2013 ITU survey on measures taken to raise awareness on cybersecurity
ITU‐D Study Group Question 22‐1/1
Securing information and communication networks: best practices for developing a culture of cybersecurity
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
SURVEY BACKGROUND
Raising awareness of different aspects of cybersecurity and developing a culture of cybersecurity
awareness is regarded by many as an integral part of a nation’s cybersecurity strategy and requires collaboration among the different stakeholders and coordinated actions to be taken.
The ITU‐D Study Group 1 Rapporteur Group for Question 22‐1/1 dedicated to “Securing information and communication networks: best practices for developing a culture of cybersecurity”, at its meeting held on 13 September 2012 in Geneva, agreed to issue a survey on measures taken in member states to raise awareness on cybersecurity. SURVEY OBJECTIVES
The purpose of the 2013 ITU survey on measures taken to raise awareness on cybersecurity is to collect ideas from all sources on how countries, businesses and expert groups are educating and encouraging individuals and entities on the subject of cybersecurity, including child online protection, and the cybersecurity needs of persons with disabilities. (See reference in item 2.(b)(v), of the work program for ITU‐D SG1 Question 22‐1/1 as agreed during WTDC‐10 at:
http://www.itu.int/net3/ITU‐D/stg/rgqlist.aspx?rgq=D10‐RGQ22.1.1&stg=1
The input received through the survey will be shared during the next ITU‐D Study Group 1 Rapporteur Group meeting for Question 22‐1/1 which will take place in Geneva on 19 April 2013 and incorporated into the final outputs and guidelines to come out of the work on SG1 Question 22‐1/1 during the 2010‐2014 study period.
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Overview of Answers Received (as of 27 June 2013)
193 Member States in ITU
Answers were received from 50 Member States
1 Observer
1 Regional/International Organisation
5 Sector Members and
5 non‐members
62 entries received
List of countries and observers (Res.99 (Rev. Guadalajara, 2010)) who participated (55)
Afghanistan, Andorra, Australia, Belarus, Benin, Bhutan, Brazil, Bulgaria, Burkina Faso, Cambodia, Colombia, Côte d’Ivoire, Croatia, Cyprus, Dominican Republic, Egypt, France, Hungary, Iraq, Italy, Japan, Lebanon, Lesotho, Malaysia, Maldives, Mali, Mauritius, Moldova, Morocco, Myanmar, Namibia, Niger, Norway, Oman, Pakistan, Panama, Portugal, Serbia, Sri Lanka, Sudan, Swaziland, Switzerland, Syria, Tanzania, Togo, Trinidad and Tobago, Tunisia, Uganda, Ukraine, United States of America, Vanuatu, Venezuela, Viet Nam, Zambia and Palestine
The non‐members are, in fact, members of IMPACT, to whom the survey was disseminated.
The Questionnaire was sent to Administrations of ITU Member States and Observer (Res. 99), ITU‐D Sector Members, Associates and Academia, Management
Teams for ITU‐D Study Groups 1 and 2, Observers (Regional and International Organizations) and members of IMPACT.
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions
CONTACT INFORMATION
a.
Contact details
b.
Please select the name of your Administration/Organization from the list.
(If it is not available, indicate the name in the field below the list)
c.
Region where your organization is based:
Africa
The Americas
Asia and Pacific
Arab States
CIS countries
Europe
d.
Country/countries where your organization is based
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
SURVEY
1
In your opinion, how important is raising awareness on cybersecurity as a basic step to achieving security in cyberspace?
Not important
Somewhat important
Important
Very important
2
Has your country already adopted a general framework/strategy for cybersecurity? If not, move directly to survey question 5.
Yes
No
If yes, please provide links/references:
3
If you answered ‘yes’ to the previous question, has any part of this policy/framework/strategy been directed to raising the awareness of the general public?
Yes
No
If yes, please provide links/references:
4
If you answered ‘yes’ to the previous question, at which stage of the general framework/strategy for cybersecurity should the raising of awareness start?
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
5
If your country has not yet adopted a general framework/strategy for cybersecurity, has it been discussing/developing/formulating one? (If “No” is selected, please move directly to question 9)
Yes
No
If yes, please provide links/references: 6
Do these discussions/formulations include raising cybersecurity awareness?
Yes
No
If yes, please provide links/references: 7
At which stage of the general framework/strategy for cybersecurity should awareness raising start according to these discussions/formulations?
8
Who are the parties concerned with raising public awareness on cybersecurity, in accordance with the legislations/policies/practices adopted in your country?
9
Are there other parties not identified by the legislations/policies/practices that are concerned with raising public awareness on cybersecurity?
Yes
No
If yes, please specify: August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
10
Was any specific research or survey conducted concerning cybersecurity in your country and/or region?
Yes
No
If yes, please provide links/references: 11
Which groups are targeted by cybersecurity awareness campaigns in your country?
Children
Youth
Students
Elderly people
Persons with disabilities
Private institutions
Government agencies
Others
If “others” was selected, please specify:
12
Which one of the groups identified below is more targeted? Please arrange in order of 1 to 6 for the highly targeted to the less targeted? (1 to indicate highly targeted and 6 to indicate less targeted)
Children
Youth
Students
Elderly people
Persons with disabilities
Private institutions
Government agencies
August 2013
Others
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
13
Has your country designed, or is in the process of designing, a dedicated plan in the general cybersecurity
framework/strategy for persons with disabilities?
Yes
No
If yes, please provide links/references:
14
What are the cybersecurity issues that are addressed by existing awareness campaigns?
Internet safety
Privacy
Fraud
Phishing
Malware
Child Online Protection
Other, such as cyber‐bullying and harassment, identity theft, spam, firewalls, passwords, shopping and business
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
15
What is the degree of importance of each issue? Please arrange in order of the most important to the less important and give reasons for such order?
Internet safety
Privacy
Fraud
Phishing
Malware
Child Online Protection
Other, such as cyber‐bullying and harassment, identity theft, spam, firewalls, passwords, shopping and business
16
What are the mechanisms used to raise awareness among the targeted groups stated in question 11?
Please provide links/references:
17
Are there unconventional channels used for cybersecurity awareness? If yes, what are they?
Please provide links/references:
18
Are there certain technologies related to providing cybersecurity, such as anti‐virus or anti‐spam software, available to the persons with disabilities?
Yes
No
Please provide links/references:
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
19
Is the public encouraged to use the different technologies for cybersecurity such as anti‐virus or anti‐spam software?
Yes
No
If yes, please specify:
20
If the answer is ‘yes’ to the previous question, are these different types of technologies made available to the public and how?
Yes
No
If yes, please specify:
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
c
Region where your organization is based:
62 responses received
CIS countries
3
5%
Europe
13
21%
Africa
9
22%
Arab States
7
11%
Asia and Pacific
13
21%
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
The Americas
9
15%
Least developed countries
29.03%
Developed countries
24.19%
Responses by level of development
Developing countries
38.71%
Transition countries
8.06%
SURVEY
1
In your opinion, how important is raising awareness on cybersecurity as a basic step to achieving security in cyberspace?
62 responses received
60
54
50
40
30
20
8
10
0
0
0
Not important
Somewhat important
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Important
Very important
2
Has your country already adopted a general framework/strategy for cybersecurity?
Yes
60 responses received
No
No
26
43%
70%
60%
60%
60%
59%
50% 50%
50%
40%
40%
40%
41%
30%
20%
10%
0%
Developed countries Transition countries Developing countries
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Least developed
countries
Yes
34
57%
3
If you answered ‘yes’ to the previous question, has any part of this policy/framework/strategy been directed to raising the awareness of the general public? 39 responses received
No
8
21%
Yes
31
79%
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
5
If your country has not yet adopted a general framework/strategy for cybersecurity, has it been discussing/developing/formulating one?
48 responses received
No
16
33%
Yes
32
67%
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
6
Do these discussions/formulations include raising cybersecurity
awareness?
No
1
3%
30 responses received
Yes
29
97%
Responses by level of development:
Developed
countries
Transition
countries
Yes
5
4
11
9
No
0
0
1
0
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Developing
Least countries developed countries
Are there other parties not identified by the legislations/policies/practices that are concerned with raising public awareness on cybersecurity?
9
54 responses received
Responses by level of development:
120%
No
21
39%
100%
Yes
100%
No
80%
Yes
33
61%
67%
58%
60%
50% 50%
42%
40%
33%
20%
0%
0%
Developed
countries
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Transition
countries
Developing
countries
Least developed
countries
10
Was any specific research or survey conducted concerning cybersecurity
in your country and/or region?
53 responses received
No
19
36%
Yes
34
64%
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Results by level of development:
Developed
countries
Transition
countries
Developing
countries
Least developed
countries
Yes
83%
50%
44%
53%
No
17%
50%
56%
47%
11
Which groups are targeted by cybersecurity awareness campaigns in your country?
*Replies to more than one item possible
20%
18%
18%
17%
17%
16%
16%
13%
14%
12%
9%
10%
8%
7%
6%
4%
3%
2%
0%
Children
Youth
Students
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Elderly people Persons with
disabilities
Private
institutions
Government
agencies
Others
12
Which one of the groups identified below is more targeted? Please arrange in order of 1 to 6 for the highly targeted to the less targeted?
Percentage of value 1 responses assigned to each category
1.11%
Children
Youth
26.67%
25.56%
Students
Elderly people
Persons with disabilities
Private institutions
Government agencies
6.67%
Others
17.78%
2.22%
4.44%
15.56%
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Total number of responses received with value 1: 90
Some respondents assigned value 1 more than once
13
Has your country designed, or is in the process of designing, a dedicated plan in the general cybersecurity framework/strategy for persons with disabilities?
56 responses received
Yes
7
12%
Results by level of development:
The ‘No’ is predominant in all categories of countries
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
No
49
88%
14
What are the cybersecurity issues that are addressed by existing
awareness campaigns?
341 responses received
*Replies to more than one item possible
Others
40
12%
Internet safety
56
17%
Child Online Protection
51
15%
Privacy
49
14%
Malware
48
14%
Phishing
48
14%
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Fraud
49
14%
15
What is the degree of importance of each issue? Please arrange in order of the most important to the less important and give reasons for such order?
Percentage of value 1 responses assigned to each category
13.79%
14%
Privacy
24.14%
24%
Fraud
1.15%
1%
Phishing
Malware
Child Online Protection
Others
9.20%
9%
36.78%
37%
Total number of responses received with value 1: 87
Some respondents assigned value 1 more than once
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
14.94%
15%
18
Are there certain tools and technical measures related to providing cybersecurity, such as anti‐virus or anti‐spam software, available to the persons with disabilities?
Yes
13
25%
Results by level of development:
52 responses received
120%
100%
80%
No
39
75%
60%
40%
20%
0%
Developed countries Transition countries
Yes
No
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
Developing
countries
Least developed
countries
19
Is the public encouraged to use the different tools and technical measures for cybersecurity such as anti‐virus or anti‐spam software?
53 responses received
No
7
13%
Yes
46
87%
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
20
If the answer is ‘yes’ to the previous question, are these different types of tools and technical measures made available to the public and how?
No
12
26%
46 responses received
120%
100%
100%
Yes
34
74%
100%
80%
74%
58%
60%
42%
40%
26%
20%
0%
Yes
0%
Developed countries
0%
Transition countries Developing countries
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity
No
Least developed
countries
Information compiled by the Secretariat to the
ITU‐D Study Groups
devsg@itu.int
August 2013
ITU‐D Study Group Question 22‐1/1
2013 ITU survey on measures taken to raise awareness on cybersecurity