Overview of ITU-D Activities Related to
Cybersecurity and Critical Information
Infrastructure Protection
Working Group on Private Sector
Telecommunications Development Advisory
Group
Geneva, Switzerland
4-5 February 2008
Robert Shaw
Head, ICT Applications and Cybersecurity Division
Policies and Strategies Department
ITU Telecommunication Development Sector
International
Telecommunication
Union
Setting the Context
ƒ In the 21st century, growing dependency on
ƒ
ƒ
ƒ
ƒ
ƒ
information and communications technologies
(ICTs) that span the globe;
Rapid growth in ICTs and dependencies led
to shift in perception of cybersecurity threats
in mid-1990s;
Growing linkage of cybersecurity and critical
information infrastructure protection (CIIP);
Number of countries began assessment of threats,
vulnerabilities and explored mechanisms to redress them;
But most countries have not formulated or implemented a
national strategy for cybersecurity or Critical Information
Infrastructure Protection (CIIP) programme;
In parallel with national consideration, move to international
political agenda.
January 2008
2
Case Study: A Major Net Outage – Feb 2008
Key Activities Underway in ITU-D
ƒ ITU-D Study Group 1 Question
22/1: Securing information and
communication networks: Best
practices for developing a
culture of cybersecurity
¾ Outlines Framework for
Organizing a National Approach
to Cybersecurity
ƒ ITU Cybersecurity Work
Programme to Assist
Developing Countries
ƒ Close synergies between these
two activities
www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-cybersecurity-work-programme-developing-countries.pdf
January 2008
4
Why a Framework?
Why a National Strategy?
ƒ Cybersecurity/CIIP is a SHARED responsibility
ƒ All “participants” must be involved
¾ Appropriate to their roles
ƒ “Participants” responsible for cybersecurity:
¾ “Government, business, other organizations, and
individual users who develop, own, provide, manage,
service and use information systems and networks”
ƒ UNGA Resolution 57/239 (2002): Creation of a global
culture of cybersecurity
ƒ UNGA Resolution 58/199 (2004): Creation of a global
culture of cybersecurity and the protection of critical
information infrastructures
January 2008
5
DRAFT
Framework for National Cybersecurity/CIIP
National
Strategy
Government
Industry
Collaboration
January 2008
Deterring
Cybercrime
Incident
Management
Capabilities
Culture of
Cybersecurity
6
Elements
ƒ National Strategy:
¾ Protection of cyberspace is essential to national
security and economic well-being.
ƒ Government-Industry Collaboration:
¾ Protection of cyberspace is a shared responsibility
requiring collaboration between government and
the private sector.
ƒ Deterring Cybercrime:
¾ Protection of cyberspace requires updating criminal
laws, procedures and policy to address and
respond to cybercrime.
January 2008
7
Elements
ƒ Incident Management Capabilities:
¾ Protection of cyberspace requires a national focal
point with mission of watch, warning, response
and recovery; and collaboration with government
entities, the private sector; and the international
community.
ƒ Culture of Cybersecurity:
¾ Protection of cyberspace requires all participants
who develop, own, provide, manage, service and
use information networks to understand
cybersecurity and take action appropriate to their
roles.
January 2008
8
ITU Efforts to Support Framework
and National Implementation Efforts
ƒ Reference Material & Training Resources
ƒ Toolkits including ITU National
Cybersecurity/CIIP Self-Assessment Toolkit
ƒ Regional Cybersecurity Forums
January 2008
9
More Information
ƒ ITU-D ICT Applications and Cybersecurity Division
¾ www.itu.int/itu-d/cyb/
ƒ ITU-D Cybersecurity Overivew
¾ www.itu.int/itu-d/cyb/cybersecurity/
ƒ Regional Cybersecurity Forums
¾ www.itu.int/ITU-D/cyb/events/
ƒ ITU National Cybersecurity/CIIP Self-Assessment Toolkit
¾ www.itu.int/ITUD/cyb/cybersecurity/projects/readiness.html
ƒ Botnet Mitigation Toolkit
¾ http://www.itu.int/ITUD/cyb/cybersecurity/projects/botnet.html
January 2008
10
International
Telecommunication
Union
Helping the World Communicate
January 2008
11