cooperation.
Access to the Internet
The Internet has become an indispensable tool for development – and universal access to the Internet should be a priority for all states.

Bridging the digital divide, however, requires more than simply having access to the Internet, as people must be able to make beneficial use of ICTs for their individual and collective development.

In their efforts to bridge the divide, states must attempt to provide universal access to information and knowledge, quality of education for all, respect for cultural and linguistic diversity, and protection of fundamental rights.

Furthermore, the development of the knowledge society demands that everyone be empowered with communication access, local infrastructure, affordable connectivity, and education on the use of ICTs.

States must effectively respond to online threats and vulnerabilities, and give special attention to the dangers imposed to children and young people, enabling digital citizens with effective mechanisms to protect themselves and their community.

Protection of Fundamental Rights (including privacy and freedom of expression)
Distinguished colleagues,

When taking measures to ensure the stability and security of cyberspace, and to fight cybercrime and counter online threats, states also need to respect cyber freedom and the fundamental rights of users.

This is a complex and sometimes controversial area, with a vigorous debate over the need to ensure security on the one hand, and to protect privacy and users’ rights on the other. While some would want to oppose security with privacy, it is important to stress that these two goals are not mutually exclusive. Security is essential in guaranteeing rights such as privacy and freedom of expression. It is absolutely necessary that we achieve both goals.

When we discuss cyber resilience and cybersecurity it is sometimes too easy to forget the importance of fundamental rights – such as the right of freedom of opinion and expression; the right to information; the right to privacy and data protection; the right of assembly and freedom of association; and the right to non-discrimination.

It is also absolutely essential, I believe, to maximize free online public access to scientific research, which will help to drive innovation, improve welfare, and create the vital new employment opportunities we need in the 21st century – especially for women and for young people.

We must also do everything necessary to preserve culture and heritage online for current and future generations. We all know how important libraries, museums and archives are in the real world. And if anything, they are even more valuable resources online, where they are accessible to the entire world’s people.
State involvement
Each action comprising state involvement – in the real world as well as in the virtual world – must take into account the existing provisions related to the respect of human rights, state territorial integrity and sovereignty.

Cyber attacks are no longer isolated events. States and other parties must be aware of the potential risk and dangers related to these types of actions.

Critical infrastructures are becoming common targets. Their destruction or damage could seriously compromise the security and safety of states, as well as human life.

With the willingness to preserve society, public services, etc., critical infrastructures should not be attacked. International rules for war must be taken into account concerning this type of incident.

International cooperation and commitment are required in this topic, in order to maintain a safer cyber environment / cyber space.

International cooperation

Ladies and gentlemen,

To achieve cyber resilience – and therefore ensure cyberpeace – international cooperation will be required, and States will need to collaborate with each other and actively participate in joint international efforts to work together.

Cyberspace is global, and so building cyber resilience and ensuring cyber peace will require global efforts – ideally in the form of an international framework which takes into account the needs and wishes of all stakeholders.

Together, at the international level, we need to cooperate in the development and maintenance of secure technologies that protect users – particularly children and young people – and which together help us to build global cyber resilience.

States are also encouraged to share best practices and experiences and to transfer technologies which are able to strengthen confidence in cyberspace.

We also need to see strengthened international cooperation over financial transactions online, in order to prevent crimes such as money laundering, which can be facilitated in the virtual world via cyber payments and online gambling, for example.

States cannot do this alone. They need to work closely with other stakeholders.   In this new world order, effective cooperation on cross cutting topics such as cyber resilience  must involve civil society, the private sector, consumer groups, regional and international organizations and other relevant national and international players.

Finally, it is only through international cooperation that we can begin to discuss important issues such as limiting the proliferation of cyber weapons, and eventual cyber disarmament.
Distinguished colleagues,

Cybersecurity and cybercrime affect every country, every business, and each and every individual online. As we push forward the UN agenda for peace and safety, we must remember that cyberpeace and cybersecurity are very much part of this in the 21st century.

As leader of the ITU, I am working to encourage the remaining nations which have not yet come on board to join the 144 countries which are already a part of the ITU-IMPACT initiative – the first truly global multi-stakeholder and public–private alliance against cyberthreats.

I am also working to encourage the private sector to come on board with ITU-IMPACT, along with intergovernmental agencies and non-governmental bodies.

We must work together to set international policies and standards, and to build cyber resilience through an international framework of norms and principles for cybersecurity and cyber peace.

Let me therefore invite you to continue doing what we all do best – which is to work together, listening to all the different stakeholders, and building a better future for allthe world’s people.

A world of cyber resilience – where cyber peace and cybersecurity replace cyber threats and cybercrime.

Before I conclude, let me ask a few pertinent questions:

How do we set aside our ideological and political differences and work towards developing globally acceptable norms and codes of conducts for individuals, governments and industry?

How do we continue to innovate in the development and use of ICTs and at the same time ensure that privacy and freedom of expression are preserved?

How do we put in place defensive, protective and reliable early warning systems that are verifiable to protect critical infrastructure?

Finally, are we mentally prepared to work together to achieve our common goal of ensuring cyber resilience?

Thank you.