Cybersecurity for ALL
UNODC ITU ASIA PACIFIC REGIONAL WORKSHOP
ONFIGHTING CYBERCRIME
21-23 SEPTEMBER 2011SEOUL
REPUBLIC OF KOREA
Founded in 1865
Leading UN Special Agency for ICTs
HQs in Switzerland
ITU-T
ITU’s standards-making efforts are its best-known – and oldest –
activity.
ITU-R
Managing the international radio-frequency spectrum and satellite
orbit resources
ITU-D
Established to help spread equitable, sustainable and affordable access to ICT.
ITU TELECOM
Brings together the top names from across the ICT industry & ministers and regulators for a major exhibition,
a high-level forum & a host of other opportunities
ITU Overview
Three sectors (ITU-T, ITU-D, and ITU-R)
4 Regional Offices & 7 Area Offices
192 Member States and 750 Sector Members
Key Cybersecurity Challenges
Lack of adequate and interoperable national or regional legal frameworks
Lack of secure software and ICT-based applications
Lack of appropriate national and global organizational structures to deal with cyber incidents
Lack of information security professionals and skills within governments; lack of basic awareness among users
Lack of international cooperation between industry experts, law enforcements, regulators, academia & international organizations, etc. to address a global challenge
Cybersecurity not seen yet as a cross-sector, multi-dimensional concern. Still seen as a technical/technology
problem.
Global Cybersecurity Cooperation
Cyber threats/vulnerabilities are global challenges that cannot be solved by any single entity alone!
The world is faced with thechallenging task of developingharmonized and comprehensivestrategies at the global leveland implementing these withthe various relevant national,regional, and internationalstakeholders in the countries
ITU and Cybersecurity
2003 – 2005
WSIS entrusted ITU as sole facilitator for WSIS Action Line C5
“Building Confidence and Security in the use of ICTs”
2007
ITU Secretary-General launched the Global Cybersecurity Agenda (GCA)
A framework for international cooperation in cybersecurity
2008 - 2010
ITU Membership endorsed the GCA as the ITU-wide strategy on international cooperation
GCA is designed for cooperation and efficiency, encouraging collaboration with and between all relevant partners, and building on existing initiatives to avoid duplicating efforts.
Global Cybersecurity Agenda (GCA)
ITU High-Level Expert Group (HLEG) ITU-IMPACT CollaborationITU Cybersecurity Gateway
ITU’s Child Online Protection (COP)
Collaboration with UNICEF, UNODC, UNICRI, UNICITRAL and UNDIR
ITU National Cybersecurity Strategy GuideITU Botnet Mitigation Toolkit and pilot projects
Regional Cybersecurity SeminarsCybersecurity Assessment and Self assessment
4. Capacity Building
Global
Cybersecurity
Agenda (GCA)CIRT assessments and deploymentITU work on CIRTs cooperationITU Cybersecurity Information Exchange Network (CYBEX)
3. Organizational Structures
5. International Cooperation
ITU Toolkit for Cybercrime Legislation
ITU Publication on Understanding Cybercrime: A Guide for Developing Countries
1. Legal Measures
ITU Standardization WorkICT Security Standards Roadmap ITU-R Security ActivitiesITU-T Study Group 17 ITU-T Study Group 2
2. Technical and Procedural Measures
GCA: From Strategy to Action
1
0
Examples of Recent Initiatives
ITU NATIONAL CYBERSECURITY STRATEGY GUIDE
The Guide focuses on the issues that countries should consider when elaborating or reviewing national Cybersecurity strategies.
www.itu.int/ITU-D/cyb/cybersecurity/legislation.html
GCA and ITU-T Activities
ITU-T Study Group 17
Lead Study Group for Telecommunication Security
Mandate for Question 4/17 (Q.4/17): Cybersecurity
Provides ICT Security Standards Roadmap
ITU-T Cybersecurity Information Exchange Framework (CYBEX): September 2009
ITU-T Security Manual "Security in telecommunications and information technology”(4th ed.): Scheduled for publication in 2010
Draft summaries of Study Group 17 recommendations
Focus Group on Identity Management (IdM)
Approved over 100 Recommendations on security for communication
Facilitates collaboration among national Computer Incident Response Teams (CIRTs)
WTSA Resolutions
ITU WTSA Resolution 50: Cybersecurity (Rev. Johannesburg, 2008)
ITU WTSA Resolution 52: Countering and combating spam (Rev. Johannesburg, 2008)
ITU WTSA Resolution 58: Encourage the creation of national computer incident response teams, particularly for developing countries (Johannesburg, 2008)
GCA and ITU-D Activities
Assisting developing countries in bridging the digital divide by advancing the use of ICT-based networks, services and applications, and promoting cybersecurity
ITU National Cybersecurity Guide
ITU Botnet Mitigation Toolkit
ITU Cybercrime Legislation Resources
ITU-D Study Group Q 22/1 : Securing information and communication networks: best practices for developing a culture of cybersecurity
Assistance in establishing Cybersecurity capabilities and services (e.g. Computer Incidnet Response Teams – CIRTs)
Regional workshops and capacity building activities related to cybersecurity/cybercrime
WTDC Resolutions
•ITU Hyderabad Declaration, Paragraph 13 & 14 (2010)
“13. […] the challenge of building confidence and trust in the availability, reliability,
security and use of telecommunications/ICTs [….] can be addressed by promoting international coordination and cooperation in cybersecurity, taking into account, inter alia, the ITU Global Cybersecurity Agenda (GCA), as well as the development of related public policies and elaboration of legal and regulatory measures, including building capacity, to ensure cybersecurity, including online protection of children and women.”
GCA and ITU-R Activities
Establish fundamental security principles for IMT-2000 (3G) networks
Issue ITU-R Recommendation on security issues in network management architecture for digital satellite system and performance enhancements of transmission control protocol over satellite networks
ITU-R Recommendations
Recommendation ITU-R M.1078: Security principles for International Mobile Telecommunications-2000 (IMT-2000)
Recommendation ITU-R M.1223: Evaluation of security mechanisms for IMT-2000
Recommendation ITU-R M.1457: Detailed specifications of the radio interfaces of International Mobile Telecommunications-2000 (IMT-2000)
Recommendation ITU-R M.1645: Framework and overall objectives of the future development of IMT-2000 and systems beyond IMT-2000
Recommendation ITU-R S.1250: Network management architecture for digital satellite systems forming part of SDH transport networks in the fixed-satellite service
Recommendation ITU-R S.1711: Performance enhancements of transmission control protocol over satellite networks
The world’s foremost
cybersecurity alliance!
Within GCA, ITU and the International Multilateral Partnership Against Cyber Threats (IMPACT) are pioneering the deployment of solutions and services to address cyberthreats on a global scale.
ITU-IMPACT’s endeavor is the first truly global multi-stakeholder and public-private alliance against cyber threats, staging its state-of-the-art facilities in Cyberjaya, Malaysia.
As executing arm of ITU on cybersecurity, IMPACT supports 192 Member States and others with the expertise, facilities and resources to effectively enhance the global community’s capability and capacity to prevent, defend against and respond to cyber threats.
Collaboration towards A Global Strategy
Computer Incident Response Team (CIRT)
Services for Member States
Member State Assessment Status
Afghanistan Completed in October 2009
Uganda, Tanzania, Kenya, Zambia Completed in April 2010
Nigeria, Burkina Faso, Ghana, Mali, Senegal, Ivory Coast Completed in May 2010
Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010
Serbia, Montenegro, Bosnia, Albania Completed in November 2010
Cameroon, Chad, Gabon, Congo, Sudan Completed in December 2010
South America and Arab region Planned in 2011
ITU performed readiness assessment in 24 countries
7 countries are now moving to the implementation phase
Member State
Sudan Montenegro (signing stage)
Zambia (proposal issued) Mongolia
Kenya (proposal issued) Burkina Faso
Nigeria (proposal issued)
ITU’s Child Online Protection
Under the GCA umbrella, ITU initiated the Child Online Protection initiative (COP) in November 2008.
COP has been established as an international collaborative network for promoting the online protection of children and young people worldwide by providing guidance on safe online behavior.
Key Objectives of COP
Identify risks and vulnerabilities to children in cyberspace
Create awareness
Develop practical tools to help minimize risk
Share knowledge and experience
Working together
• Advanced Development for Africa (ADA) • Child Helpline International (CHI)• Children's Charities' Coalition on Internet Safety • Cyber Peace Initiative• ECPAT International • European Broadcasting Union (EBU)• European Commission - Safer Internet Programme• European Network and Information Security Agency
(ENISA)• European NGO Alliance for Child Safety Online (eNASCO)• eWWG Family Online Safety Institute (FOSI) Girl Scouts of America • Government of Poland (UKE) • GSM Association• iKeepSafe• International Criminal Police Organization (Interpol)• International Multilateral Partnership Against Cyber Threats
(IMPACT)• International Centre for Missing & Exploited Children• Microsoft • Optenet• Save the Children • Telecom Italia• Telefónica• United Nations Children’s Fund (UNICEF)• United Nations Institute for Disarmament Research
(UNIDIR)• United Nations Interregional Crime and Justice Research
Institute (UNICRI)• United Nations Office on Drugs and Crime (UNODC) • Vodafone Group
COP has been
supported by a wide
range of partners from
all stakeholder groups
(governments,
industries, NGOs, and
other UN agencies) as
well as the UN
Secretary-General.
COP Guidelines
ITU has worked with some COP partners to develop the first sets of guidelines for the different stakeholders: Available in the six UN languages (+ more)
Launching “COP Global Initiative”
In 2010, the President of Costa Rica, H.E. Laura Chinchilla, became the new patron of COP.
Together with Costa Rica, the ITU Secretary-General launched the COP Global Initiative with high-level deliverables.
Through this initiative, ITU is taking the next steps to develop a cybersecurity strategy for child online safety, delivering significant national benefits.
COP Deliverables
COP high level deliverables across the five strategic pillars were designed to be achieved by ITU and COP members in collaboration. Such as,
1. Legal Measures
National Strategy Guide
Legislative Toolkit
2. Technical and Procedural Measures
Code of Conducts
Technical Measures
3. Organizational Structure
National Hotline (Child Helpline)
National Corresponding Center
4. Capacity Building
COP Awareness Program
COP Special Envoy
COP National Case Study
5 . International Cooperation
COP Online Platform
Recent COP outcomes
ITU “Child Online Protection Statistical Framework and Indicators”
The world’s first attempt to provide the overall statistical framework related to the measurement of child online protection with a particular emphasis on measures that are suitable for international comparison.
ITU’s Security standardization group started to examine COP issues (April 2011)
ITU Standardization experts (Study Group 17) were being asked to study COP issue, to develop interoperable standards and related recommendations to protect children online.
ITU – UNODC MoU: Areas of Cooperation
Legal Measures
24
Capacity Building and Technical Assistance(National and Regional)
Capacity Building and Technical Assistance
Intergovernmental and expert meetings
Joint Study
Sharing knowledge and information
Recent Achievements
A Memorandum of Understanding signed between ITU and the United Nations Office on Drugs and Crime (UNODC) at this year’s WSIS Forum event in Geneva will see the two organizations collaborate in assisting ITU and UN Member States mitigate the risks posed by cybercrime.
It is the first time that two organizations within the UN system have formally agreed to cooperate at the global level on cybersecurity.
In line with its long tradition of public-private partnership, ITU has also signed an MoU with Symantec. ITU will use Symantec’s security intelligence, in the form of its quarterly Internet Security Threat Reports, to increase understanding of and readiness for cybersecurity risks.
By distributing this report – which captures data from across Symantec’s Global Intelligence Network – to interested Member States, ITU aims to help better prepare governments in developing and developed nations alike to respond to the ever-growing risk from malware, cyber attackers and information thieves.
ITU Asia-Pacific Region Regional Office for Asia and
the Pacific: Bangkok, Thailand
Area Office for South East Asia: Jakarta, Indonesia
The offices serve for 38 Member States and 69 Sector Members
Afghanistan
Bangladesh
Bhutan
Cambodia
Lao, PDR
Maldives
Nepal
Myanmar
Kiribati
Samoa
Solomon Is.
Tuvalu
Vanuatu
Fiji
Marshall Islands
Micronesia
Nauru
Tonga
LDCs (13)
PNG
D.P.R. Korea
India
Indonesia
Mongolia
Pakistan
Philippines
Sri Lanka
Vietnam
Timor Leste
Low-Income States (10)
SIDS (11)
Australia
Brunei
China/Hong Kong
Iran
Japan
Malaysia
New Zealand
R.O. Korea
Singapore
Thailand
The Rest (10)
ITU-D Sector & Associate Members: Asia-Pacific Region
Membership Application at http://www.itu.int/members/sectmem/Form.pdf
1. Afghanistan Information Management Services (AIMS) -Afghanistan
2. Afghan Wireless Communication Co.- Afghanistan
3. Asia Pacific Network Information Centre – Australia
4. Axiata (Bangladesh) Limited - Bangladesh
5. Grameenphone (GP) Limited – Bangladesh
6. Orascom Telecom Bangladesh Limited (Banglalink)
7. Bhutan Telecom – Bhutan
8. Telekom Brunei Berhad (TelBru) – Brunei Darussalam
9. China Telecommunications Corporation - China
10. China Unicom (Hong Kong) Ltd. - China
11. Huawei Technologies Co. Ltd.- China
12. ZTE Corporation – China
13. Secretariat of the Pacific Community (SPC) - Fiji
14. Bharat Sanchar Nigam Ltd. - India
15. Bharti Airtel Limited - India
16. Cellular Operators Association of India
17. ITU-APT Foundation of India
18. Luna Ergonomics Pvt. Ltd - India
19. Mahanagar Telephone Nigam Ltd. – India
20. RailTel Corporation of India Limited, India
21. Shyam Telecom Limited, India
22. Telecom Disputes Settlement & Appellate Tribunal - India
23. Telecom Regulatory Authority of India
24. Vihaan Networks Limited (VNL), India
25. PT. INDOSAT Tbk. - Indonesia
26. PT. Telekomunikasi Indonesia Tbk - Indonesia
27. Telecommunication Company of Iran
28. Fujitsu Limited - Japan
29. Hitachi, Ltd. - Japan
30. KDDI Corporation - Japan
31. National Institute of Information and Communications Technology – Japan
32. NEC Corporation - Japan
33. Nippon Telegraph and Telephone East Corporation – Japan
34. Nippon Telegraph and Telephone West Corporation – Japan
35. Nomura Research Institute Ltd.- Japan
36. The ITU Association of Japan
37. Tokai University – Japan
38. Korea Information Society Development Institute (KISDI) –R.O.Korea
39. Korea Internet & Security Agency (KISA) – R.O. Korea
40. KT Corporation _ R.O. Korea
41. National Information Society Agency (NIA) – R.O. Korea
42. Samsung SDS Co.Ltd, R.O. Korea
43. Asia-Pacific Broadcasting Union – Malaysia
44. Asia-Pacific Institute for Broadcasting Development – Malaysia
45. Astronautic Technology (M) Sdn.Bhd., Malaysia
46. Axiata Group Berhad, Malaysia
47. CyberSecurity, Malaysia
48. Global Knowledge Partnership, Malaysia
49. Green Packet Berhad – Malaysia
50. Maxis Mobile Sdn Bhd. – Malaysia
51. MEASAT Satellite Systems Sdn. Bhd. - Malaysia
52. Telekom Malaysia Berhad – Malaysia
53. Communications Regulatory Commission of Mongolia
54. Information Communication Network Company – Mongolia
55. MobiCom Corporation – Mongolia
56. Nepal Telecom Company Limited- Nepal
57. Nepal Telecommunications Authority – Nepal
58. e Worldwide Group – Pakistan
59. Multinet Pakistan (PVT) Limited - Pakistan
60. National Telecommunication Corporation – Pakistan
61. Pakistan Mobile Communications Limited - Pakistan
62. Pakistan Telecommunication Company Limited - Pakistan
63. Smart Communications, Inc. – Philippines
64. Rohde & Schwarz , Singapore
65. Dialog Axiata PCL – Sri Lanka
66. Sri Lanka Telecom Ltd. – Sri Lanka
67. Asia-Pacific Telecommunity – Thailand
68. Advanced Info Service Public Company Ltd. – Thailand
69. Total Access Communication PLC – Thailand
70. True Corporation Public Co., Ltd. – Thailand
71. Viettel Corporation, VietNam
72. Chuan Wei (Cambodia) Co., Ltd. - Cambodia
ITU and Cybersecurity in Asia-Pacific
2007
Afghanistan, Bangladesh, Bhutan, Maldives, Nepal , Cambodia, Laos, Myanmar, Vietnam
Bhutan
Regional Forum on
Cybersecurity, Vietnam
Pacific CERT
Forums
Seminars
2008 2009
Regional Forum on
Cybersecurity, Australia
Regional Forum on
Cybersecurity India
Ministerial Sub Theme ABBMN
2010
CIRT (CERT)
Policy related
Indonesia
CLMV Ministerial Sub Theme
2011
Regional Forum on fighting
Cybercrime, Rep. of Korea
CapacityBuilding
Establishment of a training Node (IMPACT) in Asia-Pacific to build capacity on a continuous basis
Assistance to Pacific Islands Countries under the ITU-European Commission Project
3
030
ITU Asia-Pacific Centres of Excellenceoffering specialized training opportunities at low or no fees
30
Spectrum Management(Ministry of ICT, Iran)
Technology AwarenessPusan National University
Rep. of Korea
BroadcastingAsia Pacific Institute
for Broadcasting Development
Rural ICT Development Universiti Utara Malaysia
Business ManagementMinistry of ICT, Thailand
Policy & RegulationPakistan Telecommunication
Authority
Asia-Pacific
CYBERSECURITYIMPACT
ICT APPLICATIONSVietnam
2010-2011
11 Trainings/ Workshops,
4 Online Trainings,
Over 500 trainees,
2 additional Nodes
3
1
Links to More Information An Overview of ITU Activities in Cybersecurity
www.itu.int/cybersecurity/
ITU Global Cybersecurity Agenda
www.itu.int/cybersecurity/gca/
ITU-D ICT Applications and Cybersecurity Division
www.itu.int/ITU-D/cyb/
ITU National Cybersecurity/CIIP Self-Assessment Toolkit
www.itu.int/ITU-D/cyb/projects/readiness.html
ITU Cybercrime Legislation Resources
www.itu.int/ITU-D/cyb/cybersecurity/legislation.html
ITU Botnet Project Website
www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.html
Regional Cybersecurity Forums and Conferences
www.itu.int/ITU-D/cyb/events/
ITU Child Online Protection (COP)
www.itu.int/cop/
Thank You!
For more information on ITU’s Cybersecurity Activities visit the website at: www.itu.int/cybersecurity/
or contact [email protected]