Cybersecurity for ALL

UNODC ITU ASIA PACIFIC REGIONAL WORKSHOP

ONFIGHTING CYBERCRIME

21-23 SEPTEMBER 2011SEOUL

REPUBLIC OF KOREA

Founded in 1865

Leading UN Special Agency for ICTs

HQs in Switzerland

ITU-T

ITU’s standards-making efforts are its best-known – and oldest –

activity.

ITU-R

Managing the international radio-frequency spectrum and satellite

orbit resources

ITU-D

Established to help spread equitable, sustainable and affordable access to ICT.

ITU TELECOM

Brings together the top names from across the ICT industry & ministers and regulators for a major exhibition,

a high-level forum & a host of other opportunities

ITU Overview

Three sectors (ITU-T, ITU-D, and ITU-R)

4 Regional Offices & 7 Area Offices

192 Member States and 750 Sector Members

Security Threats in Multimedia Communications- Example

Security Threats in Mobile Communications- Example

Key Cybersecurity Challenges

Lack of adequate and interoperable national or regional legal frameworks

Lack of secure software and ICT-based applications

Lack of appropriate national and global organizational structures to deal with cyber incidents

Lack of information security professionals and skills within governments; lack of basic awareness among users

Lack of international cooperation between industry experts, law enforcements, regulators, academia & international organizations, etc. to address a global challenge

Cybersecurity not seen yet as a cross-sector, multi-dimensional concern. Still seen as a technical/technology

problem.

Global Cybersecurity Cooperation

Cyber threats/vulnerabilities are global challenges that cannot be solved by any single entity alone!

The world is faced with thechallenging task of developingharmonized and comprehensivestrategies at the global leveland implementing these withthe various relevant national,regional, and internationalstakeholders in the countries

ITU and Cybersecurity

2003 – 2005

WSIS entrusted ITU as sole facilitator for WSIS Action Line C5

“Building Confidence and Security in the use of ICTs”

2007

ITU Secretary-General launched the Global Cybersecurity Agenda (GCA)

A framework for international cooperation in cybersecurity

2008 - 2010

ITU Membership endorsed the GCA as the ITU-wide strategy on international cooperation

GCA is designed for cooperation and efficiency, encouraging collaboration with and between all relevant partners, and building on existing initiatives to avoid duplicating efforts.

Global Cybersecurity Agenda (GCA)

ITU High-Level Expert Group (HLEG) ITU-IMPACT CollaborationITU Cybersecurity Gateway

ITU’s Child Online Protection (COP)

Collaboration with UNICEF, UNODC, UNICRI, UNICITRAL and UNDIR

ITU National Cybersecurity Strategy GuideITU Botnet Mitigation Toolkit and pilot projects

Regional Cybersecurity SeminarsCybersecurity Assessment and Self assessment

4. Capacity Building

Global

Cybersecurity

Agenda (GCA)CIRT assessments and deploymentITU work on CIRTs cooperationITU Cybersecurity Information Exchange Network (CYBEX)

3. Organizational Structures

5. International Cooperation

ITU Toolkit for Cybercrime Legislation

ITU Publication on Understanding Cybercrime: A Guide for Developing Countries

1. Legal Measures

ITU Standardization WorkICT Security Standards Roadmap ITU-R Security ActivitiesITU-T Study Group 17 ITU-T Study Group 2

2. Technical and Procedural Measures

GCA: From Strategy to Action

1

0

Examples of Recent Initiatives

ITU NATIONAL CYBERSECURITY STRATEGY GUIDE

The Guide focuses on the issues that countries should consider when elaborating or reviewing national Cybersecurity strategies.

www.itu.int/ITU-D/cyb/cybersecurity/legislation.html

GCA and ITU-T Activities

ITU-T Study Group 17

Lead Study Group for Telecommunication Security

Mandate for Question 4/17 (Q.4/17): Cybersecurity

Provides ICT Security Standards Roadmap

ITU-T Cybersecurity Information Exchange Framework (CYBEX): September 2009

ITU-T Security Manual "Security in telecommunications and information technology”(4th ed.): Scheduled for publication in 2010

Draft summaries of Study Group 17 recommendations

Focus Group on Identity Management (IdM)

Approved over 100 Recommendations on security for communication

Facilitates collaboration among national Computer Incident Response Teams (CIRTs)

WTSA Resolutions

ITU WTSA Resolution 50: Cybersecurity (Rev. Johannesburg, 2008)

ITU WTSA Resolution 52: Countering and combating spam (Rev. Johannesburg, 2008)

ITU WTSA Resolution 58: Encourage the creation of national computer incident response teams, particularly for developing countries (Johannesburg, 2008)

GCA and ITU-D Activities

Assisting developing countries in bridging the digital divide by advancing the use of ICT-based networks, services and applications, and promoting cybersecurity

ITU National Cybersecurity Guide

ITU Botnet Mitigation Toolkit

ITU Cybercrime Legislation Resources

ITU-D Study Group Q 22/1 : Securing information and communication networks: best practices for developing a culture of cybersecurity

Assistance in establishing Cybersecurity capabilities and services (e.g. Computer Incidnet Response Teams – CIRTs)

Regional workshops and capacity building activities related to cybersecurity/cybercrime

WTDC Resolutions

•ITU Hyderabad Declaration, Paragraph 13 & 14 (2010)

“13. […] the challenge of building confidence and trust in the availability, reliability,

security and use of telecommunications/ICTs [….] can be addressed by promoting international coordination and cooperation in cybersecurity, taking into account, inter alia, the ITU Global Cybersecurity Agenda (GCA), as well as the development of related public policies and elaboration of legal and regulatory measures, including building capacity, to ensure cybersecurity, including online protection of children and women.”

GCA and ITU-R Activities

Establish fundamental security principles for IMT-2000 (3G) networks

Issue ITU-R Recommendation on security issues in network management architecture for digital satellite system and performance enhancements of transmission control protocol over satellite networks

ITU-R Recommendations

Recommendation ITU-R M.1078: Security principles for International Mobile Telecommunications-2000 (IMT-2000)

Recommendation ITU-R M.1223: Evaluation of security mechanisms for IMT-2000

Recommendation ITU-R M.1457: Detailed specifications of the radio interfaces of International Mobile Telecommunications-2000 (IMT-2000)

Recommendation ITU-R M.1645: Framework and overall objectives of the future development of IMT-2000 and systems beyond IMT-2000

Recommendation ITU-R S.1250: Network management architecture for digital satellite systems forming part of SDH transport networks in the fixed-satellite service

Recommendation ITU-R S.1711: Performance enhancements of transmission control protocol over satellite networks

The world’s foremost

cybersecurity alliance!

Within GCA, ITU and the International Multilateral Partnership Against Cyber Threats (IMPACT) are pioneering the deployment of solutions and services to address cyberthreats on a global scale.

ITU-IMPACT’s endeavor is the first truly global multi-stakeholder and public-private alliance against cyber threats, staging its state-of-the-art facilities in Cyberjaya, Malaysia.

As executing arm of ITU on cybersecurity, IMPACT supports 192 Member States and others with the expertise, facilities and resources to effectively enhance the global community’s capability and capacity to prevent, defend against and respond to cyber threats.

Collaboration towards A Global Strategy

A Global Partnership

ITU–IMPACT strategy

IndustryExperts

AcademiaInternational

Bodies

ThinkTanks

IMPACT’s partners

Computer Incident Response Team (CIRT)

Services for Member States

Member State Assessment Status

Afghanistan Completed in October 2009

Uganda, Tanzania, Kenya, Zambia Completed in April 2010

Nigeria, Burkina Faso, Ghana, Mali, Senegal, Ivory Coast Completed in May 2010

Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010

Serbia, Montenegro, Bosnia, Albania Completed in November 2010

Cameroon, Chad, Gabon, Congo, Sudan Completed in December 2010

South America and Arab region Planned in 2011

ITU performed readiness assessment in 24 countries

7 countries are now moving to the implementation phase

Member State

Sudan Montenegro (signing stage)

Zambia (proposal issued) Mongolia

Kenya (proposal issued) Burkina Faso

Nigeria (proposal issued)

ITU’s Child Online Protection

Under the GCA umbrella, ITU initiated the Child Online Protection initiative (COP) in November 2008.

COP has been established as an international collaborative network for promoting the online protection of children and young people worldwide by providing guidance on safe online behavior.

Key Objectives of COP

Identify risks and vulnerabilities to children in cyberspace

Create awareness

Develop practical tools to help minimize risk

Share knowledge and experience

Working together

• Advanced Development for Africa (ADA) • Child Helpline International (CHI)• Children's Charities' Coalition on Internet Safety • Cyber Peace Initiative• ECPAT International • European Broadcasting Union (EBU)• European Commission - Safer Internet Programme• European Network and Information Security Agency

(ENISA)• European NGO Alliance for Child Safety Online (eNASCO)• eWWG Family Online Safety Institute (FOSI) Girl Scouts of America • Government of Poland (UKE) • GSM Association• iKeepSafe• International Criminal Police Organization (Interpol)• International Multilateral Partnership Against Cyber Threats

(IMPACT)• International Centre for Missing & Exploited Children• Microsoft • Optenet• Save the Children • Telecom Italia• Telefónica• United Nations Children’s Fund (UNICEF)• United Nations Institute for Disarmament Research

(UNIDIR)• United Nations Interregional Crime and Justice Research

Institute (UNICRI)• United Nations Office on Drugs and Crime (UNODC) • Vodafone Group

COP has been

supported by a wide

range of partners from

all stakeholder groups

(governments,

industries, NGOs, and

other UN agencies) as

well as the UN

Secretary-General.

COP Guidelines

ITU has worked with some COP partners to develop the first sets of guidelines for the different stakeholders: Available in the six UN languages (+ more)

Launching “COP Global Initiative”

In 2010, the President of Costa Rica, H.E. Laura Chinchilla, became the new patron of COP.

Together with Costa Rica, the ITU Secretary-General launched the COP Global Initiative with high-level deliverables.

Through this initiative, ITU is taking the next steps to develop a cybersecurity strategy for child online safety, delivering significant national benefits.

COP Deliverables

COP high level deliverables across the five strategic pillars were designed to be achieved by ITU and COP members in collaboration. Such as,

1. Legal Measures

National Strategy Guide

Legislative Toolkit

2. Technical and Procedural Measures

Code of Conducts

Technical Measures

3. Organizational Structure

National Hotline (Child Helpline)

National Corresponding Center

4. Capacity Building

COP Awareness Program

COP Special Envoy

COP National Case Study

5 . International Cooperation

COP Online Platform

Recent COP outcomes

ITU “Child Online Protection Statistical Framework and Indicators”

The world’s first attempt to provide the overall statistical framework related to the measurement of child online protection with a particular emphasis on measures that are suitable for international comparison.

ITU’s Security standardization group started to examine COP issues (April 2011)

ITU Standardization experts (Study Group 17) were being asked to study COP issue, to develop interoperable standards and related recommendations to protect children online.

ITU – UNODC MoU: Areas of Cooperation

Legal Measures

24

Capacity Building and Technical Assistance(National and Regional)

Capacity Building and Technical Assistance

Intergovernmental and expert meetings

Joint Study

Sharing knowledge and information

Recent Achievements

A Memorandum of Understanding signed between ITU and the United Nations Office on Drugs and Crime (UNODC) at this year’s WSIS Forum event in Geneva will see the two organizations collaborate in assisting ITU and UN Member States mitigate the risks posed by cybercrime.

It is the first time that two organizations within the UN system have formally agreed to cooperate at the global level on cybersecurity.

In line with its long tradition of public-private partnership, ITU has also signed an MoU with Symantec. ITU will use Symantec’s security intelligence, in the form of its quarterly Internet Security Threat Reports, to increase understanding of and readiness for cybersecurity risks.

By distributing this report – which captures data from across Symantec’s Global Intelligence Network – to interested Member States, ITU aims to help better prepare governments in developing and developed nations alike to respond to the ever-growing risk from malware, cyber attackers and information thieves.

Cybersecurity and the ITU in Asia Pacific Region

ITU Asia-Pacific Region Regional Office for Asia and

the Pacific: Bangkok, Thailand

Area Office for South East Asia: Jakarta, Indonesia

The offices serve for 38 Member States and 69 Sector Members

Afghanistan

Bangladesh

Bhutan

Cambodia

Lao, PDR

Maldives

Nepal

Myanmar

Kiribati

Samoa

Solomon Is.

Tuvalu

Vanuatu

Fiji

Marshall Islands

Micronesia

Nauru

Tonga

LDCs (13)

PNG

D.P.R. Korea

India

Indonesia

Mongolia

Pakistan

Philippines

Sri Lanka

Vietnam

Timor Leste

Low-Income States (10)

SIDS (11)

Australia

Brunei

China/Hong Kong

Iran

Japan

Malaysia

New Zealand

R.O. Korea

Singapore

Thailand

The Rest (10)

ITU-D Sector & Associate Members: Asia-Pacific Region

Membership Application at http://www.itu.int/members/sectmem/Form.pdf

1. Afghanistan Information Management Services (AIMS) -Afghanistan

2. Afghan Wireless Communication Co.- Afghanistan

3. Asia Pacific Network Information Centre – Australia

4. Axiata (Bangladesh) Limited - Bangladesh

5. Grameenphone (GP) Limited – Bangladesh

6. Orascom Telecom Bangladesh Limited (Banglalink)

7. Bhutan Telecom – Bhutan

8. Telekom Brunei Berhad (TelBru) – Brunei Darussalam

9. China Telecommunications Corporation - China

10. China Unicom (Hong Kong) Ltd. - China

11. Huawei Technologies Co. Ltd.- China

12. ZTE Corporation – China

13. Secretariat of the Pacific Community (SPC) - Fiji

14. Bharat Sanchar Nigam Ltd. - India

15. Bharti Airtel Limited - India

16. Cellular Operators Association of India

17. ITU-APT Foundation of India

18. Luna Ergonomics Pvt. Ltd - India

19. Mahanagar Telephone Nigam Ltd. – India

20. RailTel Corporation of India Limited, India

21. Shyam Telecom Limited, India

22. Telecom Disputes Settlement & Appellate Tribunal - India

23. Telecom Regulatory Authority of India

24. Vihaan Networks Limited (VNL), India

25. PT. INDOSAT Tbk. - Indonesia

26. PT. Telekomunikasi Indonesia Tbk - Indonesia

27. Telecommunication Company of Iran

28. Fujitsu Limited - Japan

29. Hitachi, Ltd. - Japan

30. KDDI Corporation - Japan

31. National Institute of Information and Communications Technology – Japan

32. NEC Corporation - Japan

33. Nippon Telegraph and Telephone East Corporation – Japan

34. Nippon Telegraph and Telephone West Corporation – Japan

35. Nomura Research Institute Ltd.- Japan

36. The ITU Association of Japan

37. Tokai University – Japan

38. Korea Information Society Development Institute (KISDI) –R.O.Korea

39. Korea Internet & Security Agency (KISA) – R.O. Korea

40. KT Corporation _ R.O. Korea

41. National Information Society Agency (NIA) – R.O. Korea

42. Samsung SDS Co.Ltd, R.O. Korea

43. Asia-Pacific Broadcasting Union – Malaysia

44. Asia-Pacific Institute for Broadcasting Development – Malaysia

45. Astronautic Technology (M) Sdn.Bhd., Malaysia

46. Axiata Group Berhad, Malaysia

47. CyberSecurity, Malaysia

48. Global Knowledge Partnership, Malaysia

49. Green Packet Berhad – Malaysia

50. Maxis Mobile Sdn Bhd. – Malaysia

51. MEASAT Satellite Systems Sdn. Bhd. - Malaysia

52. Telekom Malaysia Berhad – Malaysia

53. Communications Regulatory Commission of Mongolia

54. Information Communication Network Company – Mongolia

55. MobiCom Corporation – Mongolia

56. Nepal Telecom Company Limited- Nepal

57. Nepal Telecommunications Authority – Nepal

58. e Worldwide Group – Pakistan

59. Multinet Pakistan (PVT) Limited - Pakistan

60. National Telecommunication Corporation – Pakistan

61. Pakistan Mobile Communications Limited - Pakistan

62. Pakistan Telecommunication Company Limited - Pakistan

63. Smart Communications, Inc. – Philippines

64. Rohde & Schwarz , Singapore

65. Dialog Axiata PCL – Sri Lanka

66. Sri Lanka Telecom Ltd. – Sri Lanka

67. Asia-Pacific Telecommunity – Thailand

68. Advanced Info Service Public Company Ltd. – Thailand

69. Total Access Communication PLC – Thailand

70. True Corporation Public Co., Ltd. – Thailand

71. Viettel Corporation, VietNam

72. Chuan Wei (Cambodia) Co., Ltd. - Cambodia

ITU and Cybersecurity in Asia-Pacific

2007

Afghanistan, Bangladesh, Bhutan, Maldives, Nepal , Cambodia, Laos, Myanmar, Vietnam

Bhutan

Regional Forum on

Cybersecurity, Vietnam

Pacific CERT

Forums

Seminars

2008 2009

Regional Forum on

Cybersecurity, Australia

Regional Forum on

Cybersecurity India

Ministerial Sub Theme ABBMN

2010

CIRT (CERT)

Policy related

Indonesia

CLMV Ministerial Sub Theme

2011

Regional Forum on fighting

Cybercrime, Rep. of Korea

CapacityBuilding

Establishment of a training Node (IMPACT) in Asia-Pacific to build capacity on a continuous basis

Assistance to Pacific Islands Countries under the ITU-European Commission Project

3

030

ITU Asia-Pacific Centres of Excellenceoffering specialized training opportunities at low or no fees

30

Spectrum Management(Ministry of ICT, Iran)

Technology AwarenessPusan National University

Rep. of Korea

BroadcastingAsia Pacific Institute

for Broadcasting Development

Rural ICT Development Universiti Utara Malaysia

Business ManagementMinistry of ICT, Thailand

Policy & RegulationPakistan Telecommunication

Authority

Asia-Pacific

CYBERSECURITYIMPACT

ICT APPLICATIONSVietnam

2010-2011

11 Trainings/ Workshops,

4 Online Trainings,

Over 500 trainees,

2 additional Nodes

3

1

Links to More Information An Overview of ITU Activities in Cybersecurity

www.itu.int/cybersecurity/

ITU Global Cybersecurity Agenda

www.itu.int/cybersecurity/gca/

ITU-D ICT Applications and Cybersecurity Division

www.itu.int/ITU-D/cyb/

ITU National Cybersecurity/CIIP Self-Assessment Toolkit

www.itu.int/ITU-D/cyb/projects/readiness.html

ITU Cybercrime Legislation Resources

www.itu.int/ITU-D/cyb/cybersecurity/legislation.html

ITU Botnet Project Website

www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.html

Regional Cybersecurity Forums and Conferences

www.itu.int/ITU-D/cyb/events/

ITU Child Online Protection (COP)

www.itu.int/cop/

3

2

Conclusion

A multi-pronged approach is necessary to ensure Cybersecurity and

fight Cybercrime

Thank You!

For more information on ITU’s Cybersecurity Activities visit the website at: www.itu.int/cybersecurity/

or contact cybmail@itu.int

marco.obiso@itu.int

ashish.narayan@itu.int