|
|
Organizational Structures
Watch and warning systems and incident response are essential when it
comes to responding to cyber attacks, as is the free flow of
information, collaboration and cooperation within and between national
organizational structures. Individuals, organizations and governments
are increasingly dependent on globally interconnected networks. In order
to protect network infrastructures and address threats, coordinated
national action is required to prevent, respond to and recover from
incidents. Collaboration at all levels of government and with the
private sector, academia, regional and international organizations, is
necessary to raise awareness of potential attacks and take steps towards
remediation. Effective incident management also requires consideration
of funding, human resources, training, technological capability,
government and private sector relationships, and legal requirements.
Efforts are being made to bring together organizational structures at
the national and regional level in order to facilitate communication,
information exchange and the recognition of digital credentials across
different jurisdiction. However, more needs to be done at the global
level and international cooperation between these different structures
is indispensable.
In this regard, ITU is working with Member States to identify the
specific cybersecurity needs that they have and, based on this work,
with the relevant national, regional and international organizations to
implement these activities. Regional Cybersecurity Forums organized by
the ITU Development Sector together with regional and national
stakeholders serve as a good first step for countries to get involved in
ITU’s cybersecurity capacity building activities.
Several regional initiatives are already recommending that Member States
establish national cybersecurity response centers, such as computer
incident response teams (CIRTs), noting that there is still a low level
of computer emergency preparedness within many countries, particularly
developing countries and that a high level of interconnectivity of ICT
networks could be affected by the launch of an attack from networks of
the less-prepared nations. ITU WTSA-08 Resolution 58
further emphasizes this and
encourages ITU Member
States to move forward on creating national CIRTs.
Given the importance of having an appropriate level of computer
emergency preparedness in all countries and the need to establish
national computer incident response teams and ensure coordination within
and among the different regions, countries in need of assistance in this
area are encouraged to contact the ITU, specifying existing
cybersecurity preparedness and detailing their national requirements in
this area. In implementing these and other activities with Member
States, ITU is working with partners from both the public and private
sectors in innovative and collaborative partnerships.
IMPACT Security Assurance Division
In partnership with leading ICT experts, IMPACT aggregates and develops
global best practice guidelines, creating an international benchmark
that is especially relevant for governments. This division conducts,
upon request, independent ICT security audits on government agencies or
critical infrastructure companies, thereby ensuring that these
organizations subscribe to the highest security standards. The Security
Assurance Division functions as an independent,
internationally-recognized, voluntary certification body for
cybersecurity.
|
|
