Cybersecurity @ ITU The New Global Challenges in Cybersecurity 30 October 2017 Bucharest, Romania Rosheen Awotar-Mauree Programme Officer, ITU Office for Europe
2 International Telecommunication Union - Overview
Cybersecurity - Global Policy Sustainable Development Goals SDGs 1, 4, 5, 7, 8, 9, 11, 16, 17 SDG 9: Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation. Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure, including regional and trans-border infrastructure, to support economic development and human well-being, with a focus on affordable and equitable access for all. WSIS Action Line C5 : Building confidence and security in the use of ICTs Global Cybersecurity Agenda - GCA A multi-stakeholder platform to address cybersecurity challenges from 5 perspectives : Legal, Technical, Organisational, Capacity Building, Cooperation 3 Pillars of Sustainable Development Economic development Social inclusion Environmental protection
Services in Cybersecurity
ITU Office for Europe EURregion@itu.int 43 Countries : Albania, Andorra, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Former Yugoslav Republic of Macedonia, Monaco, Montenegro, Netherlands, Norway, Poland, Portugal, Romania, San Marino, Serbia, Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, Vatican, United Kingdom WTDC-14: 5 Regional Initiatives for 2014 to 2017 EUR1: Spectrum management and transition to digital broadcasting EUR2: Development of broadband access and adoption of broadband EUR3: Ensuring access to telecommunications/icts in particular for persons with disabilities EUR4: Building confidence and security in the use of telecommunications/icts WTDC-17: 5 Regional Initiatives for 2018 to 2021
ITU Regional Initiative 4 in Europe (EUR4) Objective: To build confidence and security in the use of telecommunications /ICTs Some Actions 2016-2017 ITU Council of Europe: High Level Round Table on COP, 10 October 2016 ITU-ENISA Regional Cybersecurity Forum for Europe, 29-30 November 2016, Bulgaria Benchmark of national initiatives on COP in the Central and Eastern European Countries Central European Cybersecurity public-private dialogue platform, Romania [co-organized - annual] National CIRT Implementation, Cyprus [2017-2018] CIRT Assessment, Bosnia & Herzegovina, November-December 2017 International Conference "Keeping Children and Young People Safe Online, Poland [co-organized - annual] ITU ALERT International Cyber Drill Exercise for the Europe Region [every 2 years] Western European Cybersecurity public-private dialogue platform, Switzerland, 7-8 December 2017
7 Challenge I - Achieving Global Cooperation Who? Governments, ICT players, Academia, Theme centric groups [Child online protection] We are better at Regional level EU, African Union, ASEAN, League of Arab States, OAS CIRT level [TF-CSIRT, APCERT, OIC CERT, AFRICACERT..] What can we do better? Identify initiatives where there is agreement and act now Child Online Protection Cybersecurity Capacity Building Expertise / Experience exchanges Technical collaboration at CIRT level : expertise, threat information A better dialogue with shapers of Cyberspace Large ICT players, Youth From collaboration on major incidents [crisis] to collaboration on regular incidents Towards Corporate Social Responsibility [voluntary ethics] for a healthy Cyberspace
Challenge II - Online Protection Enlarged attack surfaces engendered by Internet of Things : re-scope critical infrastructure redefine CIRTs Artificial Intelligence Next Generation Networks - 5G Data everywhere privacy rights Social interactions online What can we do better? Security by Design everywhere Data privacy - simple, practical Open data adopt as an opportunity Ethics - voluntary / regulated ITU-T Study Group 20 Question 6 Security, Privacy, Trust, and Identification for IoT and SmartCities & Communities Open reason based dialogues for the good stewardship of the planet centered on fundamental human responsibility 8
Challenge III Bridging the Cybersecurity Divide 9 GCI 2017 Commitment levels High Medium Low
Challenge III Bridging the Cybersecurity Divide Out of 193 countries 50% do not have a Cybersecurity strategy at national level 39% do not have a CIRT with national responsibility 79 % do not have metrics to measure Cybersecurity at national level Weakest link from a world perspective Confusion on what tools to use, which methodology to follow What can we do better? Rethink - Innovate capacity building efforts at country level Simple effective twinning initiatives Work together to pool resources for enhance quality and faster deployment Reduce confusion by providing harmonized reference points Promote adoption of secure ICTs at all levels Source: ITU Global Cybersecurity Index 2017 Reference Guide for National Cybersecurity 10 Move from leading or owning actions to working together for synergies, resource optimization and removal of overlaps
Cybersecurity Cooperation actions @ ITU PARTNERSHIPS for initiatives Global Cybersecurity Index call for new partners Australia Strategic Policy Institute, FIRST, Indiana University, INTERPOL, ITU-Arab Regional Cybersecurity Centre, Korea Internet & Security Agency, NTRA Egypt, Potomac Institute of Policy Studies, Red Team Cyber, UNICRI, University of Technology Jamaica, UNODC, World Bank National Cybersecurity Strategy Reference Guide CCI, CTO, ENISA, GCSP, GCSCC University of Oxford, Intellium, Microsoft, NATO CCDCOE, OECD, OAS, Potomac Institute, RAN D Europe, UNCTAD and World Bank Child Online Protection a whole community 11
Cybersecurity Cooperation actions @ ITU ITU STUDY GROUPS Membership driven ITU-D Study Group2 Question3 Securing information and communication networks: Best practices for developing a culture of cybersecurity ITU-T Study Group 17 : Security Develop recommendations for future standards including in Cybersecurity ITU-R Study Groups Securing radiocommunications 12
13
mulțumesc Thank you eurregion@itu.int www.itu.int