Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
CTO Cybersecurity Forum 2013 Jean Jacques Massima-landji
1. December 2010
An Overview of ITU’s Cybersecurity Activities
Cybersecurity for ALL
CTO meeting
25, 26 April 2013
Yaoundé
ITU International Cooperation on Cybersecurity
Jean-Jacques MASSIMA-LANDJI,
ITU Representative for Central Africa and
Madagascar
jean-jacques.massima@itu.int
2. December 2010
Why International Cooperation?
► The victim can be anywhere around the globe
while the criminal is operating in elsewhere
in far away
► The challenges are inherently international
in scope and require international cooperation,
investigative assistance, and common substantive
and procedural provisions
► Thus, it is important that countries harmonize their legal frameworks to combat
cybercrime and facilitate international cooperation.
Phenomena of Cybercrime
Harmonization on legal framework
3. December 2010
Legal Challenges to Fight Against Cybercrime
Challenges in Drafting National Criminal Laws
► The main challenge for national criminal legal systems is
the delay between the recognition of potential abuses of
new technologies and necessary amendments to the
national criminal law. This challenge remains as relevant
and topical as ever as the speed of network innovation
accelerates.
Increasing Use of ICTs and the Need for New
Investigative Instruments
► Recent developments in ICTs have not only resulted in
new cybercrimes and new criminal methods, but also
new methods of investigating cybercrime. Advances in
ICTs have greatly expanded the abilities of law
enforcement agencies. Conversely, offenders may use
new tools to prevent identification and hamper
investigation.
4. December 2010 4
Global Framework for Cybersecurity
At the World Summit on the Information Society (WSIS)
in 2005, ITU was entrusted by leaders of the international
community to act as the facilitator for
WSIS Action Line C5:
“Building confidence and
security in the use of ICTs”
5. December 2010
ITU Global Cybersecurity Agenda
In 2007, ITU Secretary-General launched the Global
Cybersecurity Agenda, an international framework for
collaboration on Cybersecurity matters that addresses
five main areas:
1. Legal Measures
2. Technical and Procedural
Measures
3. Organizational Structure
4. Capacity Building
5. International Cooperation
“Building confidence and
security in the use of ICTs”
6
6. December 2010
Legal Measures
Summary of objective:
Harmonization of legal frameworks and
the elaboration of strategies for cybercrime legislation
globally applicable and interoperable
with national/regional legislative measures
• ITU Cybercrime
Legislation Resources
• ITU Toolkit for
Cybercrime Legislation
Resources
• ITU Publication on
Understanding Cybercrime:
A Guide for
Developing Countries
Publications
•Capacity building, training
(training for judges, etc.)
•Regional workshops and events
Training and Events
Related activities/initiatives
7
7. December 2010 8
Examples of Recent Initiatives
ITU Publication on Understanding
Cybercrime: A Guide for Developing
Countries provides a comprehensive
overview of the most relevant topics
linked to the legal aspect of cybersecurity
and cybercrime.
ITU Toolkit for Cybercrime Legislation
aims to provide countries with sample
legislative language and reference material
that can assist in the establishment of
harmonized cybercrime laws and
procedural rules.
www.itu.int/ITU-D/cyb/cybersecurity/legislation.html
8. December 2010
Technical and Procedural Measures
Summary of objective :
Development of strategies for the establishment of
globally accepted security protocols, standards,
minimum security criteria and accreditation schemes
for hardware and software applications and systems
• ITU Standardization Work
• ICT Security Standards
Roadmap promoting
collaboration
• ITU Radiocommunication
security activities
Security Activities
• ITU-T Study Group 17
• ITU-T Study Group 2
Study Groups
Related activities/initiatives
9
9. December 2010
Organizational Structures
Summary of objective :
Elaboration of global strategies for the creation of
appropriate national and regional organizational structures
and policies on cybercrime, watch, warning and
incident response and universal identity systems
Partnerships
• Development of national
computer incident
response teams (CIRTs)
and watch, warning and
incident response related
training
• Etc.
Projects
• Capacity building and training
• Regional workshops and
events
• Direct assistance to countries
Training/ Assistance
Related activities/initiatives
ITU Secretary-General Dr Hamadoun Touré
10
• International Multilateral
Partnership Against Cyber
Threats (IMPACT)
collaboration services
•Partnerships with other
entities to deliver specific
services to Member States
10. December 2010
Capacity Building
Summary of objective :
Development of global strategies to facilitate human
and institutional capacity building across
all relevant aspects of cybersecurity
• ITU National Cybersecurity/
CIIP Self-Assessment Tool
• ITU Toolkit for Promoting a
Culture of Cybersecurity
• ITU Botnet Mitigation
Toolkit and pilot projects
Toolkits and Resources
• IMPACT Training and
Skills Development
Centre
• IMPACT Research
Division
IMPACT Project
• Capacity building and
training across all the pillars
of the GCA
• Targeted workshops and
events
Training and Events
Related activities/initiatives
11
11. December 2010
International Cooperation
Summary of objective :
Development of proposals to enhance international
dialogue on issues that pertain to cybersecurity and
enhance cooperation and coordination across
all relevant activities
• ITU Secretary-General
High Level Expert Group
(HLEG) deliverables
Working Together
• ITU-IMPACT collaboration
• ITU Cybersecurity Gateway
• ITU’s Child Online
Protection (COP)
initiative
Information Sharing
• World Telecommunication
and Policy Forum WTPF 2009
• Regional cybersecurity
forums
Conferences/ Events
Related activities/initiatives
12
12. December 2010
National Cybersecurity Agency: Examples
US Government: Cyberspace Policy Review – Assuring a Trusted and
Resilient Information and Communications Infrastructure – May 2009
Canada: Canadian Cyber Incident Response Centre (CCIRC) – Integrated
within the Strategic Government Operations Centre (GOC)
UK Government: Cybersecurity Strategy for the UK – Safety, Security &
Resilience in Cyberspace (UK Office of Cybersecurity – June 2009)
Australia: Australian Cybersecurity Policy and Co-ordination Committee
(CSPC – Nov 2009), within the Attorney-General’s Government Dept
Malaysia: “Cybersecurity Malaysia” – Mosti : Ministry of Science, Technology
& Innovation, and includes the MyCERT & Training Centre
Singapore: Cybersecurity Awareness Alliance & the IDA Security Masterplan
(Sept 2009) -Singapore Infocomm Techology Security Authority - SITSA
South Korea: Korea Internet and Security Agency (KISA – July 2009)
Cameroon, Congo, Gabon: Agencies in charge of Cyber security installed.
…..Many nations are now also following similar National Strategies, using their
National CIRTs as the focus & catalyst to develop National Cyber Agencies.
13
14. December 2010
Enhanced Incident Response
Enhanced Incident
Management
Culture of Cybersecurity
Prevention & Mitigation
Strategy
Public-Private Sector
Collaboration
National PKI
National Awareness Strategy
Cyber Crime Legislation
National Identity and Access
Management Framework
eGovernment Framework
Child Online Protection
Disaster Recovery Strategy
“Building Blocks”
of the
“National Cybersecurity
Programme”
within the Principles of
“International
Cooperation”
Human Capacity
Building
Assist in Drafting the National
Cybersecurity Strategy
CIRT Benefits
15. December 2010
ITU-IMPACT Activities
The ITU Telecommunication Development Bureau (BDT) is facilitating the
implementation process, managing communication and needs assessment with
Member States and coordinating with IMPACT, to ensure effective delivery of
the services provided.
Computer Incident Response Teams
(CIRTs) and Incident Management
capabilities at National level
National CIRT
Capacity building and training, on-site, on-line, and training on the job
Regional workshops and events, to ensure sustainability and operations of the solutions
Direct assistance to countries, to map the deployment with the needs of the Administration
Capacity Building
16
Global Response Centre
Global Early Warning System,
detecting and monitoring cyber-threats
16. December 2010
How many children are using the
Internet?
Proportion of Internet Users, by age and total
(2008)
0
20
40
60
80
100
N
icaragua
Palestine
H
ondurasC
uba
ElSalvadorEgypt
ParaguayO
m
an
AzerbaijanM
exicoU
kraineThailand
M
auritius
C
osta
R
ica
BrazilC
hile
M
acao,ChinaBahrain
H
ong
Kong,ChinaEU27
N
ew
Zealand
Singapore
Korea
(R
ep.)JapanC
anada
Switzerland
Less than 15
15-24
Total
Source: ITU.
17. December 2010
Objectives
Identify risks and vulnerabilities to children in cyberspace
Create awareness
Develop practical tools to help minimize risk
Share knowledge and experience
Child Online Protection (COP)
COP is a global initiative created by ITU,
aims to tackle cybersecurity holistically, addressing
legal, technical, organizational and procedural
issues as well as capacity building and international
cooperation
www.itu.int/cop
18. December 2010
Guidelines for policy-makers
Children’s Charities’ Coalition on Internet
Safety (CHIS)
United Nations Interregional Crime and
Justice Research Institute (UNICRI)
International Centre for Missing and
Exploited Children (ICMEC)
Child Helpline International (CHI)
INTERPOL
Guidelines on COP
ITU has been working with some COP members to develop initial
sets of guidelines for the different stakeholders.
Guidelines for industry
Children’s Charities’ Coalition on
Internet Safety (CHIS)
GSM Association
European Broadcasting Union (EBU)
INTERPOL
AfrISPA
Telecom Italia
Vodafone
Guidelines for parents, guardians and
educators
Children’s Charities’ Coalition on Internet
Safety (CHIS)
University of Edinburgh, United Kingdom
Insafe Network
European Network and Information
Security Agency (ENISA)
European Commission’s Safer Internet
programme
Cyber Peace Initiative
Guidelines for children
Telefónica
Children’s Charities’ Coalition on
Internet Safety (CHIS)
Save the Children
INTERPOL
http://www.itu.int/cop
19. December 2010
• Elaborated in cooperation with COP
partners.
• The “Child Online Protection National
Strategy Guide” assess the local status
on the ground and presents a Country
Action Plan for developing a national
strategy based on the five pillars of
the GCA.
COP National Strategy Guide
COP National Strategy Guide
20. December 2010
COP National Survey
• Carried out by the ITU, it aims to
determine the scope of COP
policy and legal frameworks
across the world, establishing a
database with issues faced at the
national level.
• More than 90 countries have
participated in the Survey.
(Results available at ITU COP
website)
COP Survey
21. December 2010
COP Statistical Framework
• The Child Online Protection
Statistical Framework and
Indicators 2010 is the world’s first
attempt on measuring child online
protection in a country.
• It has particular emphasis on
measures that allow international
comparison.
COP Statistical Framework
22. December 2010
COP Global Initiative
• 2010: H.E. Laura Chinchilla (President of
Costa Rica), the New COP Patron
• 2010: Ms. Deborah Tate, US
Former Federal
Communications
Commissioner , COP Special
Envoy
COP Special Envoy & COP Patron
23. December 2010 24
With the number of school girls opting to study technology-related
disciplines on the decline in most countries worldwide, ITU is committed
to championing the catalytic role a tech career can play in creating
exciting, far-reaching opportunities for women and girls.
To help inspire girls to consider a future in
technology, ITU established ‘Girls in ICT
Day’ back in 2010 and supports the
global organization of activities every year
on the fourth Thursday in April.
In only its third year, global momentum
around Girls in ICT Day continues to grow
with over 100 countries expected to hold
events hosted by governments, private sector and NGOs in 2013.
International Initiatives
24. December 2010
Thank You!
For more information on ITU’s Cybersecurity Activities
visit the website at: www.itu.int/cybersecurity/
or contact cybmail@itu.int