160 likes | 172 Vues
ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009. BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS. James Ennis US Department of State. ITU-D Q22/1: History.
E N D
ITU-T Workshop on“New challenges for Telecommunication Security Standardizations"Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department of State
ITU-D Q22/1: History • Created by World Telecommunication Development Conference (WTDC) in 2006 (Doha) • Five meetings: September 2006, May 2007, September 2007, April 2008, September 2008 • Next meeting: April 6-7, 2009
ITU-D Q22/1: Mandate(1) • Survey, catalogue, describe, and raise awareness of: • Principal issues facing national policy-makers in building a culture of cybersecurity • Principal sources of cybersecurity information and assistance • Successful best practices employed by national policy-makers to organize for cybersecurity • Unique challenges faced by developing countries
ITU-D Q22/1: Mandate (2) • Examine best practices for watch, warning, & incident response & recovery
What Does Cybersecurity Apply to? • Applies to cyberspace: electronic information & communication systems & the information they contain
What is Cybersecurity Supposed to Do? • Prevent damage from: • denial of service attacks • malware (viruses, worms, trojan horses) • Prevent exploitation from: • Spyware, fraud (phishing, identity theft) • Restore systems after attacks
Why is Cybersecurity Important? • Today, all critical sectors of economy rely on IP networks for transacting business, government services, etc. • IP networks, not designed to be secure, face increasing numbers of cyber attacks of increasing sophistication. • To maximize the value IP networks can add to a national economy, they must be reliable, secure, & trusted.
Five Keys to a Good National Cybersecurity Program • A national strategy • Government & industry collaboration • Sound legal foundation to fight cybercrime • National incident management capability • National awareness of the importance of cybersecurity
A National Strategy (1) • Government needs to understand importance of cybersecurity for national economy • Economic impact of cybersecurity attacks is severe: 2003 estimates • USD13B (worms & viruses), • USD226B (all forms of overt attack) • Does not include macro-economic costs
A National Strategy (2) • National strategy should have an international component • Cyberattacks are borderless • National cybersecurity achieved only when international cybersecurity is achieved • Countries have a mutual economic interest in working together to achieve global cybersecurity
Collaboration between Government and Industry • Government – industry collaboration on cybersecurity important: • Industry owns most of the IP network infrastructure • Industry has expertise to find solutions to cyber incidents • Industry usually first to know • Industry knows what can & cannot be done
A Sound Legal Foundation to Fight Cyber Abuses • Enact & enforce comprehensive set of laws on cybersecurity & crime • WSIS (Tunis agenda): “…develop necessary legislation for the investigation and prosecution of cybercrime, noting existing frameworks; for example, UNGA Res 55/63, 56/121, & regional initiatives such as the Council of Europe Convention on Cybercrime.”
National Incident Management: Watch, Warning, Response & Recovery • Governments need to develop government-wide system to counter cyber-attacks • National Computer Security Incident Response Team, N-CSIRT • N-CSIRT roles • Information sharing • Development of procedures, controls, tools to protect government systems
National Awareness of Importance of Cybersecurity • Many vulnerabilities result from users’ poor cybersecurity awareness • Government & the culture of cybersecurity • E-government • Education & training • Financial assistance and incentives • Research & development • Guidance on privacy issues • Role of international/regional forums
Q22/1 Draft Report • Two Annexes to the draft report provide introductions to concepts of SPAM and Identity Management • Annex A: SPAM & Associated Threats • Annex B: Identity Management • A third Annex contains extensive references to materials on each of the five keys to a successful national cybersecurity program.
Question 22 Status • Draft report (revision 2) at http://www.itu.int/md/D06-SG01-C-0146/en (TIES required) • We invite you to participate in the April 2009 meeting of Q22 & to contribute to the development of the report to improve its usefulness for national administrations