|
NewsGlobe: Currents
Promoting cybersecurity
Battle for Internet integrity is underway
by Kendrick Struthers-Watson
A battle for the future integrity of the Internet is underway. From
its origins as a dedicated defense research network, the Internet has
transformed modern lifestyles with its promise of open, real-time
communications and limitless information. And yet, at the same time,
the rapid growth of ICT networks has also opened up new opportunities
for criminals to exploit online vulnerabilities and attack countries’
critical infrastructure.
Confidence and security in using ICTs are
vital for building an inclusive, secure and global Information
Society, as acknowledged by the World Summit on the Information
Society (WSIS), but the future growth and potential of the online
environment is in danger from growing cyberthreats.
Organizations and individuals are increasingly dependent on the
information stored and transmitted over advanced communications and
computer networks. Information and communication security is vitally
important: we rely on the smooth and secure operation of networks in
our online activities at work, at home and as consumers. This has led
to a heightened awareness of the need to protect critical data and
resources. Failure to address security issues can not only leave
service providers vulnerable to denial of service attacks or network
outages, it can also give rise to substantial losses and damage to
confidential data and business systems. The costs can be significant —
in terms of lost revenue, loss of sensitive data and damage to
equipment, as well as loss of reputation and standing with customers.
ICTs and global connectivity has spurred development by affording an
advantageous environment for economic growth in many developing
countries. This has enabled a faster development rate than was
previously permitted by traditional methods such as industrialisation.
These countries are faced with the problem of needing to join the
information society without ignoring the risks of becoming dependent
on technologies and technology providers, and avoiding the danger that
the digital divide gives rise to a security divide or even a
heightened dependency on entities that control their needs and the
means of IT security. However, cyber threats are currently being
viewed as a result of ICT deployment rather than as a consequence of
lack of effective network or bad configuration of user equipment,
including user misbehaviour. Cybersecurity is therefore a critical
element for guaranteeing confidence in ICTs and providing a secure
environment for government and economic infrastructures.
The International Telecommunication Union is working hard to address
these emerging challenges of the Information Society and is developing
an international framework to address the serious concerns on
Cybersecurity and its related issues. At the World Summit on the
Information Society (WSIS), world leaders and governments entrusted
ITU to take the lead in coordinating international efforts in this
field, as the sole Facilitator of Action Line C5, "Building confidence
and security in the use of ICTs." This is a responsibility that the
ITU takes very seriously: the ITU is deeply committed through a range
of activities to helping ensure that communications over public
telecommunication networks remain secure, reliable and user-friendly.
ITU is promoting cybersecurity through a range of activities in all
three of its sectors. The Radiocommunication Sector (ITU-R) and the
Standardization Sector (ITU-T) have carried out significant work in
security architecture, encryption and authentication and information
security management systems. The ITU-T has issued a substantial number
of security-related recommendations, as well as an ICT Security
Standards Roadmap, a database for approved ICT security standards and
a Security Manual: Security in Telecommunications and Information
Technology.
Safeguarding quality of service against degradation or denial of
service is vital for the secure operation of networks in data
transmission and service provisioning and many of ITU-R’s latest
Recommendations on generic requirements and the protection of
radiocommunications against interference are relevant. ITU-R has also
issued recommendations on Security principles and mechanisms for
IMT-2000, including references to standards maintained by National and
Regional Standards Development Organisations.
The Telecommunication Development Sector (ITU-D) is developing
cybersecurity capacities by developing an ITU national cybersecurity
framework, providing technical assistance, and organizing
capacity-building cybersecurity forums. To support these activities,
ITU has released a national self-assessment toolkit to assist
governments to enhance their cybersecurity and address critical
information infrastructure protection. Besides the cybersecurity
self-assessment toolkit, other ITU-D initiatives include a botnet
mitigation toolkit, a toolkit on cybercrime legislation, a toolkit on
CSIRTs, a toolkit on promoting a culture of cybersecurity, a global
anti-spam legislative survey, a publication on cybercrime, and
research on the financial aspects of network security: malware and spam.
On 17 May 2007, ITU launched the Global Cybersecurity Agenda
(www.itu.int/cybersecurity/gca) to provide a framework within which
the international response to the growing challenges to cybersecurity
can be coordinated and addressed. GCA benefits from the advice of an
expert panel on the complex issues surrounding cybersecurity. The
High-Level Experts Group (HLEG) consists of world-renowned specialists
in cybersecurity, representing expertise from across a broad range of
backgrounds in policy-making, government, academia and the private
sector. This advisory Group met for the first time in Geneva on 5
October 2007 to develop concrete strategies to combat cybercrime and
promote cybersecurity.
The High-Level Experts Group is committed to formulate concrete
proposals on necessary long-term global strategies to promote
cybersecurity in five key work areas:
1. Legal Measures: criminal activities committed over computer
networks through legislation in an internationally compatible manner;
2. Technical and Procedural Measures: key measures for addressing
vulnerabilities in software products, including accreditation schemes,
protocols and standards;
3. Organizational Structures: a generic framework and optimal response
strategies for the prevention, detection, response to and crisis
management of cyberattacks, including the protection of countries’
critical information infrastructure systems;
4. Capacity Building: elaborating strategies for concrete
capacity-building mechanisms to raise awareness, transfer know-how and
boost cybersecurity on the national policy agenda;
5. International Cooperation: multi-stakeholder strategy for
international cooperation, dialogue and coordination in dealing with
cyberthreats.
These proposals will form the core of a global strategic report on the
five work areas which will be presented on 21 May 2008 during the
Second Meeting of the HLEG and will be then submitted as input to the
Third Facilitation Meeting for WSIS Action line C5 — Building
Confidence and Security for the use of ICTs.
|
