The GCA will have its physical home in Malaysia, near to the capital Kuala Lumpur

The Global Cybersecurity Agenda

© ACE STOCK LIMITED/Alamy                                           © Kevin Taylor/Alamy

Many national and regional initiatives are being carried out to promote cybersecurity, which is under attack by a growing number of menaces — from the nuisance of spam, to identity theft, to coordinated attacks using networks of hijacked computers to destroy a company’s reputation or disable a country’s critical infrastructure. These threats need to be addressed on a global basis.

Launched in 2007 by ITU Secretary-General Hamadoun I. Touré, the ITU Global Cybersecurity Agenda (GCA) is a framework for international cooperation to enhance confidence and security in the information society.

The GCA has attracted the support and recognition of leaders and cybersecurity experts around the world. Dr Óscar Arias Sánchez, President of the Republic of Costa Rica and 1987 Nobel Peace Prize laureate, and President Blaise Compaoré of Burkina Faso, are both Patrons of the GCA. The High-Level Segment of ministers and delegates at the ITU Council meeting this year will look at how the framework and expert proposals developed within the GCA can help countries promote cybersecurity.

This article highlights two initiatives that recently originated with the GCA. One is the International Multilateral Partnership Against Cyber-Terrorism (IMPACT), with which ITU signed a Memorandum of Understanding (MoU) during ITU Telecom Asia 2008 in September. The other is the Child Online Protection (COP) initiative.

A physical home with IMPACT

IMPACT is an international effort initiated in May 2008 by the government of Malaysia, where it has its headquarters near Kuala Lumpur in a new town and science park called Cyberjaya. It has four core activities: global response to cyberattacks; study of policy and international cooperation; training and skills development, and security certification and research. Under the MoU, IMPACT will become the physical home of the GCA, providing ITU’s 191 Member States with the facilities and resources to effectively address global threats to cybersecurity. IMPACT will make available the resources described below.

Global Response Centre

Working with leading partners from governments, industry and academia, the centre will provide the global community with a constantly available, real-time “Network Early-Warning System” (NEWS) that will help identify threats and provide guidance on what measures to take. It will also provide ITU Member States with access to specialized tools and systems, including the recently-developed “Electronically Secure Collaborative Application Platform for Experts” (ESCAPE). This enables experts in different countries to pool resources and collaborate remotely within a secure environment, and it features a comprehensive and growing database of key resources around the world that can be called on to assist during times of crisis. ITU will contribute expertise from its research on cybersecurity as well as its experience with developing online collaborative platforms.

Training and skills development

In collaboration with leading ICT companies and institutions, IMPACT will conduct high-level briefings for representatives of ITU Member States. Many of IMPACT’s key partners have promised to make available their leading technical and research experts for a programme to keep governments abreast of threats to cybersecurity. ITU will contribute its experience in capacity-building and in developing policy frameworks.

Centre for Security Assurance and Research

ITU/J.M. Ferré “Confidence and security in using ICT are vital for building an inclusive, secure and global information society. But increasingly sophisticated, well-organized cybercriminals are seriously undermining the future growth and potential of the online environment. Spam and malware have evolved to perpetrate online financial fraud, identity or trade-secret theft, among other risks. Legal and technical measures at an international level are necessary to address these global threats.” ITU Deputy Secretary-General Houlin Zhao

In partnership with leading ICT experts, the Security Assurance Division will develop global best practice guidelines and an international benchmark and certification system for cybersecurity. Upon request, it will conduct independent security audits of government agencies or critical infrastructure and, in partnership with Symantec Corporation of the United States, it will establish a “Centre of Excellence for Government Security Scorecards”. The focus of the Research Division is to direct the attention of academia to areas of concern that may not be adequately addressed at present. This includes research into new technologies, as well as specialized ones that have a small number of users and may therefore be especially vulnerable to cyberattack. In collaboration with ITU, the research network will be made available to ITU Member States.

Centre for Policy and International Cooperation

Under ITU leadership, and together with such partners as United Nations agencies, Interpol, and the Organisation for Economic Co-operation and Development (OECD), the centre contributes to the formulation of new policies and the harmonization of national laws on cybersecurity, including online crime. The centre will also provide advisory services to ITU Member States on policy and regulatory matters and will foster international cooperation through specific programmes such as coordinated emergency drills to respond to cyberattacks.

Although ITU’s Global Cybersecurity Agenda will be housed at the IMPACT Centre, ITU will maintain a “virtual showcase” in Geneva of the early-warning system, crisis management system and real-time analysis of global threats to cybersecurity. It is envisaged that all these IMPACT-based initiatives will expand to provide more of the services described in the five pillars of the Agenda (see diagram).

Child Online Protection initiative

The Child Online Protection (COP) initiative has been created by ITU as part of the GCA, in order to promote cybersecurity for the youngest users of the Internet. Its key objectives are to identify the risks for children in cyberspace, create awareness of these risks through multiple channels, and develop tools to help governments, industry, educators and relevant organizations minimize the risks. It provides a basis for sharing knowledge and forging international partnerships to implement concrete measures to protect children and young people in cyberspace.

According to surveys, in industrialized countries, more than 60 per cent of children and teenagers talk in Internet chatrooms on a daily basis, and a significant percentage encounter sexual harassment or contacts by paedophiles. They might also be induced to part with private data that can be exploited commercially. Internet use by children is growing in developing countries too, and these problems need to be tackled worldwide.