James Ennis, Department of State, USA
ITU-D Question 22/1 Rapporteur
Five Organizing Elements
 Developing & Obtaining Agreement on a National
Cybersecurity Strategy
 Establishing National Government – Industry
Collaboration
 Deterring Cybercrime
 Creating National Incident Management Capabilities:
Watch, Warning, Response, & Recovery
 Promoting a National Culture of Cybersecurity
Developing & Obtaining Agreement on
a National Cybersecurity Strategy
 Create awareness at the national policy level
 cybersecurity issues, national action, & international
cooperation
 Develop a national strategy to enhance cybersecurity
 reduce risks & effects of disruptions
 Participate in international efforts to promote national
prevention of incidents:
 preparation, response, recovery.
Establishing National Government –
Industry Collaboration
 Develop public-private collaborative relationships to
manage risk and protect cyberspace
 Articulate the value proposition
 Identify roles and responsibilities
 Develop mutual trust
 Provide mechanism for developing consensus between
a variety of perspectives, equities, & knowledge
Deterring Cybercrime
 Enact & enforce a comprehensive set of laws relating to
cybersecurity & cybercrime
 Establish and modernize supporting criminal law,
procedures, and policies
 Regional initiatives, mutual assistance
 Establish or identify national cybercrime investigative
units
 Understanding of cybercrime legal issues among
prosecutors, judges, & legislators
Creating National Incident Management
Capabilities
 Develop coordinated national cybersecurity response
system
 Prevention, detection, deterrence, response, & recovery
 Establish a government focal point
 Bring together all elements of government, operators, &
equipment vendors
 Participate in information sharing mechanisms
 Watch, warning, response
 Develop, test, exercise response plans & protocols
Promoting a National Culture of
Cybersecurity
 Promote cybersecurity within Government, as well as
private sector, civil society, & individuals
 Security of e-Government
 Multi-disciplinary, multi-stakeholder approach
 Education
 Regional & international cooperation
New Work for Question 22
 Expand on the Best Practices Report dealing with
national strategy; public/private partnerships;
national incident management capability; culture; &
protection against spam malware & other cyberthreats.
 Develop course materials for analysis of national
strategies and planning hands-on training programs.
 Develop country case studies.
 Develop a framework to be pursued and implemented
under BDT Programme 2 for increasing awareness by
developing countries regarding cybersecurity.
UNGA Res 64-211
Creation of a global culture of cybersecurity
Member States to use a voluntary self-assessment tool to
highlight areas for further action in CII protection
 Taking stock of cybersecurity needs and strategies
 Stakeholder roles & responsibilities
 Policy processes & participation
 Public-private cooperation
 Incident management & recovery
 Legal frameworks
 Developing a global culture of cybersecurity