cybersecurity @ itu€¦ · montenegro, netherlands, norway, poland, portugal, romania, san marino,...
TRANSCRIPT
Cybersecurity @ ITU The New Global Challenges in Cybersecurity 30 October 2017 Bucharest, Romania
Rosheen Awotar-Mauree Programme Officer, ITU Office for Europe
International Telecommunication Union - Overview
2
Cybersecurity - Global Policy Sustainable Development Goals – SDGs 1, 4, 5, 7, 8, 9, 11, 16, 17 SDG 9: Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation.
Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure, including regional and trans-border infrastructure, to support economic development and human well-being, with a focus on affordable and equitable access for all.
WSIS Action Line C5 : Building confidence and security in the use of ICTs
Global Cybersecurity Agenda - GCA A multi-stakeholder platform to address cybersecurity challenges from 5 perspectives : Legal, Technical, Organisational, Capacity Building, Cooperation 3 Pillars of Sustainable Development
Economic development Social inclusion Environmental protection
Services in Cybersecurity
ITU Office for Europe [email protected] 43 Countries : Albania, Andorra, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Former Yugoslav Republic of Macedonia, Monaco, Montenegro, Netherlands, Norway, Poland, Portugal, Romania, San Marino, Serbia, Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, Vatican, United Kingdom
WTDC-14: 5 Regional Initiatives for 2014 to 2017 EUR1: Spectrum management and transition to digital broadcasting EUR2: Development of broadband access and adoption of broadband EUR3: Ensuring access to telecommunications/ICTs in particular for persons with disabilities EUR4: Building confidence and security in the use of telecommunications/ICTs
WTDC-17: 5 Regional Initiatives for 2018 to 2021
ITU Regional Initiative 4 in Europe (EUR4)
Objective: To build confidence and security in the use of telecommunications /ICTs
Some Actions 2016-2017 • ITU – Council of Europe: High Level Round Table on COP, 10 October 2016
• ITU-ENISA Regional Cybersecurity Forum for Europe, 29-30 November 2016, Bulgaria
• Benchmark of national initiatives on COP in the Central and Eastern European Countries
• Central European Cybersecurity public-private dialogue platform, Romania [co-organized - annual]
• National CIRT Implementation, Cyprus [2017-2018]
• CIRT Assessment, Bosnia & Herzegovina, November-December 2017
• International Conference "Keeping Children and Young People Safe Online”, Poland [co-organized - annual]
• ITU ALERT International Cyber Drill Exercise for the Europe Region [every 2 years]
• Western European Cybersecurity public-private dialogue platform, Switzerland, 7-8 December 2017
• Who ? Governments, ICT players, Academia, Theme centric groups [Child online protection]
• We are better at Regional level
• EU, African Union, ASEAN, League of Arab States, OAS
• CIRT level [TF-CSIRT, APCERT, OIC CERT, AFRICACERT ..]
What can we do better ?
• Identify initiatives where there is agreement and act now
• Child Online Protection
• Cybersecurity Capacity Building
• Expertise / Experience exchanges
• Technical collaboration at CIRT level : expertise, threat information
• A better dialogue with shapers of Cyberspace
• Large ICT players, Youth
From collaboration on major incidents [crisis] to collaboration on regular incidents
Towards Corporate Social Responsibility [voluntary ethics] for a healthy Cyberspace
7
Challenge I - Achieving Global Cooperation
8
Challenge II - Online Protection Enlarged attack surfaces engendered by
• Internet of Things : re-scope critical infrastructure – redefine CIRTs
• Artificial Intelligence
• Next Generation Networks - 5G
• Data everywhere – privacy rights
• Social interactions online
What can we do better ?
• Security by Design – everywhere
• Data privacy - simple, practical
• Open data – adopt as an opportunity
• Ethics - voluntary / regulated
Open reason based dialogues for the good stewardship of the planet centered on fundamental human responsibility
ITU-T Study Group 20 Question 6
Security, Privacy, Trust, and Identification
for IoT and SmartCities & Communities
9
Challenge III – Bridging the Cybersecurity Divide
GCI 2017 Commitment levels High Medium Low
10
Out of 193 countries
• 50% do not have a Cybersecurity strategy at national level
• 39% do not have a CIRT with national responsibility
• 79 % do not have metrics to measure Cybersecurity at national level
• Weakest link from a world perspective
• Confusion on what tools to use, which methodology to follow
What can we do better ?
• Rethink - Innovate capacity building efforts at country level
• Simple effective twinning initiatives
• Work together to pool resources for enhance quality and
faster deployment
• Reduce confusion by providing harmonized reference points
• Promote adoption of secure ICTs at all levels
Move from leading or owning actions to working together for synergies, resource optimization and removal of overlaps
Challenge III – Bridging the Cybersecurity Divide
Source: ITU Global Cybersecurity Index 2017
Reference Guide for National Cybersecurity
11
PARTNERSHIPS for initiatives
Global Cybersecurity Index – call for new partners
• Australia Strategic Policy Institute, FIRST, Indiana University, INTERPOL, ITU-Arab Regional Cybersecurity Centre, Korea Internet & Security Agency, NTRA Egypt, Potomac Institute of Policy Studies, Red Team Cyber, UNICRI, University of Technology Jamaica, UNODC, World Bank
National Cybersecurity Strategy Reference Guide
• CCI, CTO, ENISA, GCSP, GCSCC University of Oxford, Intellium, Microsoft, NATO CCDCOE, OECD, OAS, Potomac Institute, RAND Europe, UNCTAD and World Bank
Child Online Protection – a whole community
Cybersecurity Cooperation actions @ ITU
12
ITU STUDY GROUPS – Membership driven
ITU-D Study Group2 Question3
• Securing information and communication networks:
Best practices for developing a culture of cybersecurity
ITU-T Study Group 17 : Security
• Develop recommendations for future standards including in Cybersecurity
ITU-R Study Groups
• Securing radiocommunications
Cybersecurity Cooperation actions @ ITU
13