Collaboration between National CSIRTs Marco Obiso Cybersecurity Coordinator International Telecommunication Union (ITU)
ITU and Cybersecurity 2003 2005 WSIS entrusted ITU as sole facilitator for WSIS Action Line C5 Building Confidence and Security in the use of ICTs 2007 ITU Secretary-General launched the Global Cybersecurity Agenda (GCA). A framework for international cooperation in cybersecurity 2008-2010 ITU Membership endorsed the GCA as the ITU-wide strategy on international cooperation. 2
Service Portfolio 5 Service areas 18 Services Engagement and awareness Global Cybersecurity Index Global, Regional and National events High-Level Cybersecurity Simulations Information Dissemination Information sharing Best Practices Sharing Information Exchange Tools and Techniques National Cybersecurity Assistance National Cybersecurity Assessment National Cybersecurity Strategy (NCS) support Critical Infrastructure Protection Support Technical Assistance Computer Incident Response Team (CIRT) Program CIRT Assessment CIRT Design CIRT Establishmemt CIRT Improvement Human Capacity Building Curricula and Training Programs Bespoke Training Regional drills National drills 3
Multistakeholder approach 4
ITU current efforts 65 National CIRT ASSESSMENT Africa: Angola, Botswana, Burkina Faso, Burundi, Cameroon, Chad, Congo (Dem Rep), Congo (Republic), Côte d'ivoire, Gabonese Republic, Gambia, Ghana, Kenya, Lesotho, Liberia, Niger, Nigeria, Rwanda, Senegal, Swaziland, Tanzania, Togolese Republic, Uganda, Zambia, Zimbabwe Americas: Anguilla, Antigua, Barbados, Bolivia, Dominica, Dominican Republic, Ecuador, Grenada, Honduras, Jamaica, St Kitts & Nevis, St Lucia, St Vincent & The Grenadines, Suriname, Trinidad and Tobago Arab region: Comoros, Djibouti, Jordan, Lebanon, Mauritania, Palestine, Sudan Asia & Pacific: Afghanistan, Bangladesh, Bhutan, Cambodia, Fiji, Laos, Maldives, Myanmar, Nepal, Vanuatu, Vietnam Europe & CIS: Albania, Armenia, Cyprus, Macedonia, Monaco, Montenegro, Serbia 14 National CIRT designed and established Barbados Burkina Faso Cote d Ivoire Cyprus Ghana Jamaica Kenya Montenegro Tanzania Trinidad and Tobago Uganda Zambia Burundi (in progress) Gambia (in progress) 5
Current status at the global level 102 National CSIRTs worldwide 6
Why cooperation is important (Specifically for National CSIRTs) Cyberspace with no borders, interdependencies between networks, technologies, services, products Most of the malicious traffic is coming from outside the national jurisdiction Information sharing and threat intelligence as key mechanisms toward response Good practices (often from other players) to be used to improve National CSIRT operations Aligning views, mitigate divergences, reduce (or even remove) political barriers 7
Challenges Lack of trust No give and take approach Why sharing if I can have a competitive advantage in not doing that Concerns on sharing Credibility, reputation Political agenda Absence of common language, terminologies and process for sharing No standard approach (now better than before but still on progress) No common terminology Lack of resources Not easy to collect, process and share in a systematic manner - resources are required, continuous effort is needed Commercialization of cyberspace Cyberthreats related data have commercial value; vendors and commercial entities are not always keen to share as they might lose business 8
A quick snapshot (Notable examples) Global initiatives Regional initiatives National initiatives 9
FIRST current status 10
Where cooperation should take place At national level Intra agency, interagency, multi stakeholder (mainly with private sector but not only) Establishment of a national committee At regional level Because of cultural and political commonalities Between National CSIRTs supported by the relevant regional entity ENISA (CSIRT network), Regional CERT Associations At international level To export and national and regional views; raise awareness and build consensus To harmonize practices and modus operandi toward a global cybersecurity culture Make use of international organisms (e.g. UN) Group of Governmental Experts On Developments in the Field of Information and Telecommunications In the Context of International Security (UN GGE) - Organization for Security and Cooperation in Europe (OSCE) Confidence Building Measures (CBM) - ITU Join FIRST 11
Thank you Cybersecurity (at) itu.int