Return to Main Menu                                                                                                                                                        Home    Contact

Capacity Building

Capacity building needs to be promoted in order to develop a sustainable and proactive culture of cybersecurity. People are the weakest link. One of the key challenges of cybersecurity is effectively educating the end user.  Understanding and awareness of the potential dangers are critical if the end-user is to benefit from ICTs safely.  This is a matter that concerns all stakeholders from governments and industry to education both at school and at home. With the important role that ICTs play today in providing services in sectors as varied as health, education, finance and commerce, awareness of the opportunities offered by a secure cyber environment and of the threats inherent to cyber space are vital.  Programmes aimed at creating a level playing-field in raising basic awareness and building capacity at all levels are important, and these also need to be undertaken within the international arena.

Within the framework of GCA and in line with ITU mandate to assist Member States in developing cybersecurity capacity, among other things, the ITU works to facilitate the implementation and deployment of cybersecurity capabilities necessary to combat cyber-threats. As such, the ITU is playing a key role in implementing the main goals of GCA while responding to the urgent needs of Member States.

ITU National Cybersecurity/CIIP Self-Assessment Tool

The ITU National Cybersecurity/CIIP Self-Assessment Tool[1] is a practical initiative to assist ITU Member States

who wish to design their national approach for cybersecurity and critical information infrastructure protection (CIIP). The Tool is one of a number of complementary cybersecurity resources that ITU is currently developing as part of a comprehensive cybersecurity toolkit for ITU Member States.

Cybersecurity and CIIP are the shared responsibilities of government, business, other organizations, and individual users who develop, own, provide, manage, service and use information systems and networks (the “participants”[2]). Managing inherent security risks requires the active cooperation of all participants,

addressing the security concerns relevant to their roles. The collective goal is to prevent, prepare for, respond to, and recover from any incidents rapidly, while minimizing damage. In any interconnected system, roles and responsibilities often overlap. Only when all participants share a common understanding of the security objectives, how to achieve them and of their individual roles in the effort, can this collective goal of a safe and secure communications be achieved. 

Governments are in a position to lead national efforts to enhance cybersecurity and improve CIIP. The preparation of a national cybersecurity strategy has proven to be a valuable tool for effective and coordinated action. By establishing a common vision and delineating roles and responsibilities, such a strategy can provide a guide for managing risks inherent in ICT use and addressing cybersecurity and CIIP. Such a strategy can also provide valuable support for enhanced regional and international cooperation. After a nation has gained valuable domestic experience of addressing cybersecurity and CIIP issues, it can participate more meaningfully and make a more valuable contribution to global cooperative security efforts.

In this regard, the ITU National Cybersecurity/CIIP Self-Assessment Tool aims to assist ITU Member States in developing their national strategy by examining their existing capacities for addressing challenges to cybersecurity and CIIP, identifying their requirements and outlining a national response plan. It is directed at leadership in the policy and management levels of government. The Tool also seeks to produce a snapshot of the current state of national cybersecurity and CIIP efforts, identify goals, and define the roles of the key participants in order to set priorities, establish timeframes and provide metrics.

The ITU, through its Telecommunication Development Sector, provides Member States with the assistance needed to undertake an initial self-assessment, as well as providing relevant support for countries which are in the process of developing and/or reassessing their national cybersecurity strategies. 

ITU Toolkit for Promoting a Culture of Cybersecurity

The purpose of the ITU Toolkit for Promoting a Culture of Cybersecurity is to provide guidelines on how to raise awareness on cybersecurity issues for SMEs, consumers and end-users in developing countries. Considering that personal computers, mobile phones, and other devices are becoming ever more powerful, that technologies are converging, that the use of ICTs is becoming more and more widespread, and that connections across national borders are increasing, all participants who develop, own, provide, manage, service and maintain information networks must understand cybersecurity issues and take action appropriate to their roles to protect networks. Governments can, and should, take a leadership role in promoting a culture of cybersecurity and in supporting the cybersecurity and cyber safety efforts undertaken by other stakeholders.

ITU Botnet Mitigation Toolkit

ITU is working with experts on developing a practical Botnet Mitigation Toolkit[3] to assist developing

countries in particular to deal with the growing problem of botnets. The Botnet Mitigation Toolkit is a multi-stakeholder, multi-pronged approach to track botnets and mitigate their impact, with a particular emphasis on the problems specific to emerging internet economies.

IMPACT Training and Skills Development Centre

In collaboration with leading ICT companies and institutions, IMPACT conducts high-level briefings for the benefit of representatives of ITU Member States. Many of IMPACT’s key partners have made available their respective Chief Technical Officers, Chief Research Officers and other experts in a unique high-level IMPACT programme to keep governments abreast of present and future cyber threats. The ITU contributes its experience in capacity-building and developing frameworks for policy response to this programme. Such high-level, cross-industry briefings give ITU Member States invaluable exposure and privileged private sector insight about the latest trends, potential threats and emerging technologies.

IMPACT Research Division

The focus of the Research Division is to direct academic attention, including from universities and research institutes, to areas of concern that may not currently be adequately addressed. This includes research into new areas, as well as specialized niche areas. With a small user base, niche technologies may not be commercially viable for industry-oriented solutions, making governments or organizations using such technologies vulnerable to threats. IMPACT is committed to making facilities available and encouraging joint research efforts to address these specific areas of concern. In collaboration with the ITU, IMPACT is making its research network available for the benefit of interested ITU Member States. Besides the academic network, IMPACT global headquarters provides ITU membership with access to specialized ICT laboratories, specialized equipment, resource centre and other facilities.