Global Cybersecurity Agenda

On 17 May 2007, the International Telecommunication Union launched the Global Cybersecurity Agenda (GCA) [ http://www.itu.int/cybersecurity/gca GCA Home Page] , to provide a framework within which the international response to the growing challenges to cybersecurity can be coordinated and addressed. The Global Cybersecurity Agenda represents an initiative by the ITU to develop a comprehensive framework for international cooperation.

The ITU Secretary-General will benefit from the advice of an expert panel, the High-Level Experts Group [ http://www.itu.int/osg/csd/cybersecurity/gca/hleg/ High level Experts Group ] , representing expertise in policy making, government, academia and the private sector. This advisory group met for the first time in Geneva, on 5 October 2007 , to develop strategies to combat cybercrime and promote cybersecurity. It will formulate proposals to the ITU Secretary-General, which will be consolidated in a Global Strategic Report.

Five pillars of the ITU Global Cybersecurity Agenda

The GCA [ Cybersecurity for All, ITU's Work for a Safer World http://web.itu.int/publ/S-GEN-CYBER-2008/en] is built upon five strategic pillars [ Five Strategic Pillars http://www.itu.int/osg/csd/cybersecurity/gca/pillars.html ] :

Legal measures

This work area focuses on key legal challenges and how best to coordinate legislation. It will develop guidance as to how criminal activities committed through computer networks can best be dealt with through legislation in an internationally compatible manner. This work area will develop model cybercrime legislation that is interoperable with existing national and regional legislative measures and consider how best to deal with loopholes in current legal frameworks that allow criminals to operate between countries with impunity.

Technical and procedural measures

This work area will focus on the key technical challenges arising to cybersecurity. Cyberthreats are constantly being developed to exploit technical vulnerabilities in Information Communication Technology (ICT) services and applications to gain unauthorized access to information and communication systems. Security vendors and software manufacturers work continuously to identify, resolve and reinforce weaknesses in their products. This work area focuses on technical and procedural measures for addressing vulnerabilities in software products, including accreditation schemes, protocols and standards.

Organizational structures

Countries’ ability to monitor, prevent and deal with cyberattacks depends in large part on the watch, warning and response systems and capacity that they have established. This work area will focus on optimal response strategies and the institutions that can help countries in dealing with prevention, detection, response to and crisis management of cyberattacks, including the protection of countries’ critical information infrastructure systems. This work area should develop a generic framework for functional organizational structures that can help countries deal with cyberthreats and the misuse of ICTs for malicious purposes.

Capacity-building

This work area focuses on elaborating strategies for concrete capacity-building mechanisms that can be adopted to raise awareness, transfer know-how and boost cybersecurity on the national policy agenda. User awareness, technical capacity and information exchange are some of the key factors in building cybersecurity from the grassroots upwards. This work area will consider the effective measures, awareness campaigns, training initiatives that can be undertaken to build human, technical and institutional capacity and awareness of the issues key to preserving cybersecurity.

International cooperation

This work area will develop proposals on a framework for a multi-stakeholder strategy for international cooperation, dialogue and coordination in dealing with cyberthreats. The Information Society is borderless, which means that the response mechanisms dealing with cyberthreats must be as borderless as cybercriminals’ activities. Cooperation is vital at different levels and through different means – from the monitoring of funds and transfers of the proceeds of criminal activities to cooperation in dealing with international crime syndicates and paedophilic rings.

Setting achievable goals

The Global Cybersecurity Agenda is made up of seven main strategic goals [ Setting Achievable Goals http://www.itu.int/osg/csd/cybersecurity/gca/goals.html ] :

* Elaboration of strategies for the development of a model cybercrime legislation that is globally applicable and interoperable with existing national and regional legislative measures.

* Elaboration of global strategies for the creation of appropriate national and regional organizational structures and policies on cybercrime.

* Development of a strategy for the establishment of globally accepted minimum security criteria and accreditation schemes for hardware and software applications and systems.

* Development of strategies for the creation of a global framework for watch, warning and incident response to ensure cross-border coordination between new and existing initiatives.

* Development of global strategies for the creation and endorsement of a generic and universal digital identity system and the necessary organizational structures to ensure the recognition of digital credentials across geographical boundaries.

* Development of a global strategy to facilitate human and institutional capacity building to enhance knowledge and know-how across sectors and in all the above-mentioned areas.

* Proposals on a framework for a global multi-stakeholder strategy for international cooperation, dialogue and coordination in all the above-mentioned areas.

High-Level Experts Group on Cybersecurity (HLEG)

In order to assist ITU’s Secretary-General in developing strategic proposals to Member States of the ITU, he will seek the advice of the HLEG [The High-Level Experts Group on Cybersecurity http://www.itu.int/osg/csd/cybersecurity/gca/hleg/#responsibilities ] on strategies in all five work areas or pillars.

The HLEG will comprise a group of high-level experts from governments, industry, relevant regional/international organizations, research institutes, academic institutions and individual experts from every part of the world appointed by the ITU Secretary-General.

The work of HLEG will be funded primarily through voluntary contributions (cash and in-kind) from its members and other donors.

Main responsibilities of HLEG to the ITU Secretary-General

* To further develop the Global Cybersecurity Agenda, by proposing refinements to its main goals.
* To analyse current developments in cybersecurity, including both threats and state-of-the-art solutions, anticipate emerging and future challenges, identify strategic options, and formulate proposals to the ITU Secretary-General.
* To meet the goals of the Global Cybersecurity Agenda.
* To provide guidance on possible long-term strategies and emerging trends in cybersecurity.

Composition of HLEG

Members of the HLEG will be nominated by the ITU Secretary-General, with due consideration to both geographical diversity and expertise in the five pillars or work areas of the Global Cybersecurity Agenda [ First HLEG Meeting http://www.itu.int/osg/csd/cybersecurity/gca/hleg/first_meeting/index.html ] . General features and characteristics of HLEG include:
* A global multi-stakeholder think-tank made up of high level experts from governments, industry, international organizations, research and academic institutions and individual experts.
* To ensure balance in the membership of HLEG, its members will be nominated as follows:
** Member States – government representatives of countries from the five world regions
** Industry – manufacturers, operators, service providers, software developers, security and other information technology firms
*** Regional/International organizations
*** Research and academic institutions
*** Individual experts

Notes

References

* Cybersecurity for All, [http://www.itu.int/publ/S-GEN-CYBER-2008/en ITU's Work for a Safer World]
* [http://www.itu.int/cybersecurity/gca GCA Home Page]
* [http://www.itu.int/osg/csd/cybersecurity/gca/hleg/ High level Experts Group]
* [http://www.itu.int/osg/csd/cybersecurity/gca/pillars.html Five Strategic Pillars]
* [http://www.itu.int/osg/csd/cybersecurity/gca/goals.html Setting Achievable Goals]
* [http://www.itu.int/osg/csd/cybersecurity/gca/hleg/#responsibilities The High-Level Experts Group on Cybersecurity]
* [http://www.itu.int/osg/csd/cybersecurity/gca/hleg/first_meeting/index.html First HLEG Meeting]

* Sanjay Acharya, [http://www.uneca.org/disd/news/ITUPress-relase17May2007.pdf World Telecommunication and Information Society Day ceremony honours three laureates] , International Telecommunication Union, 17 May 2007

* International Telecommunication Union, [http://www.unctad.org/sections/wcmu/docs/dite_pcbb_stdev0098_en.pdf Contribution to the to the un secretary-general’s report on the implementation of the world summit on the information society] , Commission on Science and Technology for Development, 11th Session, 26 - 30 May 2008

* Chair’s Report, [http://www.apectelwg.org/jsp/download.jsp?seq=4819&board_id=GPA_TEL_DOCUMENT&doc_seq=1 The 36th APEC Telecommunications and Information Working Goup] , October 21-26, 2007 Santiago, Chile

* United Nations General Assembly, Sixty-second session, [http://disarmament.un.org/Library.nsf/2044251ae5b2af6c852572ab006de001/ed69753e1f0d9c07852571f500551e9a/$FILE/a-62-pv5.pdf 5th plenary meeting] , A/62/PV.5, Tuesday, 25 September 2007, 3 p.m. New York

* United Nations Educational,Scientific and Cultural Organisation, 177th session, [http://unesdoc.unesco.org/images/0015/001576/157623m.pdf Summary records] , 177 EX/SR.1-11, Paris, 1-31 October 2007

* Wolfgang Kleinwächter (Ed.), [http://medienservice.land-der-ideen.de/MEDIA/65534,0.pdf The Power of Ideas: Internet Governance in a Global Multi- Stakeholder Environment]

* President Toomas Hendrik Ilves, [http://www.un.estemb.org/statements_articles/aid-546 Address to the 62nd Session of the UN General Assembly]

* Sanjay Acharya, [http://portal.unesco.org/ci/en/ev.php-URL_ID=25596&URL_DO=DO_TOPIC&URL_SECTION=201.html ITU and Microsoft launch online platform to track ICT development] , UNESCO
* Michael Schwartz, [http://www.un.org/apps/news/story.asp?NewsID=24221&Cr=cyber&Cr1= Experts at UN-backed meeting lay foundation for global Cybersecurity] , United Nations News Centre

* ITUwiki, [http://ituwiki.com/High-Level_Experts_Group_(HLEG) High-Level Experts Group]
* [http://www.umts-forum.org/component/option,com_docman/task,doc_download/gid,1901/Itemid,12/ Annual Report 2007 and Directions for 2008] , Universal Mobile Telecommunications System (UMTS) Forum
* [http://esa.un.org/Referenceservice/inventory/pgViewActivities.asp?pElementCode=13777&activityGroupCode=11 Activities for the biennium 2006-2007] - UN Services for policy-making and treaty adherence

External links

* Michael Schwartz, [http://www.developingtelecoms.com/content/view/1019/95/ Experts use ITU to promote roadmap to cyber-security, fight cyber-crime ] , Developing Telecoms

* Stuart Corner, [http://www.itwire.com/content/view/12744/127/ ITU launches one-stop-shop for cybersecurity standards info] , ITwire

* John Leyden, [http://www.theregister.co.uk/2007/10/08/itu_cybercrime_summit/ ITU pools experts to thwart cybercrime] , The Register

* Yazar, [http://turk.internet.com/haber/yazigoster.php3?yaziid=19289 Experts Meet to Promote Cybersecuity and Fight Cybercrime] , turk.internet.com

* Laura Maio, [http://www.thirdbrigade.com/news_events.aspx?id=609& Third Brigade Receives International and Local Acclaim] , Third Brigade
* [http://www.estemb.org/news/aid-837 Estonian president calls on world countries to create legal framework for cyber security] - Estonian Embassy in Washington
* [http://ph.hardwarezone.com/news/view.php?id=7491&cid=5 New Online Tool Charts Cybersecurity Standards Developments] - Philippines Hardware Zone
* [http://www.ottawabusinessjournal.com/hatsoff.php Kudos in Ottawa's Business Community] - Ottawa Business Journal

* Paolo Rosa, [http://www.citel.oas.org/newsletter/2007/octubre/itu-security_i.asp ITU’s commitment to cybersecurity] , Organization of American States, Electronic Bulletin / Number 40 - October, 2007

* Jim Ashling, [http://technews.acm.org/archives.cfm?fo=2007-08-aug/aug-06-2007.html Action Plan to Beat Cybercrime] , Information Today (08/07) Vol. 24, No. 7, P. 24