cybersecurity for group on identity management (idm) ... practices for developing a culture of...

Download Cybersecurity for   Group on Identity Management (IdM) ... practices for developing a culture of cybersecurity ... (Banglalink) 7

Post on 19-May-2018

213 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • Cybersecurity for ALL

    UNODC ITU ASIA PACIFIC REGIONAL WORKSHOP

    ONFIGHTING CYBERCRIME

    21-23 SEPTEMBER 2011SEOUL

    REPUBLIC OF KOREA

  • Founded in 1865

    Leading UN Special Agency for ICTs

    HQs in Switzerland

    ITU-T

    ITUs standards-making efforts are its best-known and oldest

    activity.

    ITU-R

    Managing the international radio-frequency spectrum and satellite

    orbit resources

    ITU-D

    Established to help spread equitable, sustainable and affordable access to ICT.

    ITU TELECOM

    Brings together the top names from across the ICT industry & ministers and regulators for a major exhibition,

    a high-level forum & a host of other opportunities

    ITU Overview

    Three sectors (ITU-T, ITU-D, and ITU-R)

    4 Regional Offices & 7 Area Offices

    192 Member States and 750 Sector Members

  • Security Threats in Multimedia Communications- Example

  • Security Threats in Mobile Communications- Example

  • Key Cybersecurity Challenges

    Lack of adequate and interoperable national or regional legal frameworks

    Lack of secure software and ICT-based applications

    Lack of appropriate national and global organizational structures to deal with cyber incidents

    Lack of information security professionals and skills within governments; lack of basic awareness among users

    Lack of international cooperation between industry experts, law enforcements, regulators, academia & international organizations, etc. to address a global challenge

    Cybersecurity not seen yet as a cross-sector, multi-dimensional concern. Still seen as a technical/technology

    problem.

  • Global Cybersecurity Cooperation

    Cyber threats/vulnerabilities are global challenges that cannot be solved by any single entity alone!

    The world is faced with thechallenging task of developingharmonized and comprehensivestrategies at the global leveland implementing these withthe various relevant national,regional, and internationalstakeholders in the countries

  • ITU and Cybersecurity

    2003 2005

    WSIS entrusted ITU as sole facilitator for WSIS Action Line C5

    Building Confidence and Security in the use of ICTs

    2007

    ITU Secretary-General launched the Global Cybersecurity Agenda (GCA)

    A framework for international cooperation in cybersecurity

    2008 - 2010

    ITU Membership endorsed the GCA as the ITU-wide strategy on international cooperation

    http://www.itu.int/osg/csd/cybersecurity/gca/cop/http://www.itu.int/osg/csd/cybersecurity/gca/impact_index.html

  • GCA is designed for cooperation and efficiency, encouraging collaboration with and between all relevant partners, and building on existing initiatives to avoid duplicating efforts.

    Global Cybersecurity Agenda (GCA)

  • ITU High-Level Expert Group (HLEG) ITU-IMPACT CollaborationITU Cybersecurity Gateway

    ITUs Child Online Protection (COP)

    Collaboration with UNICEF, UNODC, UNICRI, UNICITRAL and UNDIR

    ITU National Cybersecurity Strategy GuideITU Botnet Mitigation Toolkit and pilot projects

    Regional Cybersecurity SeminarsCybersecurity Assessment and Self assessment

    4. Capacity Building

    Global

    Cybersecurity

    Agenda (GCA)CIRT assessments and deploymentITU work on CIRTs cooperationITU Cybersecurity Information Exchange Network (CYBEX)

    3. Organizational Structures

    5. International Cooperation

    ITU Toolkit for Cybercrime Legislation

    ITU Publication on Understanding Cybercrime: A Guide for Developing Countries

    1. Legal Measures

    ITU Standardization WorkICT Security Standards Roadmap ITU-R Security ActivitiesITU-T Study Group 17 ITU-T Study Group 2

    2. Technical and Procedural Measures

    GCA: From Strategy to Action

  • 1

    0

    Examples of Recent Initiatives

    ITU NATIONAL CYBERSECURITY STRATEGY GUIDE

    The Guide focuses on the issues that countries should consider when elaborating or reviewing national Cybersecurity strategies.

    www.itu.int/ITU-D/cyb/cybersecurity/legislation.html

    http://www.itu.int/ITU-D/cyb/cybersecurity/legislation.htmlhttp://www.itu.int/ITU-D/cyb/cybersecurity/legislation.htmlhttp://www.itu.int/ITU-D/cyb/cybersecurity/legislation.html

  • GCA and ITU-T Activities

    ITU-T Study Group 17

    Lead Study Group for Telecommunication Security

    Mandate for Question 4/17 (Q.4/17): Cybersecurity

    Provides ICT Security Standards Roadmap

    ITU-T Cybersecurity Information Exchange Framework (CYBEX): September 2009

    ITU-T Security Manual "Security in telecommunications and information technology(4th ed.): Scheduled for publication in 2010

    Draft summaries of Study Group 17 recommendations

    Focus Group on Identity Management (IdM)

    Approved over 100 Recommendations on security for communication

    Facilitates collaboration among national Computer Incident Response Teams (CIRTs)

    WTSA Resolutions

    ITU WTSA Resolution 50: Cybersecurity (Rev. Johannesburg, 2008)

    ITU WTSA Resolution 52: Countering and combating spam (Rev. Johannesburg, 2008)

    ITU WTSA Resolution 58: Encourage the creation of national computer incident response teams, particularly for developing countries (Johannesburg, 2008)

  • GCA and ITU-D Activities

    Assisting developing countries in bridging the digital divide by advancing the use of ICT-based networks, services and applications, and promoting cybersecurity

    ITU National Cybersecurity Guide

    ITU Botnet Mitigation Toolkit

    ITU Cybercrime Legislation Resources

    ITU-D Study Group Q 22/1 : Securing information and communication networks: best practices for developing a culture of cybersecurity

    Assistance in establishing Cybersecurity capabilities and services (e.g. Computer Incidnet Response Teams CIRTs)

    Regional workshops and capacity building activities related to cybersecurity/cybercrime

    WTDC Resolutions

    ITU Hyderabad Declaration, Paragraph 13 & 14 (2010)13. [] the challenge of building confidence and trust in the availability, reliability,

    security and use of telecommunications/ICTs [.] can be addressed by promoting international coordination and cooperation in cybersecurity, taking into account, inter alia, the ITU Global Cybersecurity Agenda (GCA), as well as the development of related public policies and elaboration of legal and regulatory measures, including building capacity, to ensure cybersecurity, including online protection of children and women.

  • GCA and ITU-R Activities

    Establish fundamental security principles for IMT-2000 (3G) networks

    Issue ITU-R Recommendation on security issues in network management architecture for digital satellite system and performance enhancements of transmission control protocol over satellite networks

    ITU-R Recommendations

    Recommendation ITU-R M.1078: Security principles for International Mobile Telecommunications-2000 (IMT-2000)

    Recommendation ITU-R M.1223: Evaluation of security mechanisms for IMT-2000

    Recommendation ITU-R M.1457: Detailed specifications of the radio interfaces of International Mobile Telecommunications-2000 (IMT-2000)

    Recommendation ITU-R M.1645: Framework and overall objectives of the future development of IMT-2000 and systems beyond IMT-2000

    Recommendation ITU-R S.1250: Network management architecture for digital satellite systems forming part of SDH transport networks in the fixed-satellite service

    Recommendation ITU-R S.1711: Performance enhancements of transmission control protocol over satellite networks

  • The worlds foremost

    cybersecurity alliance!

    Within GCA, ITU and the International Multilateral Partnership Against Cyber Threats (IMPACT) are pioneering the deployment of solutions and services to address cyberthreats on a global scale.

    ITU-IMPACTs endeavor is the first truly global multi-stakeholder and public-private alliance against cyber threats, staging its state-of-the-art facilities in Cyberjaya, Malaysia.

    As executing arm of ITU on cybersecurity, IMPACT supports 192 Member States and others with the expertise, facilities and resources to effectively enhance the global communitys capability and capacity to prevent, defend against and respond to cyber threats.

    Collaboration towards A Global Strategy

  • A Global Partnership

  • ITUIMPACT strategy

    IndustryExperts

    AcademiaInternational

    Bodies

    ThinkTanks

    IMPACTs partners

  • Computer Incident Response Team (CIRT)

    Services for Member States

    Member State Assessment Status

    Afghanistan Completed in October 2009

    Uganda, Tanzania, Kenya, Zambia Completed in April 2010

    Nigeria, Burkina Faso, Ghana, Mali, Senegal, Ivory Coast Completed in May 2010

    Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010

    Serbia, Montenegro, Bosnia, Albania Completed in November 2010

    Cameroon, Chad, Gabon, Congo, Sudan Completed in December 2010

    South America and Arab region Planned in 2011

    ITU performed readiness assessment in 24 countries

    7 countries are now moving to the implementation phase

    Member State

    Sudan Montenegro (signing stage)

    Zambia (proposal issued) Mongolia

    Kenya (proposal issued) Burkina Faso

    Nigeria (proposal issued)

  • ITUs Child Online Protection

    Under the GCA umbrella, ITU initiated the Child Online Protection initiative (COP) in November 2008.

    COP has been established as an international collaborative network for promoting the online protection of children