ITU and the WSIS Action Line C5 – Building confidence and security in the use of ICTs, bringing different stakeholders together to forge meaningful partnerships to help countries address the risks associated with ICTs. This includes adopting national cybersecurity strategies, facilitating the establishment of national incident response capabilities, developing international security standards, protecting children online, and building capacity.
ITU develops international standards to build confidence and security in the use of ICTs, especially for digital transformation. Topics of growing significance to this work include digital identity infrastructure, cybersecurity management, security aspects of digital financial services, intelligent transport systems, blockchain and distributed ledger technology, and quantum information technologies.
ITU-T SG17 (Security) is the lead SG on building confidence and security in the use of ICTs; facilitating more secure network infrastructure, services, and applications; and coordinating security-related work across ITU-T SGs. Providing security by ICTs and ensuring security for ICTs are both major study areas for SG17. Other ITU-T SGs, such as ITU-T SG9 (Broadband Cable and TV) and ITU-T SG13 (Future Networks, with Focus on IMT-2020, Cloud Computing and Trusted Network Infrastructures) contributed to fulfilling the ITU mandate on cybersecurity.
ITU-TSG5 (Environment, EMF, and the Circular Economy) studies the security of ICT systems concerning electromagnetic phenomena (High-Altitude Electromagnetic Pulse (HEMP), High Power Electromagnetic (HPEM), information leakage).
ITU-T SG11 (Protocols, testing & combating counterfeiting) is developing a series of new ITU-T Recommendations (e.g. ITU-T Q.3057), which define the signalling architecture and requirements for interconnection between trustable network entities in support of existing and emerging networks. This Recommendation describes the use of digital signatures (digital certificates) in the signalling exchange which may guarantee the trustworthiness of the sender. More details are available at http://itu.int/go/SIG- SECURITY.
ITU-T SG20 Question 6/20 on Security, privacy, trust and identification for IoT and SC&C, is working on developing recommendations, reports, and guidelines on security and trust provisioning in IoT both at the ICT infrastructure and future heterogeneous converged service environments. ITU-R established clear security principles for IMT (3G, 4G and 5G) networks.
In 2008, ITU launched a five-pillared framework called the Global Cybersecurity Agenda (GCA) to encourage co-operation with and between various partners in enhancing cybersecurity globally. The cybersecurity programme offers its membership, particularly developing countries, the tools to increase cybersecurity capabilities at the national level in order to enhance security, and build confidence and trust in the use of ICTs. The 2022 session of the ITU Council approved guidelines for better utilisation of the GCA framework by ITU.
ITU serves as a neutral and global platform for dialogue around policy actions in the interests of cybersecurity.
ITU issues the Global Cybersecurity Index (GCI) to shed light on the commitment of ITU member states to cybersecurity at the global level. The index is a trusted reference developed as a multistakeholder effort managed by ITU. In the last iteration of the GCI, 150 member states participated.
Alongside the ITU-T’s development of technical standards in support of security and ITU-R’s establishment of security principles for 3G and 4G networks, ITU also assists in building cybersecurity capacity.
This capacity-building work helps countries to define cybersecurity strategies, assists the establishment of computer incident response teams (CIRTs), supports the protection of children online, and assists countries in building human capacity relevant to security.
Strategies: ITU assists member states in developing and improving effective national cybersecurity frameworks or strategies. At the national level, cybersecurity is a shared responsibility, which requires coordinated action for prevention, preparation, and response on the part of government agencies, authorities, the private sector, and civil society. To ensure a safe, secure, and resilient digital sphere, a comprehensive national framework or strategy is necessary.
CIRTs: Effective mechanisms and institutional structures are necessary at the national level to deal with cyberthreats and incidents reliably. ITU assists member states in establishing and enhancing national CIRTs. In response to the fast-evolving technologies and manifestation of related threats, incident response must be updated and improved continuously.
Building human capacity:
- ITU conducts regional and national cyber drills, assisting member states in improving cybersecurity readiness, protection, and incident response capabilities at regional and national levels, and strengthening international cooperation among ITU member states against cyberthreats and cyberattacks. To date, ITU has conducted cyber drills involving over 100 countries.
- ITU’s Development Bureau organises regional cybersecurity forums across ITU regions, helping build capacity for Telecommunication Development Bureau (BDT) programmes and facilitating cooperation at the regional and international levels.
- Through the ITU Academy, ITU offers a number of training courses for professionals in the field of cybersecurity.
- BitSight provided access to ITU member states for its cybersecurity scoring platform – helping address cybersecurity challenges during the COVID-19 pandemic and to support member states’ health infrastructure with timely information on cyberthreats.
- The Women in Cyber Mentorship Programme builds skills of junior women professionals entering the field of cybersecurity.
International cooperation: In its efforts on cybersecurity, ITU works closely with partners from international organisations, the private sector, and academia, strengthened by a memorandum of understanding (MoU) with a range of organisations such as the United Nations Office on Drugs and Crime (UNODC), World Bank, Interpol, World Economic Forum, and several others.
Social media channels (2)
Flickr @ITU pictures
LinkedIn @International Telecommunication Union