Presentation is loading. Please wait.

Presentation is loading. Please wait.

Geneva, Switzerland, 15-16 September 2014 Towards a partnership-based framework for secure ICT Infrastructure in developing countries Bill McCrum Senior.

Published byAubrey Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Geneva, Switzerland, 15-16 September 2014 Towards a partnership-based framework for secure ICT Infrastructure in developing countries Bill McCrum Senior."— Presentation transcript:

1 Geneva, Switzerland, 15-16 September 2014 Towards a partnership-based framework for secure ICT Infrastructure in developing countries Bill McCrum Senior Director, Telecom Consulting billmccrum@bell.net ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014)

2 CONTENTS Overview Policy and Legislation Regulation and Enforcement Infrastructure Challenges in Developing Countries Economic Impacts of Insecure ICTs Unique Role of ITU-T Mutual Recognition Agreements (MRAs) Conclusion and Recommendations Geneva, Switzerland, 15-16 September 2014 2

3 Three Principal Component areas of a Partnership Framework Institutional  Policy  Legislation  Regulation  Enforcement Technical  Accreditation  Certification  Testing Labs  Standards Operational  Mutual Recognition Agreements Geneva, Switzerland, 15-16 September 2014 3

4 OVERVIEW Many governments have proposed and are enacting policies, legislation, regulations & strategies to secure their ICT infrastructure A partnership framework for policy, legal, regulatory and enforcement is highly desirable Today’s global ICT infrastructure is highly interdependent but with a wide variety of system suppliers and incompatible equipment Many organizations setting standards in ICT security – cooperative framework can help New frameworks needed to include all aspects from standards to compliance and best practices. Geneva, Switzerland, 15-16 September 2014 4

5 Small Sample of the Problem Hacking attacks on State entities according to a major Asian country report, now estimated at one every 30 seconds Same scale of attacks are now commonplace in most developed countries affecting State, Business and Personal activities Yahoo quote: “there are only two types of companies: the ones that have been attacked, and the ones that just don’t know it yet” “Intrusion Prevention” company reports that 100% of large Corporations investigated had active commercial espionage infections Geneva, Switzerland, 15-16 September 2014 5

6 Framework Policy Component Policies that recognize reliance on the interconnectedness of a secure global digital infrastructure for prosperity A policy of regional and global engagement on a common cybersecurity framework as an essential step in the process Interoperability identified as a top policy challenge especially in developing countries Commitment to globally accepted standards as a key policy for achievement of connectivity Geneva, Switzerland, 15-16 September 2014 6

7 Framework Legislative Component A targeted legal framework needed to prosecute offenders in e-fraud and ICT infrastructure attacks with global reach Appropriate legislation to deal with electronic offenders at all levels with a long reach Pressure groups are being formed to lobby legislative assemblies for speedy legal remedies New legislation is envisaged that would require mandated disclosure of all security incidents and fraud losses to appropriate authorities New USA Cybersecurity Information Sharing Act launched in past few weeks Geneva, Switzerland, 15-16 September 2014 7

8 Framework Regulatory Component Regulator’s interest spiked by increasingly costly and sophisticated cyber attacks ($100’s of Millns) Renewed interest by governments to audit cyber security defenses of corporations and financial institutions within a defined framework Audits should be done against defined standards, laws and regulations with global collaboration Basic principles of fair notice and due process must be respected in all jurisdictions Defensive and remedial actions against hackers must not be held hostage to partisan political agendas Geneva, Switzerland, 15-16 September 2014 8

9 Framework Enforcement Component Laws and regulations are struggling to keep pace with the volume and sophistication of attacks Enforcement must be carried out in keeping with laws, regulations and standards within an agreed framework Many countries have laws but no enforcement Others have enforcement but inadequate laws Expect enforcement agencies to increasingly hold parties responsible for the unlawful release or failure to protect sensitive information Enforcement must have global reach and be based on trusted credentials across borders Geneva, Switzerland, 15-16 September 2014 9

10 ICT Infrastructure Challenges in Developing Countries Surveys conducted by the ITU in 2011 and 2013 identified a wide range of conformance and interoperability problems in developing countries. Prominent findings in common:  Incompatibility of new equipment with legacy equipment even among equipment of same supplier – pass through services, including security, reduced to lowest common denominator  No national conformity assessment capabilities  Non-standard proprietary interface specifications and no commitment to international standards  Inadequate financial resources and expertise in country  Susceptibility to malicious and opportunistic economic cybercrime Geneva, Switzerland, 15-16 September 2014 10

11 Economic Impacts of Insecure ICT Infrastructure Significant delays in deployment of new services such as e-health, e-education, e-financial services, e-government, social networking Delayed full participation in the 21 st century digital world Result is reduced economic growth, lost opportunity and lower standards of living Concerns with QoS, security and trust in ICT infrastructure and services Problems with counterfeit products and dumping Need for institutional reforms at many levels Geneva, Switzerland, 15-16 September 2014 11

12 Unique Role of ITU The ITU-T standards development process accommodates input from every Member State of the United Nations on an equal footing This is especially important to developing countries which often cannot afford to send large delegations to standards development bodies to promote their viewpoints The ITU Bureaux offer developing countries:  Inclusion – a voice in the standards process  Training and mentoring - access to expertise  Coordination and trusted brokering of partnerships amongst Member States for support, assistance and sharing of resources Geneva, Switzerland, 15-16 September 2014 12

13 Operational Component of Framework “Mutual Recognition Agreements” Establishment and maintenance of a secure ICT infrastructure requires the following facilities:  Testing Labs, Certification and Accreditation Bodies - services potentially shared among multiple countries  Capability of assessing conformity to security standards and other standards for interoperability and regulatory compliance  MRAs can provide trusted sharing of such facilities among multiple partners based on trusted credentials  Legal and Regulatory instruments need to be in place to permit the trusted sharing required  Countries within a region sharing cultural, social and economic goals can find MRAs a very useful tool Geneva, Switzerland, 15-16 September 2014 13

14 Conclusions and Recommendations A secure ICT infrastructure is essential to economic prosperity and growth The 3 components of a partnership framework presented here must move towards convergence of principles globally to make this happen MRAs can provide a trusted partnership framework to facilitate the discussions of like- minded parties in ICT infrastructure security MRAs are now a well established instrument of cooperation and collaboration across sovereign boundaries and can be recommended for this challenge – and the ITU can help. Geneva, Switzerland, 15-16 September 2014 14

15 Geneva, Switzerland, 15-16 September 2014 15 THANK YOU FOR YOUR ATTENTION billmccrum@bell.net

Download ppt "Geneva, Switzerland, 15-16 September 2014 Towards a partnership-based framework for secure ICT Infrastructure in developing countries Bill McCrum Senior."

Similar presentations

Thematic Discussion on Human Rights & Resolution 1373 Counter-Terrorism Committee Executive Directorate (CTED) United Nations New York, 7 October 2010.

Thematic Discussion on Human Rights & Resolution 1373 Counter-Terrorism Committee Executive Directorate (CTED) United Nations New York, 7 October 2010.
Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
International Telecommunication Union ITU-D Overview.

International Telecommunication Union ITU-D Overview.
The role of networks in the process of immigrant integration NIKOS STATHOPOULOS, NIKOS STATHOPOULOS, DIRECTOR, G&D SOCIAL LAB LTD Integration programs.

The role of networks in the process of immigrant integration NIKOS STATHOPOULOS, NIKOS STATHOPOULOS, DIRECTOR, G&D SOCIAL LAB LTD Integration programs.
INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.

INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.
Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel:+230 201 36 04 Helpdesk:+230.

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.
Geneva, Switzerland, 2 June 2014 The Regulatory aspects of CPND, CLI and OI “the ITRs” Sherif Guinena SG2 Chairman ITU Workshop on “Caller ID Spoofing”

Geneva, Switzerland, 2 June 2014 The Regulatory aspects of CPND, CLI and OI “the ITRs” Sherif Guinena SG2 Chairman ITU Workshop on “Caller ID Spoofing”
Standardization Framework (Myanmar) Ye Yint Win President Myanmar Computer Professionals Association Chair-Standardization Committee, Myanmar Computer.

Standardization Framework (Myanmar) Ye Yint Win President Myanmar Computer Professionals Association Chair-Standardization Committee, Myanmar Computer.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Geneva, Switzerland, 15-16 September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
 Background  Why the ITRs are important  The need to revise the ITRs  Preparatory process  Some key proposals  Expectations for WCIT-12.

 Background  Why the ITRs are important  The need to revise the ITRs  Preparatory process  Some key proposals  Expectations for WCIT-12.
EUROPEAN COMMISSION Objective 3 Territorial Co-operation 2007-2013 Workshop 3: EUROPEAN GROUPING OF CROSS BORDER COOPERATION DG Regional Policy Brussels,

EUROPEAN COMMISSION Objective 3 Territorial Co-operation Workshop 3: EUROPEAN GROUPING OF CROSS BORDER COOPERATION DG Regional Policy Brussels,
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
IAEA International Atomic Energy Agency How do you know how far you have got? How much you still have to do? Are we nearly there yet? What – Who – When.

IAEA International Atomic Energy Agency How do you know how far you have got? How much you still have to do? Are we nearly there yet? What – Who – When.
Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,

Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,
The WIPO Development Agenda: An Overview Geneva May, 2009 Esteban Burrone World Intellectual Property Organization.

The WIPO Development Agenda: An Overview Geneva May, 2009 Esteban Burrone World Intellectual Property Organization.
International Telecommunication Union CHALLENGING POLICY STEPS TOWARDS IMPLEMENTING COMMON ALERTING PLATFORMS Orhan Osmani Emergency Telecommunications.

International Telecommunication Union CHALLENGING POLICY STEPS TOWARDS IMPLEMENTING COMMON ALERTING PLATFORMS Orhan Osmani Emergency Telecommunications.

Similar presentations

Ads by Google