Internet Governance Forum

advertisement
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ITU Global Cybesercurity Agenda and
ITU-T SG17 activities on
Cybersecurity
Paolo Rosa
Head, Workshops and Promotion Division
Telecommunication
Standardization
Bureau
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ITU Cybersecurity activities
WSIS Action Line C.5
Building Confidence and security in
the use of ICTs
http://www.itu.int/wsis/c5/index.html
ITU Global Cybersecurity Agenda
Framework for international
cooperation in Cybersecurity
ITU Cybersecurity Gateway
Information resource on Cybersecurity
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Strategic direction
Cybersecurity – one of the top priorities of the ITU
WSIS Action Line C5, Building confidence and security in use of
ICTs
A fundamental role of ITU, following the World Summit on the
Information Society (WSIS) and the 2006 ITU Plenipotentiary
Conference is to build confidence and security in the use of ICTs.
At the WSIS, world leaders and governments designated ITU to
facilitate the implementation of WSIS Action Line C5, “Building
confidence and security in the use of ICTs”.
In this capacity, ITU is seeking consensus on a framework for
international cooperation in cybersecurity to reach a common
understanding of cybersecurity threats among countries at all
stages of economic development.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Strategic direction II
 Plenipotentiary Resolution 130 (2006), Strengthening
the role of ITU in building confidence and security in
the use of information and communication
technologies – Instructs Director of TSB to intensify
work in study groups, address threats & vulnerabilities,
collaborate, and share information
 Plenipotentiary Resolution 149 (2006), Study of
definitions and terminology relating to building
confidence and security in the use of information and
communication technologies - Instructs Council to
study terminology
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Strategic Direction III
 WTSA-08 Resolution 50, Cybersecurity – Instructs Director of TSB to
develop a plan to undertake evaluations of ITU-T “existing and evolving
Recommendations, and especially signalling and communications
protocol Recommendations with respect to their robustness of design
and potential for exploitation by malicious parties to interfere
destructively with their deployment”
 WTSA-08 Resolution 52, Countering and combating spam – Instructs
relevant study groups “to develop, as a matter of urgency, technical
Recommendations, including required definitions, on countering spam”
 WTSA-08 Resolution 58, Encourage the creation of national Computer
Incident Response Teams, particularly for developing countries –
instructs the Director of TSB, in collaboration with the Director of BDT “to
identify best practices to establish CIRTs; to identify where CIRTs are
needed; to collaborate with international experts and bodies to establish
national CIRTs; to provide support, as appropriate, within existing
budgetary resources; to facilitate collaboration between national CIRTs,
such as capacity building and exchange of information, within an
appropriate framework”
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Cybersecurity & Cyberspace
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Draft new ITU-T Rec.X1205
Overview of Cybersecurity
• Cybersecurity: collection of tools, policies, guidelines, risk
management approaches, actions, training, best practices,
assurance and technologies that can be used to protect the
cyberspace against relevant security risks such as
unauthorized access, modification, theft, disruption, or other
threats
• Cyberspace: the cyber environment including software,
connected computing devices, computing users,
applications/services, communications systems, multimedia
communication, and the totality of transmitted and/or stored
information connected directly or indirectly to the Internet. It
includes hosting infrastructures and isolated devices
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Changing nature of cyberspace
Source: Presentation materials at ITU workshop on “Ubiquitous Network Societies”, April 2005.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Threats in cyberspace
Inherited architecture of the Internet was not designed to optimize security
•
•
•
•
•
•
•
•
•
•
•
Constant evolution of the nature of cyberthreats
Low entry barriers and increasing sophistication of cybercrime
Constant evolution in protocols and algorithms
Loopholes in current legal frameworks
Introduction of Next-Generation Networks (NGN)
Convergence among ICT services and networks
Network effects – risks far greater
Possibility of anonymity on the Internet
Absence of appropriate organizational structures
Internationalization requires cross-border cooperation
Vulnerabilities of software applications
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Attackers, hackers and intruders
(generally users cannot be trusted)
• Taxonomy of security threats
– Unauthorized illegal access: insufficient security measures
autent./author/unprotected passwords…
– IP spoofing: assume a trusted host identity, disable host, assume attacker’s
identity, access to IP addresses)
– Network sniffers: read source and destination addressess, passwords,data…
– Denial of Service (DoS): connectivity, network elements or applications
availability
– Bucket brigade attacks: messages interception/modificat.
– Back door traps: placed by system developers / employees /operating
system/created by virus
– Masquerading: accessto the network as false legitimate personnel
– Reply attacks: read authentication information from messages
– Modification of messages without detection
– Insider attacks: legitimate users behave in unauthorized way, needed
perdiodical auditing actions, screening of personnel, hardware and software
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Challenges: Policy
• Lack of relevant cybercrime and anti-spam legislation
– Establish where none
• Base “model law” needed (which is separate ITU initiative)
– Modify existing cybercrime/spam laws where needed to reflect botnetrelated crime
• Capacity building for regulators, police, judiciary
– Training existing officials may be supplemented by co-opting or active
recruitment of technical experts
• Weak international cooperation and outreach
– Participation in local, regional and international initiatives
– Engagement of relevant government, regulators, law enforcement with
peers and other stakeholders around globe
– Targeted outreach to countries and stakeholders known to be particularly
vulnerable to cybercrime
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
The Global Cybersecurity Agenda (GCA)
Launched in May 2007 by the ITU’s Secretary-General,
Dr. Hamadoun Touré on World Telecommunication and
Information Society Day
17 May 2007, International Herald Tribune
9 July 2007
UN Secretary-General
Historic visit to ITU
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Global Cybersecurity Agenda
Framework for International Cooperation in Cybersecurity
• The Global Cybersecurity Agenda (GCA) was created as ITU’s response to its role as sole
Facilitator for WSIS Action Line C5
• GCA is a framework for international multi-stakeholder cooperation in cybersecurity
• GCA brought together a group of world renowned experts in the field of cybersecurity
and formed the High Level Experts Group (HLEG) which developed a global strategic
report available at:
http://www.itu.int/osg/csd/cybersecurity/gca/global_strategic_report/index.html
• GCA is working together with its partners to develop harmonized global strategies
Leveraging expertise for international consensus
On a Global level, from government, international organizations to industry
For a Harmonized approach to build synergies between initiatives
Through Comprehensive strategies on all levels in 5 work areas:
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ITU’s Global Cybersecurity Agenda
Global Strategic Report
• Legal Measures
• International investigations: depending
on reliable means of cooperation
and effective harmonization
of laws
• Technical and Procedural Measures
• Organizational Structures
• Capacity Building
• International Cooperation
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Current GCA Projects
Curbing Cyberthreats: IMPACT
Partnership with the International Multilateral
Partnership Against Cyber-Threats (IMPACT)
Child Online Protection: COP
The Child Online Protection (COP) initiative in
partnership with organizations from around the world
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ITU-IMPACT Collaboration
IMPACT is the physical home for the GCA, providing expertise and facilities
for all ITU Member States to address global cyber-threats
Global Response Centre (GRC)
Threat information aggregation and dissemination expert collaboration
Training & Skill Development
Security skills training for Member States
Security Assurance & Research
International benchmarks for Member States Collaborative research on
cyber-threats.
PARTNERS
Centre for Policy and International Co-operation
Advisory services on cybersecurity policy and regulations for Member States
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Child Online Protection (COP)
Internet Governance Forum
Action for Global Cybersecurity
An unique initiative bringing together partners from all
sectors of the international community with the aim of
creating a safe online experience for children everywhere.
Key Objectives
•Identify the main risks and vulnerabilities
to children in cyberspace
•Create awareness of the risks and issues through multiple
channels
•Develop practical tools to help governments, organizations
and educators minimize risk
•Share knowledge and experience while facilitating
international strategic partnerships to define and implement
concrete initiatives
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
The High Level Segment (Council)
• Held on the opening of the ITU council meetings
• Participation of Ministers
• Questions addressed:
– Greatest cyberthreats faced worldwide
– Key elements to formulate national strategies and to
prevent cybercrime
– Role of governments in promoting a cibersecurity culture
– Highest priority activities to address current and emerging
cyberthreats
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17: Security
Responsible for studies relating to security including cybersecurity, countering
spam and identity management. Also responsible for the application of open
system communications including directory and object identifiers, and for
technical languages, the method for their usage and other issues related to
the software aspects of telecommunication systems.
• Study Group 17 is the lead study group in the ITU-T for security –
responsible for:
– Coordination of security work
– Development of core Recommendations
• Most of the other study groups have responsibilities for standardizing
security aspects specific to their technologies, e.g.,
– SG 2 for TMN security
– SG 9 for IPCablecom security
– SG 13 for NGN security
– SG 16 for Multimedia security
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ICT security standards
roadmap
• Part 1 contains information about organizations
working on ICT security standards
• Part 2 is database of existing security standards and
includes ITU-T, ISO/IEC JTC 1,IETF, IEEE, ATIS, ETSI and
OASIS security standards
• Part 3 is a list of standards in development
• Part 4 identifies future needs and proposed new
standards
• Part 5 includes Security Best Practices
http://www.itu.int/ITU-T/studygroups/com17/ict/
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17 structure
Working Party 1: Network and information security
• Q 1 Telecommunications systems security project
• Q 2 Security architecture and framework
• Q 3 Telecommunications information security management
• Q 4 Cybersecurity
• Q 5 Countering spam by technical means
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
21 of 37
ITU-T SG 17 structure (cont.)
Working Party 2: Application security
• Q 6 Security aspects of ubiquitous telecommunication services
• Q 7 Secure application services
• Q 8 Telebiometrics
• Q 9 Service oriented architecture security
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
22 of 37
ITU-T SG 17 structure (cont.)
Working party 3: Identity management and languages
• Q 10 Identity management architecture and mechanisms
• Q 11 Directory services, Directory systems, and public-key/attribute
certificates
• Q 12 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and
associated registration
• Q 13 Formal languages and telecommunication software
• Q 14 Testing languages, methodologies and framework
• Q 15 Open Systems Interconnection (OSI)
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
23 of 37
Core Security Recommendations




Strong ramp-up on developing core security Recommendations in
SG 17
• 14 approved in 2007
• 27 approved in 2008
• 56 under development for approval this study period
Subjects include:
 Architecture and Frameworks  Web services  Directory
 Identity management  Risk management  Cybersecurity
 Incident management  Mobile security  Countering spam
 Security management  Secure applications  Telebiometrics
 Ubiquitous Telecommunication services  SOA security
Ramping up on:
 Traceback  Ubiquitous sensor networks
Collaboration with others on many items
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
24 of 37
Challenges
 Addressing security to enhance trust and confidence of users in
networks, applications and services
 Balance between centralized and distributed efforts on
developing security standards
 Legal and regulatory aspects of cybersecurity, spam,
identity/privacy
 Address full cycle – vulnerabilities, threats and risk analysis;
prevention; detection; response and mitigation; forensics;
learning
 Uniform language for security terms and definitions
 Effective cooperation and collaboration across the many bodies
doing cybersecurity work – within the ITU and with external
organizations
 Keeping ICT security database up-to-date
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
25 of 37
SG 17 Security Project 1/3
(Major focus is on coordination and outreach)
 Security coordination
ISO/IEC/ITU-T Strategic Advisory Group Security
– Oversees standardization activities in ISO, IEC and ITU-T relevant to security;
provides advice and guidance relative to coordination of security work; and, in
particular, identifies areas where new standardization initiatives may be
warranted.
• Portal established
• Workshops conducted
Global Standards Collaboration
– ITU and participating standards organizations exchange information on the progress
of standards development in the different regions and collaborate in planning
future standards development to gain synergy and to reduce duplication. GSC- 13
resolutions concerning security include:
GSC-13/11 – Cybersecurity
GSC-13/04 – Identity Management
GSC-13/03 – Network aspects of identification systems
GSC-13/25 – Personally Identifiable Information Protection
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
26 of 37
SG 17 Security Project 2/3
(Major focus is on coordination and outreach)
 Security coordination (cont.)
Cybersecurity Rapporteur group adopted a focussed action plan
including outreach and collaboration with other organizations
addressing cybersecurity and infrastructure protection.
Basic needs: to identify and effecting lines of communication
among all these organizations.
Address the needs of countries with lack in resources and part of
the global network cybersecurity and vulnerability mosaic.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
27 of 37
SG 17 Security Project 4/4
 Security Compendium
– Includes catalogs of approved security-related
Recommendations and security definitions
extracted from approved Recommendations
 Security Standards Roadmap
– Includes searchable database of approved ICT
security standards from ITU-T and others (e.g.,
ISO/IEC, IETF, ETSI, IEEE, ATIS)
 ITU-T Security Manual
– Assisted in its development
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Security standardization strategy
1. Assure the continued relevance of security standards by keeping
them current with rapidly-developing
telecommunications
technologies and operators’ trends.
(in e-commerce, e-payments, e-banking, telemedicine, fraud-monitoring, fraudmanagement, fraud identification, digital identity infrastructure creation, billing systems,
IPTV, Video-on-demand, grid network computing, ubiquitous networks, etc.).
2. Give attention to the issue of trust between network providers and
communication infrastructure vendors, in particular, in terms of
communication hardware and software security.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
29 of 37
Identity Management Overall objectives
1. a security enabler by providing trust in the identity of both
parties to an e-transaction
1. a very important capability for significantly improving security
and trust
3. provides Network Operators an opportunity to increase
revenues by offering advanced identity-based services
4. ITU-T’s IdM work on global trust and interoperability of
diverse IdM capabilities in telecommunications focused on
leveraging and bridging existing solution
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
30 of 37
Recommendations in progress
First IdM Recommendations for ITU-T SG 17:
• X.1250, Capabilities for global identity management trust and
interoperability
• X.1251, A framework for user control of digital identity
And one Supplement approved:
• Supplement to X.1250-series, Overview of IdM in the context of
cybersecurity
Many additional IdM Recommendations are under development
(specially IdM terms and definitions)
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
31 of 37
Survey of developing countries ICT security needs
• Questionnaire initiated May 2008
• Key Results
– The overall level of concern about cyber security is
high
– There is a high level of interest in the possibility of
obtaining advice and/or assistance on ICT security
from the ITU
– The ITU needs to do better in promoting its ICT
security products
• Details of analysis at:
http://www.itu.int/dms_pub/itu-t/oth/0A/0D/T0A0D0000180001PDFE.pdf
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Challenges
Addressing security to enhance trust and confidence of users
in networks, applications and services
 With global cyberspace, what are the security priorities for the ITU with its
government / private sector partnership?
 Balance between centralized and distributed efforts on developing security
standards
 Legal and regulatory aspects of cybersecurity, spam, identity/privacy
 Address full cycle – vulnerabilities, threats and risk analysis; prevention;
detection; response and mitigation; forensics; learning
 Uniform definitions of cybersecurity terms and definitions
 Effective cooperation and collaboration across the many bodies doing
cybersecurity work – within the ITU and with external organizations
 Keeping ICT security database up-to-date
There is no “silver bullet” for cybersecurity
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Some useful web resources
• ITU Global Cybersecurity Agenda (GCA)
http://www.itu.int/osg/csd/cybersecurity/gca/
• ITU-T Home page http://www.itu.int/ITU-T/
• Study Group 17 http://www.itu.int/ITU-T/studygroups/com17/index.asp
e-mail: tsbsg17@itu.int
• LSG on Security http://www.itu.int/ITU-T/studygroups/com17/tel-security.html
• Security Roadmap http://www.itu.int/ITU-T/studygroups/com17/ict/index.html
• Security Manual http://www.itu.int/publ/T-HDB-SEC.03-2006/en
• Cybersecurity Portal http://www.itu.int/cybersecurity/
• Cybersecurity Gateway http://www.itu.int/cybersecurity/gateway/index.html
• ITU-T Recommendations http://www.itu.int/ITU-T/publications/recs.html
• ITU-T Lighthouse http://www.itu.int/ITU-T/lighthouse/index.phtml
• ITU-T Workshops http://www.itu.int/ITU-T/worksem/index.html
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Thank you!
Paolo Rosa
paolo.rosa@itu.int
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
35 of 37
ADDITIONAL SLIDES
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ITU GCA main goals
Elaboration of strategies to:
– develop a model cybercrime legislation globally applicable, interoperable
with existing national / regional legislative measures
– create national and regional organizational structures and policies on
cybercrime
– establish globally accepted minimum security criteria and accreditation
schemes for software applications and systems
– create a global framework for watch, warning and incident response to
ensure cross-border coordination of initiatives
– create and endorse a generic and universal digital identity system and the
necessary organizational structures to ensure the recognition of digital
credentials for individuals across geographical boundaries
– develop a global strategy to facilitate human and institutional capacitybuilding to enhance knowledge and know-how across sectors and in all the
above-mentioned areas
– advice on potential framework for a global multi-stakeholder strategy for
international cooperation, dialogue and coordination in all the abovementioned areas.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Initiatives
ITU’s Global Cybersecurity Agenda housed in new centre in
Malaysia
The International Multilateral Partnership Against Cyber
Threats (IMPACT) headquarters in Cyberjaya (Kuala Lumpur) to
focus on strengthening network security 20 March 2009
ITU’s Telecommunication Development Bureau (BDT) will
facilitate the deployment of IMPACT services, such as the
Global Response Centre, which aims at providing state-of-theart cybersecurity capabilities for ITU Member States to
strengthen network security worldwide.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
ITU-T SG 17 structure
Recommendations under development in WP1
 Guidelines on security of the individual information service for operators 
Architecture of external interrelations for a telecommunication network security
system  Information security governance framework  Information security
management framework for telecommunications  Requirement of security
information sharing framework  Abnormal traffic detection and control guideline
for telecommunication network  Frameworks for botnet detection and response 
Digital evidence exchange file format  Guideline on preventing malicious code
spreading in a data communication network
 Mechanism and procedure for distributing policies for network security 
Framework for countering cyber attacks in SIP-based services
 Traceback use cases and capabilities  Framework for countering IP multimedia
spam  Functions and interfaces for countering email spam sent by botnet 
Technical means for countering spam Interactive countering spam gateway system
 Technical means for countering VoIP spam
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
39 of 37
ITU-T SG 17 structure
Recommendations under development in WP2
 Functional requirements and mechanisms for secure transcodable
scheme of IPTV  Key management framework for secure IPTV
services  Algorithm selection scheme for SCP descrambling  SCP
interoperability scheme  Security requirement and framework for
multicast communication  Security aspects of mobile multi-homed
communications  Security framework for ubiquitous sensor network
 USN middleware security guidelines  Secure routing mechanisms
for wireless sensor network  SAML 2.0  XACML 2.0  Security
requirements and mechanisms of peer-to-peer-based
telecommunication network  Management framework for one time
password based authentication service  Security framework for
enhanced web based telecommunication services  Telebiometrics
issues
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
40 of 37
ITU-T SG 17 structure
Recommendations under development in WP3
 Baseline capabilities for enhanced global identity management trust and
interoperability  A framework for user control of digital identity
 Entity authentication assurance  Extended validation certificate
 Common identity data model  Framework architecture for interoperable
identity management systems  IdM terms and definitions  Security
guidelines for identity management systems  Criteria for assessing the
level of protection for personally identifiable information in identity
management  Guideline on protection for personally identifiable
information in RFID applications  Object identifier resolution system 
UML profile for ASN.1  Information technology reference model issues: 
SDL issues  Message sequence chart (MSC) issues  User requirements
notation (URN) issues  Testing and test control notation issues
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
41 of 37
Business use of telecommunications/ICT top security standards
The report will consist of summary sheets for analysed top security standards


 Status and summary of standards  Who does the standard affect?  Business benefits 
Technologies involved  Technical implications
ITU-T SG 17 seeks comment on the work activity from the ITU-D and other standards
development organizations. Specifically, your views on the following would be
appreciated:
 Do you agree that this work activity would be useful to organizations and/or DC/CETs
planning to deploy telecommunications/ICT security systems?
 Does your organization have existing information that may be related to this work
activity or that may be used to progress this work?
 Does your organization have contact with DC/CETs that may further elaborate on their
needs and detail the information they may find most useful to capture in the activity
output?
 Does your organization have any suggestions to provide additional detail regarding the
proposed summary sheet elements or criteria to select standards?
 Would your organization be willing to assist the ITU-T SG 17 in progressing this work?
ITU-T SG 17 welcomes your consideration and your response on this matter.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
42 of 37
The High Level Segment: HLEG
• Held on the opening of the ITU council meetings
• Participation of Ministers
• Questions addressed:
– Greatest cyberthreats faced worldwide
– Key elements to formulate national strategies and to
prevent cybercrime
– Role of governments in promoting a cibersecurity culture
– Highest priority activities to address current and emerging
cyberthreats
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity II
 Managing cyberthreats through harmonized policies and
organizational structures
Objective: to examine how cyberthreats can be detected and managed
effectively through harmonized policies and improved organization
structures.
The absence of effective institutions to deal with cyber-attacks is a
major issue. Some countries have established specific agencies with
watch, warning and incident response capabilities. Other countries
prefer to promote capacity to deal with cyber-incidents within existing
law enforcement agencies. What lessons can be learned from the
experience of different countries? And how can cooperation and the
flow of information between national institutions be improved?
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
High-Level Segment (HLS) of Council 2008
Geneva, 12-13 November 2008
– Designed to provide Ministers and Councillors with
an opportunity to exchange views on issues of
strategic importance to the Union and on emerging
trends in the sector. This year, speakers offered
their perspectives on Climate Change and
Cybersecurity.
– Inaugurated by two Heads of State, H.E. Mr Paul
Kagame, President of Rwanda, and H.E. Mr Blaise
Compaoré, President of Burkina Faso, as well as by
United Nations Secretary-General Mr Ban Ki-moon
via video message.
– Attended by some 400 participants, 21 Ministers,
Ambassadors and heads of regulatory
organizations and UN agencies.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity 1/2
 Managing cyberthreats through harmonized policies and
organizational structures
Objective: to examine how cyberthreats can be detected
and managed effectively through harmonized policies and
improved organization structures.
 Addressing the technical and legal challenges related to
the borderless nature of cybercrime
Objective: to consider how the technical and legal
challenges associated with cybercrime can best be
addressed.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity 2/2
 Be Safe Online: A Call to Action
Objective: What can be done and what should be done to
protect our most valuable resource : our children?
 ITU Global Cybersecurity Agenda: Towards an
International Roadmap for Cybersecurity
Objective: How the framework and expert proposals
developed within the GCA can help countries promote
cybersecurity.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity III
 Addressing the technical and legal challenges related to the
borderless nature of cybercrime
Objective: to consider how the technical and legal challenges
associated with cybercrime can best be addressed.
Threats to cybersecurity are global in nature. Cybercriminals can strike
at will, exploiting technical vulnerabilities and legal loopholes through
cross-border operations that show no respect for geographical
boundaries or jurisdictional borders. This makes it difficult for any
single national or regional legal framework to address cyberthreats
effectively. What are the major challenges countries face in fighting
cybercrime? How can countries deal with these challenges?
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity IV
 Be Safe Online: A Call to Action
Objective: What can be done and what should be done to protect our
most valuable resource – our children?
The most vulnerable Internet users online are children. In
industrialized countries, as many as 60% of children and teenagers use
online chatrooms regularly, and evidence suggests that as many of
three-quarters of these may be willing to share personal information in
exchange for online goods and services. In some countries, as many as
one in five children may be targeted by a predator or paedophile each
year. These trends are increasingly true in many emerging and
developing countries as well.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
HLS 2008 Sessions on Cybersecurity V
 ITU Global Cybersecurity Agenda: Towards an International
Roadmap for Cybersecurity
Objective: How the framework and expert proposals developed within
the GCA can help countries promote cybersecurity.
There are many valuable national and regional initiatives underway to
promote cybersecurity. However, the growing global cyberthreats need
a global basis on which they can be addressed. On 17 May 2007, the
ITU Secretary-General Dr. Hamadoun Touré launched the Global
Cybersecurity Agenda (GCA) as a framework for international
cooperation to promote cybersecurity and enhance confidence and
security in the information society. The GCA seeks to encourage
collaboration amongst all relevant partners in building confidence and
security in the use of ICTs.
Forum on Next Generation Network Standardization
Colombo, Sri Lanka, 7-10 April 2009
Download