El compromiso de la UIT con la ciberseguridad

El desarrollo y diseño de la red de telecomunicaciones y de la tecnología de la información no tuvo en cuenta su eventual convergencia o la necesidad de seguridad. Ahora, el ciberespacio- software, los dispositivos de computación, usuarios, aplicaciones, servicios, equipo e infraestructura recibe amenazas diarias de atacantes, hackers, intrusos que cada vez más están desplazándose hacia el crimen.

Nota del editor: Artículo sólo disponible en inglés.

The development and design of the telecommunication network, and information technology did not take into account either their eventual convergence or the need for security. Now, cyberspace - software, computing devices, users, applications, services, equipment and infrastructure - experiences daily threats by attackers, hackers and intruders that are more and more shifting to crime.

The WSIS (World Summit on the Information Society) recognized the real and significant risks posed by cybercrime and entrusted the ITU to facilitate the implementation of WSIS Action Line C5 (Building confidence and security in the use of ICTs).

With its 191 Member States and more than 700 Sector Members, from the ICT industry, ITU is uniquely placed to propose a framework for international cooperation in cybersecurity. Its membership includes Least Developed Countries, developing and emerging economies, as well as developed countries. ITU offers an excellent forum where actions and responses to promote cybersecurity and tackle cybercrime can be discussed, with the goal of arriving at a common understanding as to how best these challenges can be addressed.

With this aim, ITU is working to promote a global culture of cybersecurity, studying technical standards, developing procedures for critical information infrastructure protection (CIIP), encouraging international legal coordination, harmonization and enforcement and adopting strategies to ensure information sharing of national approaches, good practices and guidelines.

In May 2007 ITU launched the Global Cybersecurity Agenda (GCA), an ITU framework for international cooperation aimed at proposing strategies for solutions to enhance confidence and security in the information society. The GCA’s scope is to build on existing national and regional initiatives to avoid duplication of work and encourage collaboration amongst all relevant partners. It is built upon five pillars: a legal framework, technical measures, organizational structures, capacity-building and international cooperation.

The development and implementation of the Global Cybersecurity Agenda includes the creation of a multi-stakeholder High-Level Experts Group on Cybersecurity (HLEG – 45 experts), appointed by the Secretary General of ITU and consisting of high-level government officials, leading industry experts, relevant regional/international organizations, research institutes, academic institutions and individual experts from every part of the world.

The main goals of the GCA are to develop a model for cybercrime legislation that is globally applicable, interoperable with existing national/regional legislative measures; to create national and regional organizational structures and policies on cybercrime; to establish globally accepted minimum security criteria and accreditation schemes for software applications and systems; to create a global framework for watch, warning and incident response; to ensure cross-border coordination of initiatives and to develop a global strategy to facilitate human and institutional capacity-building to enhance knowledge and know-how and advise on a potential framework for a global multi-stakeholder strategy for international cooperation, dialogue and coordination in all the above-mentioned areas.

The Cybersecurity Gateway is an ITU developed web tool that provides an easy-to-use information resource on national and international cybersecurity related initiatives worldwide.

Because threats can originate anywhere and collective cybersecurity depends on the security practices of every connected country, business, and citizen, national and international cooperation is needed among those who seek to promote, develop and implement initiatives for a global culture of cybersecurity.

The Gateway is a powerful country by country search engine for sharing information, experiences, comparing laws and legislation, tools for privacy and protection and information concerning industry standards and solutions useful to citizens, governments, private sector, and international organizations.

This tool is encouraging public and private sectors to join in partnership with the ITU and others to build confidence and security in the use of information and communication technologies (ICTs).

Moreover, the development sector of the ITU put in place a programme to assist developing countries in the establishment of National Strategies/Capabilities for Cybersecurity and Critical Information Infrastructure Protection, in the development of appropriate Cybercrime Legislation and Enforcement Mechanisms, in the creation of Watch, Warning and Incident Response (WWIR) Capabilities and in countering spam and related threats, also adopting initiatives to bridge the Security-Related Standardization Gap between Developing and Developed Countries in cooperation with the ITU standardization sector.

From the point of view of international standards, there are many thousands of people and companies working towards securing their Information and Communication Technology (ICT) assets – whether virtual or physical. This might be individuals, in large companies working to secure corporate networks, or systems engineers working to ensure that products are secure before they are sent out to market. The ITU standardization sector (ITU-T) pools these resources. It brings together all interested parties to work towards a common goal in Study Groups (SGs) in which experts representatives of the ITU-T membership, public and private sectors, develop Recommendations (standards) for the various fields of international telecommunications carrying out technical studies. In this environment also studies on security are carried out under the leadership of the Study Group 17 (security). About ninety ITU-T Recommendations focusing on security have been published. ITU-T’s work on security covers a wide area. Work includes studies into: security from network attacks, theft or denial of service, theft of identity, eavesdropping, tele-biometrics for authentication, security for emergency telecommunications, telecommunication networks security requirements and identification management.

A Standards Security Roadmap assists in the development of security standards by bringing together information about existing standards and current standards work in key standards development organizations.

In addition to aiding the process of standards development, the Roadmap will provide information that will help potential users of security standards, and other standards stakeholders gain an understanding of what standards are available or under development as well as the key organizations that are working on these standards.

It is important to note that the Roadmap is a work-in-progress. It is intended that it be developed and enhanced to include other standards organizations as well as a broader representation of the work from organizations already included. It is hoped that standards organizations whose work is not represented in this version of the Roadmap will provide information to ITU-T about their work so that it may be included in future editions.

ITU is fully committed to the development of cybersecurity culture, considering all aspects that could help in combating cybercrime and ensuring a secure environment. This can be achieved with a variety of measures spanning international cooperation, international assistance and study of standards involving all stakeholders. The common and achievable goal is to combat cybercrime as one of today’s most serious threats to social, economic and technical development.

Paolo Rosa
International Telecommunication Union
Telecommunication Standardization Bureau