APCAUCE Meeting
Overview of ITU Development
Sector Activities
New Delhi, India
2 September 2007
Robert Shaw
Head, ICT Applications and Cybersecurity Division
ITU Telecommunication Development Sector
International
Telecommunication
Union
Setting the Context
 In the 21st century, growing dependency on





information and communications systems
(ICTs) that span the globe;
Rapid growth on ICTs and dependencies led to shift
in perception of cybersecurity threats in mid-1990s;
Growing linkage of cybersecurity and critical
information infrastructure protection (CIIP);
Number of countries began assessment of threats,
vulnerabilities and explored mechanisms to redress them;
With national consideration, began move to international
political agenda;
At the World Summit on the Information Society (WSIS),
consensus that “Building confidence and security in the use of
ICTs” was key issue for building Global Information Society
August 2007
2
Examples of International
Cooperation Agenda







Council of Europe Convention on Cybercrime
(1997-2001)
UN Resolutions 57/239 (2002) and 58/199
(2004): Creation of a global culture of
cybersecurity and the protection of critical
information infrastructure;
WSIS Phase I (2003) and Phase II (2005):
Building confidence and security in the use of ICTs;
WSIS Thematic Meeting on Countering Spam (2004);
ITU World Telecommunication Standardization Assembly
Resolutions (2004): Cybersecurity and Spam;
WSIS Thematic Meeting on Cybersecurity (2005);
ITU World Telecommunication Development Conference 2006:
 Programme 3 Activities;
 Question 22/1: Securing information and communication networks: Best
practices for developing a culture of cybersecurity.

ITU Resolution 130 update: Strengthening the role of ITU in building
confidence and security in the use of information and communication
technologies (Antalya, 2006);
August 2007
3
Many Relevant Actors in International
Cybersecurity/CIIP Ecosystem
ITU Cybersecurity Work Programme
to Assist Developing Countries
 Most countries have not
formulated or implemented a
national strategy for
cybersecurity and Critical
Information Infrastructure
Protection (CIIP)
 ITU Work Programme scopes a
set of proposed high level
assistance activities
 Contains set of detailed
initiatives planned in the 20072009 period by the ITU
Development Sector’s ICT
Applications and Cybersecurity
Division
www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-cybersecurity-work-programme-developing-countries.pdf
August 2007
5
ITU-D Cybersecurity Work Programme to Assist
Developing Countries: High Level Elements




Assistance related to
Establishment of National
Strategies/Capabilities for
Cybersecurity and Critical
Information Infrastructure
Protection (CIIP)
Assistance related to
Establishment of appropriate
Cybercrime Legislation and
Enforcement Mechanisms
Assistance related to
Establishment of Watch,
Warning and Incident Response
(WWIR) Capabilities
Assistance related to
Countering Spam and Related
Threats
August 2007



Assistance in Bridging the
Security-Related
Standardization Gap between
Developing and Developed
Countries
Establishment of an ITU
Cybersecurity/CIIP Directory,
Contact Database and Who’s
Who Publication
Assistance in Information
Sharing through Enhancing the
ITU Cybersecurity Gateway
 www.itu.int/cybersecurity

Outreach and Promotion of
Related Activities
6
Examples of Specific Initiatives
 Identification of Best




Practices in the
Establishment of National
Frameworks for
Cybersecurity and CIIP
National Cybersecurity/CIIP
Readiness Self-Assessment
Toolkit
Botnet Migitation Toolkit
Cybersecurity Guideline
Publications for Developing
Countries
International Survey of
National Cybersecurity/
CERT Capabilities
August 2007
 Toolkit for Model Cybercrime
Legislation for Developing
Countries
 2007-2008 Regional Workshops
on Frameworks for
Cybersecurity and Critical
Information Infrastructure
Protection






Hanoi, Vietnam
Buenois Aires, Argentina
Praia, Cape Verde
Thailand
Egypt or Tunisia
Caribbean
 Toolkit for Promoting a Culture
of Cybersecurity
7
Examples of Specific Initiatives
 Translation of MAAWG Best
 ITU-D Question 22/1: Securing
 Activities to support
StopSpamAlliance
 Contact Database Support?
 Calls for Member States and
Sector Members to create a
report on best practices in the
field of cybersecurity;
 Question has a four-year study
cycle
Practices Document
 Study on the Economics of
Spam
 Translation of CERT.BR
cartoons to educate users
 Spam Initiatives Survey
 Open Forum at Internet
Governance Meeting in Rio
de Janeiro (November
2007)
August 2007
information and communication
networks: Best practices for
developing a culture of
cybersecurity
 17 September: all day
workshop at ITU with tutorial
on elements of cybersecurity
best practices
 U.S. and EU speakers;
 Open to all participants.
8
More information
www.itu.int/itu-d/cyb/
www.itu.int/itu-d/cyb/cybersecurity/
August 2007
9
International
Telecommunication
Union
Building the Information Society
August 2007
10