1. Geneva, Switzerland, 15-16 September 2014 Securing information and communication networks: best practices for developing a culture of cybersecurity Eliot Lear Former (acting) ITU-D Q.22/1 Rapporteur Principal Engineer, Cisco Systems, Inc. lear@cisco.com ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Session 3 – Cybersecurity and data protection

2. Three Cycles of Work Geneva, Switzerland, 15-16 September 20142 ITU-D Question 22/1 Studied cybersecurity overall framework Provided a view toward spam and relevant organizations Compendium on cybersecurity readiness ITU-D Question 22-1/1 Adaptation of ISO framework for mmanagement of cybersecurity Best practices for service providers Best practices for public private partnerships A course on how to build a CERT Compendium of national experiences on cybersecurity A survey on cybersecurity readiness ITU-D Question 3/2 Continue compendium on cybersecurity experiences and analyze results Include compendium on cybersecurity capabilities Focus down on Spam Re-issue cybersecurity readiness survey Consider framework for common criteria Address Child Online Protection

3. Three Cycles of Work Geneva, Switzerland, 15-16 September 20143 ITU-D Question 22/1 Studied cybersecurity overall framework Provided a view toward spam and relevant organizations Compendium on cybersecurity readiness ITU-D Question 22-1/1 Adaptation of ISO framework for management of cybersecurity Best practices for service providers Best practices for public private partnerships A course on how to build a CERT Compendium of national experiences on cybersecurity A survey on cybersecurity readiness ITU-D Question 3/2 Continue compendium on cybersecurity experiences and analyze results Include compendium on cybersecurity capabilities Focus down on Spam Re-issue cybersecurity readiness survey Consider framework for common criteria Address Child Online Protection

4. Three Cycles of Work Geneva, Switzerland, 15-16 September 20144 ITU-D Question 22/1 Studied cybersecurity overall framework Provided a view toward spam and relevant organizations Compendium on cybersecurity readiness ITU-D Question 22-1/1 Adaptation of ISO framework for mmanagement of cybersecurity Best practices for service providers Best practices for public private partnerships A course on how to build a CERT Compendium of national experiences on cybersecurity A survey on cybersecurity readiness ITU-D Question 3/2 Continue compendium on cybersecurity experiences and analyze results Include compendium on cybersecurity capabilities Focus down on Spam Re-issue cybersecurity readiness survey Consider framework for common criteria Address Child Online Protection Hold a workshop!

5. Some Worrying Numbers Geneva, Switzerland, 15-16 September 20145 Source: senderbase.org

6. Collaboration is Key! Geneva, Switzerland, 15-16 September 20146 The Private Sector Key contributors to the Question on best practices and available services Member States Articulate their experiences and their needs Programme 2 / Objective 3.2 of the BDT Deliver material and services where needed, ITU-T SG-17, IETF, other standards organizations Provide technical expertise JCA-COP, CWG-COP Collaboration on Child Online Protection The Internet Society, AT&T, Cisco, others Focus on anti-spam activities FIRST Focus on capacity building and outreach to CERTs

7. Where you can find our work http://www.itu.int/pub/publications.a spx?lang=en&parent=D-STG- SG01.22.1-2014 This includes the compendium of national experiences, and CERT coursework, as well as cybersecurity readiness survey results and more! Geneva, Switzerland, 15-16 September 20147

8. Just a few thoughts Let’s use the material: course-work Deal with a volatile environment No single organization can provide for all that is needed. Geneva, Switzerland, 15-16 September 20148