[Chapter-delegates] ITU Speech: Governance Monday: Do We Need a Global Cybersecurity Framework

[Narelle Clark President ISOC-AU]

What's everyone's take on this?

Narelle

from
http://www.itu.int/en/osg/speeches/Pages/2013-07-15.aspx


Speech by ITU Secretary-General, Dr Hamadoun I. Touré


Geneva Press Club
Governance Monday: Do We Need a Global Cybersecurity Framework

15 July 2013, Geneva, Switzerland

Dear colleagues,
Ladies and gentlemen,

I would like to thank you for your invitation to this session, and let me
thank the organizers in particular for this excellent initiative –
cybersecurity is a subject that already affects each and every one of us,
and I am very pleased to be able to discuss it with you here, at the
Geneva Press Club.

In terms of global communications, we are living through the most exciting
period in human history. We are on the brink of seeing as many mobile
cellular subscriptions as there are people on the planet, and by the end
of this year some 2.7 billion people will be using the Internet; with 2.1
billion active mobile-broadband subscriptions.

The Internet is a global resource, a basic commodity, and a valuable
international platform for exchange and learning – and the word ‘cyber’
has fast become one of the commonest prefixes we hear.

The Internet offers us a vision of a world where everyone is able to fully
participate in the interconnected knowledge-driven economy and society; a
fully-inclusive world, where everyone can exchange ideas, access
healthcare and education, innovate and sell products and services, and
stay in touch with family and friends.

As cyber presence grows, however, individuals, businesses and even nations
are now experiencing negative social and financial impacts from the misuse
of information and communication technologies, ICTs.

The growth in cyberthreats and cybercrime is not the result of some
strange epidemic, or a sudden change in human behaviour; it is simply a
natural consequence of so many of the world’s people embracing the evident
advantages that ICTs bring into our world.

The 2013 Internet Security Threat Report from ITU-IMPACT reveals some
startling facts:

    There was a 42% increase in targeted attacks in 2012.
    31% of all targeted attacks were aimed at businesses with less than
250 employees.
    32% of all mobile threats steal information.
    The number of phishing sites spoofing social networking sites
increased 125%.
    Web-based attacks increased 30%.


Ladies and gentlemen,

Let me give you a quick overview on some general trends and figures
related to security issues:

    High-profile attacks are continuing to hit major organizations. With
more and more corporate data stored or accessed by devices that are
not fully controlled by IT administrators, the incidence of data loss
is rising rapidly – usually attributable to the use of
improperly-secured personal devices.
    Cybercriminals are becoming more skilled – both at penetrating
organizations and at avoiding detection by IT professionals and law
enforcement agencies. Moreover, they are also now so adept at social
engineering that the effort to target companies individually – big or
small – is becoming less costly.
    Hacker groups are increasingly trying to profit – by abusing
legitimate online revenue sources such as online advertising. This
will surely complicate the work of both law enforcement and anti-fraud
watchdogs.
    In addition, as smartphone usage continues to grow worldwide, mobile
platforms will become ever more tempting targets for cybercriminals.
With the mobile platform today, threats come in the form of malicious
apps; moving forward, we expect cybercriminals to go after legitimate
apps as well.
    Their job is made easier by the new generation of young social
networkers having a different attitude towards protecting and sharing
information. They are more likely to reveal personal data to other
parties through social networking sites, and this will increase their
likelihood of becoming cyber-victims.
    Another worrying trend is the ease with which cybercrime tools are
available. The ‘crimeware-as-a service’ market place offers a
multitude of customized solutions that allow even
technically-unsophisticated criminals to cause maximum damage. A
recent white paper by McAfee quotes a variety of available services.
These include:
-        Purchasing customized email lists for spamming;
-        Exploits that take advantage of vulnerabilities;
-        Ransomware services that restrict users from conducting further
activity until they pay up;
-        And the practice of renting out botnets for launching attacks –
among many others.
-    It is frightening to discover that you can now hire someone to carry
out a Denial of Service attack for you, for as little as two US dollars an
hour!
-    Finally, it is also worth noting that in the near future,
cybercriminals will not be the only ones using these tools and tactics.
-    As the effectiveness of advanced threats becomes more obvious,
activist groups, corporations, and even governments will find themselves
tempted to use similar approaches to achieve their goals.

   Dear colleagues,


Let me share a few recent statistics with you.

-    Web attacks in 2012 were up 30% on web attacks in 2011, and malware
targeting mobile phones grew by 58%.
-    Annual losses of over 110 billion dollars are being caused by
cybercrime, with over 550 million adults worldwide experiencing some form
of cybercrime last year.
-    In financial terms, this is the equivalent of the entire GDP of a
country like Morocco, Slovakia or Bangladesh. In human terms, this is
significantly greater than the entire population of Europe.
-    Three quarters of Generation Y respondents do not trust websites to
protect personal information – such as credit card and personal contact
details. Yet their lack of trust, paradoxically, does not stop them
sharing this information online.
-    Almost half of teenagers aged 13 to 17 report that they have
experienced some sort of cyberbullying in the past year; and three
quarters of young people involved in aggressive sexual solicitations in
the real world met their aggressors online.


These statistics are alarming, and no one is immune. Governments,
corporations, global media channels, social media sites and even UN
agencies – including my agency, ITU – are being targeted.

Ladies and gentlemen,

We need to address these issues, because in today’s world everything
depends on ICTs – and particularly on the networks which underpin them.

This includes emergency services; water supplies and power networks; food
distribution chains; aircraft and shipping; navigation systems; industrial
processes and supply chains; healthcare; public transportation; government
services; and even our children’s education.

The Internet has become the important global public resource it is today
thanks to a tremendous spirit of openness, innovation, pragmatism, freedom
of expression and multi-stakeholderism

And it is clearly essential to protect the right of the freedom of
expression; the right to communicate; and the right to privacy.

But we must recognize that none of these freedoms can exist without
security – especially in the online world.

If you – your personal information, your banking details and even your
identity – are not secure, then how can you use ICTs with trust and
confidence?

Major recent events, and the global debates they have sparked, demonstrate
the challenges that are faced in finding the right balance between
security and privacy.

Clearly, we need to reduce the risks posed by the illicit use of ICTs as
much as possible – with a forward-looking vision and, most importantly, in
a multilateral but also multi-stakeholder fashion.

ITU has been playing its role in bringing stakeholders from across the
globe together, but it is evident that no single entity can achieve this
vision alone.

This means working together with other intergovernmental bodies and
ensuring the active participation of all stakeholders, including local and
regional bodies; the private sector; and civil society organizations.

Good progress is being made:

-    With big countries like China, Russia and the USA realizing the
importance of dialogue;
-    With the EU establishing a framework on cybersecurity endorsed by all
EU Member States;
-    With the new International Telecommunication Regulations, the ITRs,
having a specific provision that provides an international framework on
security;
-    And with initiatives such as ITU-IMPACT and Child Online Protection.

ITU-IMPACT is the world’s first comprehensive alliance against cyber
threats which brings together governments, academia and industry experts
to enhance the global community’s capabilities in dealing with cyber
threats. It has now been formally endorsed by – and is offering services
to – 145 countries.

Child Online Protection, for its part, is an international collaborative
network for action, with a growing number of partners, to promote the
online protection of children worldwide. COP provides guidance on safe
online behaviour in conjunction with other UN agencies and partners, and
has already reached a very wide audience.

Dear colleagues,

To conclude, let me say that I believe that in the fullness of time a
global framework on securing cyberspace is possible – with the full
participation of governments, the private sector and civil society.

But we will need to continue working hard to improve coordination and
collaboration – and of course trust – between all the different
stakeholders.

Thank you for your attention.