1. International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department of State ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009

2. International Telecommunication Union Geneva, 9(pm)-10 February 2009 2 ITU-D Q22/1: History Created by World Telecommunication Development Conference (WTDC) in 2006 (Doha) Five meetings: September 2006, May 2007, September 2007, April 2008, September 2008 Next meeting: April 6-7, 2009

3. International Telecommunication Union Geneva, 9(pm)-10 February 2009 3 ITU-D Q22/1: Mandate(1) Survey, catalogue, describe, and raise awareness of: Principal issues facing national policy- makers in building a culture of cybersecurity Principal sources of cybersecurity information and assistance Successful best practices employed by national policy-makers to organize for cybersecurity Unique challenges faced by developing countries

4. International Telecommunication Union Geneva, 9(pm)-10 February 2009 4 ITU-D Q22/1: Mandate (2) Examine best practices for watch, warning, & incident response & recovery

5. International Telecommunication Union Geneva, 9(pm)-10 February 2009 5 What Does Cybersecurity Apply to? Applies to cyberspace: electronic information & communication systems & the information they contain

6. International Telecommunication Union Geneva, 9(pm)-10 February 2009 6 What is Cybersecurity Supposed to Do? Prevent damage from: denial of service attacks malware (viruses, worms, trojan horses) Prevent exploitation from: Spyware, fraud (phishing, identity theft) Restore systems after attacks

7. International Telecommunication Union Geneva, 9(pm)-10 February 2009 7 Why is Cybersecurity Important? Today, all critical sectors of economy rely on IP networks for transacting business, government services, etc. IP networks, not designed to be secure, face increasing numbers of cyber attacks of increasing sophistication. To maximize the value IP networks can add to a national economy, they must be reliable, secure, & trusted.

8. International Telecommunication Union Geneva, 9(pm)-10 February 2009 8 Five Keys to a Good National Cybersecurity Program A national strategy Government & industry collaboration Sound legal foundation to fight cybercrime National incident management capability National awareness of the importance of cybersecurity

9. International Telecommunication Union Geneva, 9(pm)-10 February 2009 9 A National Strategy (1) Government needs to understand importance of cybersecurity for national economy Economic impact of cybersecurity attacks is severe: 2003 estimates USD13B (worms & viruses), USD226B (all forms of overt attack) Does not include macro-economic costs

10. International Telecommunication Union Geneva, 9(pm)-10 February 2009 10 A National Strategy (2) National strategy should have an international component Cyberattacks are borderless National cybersecurity achieved only when international cybersecurity is achieved Countries have a mutual economic interest in working together to achieve global cybersecurity

11. International Telecommunication Union Geneva, 9(pm)-10 February 2009 11 Collaboration between Government and Industry Government – industry collaboration on cybersecurity important: Industry owns most of the IP network infrastructure Industry has expertise to find solutions to cyber incidents Industry usually first to know Industry knows what can & cannot be done

12. International Telecommunication Union Geneva, 9(pm)-10 February 2009 12 A Sound Legal Foundation to Fight Cyber Abuses Enact & enforce comprehensive set of laws on cybersecurity & crime WSIS (Tunis agenda): “…develop necessary legislation for the investigation and prosecution of cybercrime, noting existing frameworks; for example, UNGA Res 55/63, 56/121, & regional initiatives such as the Council of Europe Convention on Cybercrime.”

13. International Telecommunication Union Geneva, 9(pm)-10 February 2009 13 National Incident Management: Watch, Warning, Response & Recovery Governments need to develop government-wide system to counter cyber-attacks National Computer Security Incident Response Team, N-CSIRT N-CSIRT roles Information sharing Development of procedures, controls, tools to protect government systems

14. International Telecommunication Union Geneva, 9(pm)-10 February 2009 14 National Awareness of Importance of Cybersecurity Many vulnerabilities result from users’ poor cybersecurity awareness Government & the culture of cybersecurity E-government Education & training Financial assistance and incentives Research & development Guidance on privacy issues Role of international/regional forums

15. International Telecommunication Union Geneva, 9(pm)-10 February 2009 15 Q22/1 Draft Report Two Annexes to the draft report provide introductions to concepts of SPAM and Identity Management Annex A: SPAM & Associated Threats Annex B: Identity Management A third Annex contains extensive references to materials on each of the five keys to a successful national cybersecurity program.

16. International Telecommunication Union Geneva, 9(pm)-10 February 2009 16 Question 22 Status Draft report (revision 2) at http://www.itu.int/md/D06-SG01-C- 0146/en (TIES required) We invite you to participate in the April 2009 meeting of Q22 & to contribute to the development of the report to improve its usefulness for national administrations