itu-d question 22 building blocks for organizing national cybersecurity efforts

James Ennis, Department of State, USAITU-D Question 22/1 Rapporteur

Five Organizing Elements Developing & Obtaining Agreement on a

National Cybersecurity StrategyEstablishing National Government – Industry

CollaborationDeterring CybercrimeCreating National Incident Management

Capabilities: Watch, Warning, Response, & Recovery

Promoting a National Culture of Cybersecurity

Developing & Obtaining Agreement on a National Cybersecurity Strategy

Create awareness at the national policy levelcybersecurity issues, national action, &

international cooperationDevelop a national strategy to enhance

cybersecurityreduce risks & effects of disruptions

Participate in international efforts to promote national prevention of incidents: preparation, response, recovery.

Establishing National Government – Industry Collaboration

Develop public-private collaborative relationships to manage risk and protect cyberspaceArticulate the value propositionIdentify roles and responsibilitiesDevelop mutual trust

Provide mechanism for developing consensus between a variety of perspectives, equities, & knowledge

Deterring CybercrimeEnact & enforce a comprehensive set of laws

relating to cybersecurity & cybercrimeEstablish and modernize supporting criminal

law, procedures, and policiesRegional initiatives, mutual assistanceEstablish or identify national cybercrime

investigative unitsUnderstanding of cybercrime legal issues

among prosecutors, judges, & legislators

Creating National Incident Management Capabilities

Develop coordinated national cybersecurity response system Prevention, detection, deterrence, response, &

recoveryEstablish a government focal point

Bring together all elements of government, operators, & equipment vendors

Participate in information sharing mechanismsWatch, warning, response

Develop, test, exercise response plans & protocols

Promoting a National Culture of Cybersecurity

Promote cybersecurity within Government, as well as private sector, civil society, & individuals

Security of e-GovernmentMulti-disciplinary, multi-stakeholder approach

EducationRegional & international cooperation

New Work for Question 22Expand on the Best Practices Report dealing with

national strategy; public/private partnerships; national incident management capability; culture; & protection against spam malware & other cyberthreats.

Develop course materials for analysis of national strategies and planning hands-on training programs.

Develop country case studies.Develop a framework to be pursued and implemented

under BDT Programme 2 for increasing awareness by developing countries regarding cybersecurity.

UNGA Res 64-211Creation of a global culture of cybersecurity

Member States to use a voluntary self-assessment tool to highlight areas for further action in CII protectionTaking stock of cybersecurity needs and strategiesStakeholder roles & responsibilitiesPolicy processes & participationPublic-private cooperationIncident management & recoveryLegal frameworksDeveloping a global culture of cybersecurity