1 / 15

Partnership Framework for Secure ICT Infrastructure in Developing Countries

This workshop discusses the need for a partnership-based framework to secure ICT infrastructure in developing countries, covering areas such as policy, legislation, regulation, enforcement, accreditation, certification, testing labs, standards, and mutual recognition agreements.

wrighte
Télécharger la présentation

Partnership Framework for Secure ICT Infrastructure in Developing Countries

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “ICT Security Standardizationfor Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Towards a partnership-based framework for secure ICT Infrastructure in developing countries Bill McCrum Senior Director, Telecom Consulting billmccrum@bell.net

  2. CONTENTS Overview Policy and Legislation Regulation and Enforcement Infrastructure Challenges in Developing Countries Economic Impacts of Insecure ICTs Unique Role of ITU-T Mutual Recognition Agreements (MRAs) Conclusion and Recommendations

  3. Three Principal Component areas of a Partnership Framework • Institutional • Policy • Legislation • Regulation • Enforcement • Technical • Accreditation • Certification • Testing Labs • Standards • Operational • Mutual Recognition Agreements

  4. OVERVIEW Many governments have proposed and are enacting policies, legislation, regulations & strategies to secure their ICT infrastructure A partnership framework for policy, legal, regulatory and enforcement is highly desirable Today’s global ICT infrastructure is highly interdependent but with a wide variety of system suppliers and incompatible equipment Many organizations setting standards in ICT security – cooperative framework can help Newframeworks needed to include all aspects from standards to compliance and best practices.

  5. Small Sample of the Problem Hacking attacks on State entities according to a major Asian country report, now estimated at one every 30 seconds Same scale of attacks are now commonplace in most developed countries affecting State, Business and Personal activities Yahoo quote: “there are only two types of companies: the ones that have been attacked, and the ones that just don’t know it yet” “Intrusion Prevention” company reports that 100% of large Corporations investigated had active commercial espionage infections

  6. Framework Policy Component • Policies that recognize reliance on the interconnectedness of a secure global digital infrastructure for prosperity • A policy of regional and global engagement on a common cybersecurity framework as an essential step in the process • Interoperability identified as a top policy challenge especially in developing countries • Commitment to globally accepted standards as a key policy for achievement of connectivity

  7. Framework Legislative Component • A targeted legal frameworkneeded to prosecute offenders in e-fraud and ICT infrastructure attacks with global reach • Appropriate legislation to deal with electronic offenders at all levels with a long reach • Pressure groups are being formed to lobby legislative assemblies for speedy legal remedies • New legislation is envisaged that would require mandated disclosure of all security incidents and fraud losses to appropriate authorities • New USA Cybersecurity Information Sharing Act launched in past few weeks

  8. Framework Regulatory Component Regulator’s interest spiked by increasingly costly and sophisticated cyber attacks ($100’s of Millns) Renewed interest by governments to audit cyber security defenses of corporations and financial institutions within a defined framework Audits should be done against defined standards, laws and regulations with global collaboration Basic principles of fair notice and due process must be respected in all jurisdictions Defensive and remedial actions against hackers must not be held hostage to partisan political agendas

  9. Framework Enforcement Component • Laws and regulations are struggling to keep pace with the volume and sophistication of attacks • Enforcement must be carried out in keeping with laws, regulations and standards within an agreed framework • Many countries have laws but no enforcement • Others have enforcement but inadequate laws • Expect enforcement agencies to increasingly hold parties responsible for the unlawful release or failure to protect sensitive information • Enforcement must have global reach and be based on trusted credentials across borders

  10. ICT Infrastructure Challenges in Developing Countries • Surveys conducted by the ITU in 2011 and 2013 identified a wide range of conformance and interoperability problems in developing countries. • Prominent findings in common: • Incompatibility of new equipment with legacy equipment even among equipment of same supplier – pass through services, including security, reduced to lowest common denominator • No national conformity assessment capabilities • Non-standard proprietary interface specifications and no commitment to international standards • Inadequate financial resources and expertise in country • Susceptibility to malicious and opportunistic economic cybercrime

  11. Economic Impacts of Insecure ICT Infrastructure • Significant delays in deployment of new services such as e-health, e-education, e-financial services, e-government, social networking • Delayed full participation in the 21st century digital world • Result is reduced economic growth, lost opportunity and lower standards of living • Concerns with QoS, security and trust in ICT infrastructure and services • Problems with counterfeit products and dumping • Need for institutional reforms at many levels

  12. Unique Role of ITU • The ITU-T standards development process accommodates input from every Member State of the United Nations on an equal footing • This is especially important to developing countries which often cannot afford to send large delegations to standards development bodies to promote their viewpoints • The ITU Bureaux offer developing countries: • Inclusion – a voice in the standards process • Training and mentoring - access to expertise • Coordination and trusted brokering of partnerships amongst Member States for support, assistance and sharing of resources

  13. Operational Component of Framework “Mutual Recognition Agreements” • Establishment and maintenance of a secure ICT infrastructure requires the following facilities: • Testing Labs, Certification and Accreditation Bodies - services potentially shared among multiple countries • Capability of assessing conformity to security standards and other standards for interoperability and regulatory compliance • MRAs can provide trusted sharing of such facilities among multiple partners based on trusted credentials • Legal and Regulatory instruments need to be in place to permit the trusted sharing required • Countries within a region sharing cultural, social and economic goals can find MRAs a very useful tool

  14. Conclusions and Recommendations A secure ICT infrastructure is essential to economic prosperity and growth The 3 components of a partnership framework presented here must move towards convergence of principles globally to make this happen MRAs can provide a trusted partnership framework to facilitate the discussions of like-minded parties in ICT infrastructure security MRAs are now a well established instrument of cooperation and collaboration across sovereign boundaries and can be recommended for this challenge – and the ITU can help.

  15. THANK YOU FOR YOUR ATTENTION billmccrum@bell.net

More Related