El desarrollo y diseño de la red
de telecomunicaciones y de la tecnología de la información no tuvo en
cuenta su eventual convergencia o la necesidad de seguridad. Ahora, el
ciberespacio- software, los dispositivos de computación, usuarios,
aplicaciones, servicios, equipo e infraestructura recibe amenazas
diarias de atacantes, hackers, intrusos que cada vez más están
desplazándose hacia el crimen.
Nota del editor: Artículo
sólo disponible en inglés.
The development and design of the telecommunication
network, and information technology did not take into account either
their eventual convergence or the need for security. Now, cyberspace -
software, computing devices, users, applications, services, equipment
and infrastructure - experiences daily threats by attackers, hackers
and intruders that are more and more shifting to crime.
The WSIS (World Summit on the Information Society)
recognized the real and significant risks posed by cybercrime and
entrusted the ITU to facilitate the implementation of WSIS Action Line
C5 (Building confidence and security in the use of ICTs).
With its 191 Member States and more than 700 Sector
Members, from the ICT industry, ITU is uniquely placed to propose a
framework for international cooperation in cybersecurity. Its
membership includes Least Developed Countries, developing and emerging
economies, as well as developed countries. ITU offers an excellent
forum where actions and responses to promote cybersecurity and tackle
cybercrime can be discussed, with the goal of arriving at a common
understanding as to how best these challenges can be addressed.
With this aim, ITU is working to promote a global
culture of cybersecurity, studying technical standards, developing
procedures for critical information infrastructure protection (CIIP),
encouraging international legal coordination, harmonization and
enforcement and adopting strategies to ensure information sharing of
national approaches, good practices and guidelines.
In May 2007 ITU launched the Global Cybersecurity
Agenda (GCA), an ITU framework for international cooperation aimed at
proposing strategies for solutions to enhance confidence and security
in the information society. The GCA’s scope is to build on existing
national and regional initiatives to avoid duplication of work and
encourage collaboration amongst all relevant partners. It is built
upon five pillars: a legal framework, technical measures,
organizational structures, capacity-building and international
cooperation.
The development and implementation of the Global
Cybersecurity Agenda includes the creation of a multi-stakeholder
High-Level Experts Group on Cybersecurity (HLEG – 45 experts),
appointed by the Secretary General of ITU and consisting of high-level
government officials, leading industry experts, relevant
regional/international organizations, research institutes, academic
institutions and individual experts from every part of the world.
The main goals of the GCA are to develop a model
for cybercrime legislation that is globally applicable, interoperable
with existing national/regional legislative measures; to create
national and regional organizational structures and policies on
cybercrime; to establish globally accepted minimum security criteria
and accreditation schemes for software applications and systems; to
create a global framework for watch, warning and incident response; to
ensure cross-border coordination of initiatives and to develop a
global strategy to facilitate human and institutional
capacity-building to enhance knowledge and know-how and advise on a
potential framework for a global multi-stakeholder strategy for
international cooperation, dialogue and coordination in all the
above-mentioned areas.
The Cybersecurity Gateway is an ITU developed web
tool that provides an easy-to-use information resource on national and
international cybersecurity related initiatives worldwide.
Because threats can originate anywhere and
collective cybersecurity depends on the security practices of every
connected country, business, and citizen, national and international
cooperation is needed among those who seek to promote, develop and
implement initiatives for a global culture of cybersecurity.
The Gateway is a powerful country by country search
engine for sharing information, experiences, comparing laws and
legislation, tools for privacy and protection and information
concerning industry standards and solutions useful to citizens,
governments, private sector, and international organizations.
This tool is encouraging public and private sectors
to join in partnership with the ITU and others to build confidence and
security in the use of information and communication technologies (ICTs).
Moreover, the development sector of the ITU put in
place a programme to assist developing countries in the establishment
of National Strategies/Capabilities for Cybersecurity and Critical
Information Infrastructure Protection, in the development of
appropriate Cybercrime Legislation and Enforcement Mechanisms, in the
creation of Watch, Warning and Incident Response (WWIR) Capabilities
and in countering spam and related threats, also adopting initiatives
to bridge the Security-Related Standardization Gap between Developing
and Developed Countries in cooperation with the ITU standardization
sector.
From the point of view of international standards,
there are many thousands of people and companies working towards
securing their Information and Communication Technology (ICT) assets –
whether virtual or physical. This might be individuals, in large
companies working to secure corporate networks, or systems engineers
working to ensure that products are secure before they are sent out to
market. The ITU standardization sector (ITU-T) pools these resources.
It brings together all interested parties to work towards a common
goal in Study Groups (SGs) in which experts representatives of the ITU-T
membership, public and private sectors, develop Recommendations
(standards) for the various fields of international telecommunications
carrying out technical studies. In this environment also studies on
security are carried out under the leadership of the Study Group 17
(security). About ninety ITU-T Recommendations focusing on security
have been published. ITU-T’s work on security covers a wide area. Work
includes studies into: security from network attacks, theft or denial
of service, theft of identity, eavesdropping, tele-biometrics for
authentication, security for emergency telecommunications,
telecommunication networks security requirements and identification
management.
A Standards Security Roadmap assists in the
development of security standards by bringing together information
about existing standards and current standards work in key standards
development organizations.
In addition to aiding the process of standards
development, the Roadmap will provide information that will help
potential users of security standards, and other standards
stakeholders gain an understanding of what standards are available or
under development as well as the key organizations that are working on
these standards.
It is important to note that the Roadmap is a
work-in-progress. It is intended that it be developed and enhanced to
include other standards organizations as well as a broader
representation of the work from organizations already included. It is
hoped that standards organizations whose work is not represented in
this version of the Roadmap will provide information to ITU-T about
their work so that it may be included in future editions.
ITU is fully committed to the development of
cybersecurity culture, considering all aspects that could help in
combating cybercrime and ensuring a secure environment. This can be
achieved with a variety of measures spanning international
cooperation, international assistance and study of standards involving
all stakeholders. The common and achievable goal is to combat
cybercrime as one of today’s most serious threats to social, economic
and technical development.
Paolo Rosa
International Telecommunication Union
Telecommunication Standardization Bureau
Additional Information:
This is a summary of the presentation of Mr. Paolo
Rosa at the Second Workshop on the impact of fraud on the
provision of telecommunication services in the Americas: Operators
and providers working together to prevent situations of fraud
that took place on Thursday, September 27, 2007 , Mendoza,
Argentina, in the framework of the PCC.I meeting.
|
|