Helping the world communicate
Update on ITU Cybersecurity and
Countering Spam Activities
2nd Joint LAP-CNSA Workshop
13-14 December 2006
Robert Shaw
Deputy Head, ITU Strategy and Policy Unit
International Telecommunication Union
International
Telecommunication
Union
Helping the world communicate
Setting the Context
 In the 21st century, growing dependency on





information and communications systems (ICTs)
that span the globe;
Rapid growth on ICTs and dependencies led to shift
in perception of cybersecurity threats in mid-1990s;
Linkage of cybersecurity and critical infrastructure
protection (CIIP);
A number of countries began assessment of threats,
vulnerabilities and explored mechanisms to redress them;
After national consideration, began move to international
political agenda;
At World Summit on the Information Society (WSIS),
“Building confidence and security in the use of ICTs” emerged
as one of the “key principles” for building an inclusive
Information Society
December 2006
2
Helping the world communicate
Setting the Context
 Survey for theme of World Telecommunication Day
2006: Promoting Global Cybersecurity
December 2006
Source: ITU Trust and Awareness Survey 2006
3
Helping the world communicate
The Perspective of
Developing Countries
December 2006
4
Helping the world communicate
Cybersecurity International
Cooperation Agenda
 Council of Europe Convention on Cybercrime






(1997-2001)
UN Resolutions 57/239 (2002) and 58/199
(2004): Creation of a global culture of
cybersecurity and the protection of critical
information infrastructure;
ITU Plenipotentiary Resolution 130 (2002):
Strengthening the role of ITU in information and
communication network security;
ITU WTDC 2002 Istanbul Action Plan
Programme 3
WSIS Phase I (2003) Chapter 5 in Declaration of
Principles and Plan of Action: Building confidence
and security in the use of ICTs;
WSIS Thematic Meeting on Countering Spam (2004);
ITU WTSA Resolutions (2004): Cybersecurity and Spam;
December 2006
5
Helping the world communicate
Cybersecurity International
Cooperation Agenda
 WSIS Thematic Meeting on Cybersecurity
(2005);
 WSIS Phase II (2005): Tunis Commitment
(para 15, 24) and Tunis Agenda: Part C on
Internet Governance (see paras 39-47,
57-58, 68);
 ITU WTDC 2006 Doha Action Plan
Programme 3 and Resolutions 2:
Study Group Question 22/1 & 45:
Mechanisms for enhancing cooperation on
cybersecurity, including combating spam
 Resolution 130: Strengthening the role of
ITU in building confidence and security in
the use of information and communication
technologies (Antalya, 2006)
December 2006
6
Helping the world communicate
Some Recent ITU Activities Related to
Cybersecurity and Spam
 ITU is facilitator for WSIS Action Line C5: Building confidence
and security in the use of ICTs
 First C5 meeting held 15-16 May 2006 – see Partnerships for
Global Cybersecurity:
 www.itu.int/cybersecurity/pgc/
 ITU Global Cybersecurity Gateway:
 www.itu.int/cybersecurity/
 ITU WTDC 2006 Doha Action Plan Programme 3 and
Resolutions 2: Study Group Question 22/1 & 45: Mechanisms
for enhancing cooperation on cybersecurity, including
combating spam
 ITU and Harvard Law School research on voluntary code of
conduct for messaging service providers with possible
regulatory backing:
 www.itu.int/ITU-D/treg/publications/Chap%207_Trends_2006_E.pdf
December 2006
7
Helping the world communicate
Some Recent ITU Activities Related to
Cybersecurity and Spam
 ITU-T Study Group 17 (SG17) is drafting five
Recommendations (standards) on technical means for
countering spam, including email and IP multimedia
spam
 Creation of Stop Spam Alliance:
www.stopspamalliance.org involving:
 APEC, CNSA, ITU, London Action Plan, OECD, SeoulMelbourne MoU
 Countering Spam Cooperation Agenda (Dec 8 2006,
Hong Kong):
 www.itu.int/osg/spu/cybersecurity/pgc/spam_telecom06.phtml
 ITU Plenipotentiary Resolution 130: Strengthening the
role of ITU in building confidence and security in the use
of information and communication technologies (Antalya
2006)
December 2006
8
Helping the world communicate
WSIS Action Lines and Facilitators
December 2006
9
Helping the world communicate
Global Cybersecurity Gateway
www.itu.int/cybersecurity
December 2006
10
Helping the world communicate
Global Cybersecurity Gateway
 Tailored for four specific audiences: Citizens; Businesses;
Governments, International Organizations
 Information sharing of national approaches, good practices and
guidelines;
 Developing watch, warning and incident response capabilities;
 Technical standards and industry solutions;
 Harmonizing national legal approaches and international legal
coordination and enforcement;
 Privacy, data and consumer protection.
 Focused information on hot topics such as spam, spyware,
phishing, scams and frauds, worms and viruses, denial of
service attacks
 Also provides extensive reference to ITU related activities:
 www.itu.int/cybersecurity/itu_activities.html
December 2006
11
Helping the world communicate
Resolution 130: Strengthening the role of ITU in building
confidence and security in the use of information and
communication technologies (Antalya 2006)
resolves
to give this work a high priority within ITU, in accordance with its competences and
expertise,
instructs the Secretary-General and the Directors of the Bureaux
1
2
3
4
to review:
i) the work done so far by ITU and other relevant organizations, and initiatives to
address existing and future threats in order to build confidence and security in
the use of ICTs, such as the issue of countering spam;
ii) the progress achieved in the implementation of this resolution and in the role
of ITU as moderator/facilitator for WSIS action line C5 with the help of the
advisory groups, consistent with the ITU Constitution and Convention;
to facilitate access to tools required for enhancing confidence and security in the
use of ICTs for all Member States, consistent with WSIS provisions on universal and
non-discriminatory access to ICTs for all nations;
to continue the Cybersecurity Gateway as a way to share information on national,
regional and international cybersecurity-related initiatives worldwide;
to report annually to the Council on these activities and to make proposals as
appropriate,
December 2006
12
Helping the world communicate
Some Conclusions
 Spam and related threats are getting worse and need to be
addressed from broader cybersecurity approach
 Challenges as criminal spammers move to developing
countries with weak technical, legal, regulatory institutional
structures
 More understanding needed on economics of cybersecurity:
 the criminals have figured this out first
 See Ross Anderson’s site at Cambridge, UK at
http://www.cl.cam.ac.uk/~rja14/econsec.html
 Strong identity management binding to get access to
resources likely to be only long term solution
 examples of things that work: mobile SIM cards, global bank card
debit system…
 Concepts adopted in Next Generation Network (NGN) architecture
December 2006
13
Helping the world communicate
International
Telecommunication
Union
Connect the World
December 2006
14