ITU News

Tells you what's happening in Telecommunications around the world

中文  |  Español  |  Français  |  Русский  |  download pdf
                     

Making an IMPACT on global cybersecurity
 
 
 
image
Photo credit: ITU/IMPACT
The IMPACT headquarters were formally opened on 20 March 2009

The Internet is increasingly integrated into modern society and brings a multitude of benefits — but the dark side is the opportunity it gives for criminals to spread malicious content and to attack individuals, organizations and even governments. Because the Internet knows no borders, these criminals can live anywhere there is a connection, and strike any other place on networks that are not protected. That is why ITU is taking action to find a global solution to this global threat.

Taking action

In May 2007, ITU Secretary-General Hamadoun I. Touré launched the Global Cybersecurity Agenda (GCA) as a framework for cooperation and response to threats against cybersecurity. As part of efforts to achieve this global system of defence, ITU signed a Memorandum of Understanding in September 2008 with the International Multilateral Partnership Against Cyber-Threats (IMPACT), instituted in May that year and which has its headquarters at Cyberjaya, near Kuala Lumpur, Malaysia. The IMPACT headquarters were formally opened on 20 March 2009.

IMPACT is an alliance of governments, industry leaders and cybersecurity experts, working together to enhance the global community’s capacity to prevent, defend against and respond to attacks. The collaboration between ITU and IMPACT provides ITU’s 191 Member States with the resources and expertise to promote cybersecurity — in their own countries and beyond.

Security services

IMPACT provides technical support and facilities from its Global Response Centre. They include a Network Early-Warning System (NEWS) to identify threats and advise on how to respond. Another resource is the Electronically Secure Collaborative Application Platform for Experts (ESCAPE), where resources from around the world can be pooled safely and experts can work together, using a growing database of knowledge on cybersecurity issues.

Computer incident response teams

At the regional or national level, the establishment of computer incident response teams (CIRT) is fundamental in protecting cybersecurity. CIRT serve as trusted, central coordination points of contact within a country, and play a key role in coordinating an international response to threats.

ITU and IMPACT have created a strategy for setting up CIRT where they do not yet exist, using a programme called “CIRT Lite”. It provides incident management services and access to constantly updated security alerts, as well as the ability to exchange information and to consult experts at IMPACT.

CIRT Lite is designed as a step-by-step approach that allows ITU Member States to adapt the implementation according to their particular requirements and the level of investment available. The phased approach allows for further development and the possibility of establishing regional centres to respond to cybersecurity threats.

The Telecommunication Development Bureau (BDT) of ITU is working with Member States to assess their specific needs so that appropriate assistance can be offered, and that there is proper follow up and coordination with IMPACT. When established, each CIRT is affiliated with IMPACT, as well as with the Forum of Incident Response and Security Teams (FIRST), if countries so wish.

The Africa region has been identified as the first to be addressed with assistance to set up CIRT. Already, coordination is under way with the administrations of Burundi, Burkina Faso, Côte d’Ivoire, Ghana, Kenya, Nigeria, Rwanda, Tanzania, Uganda and Zambia.

 
image
Photo credit: dreamstime

Building capacity

Under the partnership between ITU and IMPACT, staff who need it will be able to receive training in the basic skills required to operate and manage a CIRT. For example, in preparation for the setting up of CIRT in their countries, personnel from Ghana, Kenya, Uganda and Zambia took part in targeted training at the IMPACT facilities in Malaysia, on 27 July–1 August 2009.

There are also opportunities for staff from developing countries to receive scholarships to attend “train-the-trainer” courses in the United States at the SANS Institute, in Washington DC. (At the launch of IMPACT, the SANS Institute committed USD 1 million to help developing nations build capacity for improved cyberecurity.) Scholarships funded by the European Commission are also likely to be available, as part of the programme agreed with ITU on assistance for countries in sub-Saharan Africa and the Caribbean, as well as the Pacific Island States.

The various online toolkits and other materials related to cybersecurity that are being developed by ITU will eventually be integrated into the ITU-IMPACT collaboration, in order to provide Member States with a consolidated set of products and services. And interactive sessions on these tools are included in ITU’s Regional Cybersecurity Forums, so that participants can familiarize themselves with ways to protect their nations’ networks and critical infrastructure.

Growing protection

In April 2009, BDT Director Sami Al Basheer Al Morshid wrote to all ITU Member States encouraging them to join the ITU-IMPACT collaboration. As a result, the Global Response Centre is expected to be deployed in at least 50 countries by the end of 2009.

As of mid-September 2009, thirty countries had formally joined the initiative: Afghanistan, Andorra, Brazil, Bulgaria, Burkina Faso, Costa Rica, Côte d’Ivoire, Democratic Republic of Congo, Egypt, Ghana, India, Indonesia, Iraq, Israel, Kenya, Malaysia, Mauritius, Montenegro, Morocco, Federal Democratic Republic of Nepal, Nigeria, Philippines, Saudi Arabia, Serbia, Seychelles, Syrian Arab Republic, Tunisia, Uganda, United Arab Emirates, and Zambia. All these countries are expected to be able to access IMPACT’s Global Response Centre and its services by the end of September. The deployment includes training sessions and technical support.

A further 21 economies have expressed an interest in participating (Austria, Bangladesh, Burundi, Canada, France, Germany, Greece, Italy, Japan, Lao P.D.R., Madagascar, Palestinian Authority, Rwanda, Singapore, South Africa, Spain, Sudan, Switzerland, Tanzania, Turkey, and Viet Nam).

As the initiative is taken up across the world, it will certainly make an impact on the activities of criminals who seek to break the cybersecurity that is so essential for modern life.

 

  Previous Printable version Top email to a friend Next © Copyright ITU News 2021
Disclaimer - Privacy policy